Monday, September 24, 2012
Passed CCNP-Route 642-902
Got my first exam done... 895 out of 1000. Now starting on the Switch exam. Hopefully take that test sometime in late December...
Wednesday, September 19, 2012
OSPF Packet Format
Packet Format: Taken from,
http://docwiki.cisco.com/wiki/Open_Shortest_Path_First
This is useful when you are looking at a packet capture of an OSPF packet. Same can be said for any packet format visualization of any protocol. I am reviewing some OSPF reading material and figured I would post this.
All OSPF packets begin with a 24-byte header, as illustrated in Figure: OSPF Packets Consist of Nine Fields.Figure: OSPF Packets Consist of Nine Fields
The following descriptions summarize the header fields:
- Version number - Identifies the OSPF version used.
- Type - Identifies the OSPF packet type as one of the following:
- Hello - Establishes and maintains neighbor relationships.
- Database description - Describes the contents of the topological database. These messages are exchanged when an adjacency is initialized.
- Link-state request - Requests pieces of the topological database from neighbor routers. These messages are exchanged after a router discovers (by examining database-description packets) that parts of its topological database are outdated.
- Link-state update - Responds to a link-state request packet. These messages also are used for the regular dispersal of LSAs. Several LSAs can be included within a single link-state update packet.
- Link-state acknowledgment - Acknowledges link-state update packets.
- Packet length - Specifies the packet length, including the OSPF header, in bytes.
- Router ID - Identifies the source of the packet.
- Area ID - Identifies the area to which the packet belongs. All OSPF packets are associated with a single area.
- Checksum - Checks the entire packet contents for any damage suffered in transit.
- Authentication type - Contains the authentication type. All OSPF protocol exchanges are authenticated. The authentication type is configurable on per-area basis.
- Authentication - Contains authentication information.
- Data - Contains encapsulated upper-layer information.
Tuesday, September 18, 2012
Qucik EIGRP troubleshooting
If you can ping your neighbor, this confirms that you don't have duplicate ip addresses. The next step is to check the K values but lets assume everything is left to default. You can then ping 224.0.0.10 which is the multicast address that all EIGRP routers should be listening to. If you don't get a response like i am getting below, then EIGRP is not enabled.
EIGRP ENABLED on the neighboring router:
R1#ping 224.0.0.10
Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 224.0.0.10, timeout is 2 seconds:
Reply to request 0 from 192.168.2.2, 24 ms
Reply to request 0 from 192.168.1.2, 28 ms
R1#
R1#show ip eigrp neighbors
IP-EIGRP neighbors for process 10
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
1 192.168.2.2 Fa0/1 14 00:28:35 41 246 0 28
0 192.168.1.2 Fa0/0 10 00:28:38 48 288 0 29
R1#
EIGRP DISABLED on the neighboring router:
R1#ping 224.0.0.10
Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 224.0.0.10, timeout is 2 seconds:
.
R1#
EIGRP ENABLED on the neighboring router:
R1#ping 224.0.0.10
Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 224.0.0.10, timeout is 2 seconds:
Reply to request 0 from 192.168.2.2, 24 ms
Reply to request 0 from 192.168.1.2, 28 ms
R1#
R1#show ip eigrp neighbors
IP-EIGRP neighbors for process 10
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
1 192.168.2.2 Fa0/1 14 00:28:35 41 246 0 28
0 192.168.1.2 Fa0/0 10 00:28:38 48 288 0 29
R1#
EIGRP DISABLED on the neighboring router:
R1#ping 224.0.0.10
Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 224.0.0.10, timeout is 2 seconds:
.
R1#
EIGRP VARIANCE and OFFSET
R1 Variance Command:
Variance commands allows you to do unequal cost load balancing. Variance 1 is default which means equal cost load balancing. Variance 2 to 128 is unequal cost load balancing. This commands takes the FD from the best eigrp route in the topology table and multiplies this by X. X being the number specified in the variance command. We are going to take route 4.4.4.0/24 and unequal cost load balance it.
Before: You can see that we have two paths to reach 4.4.4.0/24 but the router is picking the path with the lower FD.
