Networking Source : December 2015

Wednesday, December 16, 2015

NAT

IP NAT configuration

IP NAT inside interface
IP NAT outside interface
ip nat statements
access list

ip nat pool mypool 198.181.18.15 198.181.18.10 netmask 255.255.255.248

access-list 1 permit 192.16.10.32 0.0.0.15

ip nat inside source list 1 pool mypool overload

Tuesday, December 15, 2015

Switch port monitor analyzer SPAN
monitor traffic on specific port, or port mirroring

R1(config)#monitor session 1 source interface fastEthernet 0
R1(config)#monitor session 1 source interface fastEthernet 1

Monday, December 14, 2015

IPv4 & IPv6 Addressing

Great comparing between IPv4 and IPv6

IPv4 address
32-bit
4 Octets
8 bit an octet (8bits.8bits.8bits.8bits) = 32
8bits = 1 byte
1 byte.1 byte.1 byte.1 byte = 4 bytes

IP Classes
Class A 1 - 126 /8
Class B 128 - 191 /16
Class C 192 - 223 /24
Class D 224 - 239 unicast and multicast
Class E 240 - 256

8 bit representation

128 64 32 16 8 4 2 1

IPv6 shortcuts

0004:0000:0000:0000:0000:00FD:000C:0082

Every 4 Zeros can be 1 Zero

0004:0:0:0:0:00FD:000C:0082

Leading Zeros can be removed

4:0:0:0:0:FD:C:82

Double colon can be used to eliminate similar spaces

4::FD:C82

Max 1 time Double Colon

::

BB::1

LLA FE80
Link Local Address (which is similar APIPA for ipv4 )

Stateless (autoconfigure)

11:22:33:44::/64
IPv6 subnet mask
the first 64 bits is Network prefix the remaining is Client or user Prefix or ID

how to determine your subnet mask
1- figure out how many users IDs need
example : 14 users
how many bits give 14 ?
2^4=16

4 - 128 bits = 124 is the mask needed for 12 client IDs

11:22:33:44::/124

Auto Configure works?
it a new feature for ipv6 which creates a unique IPv6 address by utilizing the existing 48bit MAC address for physical NIC with insertion of FFFE in the middle of the MAC address

Statefull (DHCPv6)

SSH

Secure Shell or Secure Socket Shell, is a UNIX based command interface and protocol for securely getting access to a remote computer.
SSH is a suite of three utilities (slogin, ssh and scp) are encrypted and secured, both ends of client/server connection are authenticated using a digital certificate.
SSH uses RSA public key cryptography for both connection and authentication. Encryption algorithms include Blowfish, DES, and IDEA
IDEA is default algorithm
SSH2 is the latest version, proposed by IETF

SSH uses port 22

Basic SSH configuration for cisco router
create user name and password

1- R2(config)#username cisco password cisco

2- Create domain-name
R2(config)#ip domain-name SSH-lAB

3- Generate Certificate
R2(config)#crypto key generate rsa
The name for the keys will be: R2.SSH-lAB
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.

How many bits in the modulus [512]: 512
% Generating 512 bit RSA keys ...[OK]

R2(config)#
*Mar 1 00:33:04.371: %SSH-5-ENABLED: SSH 1.5 has been enabled

4- Apply SSH to interface or VTY
R2(config-line)# login local
R2(config-line)#transport input ssh

R1#ssh -l cisco 192.168.10.2
Password:
R2>ena
Password:
R2#

R1#show crypto key mypubkey rsa
% Key pair was generated at: 00:14:35 UTC Mar 1 1993
Key name: R1.SSH-LAB
Usage: General Purpose Key
Key is not exportable.
Key Data:
305C300D 06092A86 4886F70D 01010105 00034B00 30480241 00A845F2 99A0B9D0
B663F008 435F3C6A AF7F53D7 9CDEB6B9 3389F2D2 EB5852D7 DB21FAA7 8D9BA489
CA71E6C5 BD00087D BBE2C833 C8172E57 58E1A6F3 BC58A5F2 91020301 0001
% Key pair was generated at: 00:14:37 UTC Mar 1 1993
Key name: R1.SSH-LAB.server
Usage: Encryption Key
Key is not exportable.
Key Data:
307C300D 06092A86 4886F70D 01010105 00036B00 30680261 00B0CA71 FC7EF3BC
702FBE93 5CCAA2E9 866F5642 3FD3E12B 566BF63A 72967FF7 BE73EBA5 1DC109A8
F544DA83 87B938DD 61D0FECE 55ACBD86 2FEAF66A 9E5526C8 2E53B9D5 63814B6B
5D3F8F72 ECAA8FA8 952DC75F 2F21C857 FB4358C4 9287F907 B1020301 0001

Thursday, December 10, 2015

WAN Technologies

WAN connection types

DSL modem
Cable modem
Satellite
Wireless 4G LTE/ Wimax
T1 Lines
Fiber

More bandwidth gain

Metro Ethernet (MAN) based on ethernet used fiber optics to connect buildings together

Easily connects with LAN

less expensive

Synchronous Optical network (SONET): a fiber optic multiplexing standard that allows multiple channels of communication to share a fiber optic cable

Metro Ethernet typical speeds 10 Gbps, 40 Gbps, 100Gbps

Metro ethernet is a way we coule interconnect sites within single metropolitan area network

-VSAT: very Small Aperture Terminal (VSAT)

A WAN Technology that uses small satellite dishes instead at network locations for two-communications via a satellite.

