EIGRP = Enhanced Interior Gateway Routing Protocol
It is a Cisco proprietary, Advanced Distance Vector metric. Some folks may refer to it as a hybrid routing protocol, but it is truly not. EIGRP uses Hello packets, much like a link state protocol
Advertised distance - EIGRP metric for blank to reach network
Feasible distance - the metric to reach neighbor + the advertised distance
Features of EIGRP
Rapid convergence using Diffuse Update Algorithm (DUAL) guarantees loop free paths and backup paths. If the primary route in the table fails, the best backup route is added to the table immediately. If no route exists, EIGRP queries the neighbors.
Reduced bandwidth by not sending the entire database and instead using:
Partial updates: only include route changes, incremental updates and not the whole table
Bounded updates: only send updates to routers affected
Multiple Network Layer Support can do Appletalk, IP, IPv6, Novell (IPX)
Less Overhead by using multicast and unicast, not broadcast. The ip address 224.0.0.10 is listed in my notes
Classless Routing
The mask is advertised for each network as this provides smaller subnets and efficient use of IP addresses. The protocol can also support discontiguous subnets and VLSM (variable length subnet masks)
Load Balance
The protocol allows load balancing on equal (by default) and unequal cost paths. Caveat, for unequal cost paths, variance must be specified.
EIGRP does equal metric load balancing by default up to four equal metric routes. This means the variance value is 1 (default). The routing table can have 16 entries for the same destination.
Configuring EIGRP
usage: conf t
router eigrp 100 (automonous system 100, 1 to 65535 possible)
network 10.0.0.0
network 192.168.10.0 0.0.0.15 (the wildcard mask can advertise subnets now)
no auto-summary (what does this do?)
variance 2
Verifiy EIGRP
show ip route eigrp
show ip protocols
show ip eigrp interfaces
show ip eigrp int fa 0/0
show ip eigrp int 100
show ip eigrp topology
show ip eigrp topology all-links
show ip eigrp traffic (this command lists number of packets sent/ received; HELLO, updates, queries, replies, ack etc)
More about the Variance Command
This command allows unequal metric load balancing, metrics being
* bandwidth
* delay
* reliability - the most reliable based on keepalives
* load
* K value - calculation method and AS number must match
Troubleshoot EIGRP
show ip eigrp neighbors
show ip int brief (shows which interfaces are active)
show ip int fa 0/0 (see ip subnets)
show ip protocols (see routing for networks)
show ip eigrp int (check for the process id and the same K method)
debug eigrp packets
show ip route (displays all the routes and eigrp is labeled)
show ip eigrp topology (shows the router id with the highest IP address which should be the loopback 0)
Friday, March 16, 2012
Thursday, March 15, 2012
Who are your online friends?
Ego-surfing
So I did a google search on myself because my colleagues claimed that they searched everywhere on the Internet for me, to find my phone number, but they could not find me. I'm not convinced because I am who I am. I run the search myself on my firstname lastname city; most hits on the first page are true, albeit outdated. A job I posted as a prospective employer, an old work email address that got too much spam, what I studied and where I went to school, my volunteer work at a professional organization, and my resume as a piano teacher resume. The part about me running a half marathon? That's not true. LOL I am registered for a mini-triathlon, but no I have never run that far in my life.
On the next page I see a Linked In profile for a girl with the same name as mine in Washington. She's American but not asian, with 30 years of experience in Law Enforcement, industry specific skills and two big stints in Interpol. Her photo is a really good looking chic, probably age 25. I'm nice so I decide to send her a friendly note to say... "hey we have the same name but your resume is so amazing! But the linked in profile is wide open to the public and you have security clearances, perhaps you could change the default privacy settings, but you don't have to friend me." I had to send the message like a "connection request" because that's the only way you can contact someone you are not actually connected to. Surprisingly, she accepts. I'm intrigued by this mysterious and successful persona with my name. I get frequent updates that she has new connections joining her from Northrop Grumman (US DOD contractor) and other interesting people. In the back of my mind, I have suspicions why someone has 30 years experience and looks 25 (but that cannot be a crime).