R1#show ip route
Gateway of last resort is not set
4.0.0.0/24 is subnetted, 1 subnets
D 4.4.4.0 [90/179200] via 192.168.2.2, 00:00:05, FastEthernet0/1
C 192.168.1.0/24 is directly connected, FastEthernet0/0
C 192.168.2.0/24 is directly connected, FastEthernet0/1
R1#show ip eigrp topology all-links
IP-EIGRP Topology Table for AS(10)/ID(192.168.1.1)
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - reply Status, s - sia Status
P 4.4.4.0/24, 1 successors, FD is 179200, serno 12
via 192.168.2.2 (179200/128256), FastEthernet0/1
via 192.168.1.2 (409600/128256), FastEthernet0/0
P 192.168.1.0/24, 1 successors, FD is 281600, serno 1
via Connected, FastEthernet0/0
via 192.168.2.2 (307200/281600), FastEthernet0/1
P 192.168.2.0/24, 1 successors, FD is 51200, serno 9
via Connected, FastEthernet0/1
via 192.168.1.2 (307200/281600), FastEthernet0/0
R1#
After: You can see the FD is diffrent but when you multiply 179200*3, 4097000 is well within this range.
R1#show ip route
Gateway of last resort is not set
4.0.0.0/24 is subnetted, 1 subnets
D 4.4.4.0 [90/179200] via 192.168.2.2, 00:12:53, FastEthernet0/1
[90/409700] via 192.168.1.2, 00:12:53, FastEthernet0/0
5.0.0.0/24 is subnetted, 1 subnets
D 5.5.5.0 [90/179200] via 192.168.2.2, 00:11:29, FastEthernet0/1
[90/409600] via 192.168.1.2, 00:11:29, FastEthernet0/0
C 192.168.1.0/24 is directly connected, FastEthernet0/0
C 192.168.2.0/24 is directly connected, FastEthernet0/1
R1#
Confirming the variance setting before and after the change:
Routing Protocol is "eigrp 10"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Default networks flagged in outgoing updates
Default networks accepted from incoming updates
EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0
EIGRP maximum hopcount 100
EIGRP maximum metric variance 1
Redistributing: eigrp 10
EIGRP NSF-aware route hold timer is 240s
Automatic network summarization is not in effect
Maximum path: 4
Routing for Networks:
192.168.1.0
192.168.2.0
Routing Information Sources:
Gateway Distance Last Update
192.168.2.2 90 00:00:37
192.168.1.2 90 00:00:37
Distance: internal 90 external 170
router eigrp 10
variance 3
exit
!
R1#show ip protocols
Routing Protocol is "eigrp 10"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Default networks flagged in outgoing updates
Default networks accepted from incoming updates
EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0
EIGRP maximum hopcount 100
EIGRP maximum metric variance 3
Redistributing: eigrp 10
EIGRP NSF-aware route hold timer is 240s
Automatic network summarization is not in effect
Maximum path: 4
Routing for Networks:
192.168.1.0
192.168.2.0
Routing Information Sources:
Gateway Distance Last Update
192.168.2.2 90 00:00:03
192.168.1.2 90 00:00:03
Distance: internal 90 external 170
R1#
Offset list allows you to inflate the FD of a route. You can apply this inbound or outbound. Depending on your needs.
Offset-list on R2:
ip access-list standard eigrp
permit 4.4.4.0
!
router eigrp 10
offset-list eigrp out 100
Before:
R1#show ip route
Gateway of last resort is not set
4.0.0.0/24 is subnetted, 1 subnets
D 4.4.4.0 [90/179200] via 192.168.2.2, 00:00:58, FastEthernet0/1
[90/409600] via 192.168.1.2, 00:00:58, FastEthernet0/0
C 192.168.1.0/24 is directly connected, FastEthernet0/0
C 192.168.2.0/24 is directly connected, FastEthernet0/1
After:
R1#show ip route
Gateway of last resort is not set
4.0.0.0/24 is subnetted, 1 subnets
D 4.4.4.0 [90/179300] via 192.168.2.2, 00:00:05, FastEthernet0/1
[90/409700] via 192.168.1.2, 00:00:05, FastEthernet0/0
C 192.168.1.0/24 is directly connected, FastEthernet0/0
C 192.168.2.0/24 is directly connected, FastEthernet0/1
R1#
Saturday, September 15, 2012
GRE Tunnel
Below is the configuration on how to configure a GRE tunnel between R3 and R4. R5 is considered a ISP router or transit routers. Its job is to get you from R3 to R4 and you don't care how just that it gets you from point a to point b.
R3: CONIFG
interface Tunnel0
ip address 10.0.0.1 255.255.255.252
tunnel source 172.16.0.1
tunnel destination 172.16.0.6
!
interface FastEthernet0/0
ip address 172.16.0.1 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
ip route 9.9.9.9 255.255.255.255 Tunnel0
ip route 172.16.0.6 255.255.255.255 FastEthernet0/0
!