VSAT Characteristics:

Two way satellite communication
Satellite dish is less than 3 meters
Useful for locations that can't have a wired connection
Data rates typically in the range of 56Kbps - 4 Mbps
Data experiences more delay
Sensitive to weather condition

Cellular 3G/4G

G: stands for Generation

standards defined by the international telecommunications union radiocommunication sector

LTE Long Time Evolution is commonly offered as 4G technology

MPLS:

Multi-protocol label switching

Makes forwarding decision based on a 20-bit label in a 32-bit header

The idea behind MPLS ( instead of having routers forward traffic based on destination IP address found in layer 3 header of a packet, we can assign labels to packets and routers within MPLS could can make forwarding decision based on label instead of ip address.

Routing based on a label rather than an ip address was originally viewed to be much more efficient way of forwarding traffic within a cloud

other advantages for MPLS

services provider can isolate customers traffic based on different labels
advance traffic engineering that gives us a fine level of control as of how traffic is going flow through our the network
quality of service (QoS) we can treat different types of traffic differently
MPLS ability to be compatible with multiple protocols

How MPLS labeling works

MPLS is going to injects its 32-bit header in between L2 and L3 headers and inside that 32-bit header we have 20-bit label (that is the label the routers look at to make its forwarding decision)

different devices on the MPLS network are going to play different rules

CPE (Customer Premise Equiment) a device at customers site that connects to an MPLS provider, ELSR (Edge label Switch Router) a device at the edge of an MPLS cloud that adds lables to traffic coming into the cloud and removes labels from the traffic leaving the cloud (note: an ELSR also know as a PE (provider edge router), LSR (Label Switch Router) a device inside an MPLS cloud that relables traffic and makes forwarding decisions based on those labels (note: an LSR is also know as P Provider Router)

its important to understand that, a packet does not keep its label thoughout the MPLS cloud every LSR hop is going to change the label

Leased Line T1, E1 T3 and E3 Circuits

Typically, a point-to-point connection that interconnects two sites and provides dedicated bandwidth to the subscribers

Frame Relay

Frame Relay:
A layer 2 WAN technology that sends frames over virtual circuits (VCs) that are identified by (DLCI) Data Link Connection Identifier number.

Virtual Circuit (VC): a logical connection between two ends.

Switched Virtual Circuits (SVC)
A virtual circuit that is brought up on an as-needed basis

Permanent Virtual Circuit (PVC)
A virtual circuit that is always active

Data-Link Connection Identifier (DLCI)
A locally siginificant number that identifies a virtual circuit (VC)

Point-to-Point Circuit
A single VC interconnecting two endpoints, where both endpoints belong to the same IP subnet

Point-to-Multipoint Circuit
A connection from one end to one or more other endpoints, where all end points belong to the same IP subnet

Service Level Agreement
An agreement between a service provider and their customer, describing the level of service the service provider guarantees for a specific connection, which guarantee a minimum level of service

Committed Information Rate (CIR)
A bandwidth amount a service provider guarantees to be available, a certain percentage of the time, on a customer's virtual circuit.

Discard Eligibility (DE) bit
A bit in frame relay frame's header that indicates the frame was sent in excess of the CIR and can be discarded by the service provider if congestion is occurring

Backward Explicit Congestion Notification (BECN)
A bit in a frame relay frame's header used to tell a sender to slow down its transmission rate

Forward Explicit Congestion Notification (FECON)
A bit in a Frame relay frame's header used to tell a receiver to send a frame to the sender, which the service provider will mark with a BECN bit

Frame_relay will be sending data over DLCI (Data Link connection Identifier) known as layer 2 addresses

Frame - LMI type
R3(config-if)#frame-relay lmi-type ?
cisco
ansi
q933a

Configuring and verifying Frame_Relay with GNS3

Frame_Switch(config)#frame-relay switching
Frame_Switch(config-if)#encapsulation frame-relay
Frame_Switch(config-if)#frame-relay intf-type dce
Frame_Switch(config-if)#frame-relay route 102 interface serial 1/1 201
Frame_Switch(config-if)#frame-relay route 103 interface serial 1/2 301

