Wednesday, May 22, 2019

Show interfaces status command

The Interface State command appears
Interface status can be verified on the Cisco key using the show interface TYPE command for the show interface. Consider the following example:



SW1 # Displays fa0 / 1 interfaces
FastEthernet0 / 1 Active, Line Protocol Active (connected)
The device is Lance, the address is 0040.0b21.0b01 (bia 0040.0b21.0b01)
BW 100000 Kbit, DLY 1000 usec,
Reliability 255/255, txload 1/255, rxload 1/255
ARPA packaging, loopback is not set
Set Keepalive (10 seconds)
Two-way, 100 Mb / s
Input flow control is disabled, output flow control is disabled
Type ARP: ARPA, ARP Timeout 04:00:00
Last Login 00:00:08, exit 00:00:05, exit is not blocked
The last cancellation of the Show Interface counters is never done
Input queue: 0/75/0/0 (size / max / droplets / flush); Total output decreases: 0
Strategy Queue: fifo
Output queue: 0/40 (size / max)
Input frequency of 5 minutes 0 bits / sec, 0 packets / sec
Output speed is 5 minutes 0 bits / sec, 0 packets / sec
956 input packet, 193351 bytes, 0 no buffer
Received 956 transmissions, 0 runes, 0 Giants, 0 throttles
Input errors 0, 0 CRC, 0 Window, 0 Override, 0 Ignore, 0 Abort
0 IEA, 0 multicast, 0 pause input
0 Input packets with dribble detection mode
2357 outgoing package, 263570 bytes, 0 overrides
0 output errors, 0 collisions, 10 interface reset
0 chatter, 0 collision late, 0 postpone
0 carrier company missing, 0 carrier company no
0 The output buffer fails, 0 exchange the output buffers

As you can see from the above output, this gives us a lot of information about the selected interface. The following is a brief description of the most important lines:

FastEthernet0 / 1 Active, Active Line Protocol (Connected) - Indicates that the interface is in the active state
The device is Lance, the address is 0040.0b21.0b01 - Lance refers to the chip used by the port. The MAC address of the port is also listed
BW 100000 Kbps, DLY 1000 usec - Bandwidth and interface delay
Fully duplex printer, 100 MB / s - The port operates in full duplex mode and supports speeds up to 100MB / s
956 Entry Pack, 193351 Bytes, 0 No Stores - The total number and size of packets received by the port.
Received 956 transmissions: The total number of packets received by the device.
Input errors 0, 0 CRC, 0 Window ... - Number of received packets received incorrectly.
2357 Outbound packets, 263570 bytes, 0 Overrides: The total number and size of packets sent from the port.
Output errors 0, 0 Conflicts: The number of packets that were not sent due to an error and number of Ethernet collisions.

Friday, May 10, 2019

Ping explained

Ping is perhaps the most used tool to troubleshoot a network. Ping (Packet Internet Groper) is included in most operating systems. It is called using a ping command and uses ICMP (Internet Control Message Protocol) to report errors and provide information about the handling of IP packets. Ping works by sending an ICMP echo request message to the specified IP address. If the computer with the destination IP address is reachable, it responds with an ICMP echo response message.

A ping command typically provides other information about network performance, for example, round-trip time, time to send an ICMP request packet, and receive an ICMP response packet.

Here is an output of the Windows 7 ping command:




In the example above, we ping the IP address 10.10.100.1. By default, ping on Windows sends four ICMP request packets. As you can see from the previous output, the host with the IP address 10.10.100.1 is accessible and has responded with four ICMP response packets. It is also possible to see that the remote host responded in 1 ms (time <1 ms), indicating that the network is not congested.


Sunday, April 28, 2019

BGP Authentication

The router authenticates the source of each routing update packet it receives. Supports many authentication routing protocols such as OSPF, EIGRP, ISIS, BGP, and RIPv2.



The Gateway Gateway Protocol (BGP) supports the authentication mechanism through the use of Message Summary (MD5) algorithms. When I enable authentication, any TCP portion that belongs to the BGP peer exchange is checked and accepted only if the authentication succeeds. If authentication fails, the BGP neighbor relationship (can not be established) is disabled.