Managing your online relationships
I decide to talk to my old boss because he is in the IT Security industry, he would know what to say about these kind of sticky things I get myself into. He jokes that women with my name simply cannot be trusted. He sends me a link to this article about the famous Robin Sage Experiment. It's a good read about basic online security awareness and social engineering. The "girl" who duped military intelligence and top notch IT Security professionals.
He reassures me that he did some peripheral background checks on my new contact and the info in her resume does check out; and he even convinces me that based on her info if she is 46, well some women could still look that good. (So that confirms that he thinks she is good looking too) But he cautions me with something I should know already, as a general rule, be careful about being friends with someone you haven't actually met in real life.
Another time on Facebook, I accepted a friend request from a person who I assumed was a twenty-something year old friend of my sister because it was a name I thought I recognized. As soon as I accepted, she chatted me up and started her note with "hihi" and her writing style was very girly and teeny boppy and we talk about similarities with her hometown Vancouver and mine. Her friend list is full of really good looking asian chics, but no guyz. Well that's odd but I think nothing of it. Over the course of weeks we continue to talk, about Victoria Day long weekend, how cute the kids are with tulips. Soon after I get a friend request from her again because she told me her account got locked so she started a new one. This keeps happening on a weekly basis and I decide to forget about it. On a whim I search for her profile name and there are many many profiles (without a profile picture) with her name, but there was one with a photo of a really ugly looking guy. Reminds me of a guy who did too much boxing in the face, was my first impression. I was shocked to learn that my new "friend" was probably some kind of predator. What should've been my first clue? What kind of teeny-boppy girl doesn't have guy friends on the friend's list?
Managing your online profile
You ask yourself, Who am I? Well if you feel the need to do some ego-surfing and google yourself and if you don't like what you see, here is a good article I found about un-googling yourself and managing your online identity a little bit better. Un-google yourself!
Verify the privacy settings on your various social media websites, especially access policies to the photos you post of yourself and your own children! Google has recently updated their privacy policy, which makes it harder to delete your online search history. So, um don't google something criminal like that other guy, "where to hide a body".
So I did a google search on myself because my colleagues claimed that they searched everywhere on the Internet for me, to find my phone number, but they could not find me. I'm not convinced because I am who I am. I run the search myself on my firstname lastname city; most hits on the first page are true, albeit outdated. A job I posted as a prospective employer, an old work email address that got too much spam, what I studied and where I went to school, my volunteer work at a professional organization, and my resume as a piano teacher resume. The part about me running a half marathon? That's not true. LOL I am registered for a mini-triathlon, but no I have never run that far in my life.
On the next page I see a Linked In profile for a girl with the same name as mine in Washington. She's American but not asian, with 30 years of experience in Law Enforcement, industry specific skills and two big stints in Interpol. Her photo is a really good looking chic, probably age 25. I'm nice so I decide to send her a friendly note to say... "hey we have the same name but your resume is so amazing! But the linked in profile is wide open to the public and you have security clearances, perhaps you could change the default privacy settings, but you don't have to friend me." I had to send the message like a "connection request" because that's the only way you can contact someone you are not actually connected to. Surprisingly, she accepts. I'm intrigued by this mysterious and successful persona with my name. I get frequent updates that she has new connections joining her from Northrop Grumman (US DOD contractor) and other interesting people. In the back of my mind, I have suspicions why someone has 30 years experience and looks 25 (but that cannot be a crime).
Managing your online relationships
I decide to talk to my old boss because he is in the IT Security industry, he would know what to say about these kind of sticky things I get myself into. He jokes that women with my name simply cannot be trusted. He sends me a link to this article about the famous Robin Sage Experiment. It's a good read about basic online security awareness and social engineering. The "girl" who duped military intelligence and top notch IT Security professionals.
He reassures me that he did some peripheral background checks on my new contact and the info in her resume does check out; and he even convinces me that based on her info if she is 46, well some women could still look that good. (So that confirms that he thinks she is good looking too) But he cautions me with something I should know already, as a general rule, be careful about being friends with someone you haven't actually met in real life.