R1(config-if)#encapsulation frame-relay
R1(config-if)#ip address 10.1.1.1 255.255.255.0
R1(config-if)#no shut

the same config goes for R2 and R3

Frame_Switch(config-if)#frame-relay route 102 interface serial 1/1 201

frame-relay Set frame relay parameter

route frame relay route for pvc switching

<16-1007> input dlci to be switched

interface outgoing interface for pvc switching

<16-1007> output dlci to use when switching

Wednesday, December 9, 2015

PPP

Serial Port - CSU/DSU A digital modem can a router's serial port to a service provider

Connector types:

V.35 connector: supports speed of 2.048 Mbps using a rectangular connector
DB-60 connector: a 60-pin (also know as a cisco 5-in-1 connector) that is supported on serveral cisco router models)
Smart Serial connector: a high-desnity connector that allows a WAN interface card (WIC) to have two serial connections instead of just one.
EIA/TIA-232 connector: a 25-pin D-connector that supports of 64 kbps for short distance

What protocol is running at layer 2?

HDLC (High level Data Link Control) the default layer 2 protocol used by cisco routers on serial interfaces

Note: cisco uses their own proprietary version of HDLC

DCE connector: Data Communication Equipment DCE ( the end of a serial cable that provides clocking)

DTE connector: Data Terminal Equipment (the end of a serial cable that receive the clocking)

PPP (Point-to-Point) protocol

a layer 2 encapsulation commonly used on leased lines, which supports authentications, compression, error detection and correction, and logical multi-link interface

LCP (link control protocol)

a protocol used by PPP to setup, maintain, and teardown a connection

NCP (network control protocol) the protocols used to negotiate the configuration of protocols being transmitted over PPP link

Setup Serial connection with PPP

Change encapsulations to PPP
Setup PAP authentication (username & password )
setup chap authentication
traffic compress stac
reliable-link
Multi-link

R1(config-if)#encapsulation ppp

R2(config-if)#encapsulation ppp

One Way authentication ( server - client authentication)

R1(config)#username papuser password pappassword

R1(config-if)#ppp authentication pap

R2(config-if)#ppp pap sent-username papuser password pappassword

setup ppp authentication chap

R1(config)#username R2 password chappassword

R1(config-if)#ppp authentication chap

R1(config-if)#compress stac

R1(config-if)#ppp reliable-link

R2(config)#interface multilink 1

R1(config-if)#ppp multilink

R1(config-if)#ip address 10.1.1.1 255.255.255.252

on interface level

ser0/0 and ser 0/1

R1(config-if)#no ip address

R1(config-if)#ppp multilink group 1

R2(config)#username R1 password chappassword

R2(config-if)#ppp authentication chap

R2(config-if)#compress stac

R2(config-if)#ppp reliable-link

R2(config)#interface multilink 1

ser0/0 and ser 0/1

R2(config-if)#no ip address

R2(config-if)#ppp multilink group 1

Sunday, December 6, 2015

GLBP

Gateway Load Balance Protocol is cisco proprietary protocol which gives a very efficient solution such as HSRP in addition to load balancing capability within a single GLBP group.

GLBP Operation
Active Virtual Gateway (AVG): response to ARP requests from hosts and assigns virtual MAC address to members of the GLBP group

Active Virtual Forwarder (AVF): A member of a GLBP group that discovers an Active Virtual Gateway AVG based on Hello messages, and learns its virtual MAC address from that AVG

Configure GLBP
glbp Gateway Load Balancing Protocol interface commands

R1(config-if)#glbp 10 ip 10.1.1.1
R1(config-if)#glbp 10 priority 110

R2#show glbp
FastEthernet0/1 - Group 10
State is Active
2 state changes, last state change 00:05:36
Virtual IP address is 10.1.1.1
Hello time 3 sec, hold time 10 sec
Next hello sent in 2.748 secs
Redirect time 600 sec, forwarder time-out 14400 sec
Preemption enabled, min delay 0 sec
Active is local
Standby is unknown
Priority 100 (default)
Weighting 100 (default 100), thresholds: lower 1, upper 100
Load balancing: round-robin
There are 2 forwarders (2 active)
Forwarder 1
State is Active
1 state change, last state change 00:05:36
MAC address is 0007.b400.0a01 (learnt)
Owner ID is c004.809c.0001
Redirection enabled, 253.616 sec remaining (maximum 600 sec)
Time to live: 14053.612 sec (maximum 14400 sec)
Preemption enabled, min delay 30 sec
Active is local, weighting 100
Arp replies sent: 1
Forwarder 2
State is Active
1 state change, last state change 00:11:23
MAC address is 0007.b400.0a02 (default)
Owner ID is c002.1640.0001
Redirection enabled
Preemption enabled, min delay 30 sec
Active is local, weighting 100

Arp replies sent: 1

Saturday, December 5, 2015

EIGRP - IPv6

EIGRP routing for IPv6 the same as IPv4 routing except you have enable the IPv6 routing with the following commands
you will see this error message if IPv6 routing not enabled
R1(config)#ipv6 router eigrp 10
% IPv6 routing not enabled