Let's see the composition: -

Topology:




Target:
Configure topology according to drawing
Configure basic iBGP
Configure MD5 authentication by using passwords between networks


R1 # Display a brief IP interface
IP interface - OK address? Method method method
FastEthernet0 / 0 10.1.1.1 Guide Yes above
FastEthernet1 / 0 Not Assigned Yes Administratively Disabled Down
GigabitEthernet2 / 0 YES has been disabled administratively down
Serial3 / 0 1.1.1.1 Guide Yes above

R2 # Displays a brief IP interface
IP interface - OK address? Method method method
FastEthernet0 / 0 20.1.1.1 Guide Yes above
FastEthernet1 / 0 Not Assigned Yes Administratively Disabled Down
GigabitEthernet2 / 0 YES has been disabled administratively down
Serial3 / 0 1.1.1.2 Manual Yes above



R1 (config) #router bgp 65011
R1 (config-router) # Neighbor 1.1.1.2 Remote like 65011
R1 (config-router) # Network 10.0.0.0
R1 (config-router) # Network 1.0.0.0
R1 (config-router) # nincronization
R1 (config-router) # exit



R2 (config) #luter bgp 65011
R2 (config-router) # is running 1.1.1.1 as remote as 65011

* March 22, 13: 44: 19.255:% BGP-5-SETTING: Neighbor 1.1.1.1

R2 (config-router) # Network 1.0.0.0
R2 (config-router) # Network 10.0.0.0
R2 (config-router) # nincronization
R2 (config-router) # exit


R1 # show ip bgp
The BGP table version is 3, the local router ID is 10.1.1.1
Status codes: suppressed, padded, h record, * valid,> better, i - internal,
RIB malfunction, S Stale, m m, backup paths b, f RT-Filter,
The best external roads, additional path, compressed by RIB,
Symbols of origin: i - IGP, e - EGP,? - incomplete
Validation codes RPKI: valid V, invalid, N does not exist

The following route weighs the following jump from LocPrf
* i 1.0.0.0 1.1.1.2 0 100 0 i
*> 0.0.0.0 0 32768 i
*> 10.0.0.0 0.0.0.0 0 32768 i

R1 # View IP Summary bgp
Routing ID BGP 10.1.1.1, local AS number 65011
The version of the BGP table is 3, the main routing table version 3
2 network input with 288 bytes of memory
3 way entries using 240 bytes of memory
2/1 BGP / bestpath path entries with 272 bytes of memory
0 BGP Routes the cache schema using 0 bytes of memory
BGP filters the list of cache entries by using 0 bytes of memory
BGP using 800 bytes total memory
BGP activity 2/0 primers, 3/0 modes, and clears the interval 60 seconds

The Fifth Neighbor AS MsgRcvd MsgSent Tbl Ver InQ OutQ Top / Bottom State / PfxRcd
1.1.1.2 4 65011 10 10 3 - - 00:04:49 1



R2 # show ip bgp
The BGP table version is 4, the local router ID is 20.1.1.1
Status codes: suppressed, padded, h record, * valid,> better, i - internal,
RIB malfunction, S Stale, m m, backup paths b, f RT-Filter,
The best external roads, additional path, compressed by RIB,
Symbols of origin: i - IGP, e - EGP,? - incomplete
Validation codes RPKI: valid V, invalid, N does not exist

The following route weighs the following jump from LocPrf
*> 1.0.0.0 0.0.0.0 0 32768 i
* i 1.1.1.1 0 100 0 i
*> i 10.0.0.0 1.1.1.1 0 100 0 i

R2 # sample IP summary bgp
Routing ID BGP 20.1.1.1, local AS number 65011
The version of the BGP table is 4, the main routing table version 4
2 network input with 288 bytes of memory
3 way entries using 240 bytes of memory
2/2 Path / bestpath BGP entries with 272 bytes of memory
0 BGP Routes the cache schema using 0 bytes of memory
BGP filters the list of cache entries by using 0 bytes of memory
BGP using 800 bytes total memory
BGP activity 2/0 primers, 3/0 modes, and clears the interval 60 seconds

The Fifth Neighbor AS MsgRcvd MsgSent Tbl Ver InQ OutQ Top / Bottom State / PfxRcd
1.1.1.1 4 65011 11 10 4 0 0 00:05:18 2



R1 (config) #router bgp 65011
R1 (config-router) #neighbor 1.1.1.2 Password between networks
R1 (config-router) # Neighbor 1.1.1.2 version 4
R1 (config-router) # End



