AFNOG 2000 Workshop

Scalable Network Infrastructure

This is part of the AFNOG 2000 Workshop, held in conjunction with the AFNOG 2000 meeting in Cape Town, South Africa, in May 2000.

Each day is divided into four ~2-hour lesson slots: start at 9am prompt.

MONDAY MORNING

Introduction -- Geert Jan
- Presentation in Powerpoint, HTML.
Introduction -- Brian
- request suggestions for extra topics.
- Explain our choice of FreeBSD (stability, pwd.db, softupdates).
- Resilience vs redundancy.
IP basics (recap) -- Brian
- Confirm that the students are able to:
  - recognise the layered model
  - distinguish hubs, switches, routers
  - describe where IP numbers come from
  - convert prefix into lowest/highest IP address
  - identify network and broadcast addresses
  - convert prefix length into netmask
  - subdivide prefixes
  - describe the forwarding process and prefix matching rules
- Presentation in HTML, Applix, Postscript.
Additional notes on operating systems and routers:
- Cisco IOS configuration summary, in Applix, PostScript.
- FreeBSD notes for Linux users, in HTML, PostScript.
Additional notes on classroom configuration:
- General notes for all practical exercises, in HTML.
Additional notes on IP addresses and allocation:
- IP addressing and subnetting, in HTML, PostScript.
- The 'Golden Rules' of IP address allocation, in HTML PostScript.
- Decimal/Hexadecimal/Binary conversion table, in HTML, PostScript.
- Netmask table, in HTML, PostScript.
- Aggregation tree, in Applix, PostScript.
- Aggregation tree usage examples, in Applix, PostScript.
Static routing exercise
- Students will be able to:
  - Explain why to use real routers instead of PCs
  - use FreeBSD as serial console (/etc/remote, tip)
  - configure FreeBSD as IP client (/etc/rc.conf)
  - write erase
  - configure IP forwarding on Cisco
  - use ping, traceroute
- Diagram for this exercise, in Applix, Postscript.
- Instructions for this exercise, in HTML.

MONDAY AFTERNOON

OSPF Introduction
- Students will be able to:
  - explain when to use an IGP, and when not
  - list advantages of OSPF over RIP, EIGRP, IS/IS (fast convergence, scalability, vendor independence, equal-cost multipath, authentication, bandwidth, classless!)
  - explain the difference between forwarding and routing; can have multiple routing databases for different protocols but one forwarding table
  - identify the lowest-cost path and equal-cost paths
  - describe the formation of neighbour relations
  - list default values for hellointerval / routerdeadinterval
  - briefly describe the database flooding and recalculation, and purpose of DR/BDR
- Presentation in Applix, PowerPoint, HTML, PostScript.
OSPF Practical -- Greg/Brian
- Students will be able to:
  - rebuild the classroom exercise using single area OSPF
  - configure appropriate link costs, MD5 authentication, intervals; use passive-interface default
  - perform simple inspection of OSPF database (neighbours, routes, DR/BDR)
  - alter topology and observe altered routes
  - redistribute connected and static
  - originate default route
  - configure loopback interfaces
  - save configs to TFTP server
- Instructions for this exercise, in HTML

MONDAY EVENING - Optional sessions

Slower recap on IP numbering, prefixes and OSPF (for those who need it)
Play with OSPF (for those who want to play)
Cisco password recovery