R1(config)#ipv6 unicast-routing Enable unicast routing
R1(config)#ipv6 cef

R1(config)#ipv6 router eigrp 10
R1(config-rtr)#router-id 1.1.1.1

No network statements given at router config, instead its given at participating interface

R1(config-if)#ipv6 eigrp 10

Very important no shutdown to IPv6 EIGRP protocol
or you will have errot message

R3#show ipv6 eigrp interfaces
IPv6-EIGRP interfaces for process 10

% EIGRP 10 is in SHUTDOWN

R2(config)#ipv6 router eigrp 10
R2(config-rtr)#no shut
R2(config-rtr)#
*Dec 6 01:47:09.363: %DUAL-5-NBRCHANGE: IPv6-EIGRP(0) 10: Neighbor FE80::C809:1DFF:FEA8:8 (Serial2/0) is up: new adjacency
*Dec 6 01:47:09.367: %DUAL-5-NBRCHANGE: IPv6-EIGRP(0) 10: Neighbor FE80::C80B:15FF:FE80:6 (FastEthernet0/1) is up: new adjacency

R2#show ipv6 route
IPv6 Routing Table - 11 entries
Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP
U - Per-user Static route, M - MIPv6
I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary
O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
D - EIGRP, EX - EIGRP external
D 2000:1::/64 [90/30720]
via FE80::C809:1DFF:FEA8:8, Serial2/0
via FE80::C80B:15FF:FE80:6, FastEthernet0/1
C 2000:2::/64 [0/0]
via ::, Serial2/0
L 2000:2::2/128 [0/0]
via ::, Serial2/0
C 2000:3::/64 [0/0]
via ::, FastEthernet0/1
L 2000:3::2/128 [0/0]
via ::, FastEthernet0/1
C 2000:4::/64 [0/0]
via ::, FastEthernet0/0
L 2000:4::1/128 [0/0]
via ::, FastEthernet0/0
D 2000:11::1111/128 [90/158720]
via FE80::C809:1DFF:FEA8:8, Serial2/0
via FE80::C80B:15FF:FE80:6, FastEthernet0/1
LC 2000:22::2222/128 [0/0]
via ::, Loopback0
D 2000:33::3333/128 [90/156160]
via FE80::C809:1DFF:FEA8:8, Serial2/0
via FE80::C80B:15FF:FE80:6, FastEthernet0/1
L FF00::/8 [0/0]

via ::, Null0

Verification commands

show ipv6 protocol
show ipv6 eigrp interface
show ipv6 eigrp neighbors
show ipv6 route
show ipv6 eigrp topology
show ipv6 cef

Modifying K values

R3(config-rtr)#metric weights 0 1 1 1 0 0

Configure Neighbors Authentication

R2(config)#key chain Test

R2(config-keychain-key)#key-string pa$$word

R2(config-if)#ipv6 authentication key-chain eigrp 10 Test

R2#2(config-if)#ipv6 authentication mode eigrp 10 md5

R2#show key chain
Key-chain Test:
key 10 -- text "pa$$word"
accept lifetime (always valid) - (always valid) [valid now]
send lifetime (always valid) - (always valid) [valid now]

VRRP

VRRP is similar to HSRP

Virtual Router Redundancy Protocol (VRRP)
A standards-based First Hop Redundancy Protocol (FHRP)

Configure VRRP
R1(config-if)#vrrp 10 ip 10.1.1.1

R1#show vrrp
FastEthernet0/1 - Group 10
State is Master
Virtual IP address is 10.1.1.1
Virtual MAC address is 0000.5e00.010a
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 110
Master Router is 10.1.1.2 (local), priority is 100
Master Advertisement interval is 1.000 sec
Master Down interval is 3.609 sec

R2(config-if)#vrrp 10 ip 10.1.1.1

R2(config-if)#do show vrrp
FastEthernet0/1 - Group 10
State is Backup
Virtual IP address is 10.1.1.1
Virtual MAC address is 0000.5e00.010a
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 100
Master Router is 10.1.1.2, priority is 110
Master Advertisement interval is 1.000 sec
Master Down interval is 3.609 sec (expires in 3.269 sec)

Friday, December 4, 2015

HSRP

HSRP
Hot Standby Router Protocol is cisco proprietary protocol known as First hop Redundancy Protocol
one router or multi-layer switch that actively forwards traffic out of a subnet which called an active-router. If the active router becomes unavailable the second router can detect the absence of an active router and it becomes the active router which called the standby router (Backup router).

HSRP Operation
Clients configured with default gateway that is neither active or standby configured with, which means there is a virtual gateway ip address that clients point to along with virtual MAC address
Virtual Router which often called phantom router that have the actual gateway ip address clients point to.

How HSRP functions
Hello messages used to elect an active router and to inform the standby router that the active router is still available.
Hello messages sent out every 3 seconds, there is also Holdertime Timer (a time after which the standby router becomes that active router (default of 10 senconds)
HSRP ver 2 Holdtimer can be configured in milliseconds, that is how standby router can determine an active router has gone down.