R1 #

* 22 March 13: 54: 42.691:% TCP-6-BADAUTH: No MD5 summary from 1.1.1.2 (179) to 1.1.1.1 (47927) tableid - 0

* 22 March, 13: 54: 42695:% TCP-6-BADAUTH: No MD5 summary from 1.1.1.2 (179) to 1.1.1.1 (47927) tableid - 0

* 22 March, 13: 54: 3851:% TCP-6-BADAUTH: No MD5 summary from 1.1.1.2 (32235) to 1.1.1.1 (179) tableid - 0


R2 # show ip bgp
The version of the BGP table is 2, the local router ID is 20.1.1.1
Status codes: suppressed, padded, h record, * valid,> better, i - internal,
RIB malfunction, S Stale, m m, backup paths b, f RT-Filter,
The best external roads, additional path, compressed by RIB,
Symbols of origin: i - IGP, e - EGP,? - incomplete
Validation codes RPKI: valid V, invalid, N does not exist

The following route weighs the following jump from LocPrf
*> 1.0.0.0 0.0.0.0 0 32768 i

R2 # sample IP summary bgp
Routing ID BGP 20.1.1.1, local AS number 65011
The version of the BGP table is 2, the main routing table version 2
1 network entries using 144 bytes of memory
1 way entries using 80 bytes of memory
1/1 Path / BGP entries for the bestpath attribute using 136 bytes of memory
0 BGP Routes the cache schema using 0 bytes of memory
BGP filters the list of cache entries by using 0 bytes of memory
BGP using 360 bytes of memory
The activity prefixes BGP 3/2 and 4/3 methods and the exploration interval are 60 seconds

The Fifth Neighbor AS MsgRcvd MsgSent Tbl Ver InQ OutQ Top / Bottom State / PfxRcd
1.1.1.1 4 65011 0 - 1 - 0 00:02:46 Active



R2 (config) #luter bgp 65011
R2 (config-router) #neighbor 1.1.1.1 Password between networks
R2 (config-router) # Neighbor 1.1.1.1 version 4

* March 22 13: 57: 36.931:% BGP-5-SETTING: Neighbor 1.1.1.1 Top

R2 (config-router) # end


R2 # show ip bgp
The BGP table version is 3, the local router ID is 20.1.1.1
Status codes: suppressed, padded, h record, * valid,> better, i - internal,
RIB malfunction, S Stale, m m, backup paths b, f RT-Filter,
The best external roads, additional path, compressed by RIB,
Symbols of origin: i - IGP, e - EGP,? - incomplete
Validation codes RPKI: valid V, invalid, N does not exist

The following route weighs the following jump from Lockup
* i 1.0.0.0 1.1.1.1 0 100 0 i
*> 0.0.0.0 0 32768 i
*> i 10.0.0.0 1.1.1.1 0 100 0 i

R2 # sample IP summary bgp

Routing ID BGP 20.1.1.1, local AS number 65011
The version of the BGP table is 3, the main routing table version 3
2 network input with 288 bytes of memory
3 way entries using 240 bytes of memory
2/2 Path / bestpath BGP entries with 272 bytes of memory
0 BGP Routes the cache schema using 0 bytes of memory
BGP filters the list of cache entries by using 0 bytes of memory
BGP using 800 bytes total memory
The activity prefixes BGP 4/2 and 6/3 methods and the exploration interval are 60 seconds

The Fifth Neighbor AS MsgRcvd MsgSent Tbl Ver InQ OutQ Top / Bottom State / PfxRcd
1.1.1.1 4 65011 5 5 3 - - 00:00:44 2

BGP Attributes

Features of BGP
BGP supports a wide range of path attributes, BGP chooses a path to a network based on its path attributes.



There are four categories of features are the following:
Known mandatory
Estimated known
Transitive optional
Optional non-transitive

The mandatory attribute known by all BGP routers, present in all BGP updates, must be recognized and transferred to other BGP routers. As the track and origin the next jump.

All BGP routers must recognize the known discretion and pass them on to other BGP routers, but they do not need to be present in an update. Local preference

An BGP router may recognize or not recognize an optional transitive, but it is passed to other BGP routers.
If it is not recognized, it is marked as partial. Assembly, community.