TUESDAY MORNING

Layer 1/2 and client-side issues -- Brian
- Students will be able to:
  - list some commonly-used media (Ethernet, FDDI, sync P-2-P, ATM, FR)
  - explain the importance of correctly wiring cable pairs, visual inspection, and cable tester; OSPF cannot compensate well for intermittent links
  - demonstrate the importance of duplex matching and turning off autoneg on point-to-point links [quick practical: burst ping ip]
  - describe purpose of VRRP/HSRP/ESRP etc
  - configure HSRP on Cisco: quick exercise in pairs
- Instructions for this exercise, in HTML.
Designing a resilient core network -- Brian
- Objectives:
  - Show a typical non-resilient network; identify need for putting different types of device on physically separate subnets. May require renumbering.
  - Present a complete design for a resilient network with dual core switches, dual-attached border routers and access routers with OSPF and ECMP, clients with HSRP, physically separate networks for different types of traffic.
  - Outline features for resilience, scalability, ease of maintenance. (Allocate /28 for each core; renumbering is easy)
  - Highlight need for non-blocking switches. Vendor enhancements (CEF)
  - Beware IOS 11.3(8) and similar with multiple paths to same neighbours.
- Notes:
  - Core network diagram, in Applix, Postscript.
  - What's wrong, in Text
  - Before and after diagram, in Applix, Postscript.
  - Extreme switch, in HTML
Resilient core network exercise
- Write a plan for converting the "before" to the "after" with minimum disruption to service
- Build the "before" network

TUESDAY AFTERNOON

Resilient core network exercise (continued) -- Brian/Greg
- Students will convert the "before" network to the "after", in accordance with the plan. (Use Extreme switches as core-1 and core-2)
- Demonstrate resilience (unplug some power cables or network cables)
- Verify that equal-cost multipath routing is working
For advanced students: set up another Extreme box as access router
Possible additional topics if time permits:
- Multihoming without PI space (share clients/servers between subnets, or multihome to same ISP)
- DNS and renumbering issues

TUESDAY EVENING - Optional sessions

Cable crimping
Structured wiring
Play with Extreme boxes
FreeBSD installation (combined with Services track)

WEDNESDAY MORNING

The need for BGP -- Geert Jan
- Presentation in Powerpoint, HTML.
Introduction to BGP -- Greg
- Presentation in Powerpoint, HTML.
- Tutorial, in MS Word, Postscript.
- Students will be able to:
  - Explain why you need an EGP (you want to be able to exchange traffic/ routes with other networks; cost of transit vs peering. Can't use static routes, can't use IGP)
  - Define autonomous system
  - Describe the key characteristics of BGP4 (point-to-point peering, TCP, incremental updates, routes + attributes, eBGP and iBGP)
  - List important attributes: AS path, nexthop, localpref, MED, communities
  - Describe typical path selection by length of AS path, and outline use of prepending to influence upstream path selection
  - Explain the recursive lookup of nexthop attribute
  - Use the list of BGP route-selection rules
  - Read a table of 'distances' for which protocol wins
  - Remember that longest prefix always wins
Basic BGP practical
- Students will be able to:
  - Set up peering sessions
  - Announce nailed-up routes
  - show ip bgp summary

WEDNESDAY AFTERNOON

BGP policies

Students will be able to describe some important policies, why they are required, and will have implemented some of them in practical exercises.

POLICY	IMPLEMENTATION
Don't want to see own routes from anyone else	Filter incoming: deny default, deny your own netblocks or subnets thereof
Want to protect your CPU / memory	Filter incoming: deny longer prefixes than /24
Don't want to provide transit to your peer	Filter outgoing: allow only null AS path
Want to provide backup transit (only) to peer	Prepend announcements heavily
Don't want to accidentally receive whole Internet routes from peer	Filter incoming routes by AS path
Don't want to receive IGP routes from peers Don't trust customers to generate correct routes	Filter incoming routes by IP prefix
Prefer one provider over another for certain destinations	Set localpref on all routes from provider, or by AS path
Want to influence routing decisions made upstream	Set communities on outgoing routes
Want to track where routes were learned	Set FYI communities on incoming routes
Want to allow peer/customer to control routing	Set localpref or stuffing by community strings

WEDNESDAY EVENING - Optional sessions

Slower revision of BGP basics

THURSDAY MORNING

Exchange points
- What they are
- Why you have them (shared medium versus P2P mesh)
- Policy free AUPs / zero settlements
- "Table manners" (don't point default route/statics, don't spoof)
- Politics; nobody is obliged to peer
- Design: don't go multisite unless you have enough free bandwidth
Practical: build an exchange point, set up peering agreements
- Students will be able to:
  - Set up a shared medium
  - Allocate IP addresses on it
  - Choose people to peer with
  - Set up peering sessions, and implement appropriate filters