Active Router Election
The router or multi-layer switch with the highest priority is elected as the active router (default priority is 100)

Tracking option
Allows an HSRP router to monitor a network condition such as interface status, and decrements its priority based on that condition.

Preeampt Option
HSRP's preempt option allows a router that was previously the active router to reclaim its rule active router, if it goes down and comes a backup.

Configuring HSRP

R1(config-if)#stan
R1(config-if)#standby 10 ip 10.1.1.1
R1(config-if)#
*Dec 4 19:35:18.983: %HSRP-5-STATECHANGE: FastEthernet0/1 Grp 10 state Standby -> Active

R2(config-if)#standby 10 ip 10.1.1.1
R2(config-if)#
*Dec 4 20:16:50.203: %HSRP-5-STATECHANGE: FastEthernet0/1 Grp 10 state Speak -> Standby

R2(config-if)#standby 1 ip 10.1.1.1
R2(config-if)#
*Mar 1 00:05:32.695: HSRP: Fa0/1 Grp 1 Disabled -> Init
*Mar 1 00:05:32.695: HSRP: Fa0/1 Grp 1 Redundancy "hsrp-Fa0/1-1" state Disabled -> Init

R2(config-if)#
*Mar 1 00:05:42.699: HSRP: Fa0/1 Grp 1 Active router is 10.1.1.2
*Mar 1 00:05:42.699: HSRP: Fa0/1 Interface up
*Mar 1 00:05:42.699: HSRP: Fa0/1 Starting minimum interface delay (1 secs)
*Mar 1 00:05:43.699: HSRP: Fa0/1 Interface min delay expired
*Mar 1 00:05:43.699: HSRP: Fa0/1 Grp 1 Init: a/HSRP enabled
*Mar 1 00:05:43.699: HSRP: Fa0/1 Grp 1 Init -> Listen
*Mar 1 00:05:43.699: HSRP: Fa0/1 Grp 1 Redundancy "hsrp-Fa0/1-1" state Init -> Backup
*Mar 1 00:05:53.699: HSRP: Fa0/1 Grp 1 Listen: d/Standby timer expired (unknown)
*Mar 1 00:05:53.699: HSRP: Fa0/1 Grp 1 Listen -> Speak
*Mar 1 00:05:53.699: HSRP: Fa0/1 Grp 1 Redundancy "hsrp-Fa0/1-1" state Backup -> Speak
*Mar 1 00:06:03.775: HSRP: Fa0/1 Grp 1 Speak: d/Standby timer expired (unknown)
*Mar 1 00:06:03.775: HSRP: Fa0/1 Grp 1 Standby router is local
*Mar 1 00:06:03.775: HSRP: Fa0/1 Grp 1 Speak -> Standby
*Mar 1 00:06:03.775: HSRP: Fa0/1 Grp 1 Redundancy "hsrp-Fa0/1-1" state Speak -> Standby
R2(config-if)#

Standby Content Help
R2(config-if)#standby ?
<0-255> group number
authentication Authentication
delay HSRP initialisation delay
ip Enable HSRP and set the virtual IP address
mac-address Virtual MAC address
name Redundancy name string
preempt Overthrow lower priority Active routers
priority Priority level
redirects Configure sending of ICMP Redirect messages with an HSRP
virtual IP address as the gateway IP address
timers Hello and hold timers
track Priority tracking
use-bia HSRP uses interface's burned in address

R2(config-if)#standby 1 ?
authentication Authentication
ip Enable HSRP and set the virtual IP address
mac-address Virtual MAC address
name Redundancy name string
preempt Overthrow lower priority Active routers
priority Priority level
timers Hello and hold timers
track Priority tracking

R1#show standby brief
P indicates configured to preempt.
|
Interface Grp Prio P State Active Standby Virtual IP
Fa0/1 1 100 Active local 10.1.1.3 10.1.1.1
R1#

R2#show standby brief
P indicates configured to preempt.
|
Interface Grp Prio P State Active Standby Virtual IP
Fa0/1 1 100 Standby 10.1.1.2 local 10.1.1.1
R2#

