Thursday, December 23, 2010

OSPF over Frame-relay

I just wanted to drop a line that has helped me tremendously the last couple of months. Its hard to remember sometimes what goes into an ospf config when using frame as your medium. Remember this:

"Non-broadcast Needs Neighbors"

If the network type is the default of non-broadcast, or point-to-multipoint non-broadcast you will have to include neighbor statements in your ospf configs. HTH's!

-Jason

Monday, December 13, 2010

Routing Protocols Comparison Poster

I kind of threw this together for my written. It is a pdf in its natural state, if you want a copy of the pdf email me at willroute4food at gmail dot com. Its just a good quick side-by-side of some of the major routing protocols. If you find an error, or something I should add please let me know in the comments (I do realize some of the numbers were thrown off in the conversion. The data does appear to be in the appropriate containers though). Thanks.




RIP (version 2)
OSPF
EIGRP
BGP
IP Protocol number, (TCP)
n/a
IP 89
IP 88
TCP 179
Hello Address
224.0.0.9 (can be set to broadcast at the interface level via ip rip v2-broadcast)
224.0.0.5 –AllOSPFRtrs
224.0.0.6 –DR/BDR
224.0.0.10
Unicast hello to configured “neighbor”
Administrative Distance(s)
120
110
Internal – 90
External – 170
Summary -- 5
EBGP – 20
IBGP – 200

Metric (calculation) / Limits
Hop Count/ Limit is 15 hops, 16 is inaccessible
Cost = Autocostrefbw/interface bandwidth
*Default is 100Mb for Autocostrefbw*
Cost  = 256(BW + Delay)
*formula with default K values)
The maximum number of hops that EIGRP will accept is 100 by default, although the maximum can be configured to 220 with metric maximum hops.
IBGP – 0
Redistributed routes metric = IGP metric
Timers
Update-30
Invalid-180
Holdown-180
Flush-240
Hello – 10/30
Dead – 40/120
Hello – 5/60
Hold – 15/180
Keepalive – 60
Holdtime -- 180
Adjacency (neighbor) Requirements
Neighbor must be on a subnet off of primary interface included in “network” statement
1.       Pass authentication checks
2.       Same primary subnet w/mask
3.       Same OSPF area
4.       Same Area type (flags)
5.       NOT duplicate RIDS
6.       Hello/Dead timers must match
7.       Unless P2P (one must be DR/BDR)
1.       Pass authentication checks
2.       Must have same AS number
3.       Must believe that source IP of neighbor in hello is in that routers primary subnet (no secondary’s)
4.       K values must match
1.       Source IP in connection request must match something in the local routers “neighbor” statements.
2.       Routers ASN must match its corresponding ASN in “neighbor stmt
3.       RIDS must be different
4.       Must pass MD5 authentication
Passive Interface (yes,no) /Affects
Yes/Shuts off the sending of updates on the passive interface.  Will still listen to updates and will update routing table accordingly
Yes/Stops sending hello’s /updates out of that interface.  Note though, if included in the network statement the network on that interface will still be advertised to peers.
Yes/suppresses both incoming AND outgoing hellos/updates.  Note that it will not allow neighbors to form. 
n/a
Auto-summarization
Enabled by default
n/a
Enabled by default (wont summarize route that it does not “own”)
Disabled by default after 12.3 mainline
Summary Address
(conf-if) ip summary-address rip ip-address ip-network-mask
default-information originate [route-map map-name]
ABR- area x range ip-address mask {advertise | no-advertise} cost cost

(router) summary-address ip-address mask
(conf-if) ip summary-address eigrp [as] ip-address mask
aggregate-address address mask [as-set] [summary-only] [suppress-map map-name] [advertise-map map-name] [attribute-map map-name]
neighbor x.x.x.x default-originate
network 0.0.0.0 (OR STATIC ROUTE/REDISTRIBUTE)
Filtering Method(s)
distribute-list {access-list-number | prefix prefix-list-name [gateway prefix-list-name]} in [interface-type interface-number]
Inbound – distribute-list {prefix | route-map} in
In/out – area (number) filter-list prefix (name) {in | out}
Distribute-list {access-list num/name}  {prefix list-name}  {in | out}  {int type/num}
Prefix-lists, route-maps, filter-lists, etc….