Another time on Facebook, I accepted a friend request from a person who I assumed was a twenty-something year old friend of my sister because it was a name I thought I recognized. As soon as I accepted, she chatted me up and started her note with "hihi" and her writing style was very girly and teeny boppy and we talk about similarities with her hometown Vancouver and mine. Her friend list is full of really good looking asian chics, but no guyz. Well that's odd but I think nothing of it. Over the course of weeks we continue to talk, about Victoria Day long weekend, how cute the kids are with tulips. Soon after I get a friend request from her again because she told me her account got locked so she started a new one. This keeps happening on a weekly basis and I decide to forget about it. On a whim I search for her profile name and there are many many profiles (without a profile picture) with her name, but there was one with a photo of a really ugly looking guy. Reminds me of a guy who did too much boxing in the face, was my first impression. I was shocked to learn that my new "friend" was probably some kind of predator. What should've been my first clue? What kind of teeny-boppy girl doesn't have guy friends on the friend's list?
Managing your online profile
You ask yourself, Who am I? Well if you feel the need to do some ego-surfing and google yourself and if you don't like what you see, here is a good article I found about un-googling yourself and managing your online identity a little bit better. Un-google yourself!
Verify the privacy settings on your various social media websites, especially access policies to the photos you post of yourself and your own children! Google has recently updated their privacy policy, which makes it harder to delete your online search history. So, um don't google something criminal like that other guy, "where to hide a body".
Monday, March 12, 2012
ICND 2 Flashcard: Routing OSPF
This material on link-state routing protocols is supposed to be ICND2 but I'm just gonna say that you should still study this for ICND1 because I said so, and wish I did. Hello!
OSPF Configuration Commands
usage: conf t
router ospf 100 (numbers 1 to 65535 valid)
log-adjacency-changes
network ipaddressofnetwork wildcardmask area number
network 10.1.1.0 0.0.0.255 area 0
router-id
Create a router's interface loopback 0 address first
Turn on OSPF
If the IP address ever changes, use the command, clear ip ospf proces
1) This part can be configured here, else
2) Choose the highest of loopback interfaces, else
3) Choose the highest of active interfaces
Verification of OSPF working
show ip route (shows all the routes the router knows and how they are learned, O = OSPF)
show ip protocols
show ip ospf (displays general information)
show ip ospf interface (area id, adjacency info)
show ip ospf neighbor ipaddress mask
The command, show ip route, is very useful because it also shows the interface of the learned routes. I had a scenario to set up two encrypted tunnels for redundancy. I did a show ip route from router2 and I noticed that all the networks I was looking and learned from OSPF were listed; I was quite perplexed that the routes were not learned from the secondary tunnel associated with router2. Everyone thought I was quite the wizard to get all the systems green again, high fives all around, and no one really cared to listen what I was still concerned about.
Eventually I figured out that the routes were obviously learned by OSPF through the interface to router1 whose tunnel is indeed up, which verifies OSPF learned routes to distant networks works but my intended secondary tunnel was not up. I did some digging and discovered I was missing the tunnel's source ip address in the interface tunnel configuration, what a silly rookie typo. But that's proof that OSPF was working so well I had fooled everyone (but not myself).
Logically, a hub and spoke topology or partial mesh? You be the judge.
Authentication of OSPF
service password-encryption (otherwise the key will be in plaintext)
ip ospf authentication-key plainpas
ip ospf authentication OR
area 0 authentication (you can choose md5)
Troubleshooting OSPF
Consider possible errors in neighbor adjacency's, routing table, and authentication.
The authentication methods are 0 = null, 1 = simple pssword, 2 = md5
OSPF means Open Standard Shortest Path First
- It is Classless IGP within a larger AS operating as a single OSPF network on Cisco
- A Link State protocol propagates the LSA's and not routing table updates
These are flood to all OSPF interfaces in the area
- the description of the interface
- advertises immediately state changes
- periodic update of entire database in 30 minutes
- forms a link state database
- calculates the shortest path using a SPF algorithm
- all routers in the area will have the same topological database; knowledge of distant routers
HELLO Protocol
- OSPF sends hello packets on an interface and confirms to OSPF routers the presence of another OSPF on the link, with each other
- bidirectional response
- adjacency is formed when two routers agree on area-id, hello/dead interval, authentication, stub, area flags
To reduce traffic there is one router chosen as the DR (designated router), a BDR (backup designated router) and the rest are DROTHERS. The multicast ip address is used 224.0.0.5 and the router id used is the loopback interface.