R2(config-if)#
*Mar 1 00:39:03.035: HSRP: Fa0/1 Grp 1 Coup in 10.1.1.2 Standby pri 110 vIP 10.1.1.1
*Mar 1 00:39:03.035: HSRP: Fa0/1 Grp 1 Active: j/Coup rcvd from higher pri router (110/10.1.1.2)
*Mar 1 00:39:03.035: HSRP: Fa0/1 Grp 1 Active router is 10.1.1.2, was local
*Mar 1 00:39:03.035: HSRP: Fa0/1 Grp 1 Standby router is unknown, was 10.1.1.2
*Mar 1 00:39:03.039: HSRP: Fa0/1 Grp 1 Active -> Speak
*Mar 1 00:39:03.039: %HSRP-6-STATECHANGE: FastEthernet0/1 Grp 1 state Active -> Speak
R2(config-if)#
*Mar 1 00:39:03.039: HSRP: Fa0/1 Grp 1 Redundancy "hsrp-Fa0/1-1" state Active -> Speak
R2(config-if)#
*Mar 1 00:39:13.035: HSRP: Fa0/1 Grp 1 Speak: d/Standby timer expired (unknown)
*Mar 1 00:39:13.035: HSRP: Fa0/1 Grp 1 Standby router is local
*Mar 1 00:39:13.035: HSRP: Fa0/1 Grp 1 Speak -> Standby
*Mar 1 00:39:13.035: HSRP: Fa0/1 Grp 1 Redundancy "hsrp-Fa0/1-1" state Speak -> Standby
R2(config-if)#
*Mar 1 00:39:26.131: HSRP: Fa0/1 Grp 1 Standby: h/Hello rcvd from lower pri Active router (80/10.1.1.2)
*Mar 1 00:39:26.131: HSRP: Fa0/1 Grp 1 Active router is local, was 10.1.1.2
*Mar 1 00:39:26.131: HSRP: Fa0/1 Grp 1 Standby router is unknown, was local
*Mar 1 00:39:26.135: HSRP: Fa0/1 Grp 1 Coup out 10.1.1.3 Standby pri 100 vIP 10.1.1.1
*Mar 1 00:39:26.135: HSRP: Fa0/1 Grp 1 Standby -> Active
*Mar 1 00:39:26.135: %HSRP-6-STATECHANGE: FastEthernet0/1 Grp 1 state Standby -> Active
R2(config-if)#
*Mar 1 00:39:26.135: HSRP: Fa0/1 Grp 1 Redundancy "hsrp-Fa0/1-1" state Standby -> Active
*Mar 1 00:39:26.243: HSRP: Fa0/1 Grp 1 Resign in 10.1.1.2 Speak pri 80 vIP 10.1.1.1
*Mar 1 00:39:26.243: HSRP: Fa0/1 Grp 1 Active: i/Resign rcvd (80/10.1.1.2)
*Mar 1 00:39:26.243: HSRP: Fa0/1 Grp 1 Coup out 10.1.1.3 Active pri 100 vIP 10.1.1.1
R2(config-if)#
*Mar 1 00:39:29.247: HSRP: Fa0/1 Grp 1 Redundancy group hsrp-Fa0/1-1 state Active -> Active
R2(config-if)#
*Mar 1 00:39:32.247: HSRP: Fa0/1 Grp 1 Redundancy group hsrp-Fa0/1-1 state Active -> Active
R2(config-if)#
*Mar 1 00:39:37.895: HSRP: Fa0/1 Grp 1 Standby router is 10.1.1.2

R1#show standby
FastEthernet0/1 - Group 1
State is Active
14 state changes, last state change 00:00:41
Virtual IP address is 10.1.1.1
Active virtual MAC address is 0000.0c07.ac01
Cisco Vender Code HSRP Ver 1.0 Group#<0-255> group number
0000.0c9f.f001
Cisco Vender Code HSRP Ver 2.0 Group# <0-4095> group number
Local virtual MAC address is 0000.0c07.ac01 (default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.468 secs
Preemption enabled
Active router is local
Standby router is 10.1.1.3, priority 100 (expires in 9.804 sec)
Priority 110 (configured 110)
Track interface FastEthernet0/0 state Up decrement 30
IP redundancy name is "hsrp-Fa0/1-1" (default)

R2#show ip arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.1.1.3 - c002.1640.0001 ARPA FastEthernet0/1
Internet 10.1.1.1 - 0000.0c07.ac01 ARPA FastEthernet0/1
Internet 192.168.14.2 0 0050.56e8.e3c1 ARPA FastEthernet0/0
Internet 10.1.1.100 44 0050.7966.6800 ARPA FastEthernet0/1
Internet 192.168.14.254 32 0050.56fd.eee2 ARPA FastEthernet0/0
Internet 192.168.14.141 - c002.1640.0000 ARPA FastEthernet0/0

EIGRP

Characteristics of EIGRP
Enhanced Interior Gateway Routing Protocol, and advanced link state routing protocol

Fast conversion
scalable
Load balancing over unequal cost links
classless (VLSM)
Communicates via multicast 224.0.0.10
was cisco-proprietary

Routing Structure

EIGRP maintains 3 tables (Neighbor, Interface & Topology)
EIGRP keeps track of its adjacent neighbors command (show ip eigrp neighbors)
Interface table which contains a list of interfaces participating in EIGRP Autonomous System command (show ip eigrp interfaces)
EIGRP Topology table which contains routes to network destination, command (show ip eigrp topology)

Path Selection

How EIGRP makes path selection decision
EIGRP uses DUAL algorithm (diffusing Update Algorithm) a calculation made by EIGRP to determine the best loop-free path to a network
Advertised Distance (AD) the Distance (metric value) of a neighboring router to reach a network. Advertised Distance is sometimes called the Reported Distance (RD)
Feasible Distance (FD): a neighbor's Advertised Distance to a network plus the distance to reach that neighbor
Successor Router: the primary route to have a network, based on the route having the lowest Feasible Distance (FD) of all routes in the EIGRP topology table.
Feasible Successor Route: a backup route to a network, based on the route having the second lowest feasible distance in the EIGRP topology (the feasibility condition must be met)
Feasibility condition: before a route can become a Feasible Successor Route, its Advertised Distance (AD) has to be lower than the Feasible Distance of the successor route.