Optional Non-Transitive If BGP does not recognize the attribute, you can ignore the update and not announce the path to its counterpart. Highlight Multiple Output (MED), Author ID

AS_Path attribute: This path attribute lists the independent system numbers in the path from end to end. BGP uses AS_Path as its main loop prevention tool.



The AS_Path attribute is a known mandatory attribute. List your AS and from which the updates come. A shorter list of AS_PATH is more desirable.

Next_hop is a known mandatory attribute. The following jump means that the IP address reaches the next independent system because BGP is AS by the AS routing protocol.

Attribute of origin

The origin of all ASS in the intranet is how the network was presented in the BGP.

(I) represents PGI
E Represents EBGP
(?) Represent incomplete

Feature weight is a feature of Cisco. That is, how to get out of AS, track with higher weight is more desirable. Weight is a partial feature, where weight 0 learns by default the 32,769 track for locally injected methods. Your local router is not advertised for any BGP counterpart.

Local preference feature

Local preferences determine how data traffic should leave an independent system. The route with the highest preference value is the most popular by default is 100, the range of preference from 0 to 232 is well known, an estimate attribute is only announced to adjacent iBGP within a standalone system.


The version of the BGP table is 5, the local router ID is 13.0.3.1
Status codes: suppressed, padded, h record, * valid,> better, i - internal,
RIB malfunction, S Stale, m m, backup paths b, f RT-Filter,
The best external roads, additional path, compressed by RIB,
Symbols of origin: i - IGP, e - EGP,? - incomplete
Validation codes RPKI: valid V, invalid, N does not exist

Weight way for the next jump network

r> i 10.0.0.0 11.0.0.1 0 100 0 i
r> i 20.0.0.0 12.0.0.1 0 100 0 i
*> 30.0.0.0 0.0.0.0 0 32768 i
r> i 40.0.0.0 14.0.0.1 0 100 0 i

Monday, April 22, 2019

BGP AS Path Prepending

AS Path is the fourth BGP attribute, AS Path is known, the attribute is mandatory. BGP prefers the shortest route to reach the destination. In other words, the route that contains the shortest route to the tracks is more than satisfactory.

You can handle this using a pre-route AS. Manually manipulating the length of the AS track is called the previous AS route. The AS route should be extended with several copies of the sender's AS number.

The AS is used to prepend the route to:


1.Ensure a correct selection of the return route.
. Distribution of cargo traffic for multi-homed clients.


The prepayment results for the AS route can be observed on the receiving router.

Let's see the composition: -

Topology:




Objective:

Configure the topology according to the scheme and assign the IP address by structure.
The composition of IBGP and EBGP.
Configure AS 650014 to make sure that all routes in AS 650014 must leave router_1 to AS 650003 (30.0.0.0).
Configure AS 650014 to ensure that traffic is from 30.0.0.0 to 10.0.0.0. The return traffic must use the same route as the routing traffic routers_1_2_3.



R1 # Displays a brief IP interface

IP interface - correct address? Protocol State Method
FastEthernet0 / 0 10.1.1.1 Yes, even manual
Serial3 / 0 1.1.1.1 Yes Arrive manually
Serial3 / 3 4.1.1.2 Yes Manual lifting
Loopback0 11.0.0.1 Yes Manual Reach


R2 # Displays a brief IP interface

IP interface - correct address? Protocol State Method
FastEthernet0 / 0 20.1.1.1 Yes, manual lifting
Serial3 / 0 1.1.1.2 Yes Arrive manually
Serial3 / 1 2.1.1.1 Yes Manual lifting
Loopback0 12.0.0.1 Yes Manual Reach


R3 # Displays a brief IP interface

IP interface - correct address? Protocol State Method
FastEthernet0 / 0 30.1.1.1 Yes, manual lifting
Serial3 / 1 2.1.1.2 Yes Manual lifting
Serial3 / 2 3.1.1.1 Yes Manual lifting
Loopback0 13.0.0.1 Yes Reach manual

R4 # Displays a brief IP interface

IP interface - correct address? Protocol State Method
FastEthernet0 / 0 40.1.1.1 Yes, manual lifting
Serial3 / 2 3.1.1.2 Yes Manual lifting
Serial3 / 3 4.1.1.1 Yes Manual lifting
Loopback0 14.0.0.1 Yes Manual Reach




