Thursday, June 28, 2007
CCIE Strategy
This is a super nice strategy I saw published in CCIE Group Study and I decided to publish it here as a link so the Author will get the credit for it, so real nice
http://www.ksu.ru/petr/CCIE-RS-Checklist-draft-part-1-v2.txt
Wednesday, June 27, 2007
CCIE OSPF Behaviors
There are five main behaviors when working with OSPF, some people get confused between them and I my self had a painful time understanding at the beginning what the hell we need them and what difference dose it make using one or the other.
Broadcast - for shared network environment like Ethernet as you can see bellow by tweaking the interface behavior you can adjust also the timers and make it send multicats instead of unicast:
Router1(config-if)#ip address 1.1.1.2 255.255.255.0
Router1(config-if)#ip ospf network broadcast
Router1(config-if)#end
Router1# show ip ospf interface s0
Serial2 is up, line protocol is up
Internet Address 1.1.1.2/24, Area 0
Process ID 1, Router ID 3.3.3.3, Network Type BROADCAST, Cost: 64
Transmit Delay is 1 sec, State DR, Priority 1
Designated Router (ID) 3.3.3.3, Interface address 1.1.1.2
Backup Designated router (ID) 2.2.2.2, Interface address 1.1.1.1
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:19
Index 1/1, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 2, maximum is 2
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 2.2.2.2 (Backup Designated Router)
Suppress hello for 0 neighbor(s)
non-broadcast - for Frame-relay or ATM here in the bellow example you can see the default behavior or the serial interface
Router1# show ip ospf interface s2
Serial2 is up, line protocol is up
Internet Address 1.1.1.2/24, Area 0
Process ID 1, Router ID 3.3.3.3, Network Type NON_BROADCAST, Cost: 64
Transmit Delay is 1 sec, State DR, Priority 1
Designated Router (ID) 3.3.3.3, Interface address 1.1.1.2
Backup Designated router (ID) 2.2.2.2, Interface address 1.1.1.1
Timer intervals configured, Hello 30, Dead 120, Wait 120, Retransmit 5
Hello due in 00:00:19
Index 1/1, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 2, maximum is 2
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 2.2.2.2 (Backup Designated Router)
Suppress hello for 0 neighbor(s)
point to point - for point to point interface like ppp or hdlc encap
point to multipoint - special behavior that the hub interface act as point to point to every spoke in its hub and spoke topology
Point-to-Multipoint Nonbroadcast
Broadcast use DR / BDR elecation and use multicats 224.0.0.6 for DR / BDR and 224.0.0.5 for all spf routers
non-Broadcast use DR / BDR election but it use unicast for neighbor relations this is why you need to make sure that you enable this on the hub of the topology and not on one of the spokes and also you must remember to specify each neighbor manually (only on the hub).
point-to-point is the easiest as there is no DR / BDR and the relation is formed very quickly using multicast
point to multipoint is also very easy and nice as it also do not use DR / BDR and is forming relation using multicats.
Point-to-Multipoint Nonbroadcast like point to multipoint but with the requirement of the neighbor statement in the config
now that we understand the modes, some time we are required "mainly in the lab exam" to manipulate the default interface behavior and setting a different one and this is done with the command ip ospf network like i showed in the initial sample when I used a serial interface and tweaked it to use Broadcast behavior and like so I can do the other way meaning using Ethernet and tweaking it to use non-broadcast behavior, now you probably ask your self why would you want to do that??? well the answer is simple:
1) they asked you :-)
2) the more serious answer is that you need more security as you know non-broadcast use unicast meaning that client that should be updated wont be! and you can add to this also encryption and authentication and even if your address been spoofed you will have protection against evil
I hope this has been some help!
Subscribe to:
Posts (Atom)