Thursday, June 28, 2007

CCIE Strategy

This is a super nice strategy I saw published in CCIE Group Study and I decided to publish it here as a link so the Author will get the credit for it, so real nice http://www.ksu.ru/petr/CCIE-RS-Checklist-draft-part-1-v2.txt

Wednesday, June 27, 2007

CCIE OSPF Behaviors

There are five main behaviors when working with OSPF, some people get confused between them and I my self had a painful time understanding at the beginning what the hell we need them and what difference dose it make using one or the other. Broadcast - for shared network environment like Ethernet as you can see bellow by tweaking the interface behavior you can adjust also the timers and make it send multicats instead of unicast: Router1(config-if)#ip address 1.1.1.2 255.255.255.0 Router1(config-if)#ip ospf network broadcast Router1(config-if)#end Router1# show ip ospf interface s0 Serial2 is up, line protocol is up Internet Address 1.1.1.2/24, Area 0 Process ID 1, Router ID 3.3.3.3, Network Type BROADCAST, Cost: 64 Transmit Delay is 1 sec, State DR, Priority 1 Designated Router (ID) 3.3.3.3, Interface address 1.1.1.2 Backup Designated router (ID) 2.2.2.2, Interface address 1.1.1.1 Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 Hello due in 00:00:19 Index 1/1, flood queue length 0 Next 0x0(0)/0x0(0) Last flood scan length is 2, maximum is 2 Last flood scan time is 0 msec, maximum is 0 msec Neighbor Count is 1, Adjacent neighbor count is 1 Adjacent with neighbor 2.2.2.2 (Backup Designated Router) Suppress hello for 0 neighbor(s) non-broadcast - for Frame-relay or ATM here in the bellow example you can see the default behavior or the serial interface Router1# show ip ospf interface s2 Serial2 is up, line protocol is up Internet Address 1.1.1.2/24, Area 0 Process ID 1, Router ID 3.3.3.3, Network Type NON_BROADCAST, Cost: 64 Transmit Delay is 1 sec, State DR, Priority 1 Designated Router (ID) 3.3.3.3, Interface address 1.1.1.2 Backup Designated router (ID) 2.2.2.2, Interface address 1.1.1.1 Timer intervals configured, Hello 30, Dead 120, Wait 120, Retransmit 5 Hello due in 00:00:19 Index 1/1, flood queue length 0 Next 0x0(0)/0x0(0) Last flood scan length is 2, maximum is 2 Last flood scan time is 0 msec, maximum is 0 msec Neighbor Count is 1, Adjacent neighbor count is 1 Adjacent with neighbor 2.2.2.2 (Backup Designated Router) Suppress hello for 0 neighbor(s) point to point - for point to point interface like ppp or hdlc encap point to multipoint - special behavior that the hub interface act as point to point to every spoke in its hub and spoke topology Point-to-Multipoint Nonbroadcast Broadcast use DR / BDR elecation and use multicats 224.0.0.6 for DR / BDR and 224.0.0.5 for all spf routers non-Broadcast use DR / BDR election but it use unicast for neighbor relations this is why you need to make sure that you enable this on the hub of the topology and not on one of the spokes and also you must remember to specify each neighbor manually (only on the hub). point-to-point is the easiest as there is no DR / BDR and the relation is formed very quickly using multicast point to multipoint is also very easy and nice as it also do not use DR / BDR and is forming relation using multicats. Point-to-Multipoint Nonbroadcast like point to multipoint but with the requirement of the neighbor statement in the config now that we understand the modes, some time we are required "mainly in the lab exam" to manipulate the default interface behavior and setting a different one and this is done with the command ip ospf network like i showed in the initial sample when I used a serial interface and tweaked it to use Broadcast behavior and like so I can do the other way meaning using Ethernet and tweaking it to use non-broadcast behavior, now you probably ask your self why would you want to do that??? well the answer is simple: 1) they asked you :-) 2) the more serious answer is that you need more security as you know non-broadcast use unicast meaning that client that should be updated wont be! and you can add to this also encryption and authentication and even if your address been spoofed you will have protection against evil I hope this has been some help!