BGP Processes in the Cisco IOS

August 21, 2018 at 10:32 am

BGP

These are some notes that I used to help teach a recent module in my upcoming Border Gateway Protocol (BGP) – Cisco Routing Policy Mechanisms course at CBT Nuggets. Enjoy!

There are many processes that work together to provide BGP services in the Cisco IOS. To see those that are running on your IOS version (and hardware), run the following command:

show processes cpu | include BGP

There are four core processes you should definitely see:

  • I/O – this process is responsible for moving prefixes in and out of the appropriate InQ and OutQ mechanisms; this allows us to both send and receive prefix information
  • Router – this process is the workhorse of the BGP system and takes care of policy application and the BGP Best Path Decision Algorithm
  • Scanner – the scanner process defaults to one minute intervals of operation; you can change this with the bgp scan-time command under the BGP configuration; this process is scanning for changes that might require a revamp of the BGP information (an example would be a prefix removal due to next hop reachability issues)
  • Scheduler – this process is responsible for scheduling the various BGP processes that might be running

To see the Scanner process in action – you can use the command – debug ip bgp events

Remember, you might see other BGP related processes running on your system. Cisco is constantly working hard on their implementation to improve efficiency and reduce CPU workloads. For example, you might see:

  • BMP Server – this service permits the functionality of BGP Monitoring Protocol for neighborships
  • Event – this service helps the Scanner with its potential workload – it quickly responds to events like network statement introduction and redistribution commands
  • NHT – a next hop tracker process that, again, assists the Scanner service with its work
  • Open – you might get lucky and catch a glimpse of this process – it exists to assist with neighbor formation

Your 70-532 Developing Microsoft Azure Solutions Exam Study Tracker

July 30, 2018 at 8:28 pm

70-532

Here is the latest study tracker! There are four major sections – if you are not seeing them all below – be sure to click the READ MORE option. Enjoy your studies!

Section 1: Create and Manage Azure Resource Manager Virtual Machines (20-25%)

  • Deploy workloads on Azure Resource Manager (ARM) virtual machines (VMs)
    • Identify workloads that can and cannot be deployed; run workloads including Microsoft and Linux; create and provision VMs including custom VM images; deploy workloads using Ansible and Terraform; leverage Azure Reserved Instances (RIs)
  • Perform configuration management
    • Automate configuration management by using PowerShell Desired State Configuration (DSC) or VM Agent (custom script extensions); enable remote debugging; implement VM template variables to configure VMs
  • Scale ARM VMs
    • Scale up and scale down VM sizes; implement Accelerated Networking; deploy ARM VM Scale Sets (VMSS); configure ARM VMSS auto-scale
  • Design and implement ARM VM storage
    • Configure disk caching; plan for storage capacity; configure shared storage; configure geo-replication; implement ARM VMs with Standard and Premium Storage; implement Azure Disk Encryption for Windows and Linux ARM VMs; implement Azure Disk Storage; implement StorSimple
  • Monitor ARM VMs
    • Configure ARM VM monitoring; configure alerts; configure diagnostic and monitoring storage location; enable Application Insights at runtime; Monitor VM workloads by using Azure Application Insights; monitor VMs using Azure OMS Log Analytics; monitor Linux and Windows VMs by using the Azure Diagnostics Extension; monitor VMs by using Azure Monitor
  • Manage ARM VM availability
    • Configure multiple ARM VMs in an availability set for redundancy; configure each application tier into separate availability sets; combine the Load Balancer with availability sets; perform automated VM maintenance; use availability zones to protect from datacenter failures
  • Design and Implement DevTest Labs
    • Create and manage custom images and formulas; configure a lab to include policies and procedures; configure cost management; secure access to labs; use environments in a lab; claim and un-claim VMs; use artifacts to deploy and set up applications

How Juniper Standard Firewall Filters Evaluate Packets

July 28, 2018 at 1:00 pm

Juniper

This post is critical for those students studying for their Enterprise Routing and Switching Certifications.

Firewall Filter Packet Evaluation Overview

The following sequence describes how the device evaluates a packet entering or exiting an interface if the input or output traffic at a device interface is associated with a firewall filter.

Packet evaluation proceeds as follows:

  1. The device evaluates the packet against the terms in the firewall filter sequentially, beginning with the first term in the filter.
  2. If the packet matches all the conditions specified in a term, the device performs all the actions specified in that term.
  3. If the packet does not match all the conditions specified in a term, the device proceeds to the next term in the filter (if a subsequent term exists) and evaluates the packet against that term.
  4. If the packet does not match any term in the firewall filter, the device implicitly discards the packet.

Unlike service filters and simple filters, firewall filters support the next term action, which is neither a terminating action nor a nonterminating action but a flow control action.

If the matched term includes the next term action, the device continues evaluation of the packet at the next term within the firewall filter.

If the matched term does not include the next term action, evaluation of the packet against the given firewall filter ends at this term. The device does not evaluate the packet against any subsequent terms in this filter.

A maximum of 1024 next term actions are supported per firewall filter configuration. If you configure a firewall filter that exceeds this limit, your candidate configuration results in a commit error.

The device stops evaluating a packet against a given firewall filter when either the packet matches a term without the next term action or the packet fails to match the last term in the firewall filter.

Network+ N10-007 Filtering with ACLs

July 17, 2018 at 5:43 pm

Enjoy this Nugget from the 2018 Network+ course from CBT Nuggets! This course is amazing as it features myself, Keith Barker, Network Chuck, and Jemery Cioara!

N10-007

Juniper iBGP Peering Example

July 16, 2018 at 11:10 pm

This Sneak Peek Nugget is from my BGP – Peering module at CBT Nuggets. This is one module of three on BGP that are currently complete and live on CBT Nuggets. These modules consist of many videos that provide detailed coverage on BGP with both Cisco and Juniper examples.

Juniper