R1 (config) #router bgp 650014
R1 (config-router) #neighbor 4.1.1.1 remote as 650014
R1 (config-router) # Neighbor 1.1.1.2 Remote as 650002
R1 (config-router) # Red 10.0.0.0
R1 (config-router) # Red 1.0.0.0
R1 (config-router) # Red 4.0.0.0
R1 (config-router) # Network mask 11.0.0.0 255.255.255.0
R1 (router configuration)

R2 (config) #rout bgp 650002
R2 (config-router) # Neighbor 1.1.1.1 Remote like 650014

* March 13 12: 23: 30.111:% BGP-5-ADJCHANGE: Neighbor 1.1.1.1 Top

R2 (config-router) # Neighbor 2.1.1.2 Remote as 650003
R2 (config-router) # Red 20.0.0.0
R2 (config-router) # Red 1.0.0.0
R2 (config-router) # Red 2.0.0.0
R2 (config-router) # Network Mask 12.0.0.0 255.255.255.0
R2 (router configuration) #exit

R3 (config) #router bgp 650003
R3 (config-router) # Neighbor 2.1.1.1 Remote as 650002

* March 13 12: 25: 42,495:% BGP-5-ADJCHANGE: Neighbor 2.1.1.1 Top

R3 (config-router) # Neighbor 3.1.1.2 Remote as 650014
R3 (config-router) # Red 30.0.0.0
R3 (config-router) # Network 3.0.0.0
R3 (config-router) # Red 2.0.0.0
R3 (config-router) # Network mask 13.0.0.0 255.255.255.0
R3 (router configuration) #exit

R4 (config) #luter bgp 650014
R4 (config-router) # Neighbor 3.1.1.1 Remote as 650003

* 13 Mar 12: 27: 46.807:% BGP-5-ADJCHANGE: Neighbor 3.1.1.1 Top

R4 (config-router) #neighbor 4.1.1.2 remote like 650014

* March 13 12: 28: 10.663:% BGP-5-SETTING: Neighbor 4.1.1.2

R4 (config-router) # Red 40.0.0.0
R4 (config-router) # Red 4.0.0.0
R4 (config-router) # Network 3.0.0.0
R4 (config-router) # Netmask 14.0.0.0 255.255.255.0
R4 (router configuration) #exit

R1 # See IP bgp
Router ID BGP 11.0.0.1, local AS number 650014
Fifth neighbor AS MsgRcvd MsgSent TblVer InQ OutQ State higher / lower State / PfxRcd
1.1.1.2 4 650002 14 16 21 - 0 00:08:00 7
4.1.1.1 4 650014 14 13 21 - 0 00:03:19 7

See the IPgpp summary
The BGP router ID 12.0.0.1, local AS number 650002
Fifth neighbor AS MsgRcvd MsgSent TblVer InQ OutQ State higher / lower State / PfxRcd
1.1.1.1 4 650014 17 15 14 - 0 00:09:06 9
2.1.1.2 4 650003 12 15 14 - 0 00:06:54 9

R3 # See the IP summary bgp
The BGP router ID 13.0

R1 # show ip bgp 30.1.1.1
Entry of the BGP routing table for 30.0.0.0/8, version 20
Tracks: (2 available, best # 1, default table)
Update of announced groups:
one
Update age 1
650003
3.1.1.1 of 4.1.1.1 (14.0.0.1)
Origin of IGP, metric 0, local prefix 100, fit, internal, best
rx pathid: 0, tx pathid: 0x0
Update age 1
650002
1.1.1.2 of 1.1.1.2 (12.0.0.1)
Origin of IGP, localpref 100, valid, external.
rx pathid: 0, tx pathid: 0

(By default, AS_650014, exit VIA R4 to access the prefix AS 650003 (30.0.0.0) by using shorter AS-PATH)


R1 (config) # access-list 10 Statement 30.0.0.0 0.255.255.255

R1 (config) # cisco-route route 10
R1 (config-route-map) #match ip address 10
R1 (config-route-map) #set Local preference 300
R1 (Configuration route map)

Roadmap Permit
R1 (Configuration route map)