Metric Calculation

Bandwidth
Delay
Reliability
Load
MTU

Metric = [(K1*Bandwidth + (K2*Bandwidth)/(256-Load)+K3*Delay)*K5/(K4+Reliability)]*256

Default K values

K1=1

K2=0

K3=1

K4=0

K5=0

By adding K values into metric formula

Metric=(Bandwidth + Delay)*256

Metric=[(10,000,000/)+(sum of interface Delays/10)]*256

EIGRP Configuration
from Global configuration mode
Router Eigrp followed by Autonomous system number
Enter networks followed by wildcard mask

R2#sho ip eigrp topology
IP-EIGRP Topology Table for AS(100)/ID(2.2.2.2)

Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - reply Status, s - sia Status

P 3.3.3.3/32, 1 successors, FD is 156160
via 192.168.1.1 (156160/128256), FastEthernet0/1
P 1.1.1.1/32, 1 successors, FD is 158720
via 192.168.1.1 (158720/156160), FastEthernet0/1
via 172.16.1.1 (2297856/128256), Serial0/1
P 2.2.2.2/32, 1 successors, FD is 128256
via Connected, Loopback0
P 10.1.1.0/24, 1 successors, FD is 30720
via 192.168.1.1 (30720/28160), FastEthernet0/1
via 172.16.1.1 (2172416/28160), Serial0/1
P 192.168.1.0/30, 1 successors, FD is 28160
via Connected, FastEthernet0/1
P 172.16.1.0/30, 1 successors, FD is 2169856
via Connected, Serial0/1

R2#show ip eigrp interfaces
IP-EIGRP interfaces for process 100

Xmit Queue Mean Pacing Time Multicast Pending
Interface Peers Un/Reliable SRTT Un/Reliable Flow Timer Routes
Lo0 0 0/0 0 0/10 0 0
Se0/1 1 0/0 173 0/15 863 0

Fa0/1 1 0/0 1793 0/10 5936 0

R2#show ip eigrp neighbors
IP-EIGRP neighbors for process 100
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
1 192.168.1.1 Fa0/1 11 00:08:21 1793 5000 0 11
0 172.16.1.1 Se0/1 13 00:09:18 173 1038 0 20

R2#sho ip cef
Prefix Next Hop Interface
0.0.0.0/0 drop Null0 (default route handler entry)
0.0.0.0/32 receive
1.1.1.1/32 192.168.1.1 FastEthernet0/1
2.2.2.2/32 receive
3.3.3.3/32 192.168.1.1 FastEthernet0/1
10.1.1.0/24 192.168.1.1 FastEthernet0/1
10.2.2.0/24 attached FastEthernet0/0
10.2.2.0/32 receive
10.2.2.1/32 receive
10.2.2.255/32 receive
172.16.1.0/30 attached Serial0/1
172.16.1.0/32 receive
172.16.1.2/32 receive
172.16.1.3/32 receive
192.168.1.0/30 attached FastEthernet0/1
192.168.1.0/32 receive
192.168.1.1/32 192.168.1.1 FastEthernet0/1
192.168.1.2/32 receive
192.168.1.3/32 receive
224.0.0.0/4 drop
224.0.0.0/24 receive
255.255.255.255/32 receive

Configure unequal Cost Load Balancing
By default OSPF and EIGRP can load balance over an equal cost links

Example:

routing table shows only one path to 1.1.1.1

EIGRP topolofy shows it has 2 paths to 1.1.1.1

WHY?
its very simple why, because of the feasible distance is less 158720 < 2297856

by using this command we can inject another path in the routing table which is to be our load balance link
variance Control load balancing variance

R2(config-router)#variance ?
<1-128> Metric variance multiplier

how to figure out the variance number?
Simple way in doing that!

by dividing the worst FD / Best FD
2297856 / 158720 = 14.4 is not enough which we have to round up to 15

R2(config-router)#variance 15

EIGRP Auto-summary
Auto-summary can reduce the individual route in routing table EIGRP can summarize networks at their classfull boundaries using their natural mask which can be a great thing to reduce size of the ip routing table it could a problem for discontiguous that can cause a problem