Authentication
Clear text or MD5
16 character limit

Key chain RIP
Key 1
Key-string cisco

Int fa0/0
Ip rip authentication key-chain RIP
Ip rip authentication mode md5
0 – none, 1 – clear text, 2 – MD5
Int fa0/0
Ip ospf authentication
Ip ospf authentication-key {key}

Int fa0/0
Ip ospf authentication message-digest
Ip ospf message-digest-key {number} md5 {key}

You can also declare the authentication type under the router OSPF process
MD5 only

Key chain EIGRP
Key 1
Key-string cisco

Int fa0/0
Ip authentication mode eigrp [as] md5
Ip authentication key-chain EIGRP [as] EIGRP
MD5 only

Neighbor x.x.x.x password [pass]
Offsets
Increases incoming or outgoing hop count on routing updates (CAN BE USED TO FILTER BY SETTING HOP COUNT > 15)
Access-list 1 permit 10.10.10.0 0.0.0.255

Router rip
Offset-list 1 out 5 serial0
//increases metric by 5 on that route//
n/a
access-list 1 permit 10.1.1.0 0.0.0.255
router eigrp 1
offset-list 1 out 3 FastEthernet0/0
n/a

Friday, November 26, 2010

CCIE R/S Lab Blueprint

Varies slightly from the written blueprint, so I thought that I would post it.


Exam Sections and Sub-task Objectives
1.00Implement Layer 2 Technologies
1.10Implement Spanning Tree Protocol (STP)

(a) 802.1d

(b) 802.1w

(c) 801.1s

(d) Loop guard

(e) Root guard

(f) Bridge protocol data unit (BPDU) guard

(g) Storm control

(h) Unicast flooding

(i) Port roles, failure propagation, and loop guard operation
1.20Implement VLAN and VLAN Trunking Protocol (VTP)
1.30Implement trunk and trunk protocols, EtherChannel, and load-balance
1.40Implement Ethernet technologies

(a) Speed and duplex

(b) Ethernet, Fast Ethernet, and Gigabit Ethernet

(c) PPP over Ethernet   (PPPoE)
1.50Implement Switched Port Analyzer (SPAN), Remote Switched Port Analyzer (RSPAN), and flow control
1.60Implement Frame Relay

(a) Local Management Interface (LMI)

(b) Traffic shaping

(c) Full mesh

(d) Hub and spoke

(e) Discard eligible (DE)
1.70Implement High-Level Data Link Control (HDLC) and PPP
2.00Implement IPv4
2.10Implement IP version  4 (IPv4) addressing, subnetting, and variable-length subnet masking (VLSM)
2.20Implement IPv4  tunneling and Generic Routing Encapsulation (GRE)
2.30Implement IPv4 RIP version 2 (RIPv2)
2.40Implement IPv4 Open Shortest Path First (OSPF)

(a) Standard OSPF areas

(b) Stub area

(c) Totally stubby area

(d)   Not-so-stubby-area (NSSA)

(e) Totally NSSA

(f) Link-state advertisement (LSA) types

(g) Adjacency on a point-to-point and on a multi-access network

(h) OSPF graceful restart
2.50Implement IPv4 Enhanced Interior Gateway Routing Protocol (EIGRP)

(a) Best path

(b) Loop-free paths

(c) EIGRP operations when alternate loop-free paths are available, and when they are not available

(d) EIGRP queries

(e) Manual summarization and autosummarization

(f) EIGRP stubs
2.60Implement IPv4 Border Gateway Protocol (BGP)

