ASR9k is a powerful device but management may be daunting to anyone not familiar with IOS-XR. Inserting new line cards in may require a manual upgrade of the module to match the current running code on the chassis Show all slow and firmware details: show hw-module fpd location rack/slot/subslot In the admin prompt: upgrade hw-module fpd all location 0/RSP1/CPU0 During the upgrade, this is the output, it will take a bit of time to perform the update.

ASR9k is a powerful device but management may be daunting to anyone not familiar with IOS-XR. Inserting new line cards in may require a manual upgrade of the module to match the current running code on the chassis Show all slow and firmware details: show hw-module fpd location _rack/slot/subslot_ In the admin prompt: upgrade hw-module fpd all location 0/RSP1/CPU0 During the upgrade, this is the output, it will take a bit of time to perform the update.

Nokia (formerly Alcatel-Lucent, formerly Timetra) have an extremely robust routing platform, but it has some notable differences if you’re coming from a vendor such as Cisco or Juniper (or any vendor platform in the enterprise space, really). Things like “VLANs” don’t really exist, as this is more of a metro / carrier / customer provisioning style device, so modular concepts are expected and baked into the OS at the deepest layers, unlike many of the other vendor platforms that support it but it feels like an add-in or addendum to the base routing instance.

Nokia (formerly Alcatel-Lucent, formerly Timetra) have an extremely robust routing platform, but it has some notable differences if you’re coming from a vendor such as Cisco or Juniper (or any vendor platform in the enterprise space, really). Things like “VLANs” don’t really exist, as this is more of a metro / carrier / customer provisioning style device, so modular concepts are expected and baked into the OS at the deepest layers, unlike many of the other vendor platforms that support it but it feels like an add-in or addendum to the base routing instance.

Mikrotik is one of my favorite routing and MPLS platforms for doing lab and small ISP work. This one is pretty darned easy if you’re willing to use self-signed certificates, and pretty trivial to add legitimate certificates if you are so inclined. /certificate add name=ca common-name=ca key-usage=key-cert-sign,crl-sign /certificate sign ca ca-crl-host=10.255.255.4 name=ca /certificate export-certificate ca /certificate add name=gw-dsl common-name=gw.yourcompany.com /certificate add name=vpnclient1 common-name=client1 /certificate sign gw-dsl ca=ca name=gw.yourcompany.com /certificate sign vpnclient1 ca=ca name=client1 /ip pool add name=ovpn-pool range=10.

Mikrotik is one of my favorite routing and MPLS platforms for doing lab and small ISP work. This one is pretty darned easy if you’re willing to use self-signed certificates, and pretty trivial to add legitimate certificates if you are so inclined. /certificate add name=ca common-name=ca key-usage=key-cert-sign,crl-sign /certificate sign ca ca-crl-host=10.255.255.4 name=ca /certificate export-certificate ca /certificate add name=gw-dsl common-name=gw.yourcompany.com /certificate add name=vpnclient1 common-name=client1 /certificate sign gw-dsl ca=ca name=gw.yourcompany.com /certificate sign vpnclient1 ca=ca name=client1 /ip pool add name=ovpn-pool range=10.

OpenVPN is a great technology but can be a bit of a bear to configure. A large part of the complexity with OpenVPN is the certificates, many are put off my them and for good reason. They can be confusing and hard to follow. The certificates can be generated off box pretty easily and that’s how I tend to do it. This configuration should work on both EdgeMAX and Unifi USG devices, although the latter will require some additional work to make it persist across provisioning events.

OpenVPN is a great technology but can be a bit of a bear to configure. A large part of the complexity with OpenVPN is the certificates, many are put off my them and for good reason. They can be confusing and hard to follow. The certificates can be generated off box pretty easily and that’s how I tend to do it. This configuration should work on both EdgeMAX and Unifi USG devices, although the latter will require some additional work to make it persist across provisioning events.

For a small to medium ISPs (especially WISPs) looking to move to IPv6 dual-stack, the right way to deploy is to use DHCPv6 prefix delegation. Here is an example of how to do this in-skin (i.e. on the mikrotik itself rather than a relay). /ipv6 dhcp-server add address-pool=vl100-v6-pd-pool interface=ether5.100 name=vl100-v6-pd add address-pool=vl101-v6-pd-pool interface=ether3.101 name=vl101-v6-pd add address-pool=vl102-v6-pd-pool interface=ether2.102 name=vl102-v6-pd add address-pool=vl106-v6-pd-pool interface=ether1.106 name=vl106-v6-pd add address-pool=vl108-v6-pd-pool interface=ether4.108 name=vl108-v6-pd /ipv6 pool add comment="VLAN103 IPv6 prefix delegation pool"

For a small to medium ISPs (especially WISPs) looking to move to IPv6 dual-stack, the right way to deploy is to use DHCPv6 prefix delegation. Here is an example of how to do this in-skin (i.e. on the mikrotik itself rather than a relay). /ipv6 dhcp-server add address-pool=vl100-v6-pd-pool interface=ether5.100 name=vl100-v6-pd add address-pool=vl101-v6-pd-pool interface=ether3.101 name=vl101-v6-pd add address-pool=vl102-v6-pd-pool interface=ether2.102 name=vl102-v6-pd add address-pool=vl106-v6-pd-pool interface=ether1.106 name=vl106-v6-pd add address-pool=vl108-v6-pd-pool interface=ether4.108 name=vl108-v6-pd `````` /ipv6 pool add comment="VLAN103 IPv6 prefix delegation pool" name=vl103-v6-pd-pool prefix=2001:db8:1a:b000::/48 prefix-length=59 add comment="VLAN100 IPv6 prefix delegation pool" name=vl100-v6-pd-pool prefix=2001:db8:1a:8800::/48 prefix-length=59 add comment="VLAN101 IPv6 prefix delegation pool" name=vl101-v6-pd-pool prefix=2001:db8:1a:9000::/48 prefix-length=59 add comment="VLAN106 IPv6 prefix delegation pool" name=vl106-v6-pd-pool prefix=2001:db8:1a:9800::/48 prefix-length=59 add comment="VLAN108 IPv6 prefix delegation pool" name=vl108-v6-pd-pool prefix=2001:db8:1a:a000::/48 prefix-length=59 add comment="VLAN102 IPv6 prefix delegation pool" name=vl102-v6-pd-pool prefix=2001:db8:1a:a800::/48 prefix-length=59 `````` /ipv6 address add address=2001:db8:1a:103::1 disabled=yes interface=bridge.