COST
To calculate the cost of the link, use the reference bandwidth/ interface bandwidth in bits per second. For link speed greater than 100 Mbps use the ospf auto-cost reference-bandwidth.
http://ccie11440.blogspot.com/2007/11/why-are-some-ospf-routes-in-database.html
OSPF Configuration Commands
usage: conf t
router ospf 100 (numbers 1 to 65535 valid)
log-adjacency-changes
network ipaddressofnetwork wildcardmask area number
network 10.1.1.0 0.0.0.255 area 0
router-id
Create a router's interface loopback 0 address first
Turn on OSPF
If the IP address ever changes, use the command, clear ip ospf proces
1) This part can be configured here, else
2) Choose the highest of loopback interfaces, else
3) Choose the highest of active interfaces
Verification of OSPF working
show ip route (shows all the routes the router knows and how they are learned, O = OSPF)
show ip protocols
show ip ospf (displays general information)
show ip ospf interface (area id, adjacency info)
show ip ospf neighbor ipaddress mask
The command, show ip route, is very useful because it also shows the interface of the learned routes. I had a scenario to set up two encrypted tunnels for redundancy. I did a show ip route from router2 and I noticed that all the networks I was looking and learned from OSPF were listed; I was quite perplexed that the routes were not learned from the secondary tunnel associated with router2. Everyone thought I was quite the wizard to get all the systems green again, high fives all around, and no one really cared to listen what I was still concerned about.
Eventually I figured out that the routes were obviously learned by OSPF through the interface to router1 whose tunnel is indeed up, which verifies OSPF learned routes to distant networks works but my intended secondary tunnel was not up. I did some digging and discovered I was missing the tunnel's source ip address in the interface tunnel configuration, what a silly rookie typo. But that's proof that OSPF was working so well I had fooled everyone (but not myself).
Logically, a hub and spoke topology or partial mesh? You be the judge.
Authentication of OSPF
service password-encryption (otherwise the key will be in plaintext)
ip ospf authentication-key plainpas
ip ospf authentication OR
area 0 authentication (you can choose md5)
Troubleshooting OSPF
Consider possible errors in neighbor adjacency's, routing table, and authentication.
The authentication methods are 0 = null, 1 = simple pssword, 2 = md5
OSPF means Open Standard Shortest Path First
- It is Classless IGP within a larger AS operating as a single OSPF network on Cisco
- A Link State protocol propagates the LSA's and not routing table updates
These are flood to all OSPF interfaces in the area
- the description of the interface
- advertises immediately state changes
- periodic update of entire database in 30 minutes
- forms a link state database
- calculates the shortest path using a SPF algorithm
- all routers in the area will have the same topological database; knowledge of distant routers
HELLO Protocol
- OSPF sends hello packets on an interface and confirms to OSPF routers the presence of another OSPF on the link, with each other
- bidirectional response
- adjacency is formed when two routers agree on area-id, hello/dead interval, authentication, stub, area flags
To reduce traffic there is one router chosen as the DR (designated router), a BDR (backup designated router) and the rest are DROTHERS. The multicast ip address is used 224.0.0.5 and the router id used is the loopback interface.
COST
To calculate the cost of the link, use the reference bandwidth/ interface bandwidth in bits per second. For link speed greater than 100 Mbps use the ospf auto-cost reference-bandwidth.
http://ccie11440.blogspot.com/2007/11/why-are-some-ospf-routes-in-database.html
Wiring Diagram Quiz
Quiz
Assign a type of equipment for each of the points in the network, switch, router etc
Assign a media to each link based on distance- copper, fibre, T1 etc
Post your answers in the comments and let's discuss it!
My colleague had mentioned that MPLS was in alot of the questions in the CCNA Security exam as well as Cisco SDM though he was more familiar with the CLI. I just grabbed this image from google because it has alot of components of a network carrying data, voice, media during my search for MPLS, wire speed!.
Subscribe to:
Posts (Atom)