(a) Next hop

(b) Peering

(c) Internal Border Gateway Protocol (IBGP) and External Border Gateway Protocol (EBGP)
2.70Implement policy   routing
2.80Implement Performance Routing (PfR) and Cisco Optimized Edge Routing (OER)
2.90Implement filtering, route redistribution, summarization, synchronization, attributes, and other advanced features
3.00Implement IPv6
3.10Implement IP version 6 (IPv6) addressing and different addressing types
3.20Implement IPv6 neighbor discovery
3.30Implement basic IPv6 functionality protocols
3.40Implement tunneling techniques
3.50Implement OSPF version 3 (OSPFv3)
3.60Implement EIGRP version 6 (EIGRPv6)
3.70Implement filtering and route redistribution
4.00Implement MPLS Layer 3 VPNs
4.10Implement Multiprotocol Label Switching (MPLS)
4.20Implement Layer 3 virtual private networks (VPNs) on provider edge (PE), provider (P), and customer edge (CE) routers
4.30Implement virtual routing and forwarding (VRF) and Multi-VRF Customer Edge (VRF-Lite)
5.00Implement IP Multicast
5.10Implement Protocol Independent Multicast (PIM) sparse mode
5.20Implement Multicast Source Discovery Protocol (MSDP)
5.30Implement interdomain multicast routing
5.40Implement PIM Auto-Rendezvous Point (Auto-RP), unicast rendezvous point (RP), and bootstrap router (BSR)
5.50Implement multicast tools, features, and source-specific multicast
5.60Implement IPv6 multicast, PIM, and related multicast protocols, such as Multicast Listener Discovery (MLD)
6.00Implement Network   Security
6.01Implement access   lists
6.02Implement Zone Based   Firewall
6.03Implement Unicast   Reverse Path Forwarding (uRPF)
6.04Implement IP Source   Guard
6.05Implement authentication, authorization, and accounting (AAA) (configuring the AAA server is not required, only the client-side (IOS) is configured)
6.06Implement Control Plane Policing (CoPP)
6.07Implement Cisco IOS Firewall
6.08Implement Cisco IOS Intrusion Prevention System (IPS)
6.09Implement Secure Shell (SSH)
6.10Implement 802.1x
6.11Implement NAT
6.12Implement routing protocol authentication
6.13Implement device access control
6.14Implement security features
7.00Implement Network Services
7.10Implement Hot Standby Router Protocol (HSRP)
7.20Implement Gateway Load Balancing Protocol (GLBP)
7.30Implement Virtual Router Redundancy Protocol (VRRP)
7.40Implement Network Time Protocol (NTP)
7.50Implement DHCP
7.60Implement Web Cache Communication Protocol (WCCP)
8.00Implement Quality of  Service (QoS)
8.10Implement Modular QoS CLI (MQC)

(a) Network-Based Application Recognition (NBAR)

(b)   Class-based weighted fair queuing (CBWFQ),  modified deficit round robin (MDRR), and low latency queuing (LLQ)

(c) Classification

(d) Policing

(e) Shaping

(f) Marking

(g) Weighted random early detection (WRED) and random early detection (RED)

(h) Compression
8.20Implement Layer 2 QoS: weighted round robin (WRR), shaped round robin (SRR), and policies
8.30Implement link fragmentation and interleaving (LFI) for Frame Relay
8.40Implement generic traffic shaping
8.50Implement Resource Reservation Protocol (RSVP)
8.60Implement Cisco   AutoQoS
9.00Troubleshoot a Network
9.10Troubleshoot complex Layer 2 network issues
9.20Troubleshoot complex Layer 3 network issues
9.30Troubleshoot a network in response to application problems
9.40Troubleshoot network services
9.50Troubleshoot network security
10.00Optimize the Network
10.01Implement syslog and local logging
10.02Implement IP Service Level Agreement SLA
10.03Implement NetFlow
10.04Implement SPAN, RSPAN, and router IP traffic export (RITE)
10.05Implement Simple Network Management Protocol (SNMP)
10.06Implement Cisco IOS Embedded Event Manager (EEM)
10.07Implement Remote Monitoring (RMON)
10.08Implement FTP
10.09Implement TFTP
10.10Implement TFTP server on router
10.11Implement Secure Copy Protocol (SCP)
10.12Implement HTTP and HTTPS
10.13Implement Telnet