R5: CONFIG
interface FastEthernet0/0
ip address 172.16.0.2 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 172.16.0.5 255.255.255.252
duplex auto
speed auto
R4:CONFIG
interface Loopback9
ip address 9.9.9.9 255.255.255.255
!
interface Tunnel0
ip address 10.0.0.2 255.255.255.252
tunnel source 172.16.0.6
tunnel destination 172.16.0.1
!
interface FastEthernet0/0
ip address 172.16.0.6 255.255.255.252
duplex auto
speed auto
!
ip route 172.16.0.1 255.255.255.255 FastEthernet0/0
Capture: When you ping 9.9.9.9 from R3. You see there are two sources and destinations listed. One is the tunnel interface source/destination and the other is the tunnel ip address and remote destination address. R5 will process this as if it came from 172.16.0.1 to 172.16.0.6 and it does not care about the second source listed. R4 will care.
Friday, September 14, 2012
Cisco IOS - 6509 to Cisco 6509-E
When I need to swap out a chassis, I do a pre-capture before the move and compare these show outputs after the move. Some commands that I run are below and every migration will be different depending on what protocols/services are running within your environment. This geared towards my setup. Another useful options is to copy the running config to disk0: and if there is a second sup, sup-slavedisk0:. One command that I have found very useful during these times is configure replace disk0:running-config.
When the configure replace command is entered, the current running configuration is compared with the specified replacement configuration and a set of diffs is generated. The algorithm used to compare the two files is the same as that employed by the show archive config differences command. The resulting diffs are then applied by the Cisco IOS parser to achieve the replacement configuration state. Only the diffs are applied, avoiding potential service disruption from reapplying configuration commands that already exist in the current running configuration. Taken from Cisco.
Pre-Capture:
When the configure replace command is entered, the current running configuration is compared with the specified replacement configuration and a set of diffs is generated. The algorithm used to compare the two files is the same as that employed by the show archive config differences command. The resulting diffs are then applied by the Cisco IOS parser to achieve the replacement configuration state. Only the diffs are applied, avoiding potential service disruption from reapplying configuration commands that already exist in the current running configuration. Taken from Cisco.
Pre-Capture:
terminal length 0
!
sh mod
!
sh cdp neig
!
sh int status | i connected
!
sh ip bgp sum
!
sh ip route
!
sh ip route summ
!
sh ip arp
!
sh mac-address-table dynamic
!
sh ip rip database
!
Show ip protocols
!
show ip pim interface
!
show ip pim rp
!
show ip pim neighbor
!
sh ip int br | inc Vlan
!
Show vlan
!
show interfaces trunk
!
show spanning-tree root
!
Show run
Wednesday, September 12, 2012
IPV6 Static Route
ipv6 route 2001::2:1/128 FastEthernet0/0 FE80::C601:17FF:FE3C:0
2001::2:1/128 = Unicast Global Address
FastEthernet0/0 = Outgoing Interface
FE80::C601:17FF:FE3C:0 = Link Local Address of the neighboring device.
With new IOS codes you can also use named static routes which I love.
Thursday, September 6, 2012
IPV6 - Addresses
Current configuration of int f0/0 - I manually assigned the mac-address to make it easier to read when the EUI 64 address is assigned.
R1#show run int f0/0
Building configuration...
Current configuration : 139 bytes
!
interface FastEthernet0/0
mac-address aaaa.aaaa.aaaa
no ip address
duplex auto
speed auto
ipv6 address 2001::1/64
ipv6 enable
end
R1#show ipv6 int f0/0
FastEthernet0/0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::A8AA:AAFF:FEAA:AAAA
Global unicast address(es):
2001::1, subnet is 2001::/64
Joined group address(es):
FF02::1
FF02::2
FF02::1:FF00:1
FF02::1:FFAA:AAAA
MTU is 1500 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds
R1#
Show ipv6 int f0/0 partially explained:
FF02::1 -All IPV6 Hosts - In IPV4 this is like 255.255.255.255
FF02::2 - All IPV6 Multicast Routers
FF02::1:FF00:1 - Solicited-Node multicast address for the global unicast address. This is used by DAD(Duplicate Address Detection) to check if the address is already in use. Everytime you assign an ipv6 address to an interface it will then join the Solicited-Node multicast address for that ipv6 address you assigned.
FF02::1:FFAA:AAAA - Solicited-Node multicast address for the link-local address
Enabling Debug for ND(Neighbor Discovery).