THURSDAY AFTERNOON

Practical: build an exchange point (continued)
BGP debugging
- Students will be able to:
  - Use looking glasses and public route servers to investigate routing
  - Describe purpose of routing policy registries; submit route objects
  - Describe the purpose of tools such as RtConfig

THURSDAY EVENING - Optional sessions

Advanced BGP: route reflectors, confederations, more on communities
DNS meeting

FRIDAY MORNING

BGP scaling issues
- Students will be able to:
  - Explain why never to dump BGP routes into IGP
  - Set up an iBBP full mesh
  - Describe how route reflectors/confederations can simplify this mesh
  - Consider announcing customer routes into BGP (with a tag) instead of into OSPF, if they are a very large network
  - Appreciate the issue of CPU scaling versus Internet scaling
  - Describe (and configure?) aggregation and flap dampening
  - Consider generating router configs from customer database (access lists, route maps, static routes, interface configs, bgp neighbor configs)
Registry issues
- Presentation in Powerpoint, HTML.

Network Operations

Students will be able to:

Address this issue...	By being able to...
Track complaints / faults / issues raised by customers	Build and use a req/www ticketing system
Detect faults as soon as they occur	Build a basic monitoring station using Nocol or equivalent (?)Build an SNMP trap collector and syslog server
Monitor resources (e.g. bandwidth, temperature, CPU) to catch problems before they become serious	Configure routers for SNMP read access, and set up MRTG to view bandwidth (manual config by IP address, i.e. /1.2.3.4:public@5.6.7.8 where 5.6.7.8 is loopback interface)
Demonstrate where traffic is flowing and economics of peering	Perform netflow analysis
Communicate with providers, peers and customers	Document all of the important contact numbers and passwords in a readily-accessible paper format
Store and keep track of router configurations and inventory	Use an SNMP/TFTP based tool
Fix network problems when devices are unreachable	Build an OOB serial box (lightwavecom.com, portmaster, 2511, multiport serial cards) ssh to 'nearby' box

Presentation in Powerpoint, HTML.
MRTG notes, in HTML.
NOCOL notes, in HTML.

FRIDAY AFTERNOON

Network Operations (continued)
Overflow / additional topics as suggested by students
- Classless IN-ADDR.ARPA delegation
  - Presentation in Powerpoint, HTML.
- Cryptography
  - Presentation in HTML, Postscript.

POSSIBLE ADDITIONAL EVENING SESSIONS

Anything suggested by students
Controlled renumbering of hosts/networks
- bring up two subnets using secondary addressing
- bring up two subnets by cross-linking networks (careful!)
- renumber a host and swing its DNS with reduced TTL
- run a host with two addresses
- tricks: loopback address, static routes, proxy arp

links and references

IP numbers and AS numbers

CIDR FAQ Sheet - Classless Inter Domain Routing Frequently Asked Questions
RIPE working documents index
RFC1918 - allocation of private IP address space
RFC1930 - guidelines for creation of an autonomous system (including allocation of private AS numbers)

Operational guidelines

draft-yu-routing-scaling-04.txt - a work-in-progress document which describes best practices for making routing protocols scale
RFC2182 - an operational guide to selection and operation of secondary DNS servers
10/100 Half/full duplex autonegotation hints from Cisco
comp.dcom.cabling FAQ
www.ep.net - Exchange Point Information

Cisco-specific documentation

Cisco password recovery procedures (There is also a local copy.)
IOS Essentials (PDF.zip) - Barry Greene's IOS Document
Cisco Express Forwarding
RFC2281 - Cisco Hot Standby Router Protocol (HSRP). Compare with RFC2338 - Virtual Router Redundancy Protocol (VRRP)
Alternative uses for 2500-series routers

Software tools

WREQ - a distributed request/problem tracking system
Rancid - a tool for monitoring and maintaining router configurations and keeping them in CVS

Return to AFNOG Workshop Main Page