R1#show ip protocols
Routing Protocol is "eigrp 100"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Default networks flagged in outgoing updates
Default networks accepted from incoming updates
EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0
EIGRP maximum hopcount 100
EIGRP maximum metric variance 1
Redistributing: eigrp 100
EIGRP NSF-aware route hold timer is 240s
Automatic network summarization is in effect
Automatic address summarization:
172.16.0.0/16 for Loopback0, FastEthernet0/0
Summarizing with metric 2169856
10.0.0.0/8 for Loopback0, Serial2/0
Summarizing with metric 28160
1.0.0.0/8 for FastEthernet0/0, Serial2/0
Summarizing with metric 128256
Maximum path: 4
Routing for Networks:
1.1.1.1/32
10.1.1.0/24
172.16.1.0/30
Routing Information Sources:
Gateway Distance Last Update
(this router) 90 00:02:38
10.1.1.2 90 00:02:38
172.16.1.2 90 00:02:38
Distance: internal 90 external 170

Configure Passive Interface

hello packet passes through this interface which is connected to a switch, which might be a security issue

!
router eigrp 100
variance 15
passive-interface FastEthernet0/0
network 2.2.2.2 0.0.0.0
network 10.2.2.0 0.0.0.255
network 172.16.1.0 0.0.0.3
network 192.168.1.0 0.0.0.3
no auto-summary
!

Passive interface will not send hello packets

Troubleshooting

show ip route
show ip protocols
show ip eigrp neighbors
show ip eigrp topology
show ip cef
matching K values
look for authentication mismatch
EIGRP AS# mismatch
look for passive interface

Thursday, December 3, 2015

OSPFv3

OSPFv2 does not support IPv6
IPv6 is supported by OSPFv3 which can be configured from the interface
with following commands

couple of commands that need to enabled for IPv6 routing to work
ipv6 cef Cisco Express Forwarding for IPv6
Cisco Express Forwarding (allow routers to making and an efficient routing decisions based on FIB (forwarding Information Base) and adjacency table
ipv6 unicast-routing Enable unicast routing (which enables the router to route traffic based on destination IPv6 addresses)

R1>interfaces ip information
interface Loopback0
ip address 1.1.1.1 255.255.255.255
interface FastEthernet0/0
no ip address
duplex auto

speed auto

ipv6 address 2000:11AA::1/64

interface FastEthernet1/0

no ip address

duplex auto

speed auto

ipv6 address 2000:1122::1/64

Configuring OSPv3 do the same commands on R2 & R3

R1# conf ter

Enter configuration commands, one per line. End with CNTL/Z.

R1(config)#ipv

R1(config)#ipv6 router

R1(config)#ipv6 router os

R1(config)#ipv6 router ospf 1

R1(config-rtr)#router-id

Note: error message if IPv6 unicast not enable

R2(config)#ipv6 router ospf 1

% IPv6 routing not enabled

configuring interfaces with OSPFv3 with with this command

R1#conf ter

Enter configuration commands, one per line. End with CNTL/Z.

R1(config)#inter fas

R1(config)#inter fastEthernet 0/0

R1(config-if)#ipv

R1(config-if)#ipv6 osp

R1(config-if)#ipv6 ospf ?

<1-65535> Process ID

authentication Enable authentication

cost Interface cost

database-filter Filter OSPF LSA during synchronization and flooding

dead-interval Interval after which a neighbor is declared dead

demand-circuit OSPF demand circuit

flood-reduction OSPF Flood Reduction

hello-interval Time between HELLO packets

mtu-ignore Ignores the MTU in DBD packets

neighbor OSPF neighbor

network Network type

priority Router priority

retransmit-interval Time between retransmitting lost link state

OSPF Step-by-Step

understand basic OSPF routing protocol and how its functions and what type of algorithm it uses to select best routs

OSPF Basics

Open standard devloped by IETF
Establishes Adjacency with routers
Sends Link State Advertisments LSA's to other routers in an area
Constructs a links state database from received LSA's
Runs Dijkstra Shortest Path First for algorithm to determine the shortest path to a network
Attempts to inject the best path for each network into a router's routing table

OSPF Terminology

Hello: a protocol used to discover OSPF neighbors and confirm reachability to chose neighbors also used in elections of designated routers.
Link State Advertisement (LSA): information a router sends and receives about network reachability, used to construct a router 's link state database.
Links State Update LSU: a packet that carries LSA's
Link State Request LSR: used by a router to request specific LSA information from a neighbor
Link State Acknowledgement LSACK: used bu router to confirm it received LSU

DR and BDR

Adjacencies only to be formed with DR and BDR

How DR gets Elected ?

Hello protocol used to elect a DR
During DR election, router with highest priority value wins.
OSPF priority value is associated with an interface and can be a value in range 0 - 255
An OSPF priority value 0 means that the router will not become a DR
The default Priority value of an interface is 1
If the priorities tie, the router with highest router ID (RID) becomes DR
A router ID can be configured in router configuration mode, with command router-id value
If an RID is not configured, the highest IP address of a loopback interface becomes the RID
If a router no loopback interface, the highest IP address of non-loopback interface becomes the RID

Types of LSA

OSPF Example with 2 Areas