R1#debug ipv6 nd
ICMP Neighbor Discovery events debugging is on
R1(config)#int f0/0
R1(config-if)#shut
*Mar 1 00:34:59.247: ICMPv6-ND: Address 2001::1/64 is down on FastEthernet0/0
*Mar 1 00:34:59.247: ICMPv6-ND: Address FE80::A8AA:AAFF:FEAA:AAAA/10 is down on FastEthernet0/0
*Mar 1 00:35:01.243: %LINK-5-CHANGED: Interface FastEthernet0/0, changed state to administratively down
*Mar 1 00:35:02.243: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to down
R1(config-if)#no shut
*Mar 1 00:35:13.047: ICMPv6-ND: Sending NS for FE80::A8AA:AAFF:FEAA:AAAA on FastEthernet0/0
*Mar 1 00:35:14.035: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up
R1(config-if)#
*Mar 1 00:35:14.047: ICMPv6-ND: DAD: FE80::A8AA:AAFF:FEAA:AAAA is unique.
*Mar 1 00:35:14.047: ICMPv6-ND: Sending NA for FE80::A8AA:AAFF:FEAA:AAAA on FastEthernet0/0
*Mar 1 00:35:14.047: ICMPv6-ND: Address FE80::A8AA:AAFF:FEAA:AAAA/10 is up on FastEthernet0/0
*Mar 1 00:35:14.055: ICMPv6-ND: Sending NS for 2001::1 on FastEthernet0/0
*Mar 1 00:35:15.035: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
R1(config-if)#
*Mar 1 00:35:15.055: ICMPv6-ND: DAD: 2001::1 is unique.
*Mar 1 00:35:15.055: ICMPv6-ND: Sending NA for 2001::1 on FastEthernet0/0
*Mar 1 00:35:15.055: ICMPv6-ND: Address 2001::1/64 is up on FastEthernet0/0
R1(config-if)#
DAD is run for all ipv6 addresses assigned under f0/0 and keep in mind that even though the link-local address is not assigned manually in this case, DAD is still run for it. This is where the Solicited-Node multicast address comes into play. A NS(Neighbor Solicitation) is sent to that address and if the address is used, you will see an Neighbor Advertisement come back to the device that originated the Neighbor Solicitation). If the address is not in use, you should not see a Neighbor Advertisement from any device. You can see this from the debug output.
Sunday, September 2, 2012
IPV6 EUI-64(Link-Local)
I will explain how the router determines its local link address. This address is also just local to the device and you cannot route it on the public internet. The link local address is built off the BIA aka Mac address. Keep in mind that mac-addresses are only 48 bits long. To make up the 64 bit host ID, FFFE is added in between the 24th and 25th bits. This is called EUI-64
R1#show int f0/0 | include bia
Hardware is Gt96k FE, address is c400.0e30.0000 (bia c400.0e30.0000)
R1#show ipv6 interface brief
FastEthernet0/0 [up/up]
FE80::C600:EFF:FE30:0
FastEthernet0/1 [administratively down/down]
R1#
Hex to Binary for the best 8 bits only.
c400.0e30.0000
1100 0100 = C4
Invert the 7th bit from 0 to 1 or if its 1 to 0. In our case its was currently set to 0 and we made it a 1.
1100 0110 = C6
Now add FFFE between the 24th and 25th bits and your new address is FE80::C600:EFF:FE30:0 which matches our show ipv6 interface brief output.
Link local addresses are used between IGP's to communicate with each other.You don't need IPV6 GLobal addresses assigned to an interface to bring up ospf peering.
R1#show int f0/0 | include bia
Hardware is Gt96k FE, address is c400.0e30.0000 (bia c400.0e30.0000)
R1#show ipv6 interface brief
FastEthernet0/0 [up/up]
FE80::C600:EFF:FE30:0
FastEthernet0/1 [administratively down/down]
R1#
Hex to Binary for the best 8 bits only.
c400.0e30.0000
1100 0100 = C4
Invert the 7th bit from 0 to 1 or if its 1 to 0. In our case its was currently set to 0 and we made it a 1.
1100 0110 = C6
Now add FFFE between the 24th and 25th bits and your new address is FE80::C600:EFF:FE30:0 which matches our show ipv6 interface brief output.
Link local addresses are used between IGP's to communicate with each other.You don't need IPV6 GLobal addresses assigned to an interface to bring up ospf peering.
Subscribe to:
Posts (Atom)