R1 # show ip bgp 30.1.1.1
Entry of the BGP routing table for 30.0.0.0/8, version 22
Tracks: (1 available, best # 1, default table)
Update of announced groups:
two
Update 2 years
650002
1.1.1.2 of 1.1.1.2 (12.0.0.1)
Origin of IGP, localpref 300, valid, external, better.
rx pathid: 0, tx pathid: 0x0

(Now set the traffic back)

R3 # show ip bgp
The version of the BGP table is 18, and the ID of the local router is 13.0.0.1
Status codes: s deleted, d damped, h record, * fit,> better, i - internal,
Malfunction of the RIB, S Stale, m m, backup routes b, f RT-Filter,
Better external x, additional track, compressed from RIB,
Origin codes: i - IGP, e - EGP,? - incomplete
RPKI verification codes: V is valid, I is not valid, N does not exist

Weight of the Metric Next Hop route LocPrf of the network
* 1.0.0.0 3.1.1.2 0 650014 i
*> 2.1.1.1 0 - 650002 i
*> 2.0.0.0 0.0.0.0 0 32768 i
* 2.1.1.1 0 - 650002 i
* 3.0.0.0 3.1.1.2 0 0 650014 i
*> 0.0.0.0 0 32768 i
*> 4.0.0.0 3.1.1.2 0 0 650014 i
* 2.1.1.1 0 650002 650014 i
*> 10.0.0.0 3.1.1.2 0 650014 i
* 2.1.1.1 0 650002 650014 i
*> 11.0.0.0/24 3.1.1.2 0 650014 i
* 2.1.1.1 0 650002 650014 i
* 12.0.0.0/24 3.1.1.2 0 650014 650002 i
*> 2.1.1.1 0 - 650002 i
Weight of the Metric Next Hop route LocPrf of the network
*> 13.0.0.0/24 0.0.0.0 0 32768 i
* 14.0.0.0/24 2.1.1.1 0 650002 650014 i
*> 3.1.1.2 0 0 650014 i
* 20.0.0.0 3.1.1.2 0 650014 650002 i
*> 2.1.1.1 0 - 650002 i
*> 30.0.0.0 0.0.0.0 0 32768 i
*> 40.0.0.0 3.1.1.2 0 0 650014 i
* 2.1.1.1 0 650002 650014 i

R3 # show ip bgp 10.1.1.1
Entry of the BGP routing table for 10.0.0.0/8, version 13
Tracks: (2 available, best # 1, default table)
Update of announced groups:
one
Update age 1
650014
3.1.1.2 From 3.1.1.2 (14.0.0.1)
Origin of IGP, localpref 100, valid, external, better.
rx pathid: 0, tx pathid: 0x0
Update 2 years
650002
2.1.1.1 of 2.1.1.1 (12.0.0.1)
Origin of IGP, localpref 100, valid, external.
rx pathid: 0, tx pathid: 0

R4 (config) # access-list 10 Statement 10.0.0.0 0.255.255.255

R4 (config) # cisco-map route 10
R4 (config-route-map) #match ip address 10
R4 (config-route-map) #set as-path prepend 650014 650014 650014 650014
R4 (Configuration route map)

Route Map - Permission
R4 (Configuration route map)

R4 (config) #luter bgp 650014
R4 (router configuration) #nei
R4 (config-router) # Neighbor 3.1.1.1 rou
R4 (config-router) # Neighbor 3.1.1.1 Road-m
R4 (config-router) # Neighbor 3.1.1.1 - Cisco Outbound Scheme
R4 (router configuration) #END

R3 # show ip bgp
The BGP table version is 19, the ID of the local router is 13.0.0.1
Status codes: s deleted, d damped, h record, * fit,> better, i - internal,
Malfunction of the RIB, S Stale, m m, backup routes b, f RT-Filter,
Better external x, additional track, compressed from RIB,
Origin codes: i - IGP, e - EGP,? - incomplete
RPKI verification codes: V is valid, I is not valid, N does not exist

Weight of the Metric Next Hop route LocPrf of the network
* 1.0.0.0 3.1.1.2 0 650014 i
*> 2.1.1.1 0 - 650002 i
*> 2.0.0.0 0.0.0.0 0 32768 i
* 2.1.1.1 0 - 650002 i
* 3.0.0.0 3.1.1.2 0 0 650014 i
*> 0.0.0.0 0 32768 i
*> 4.0.0.0 3.1.1.2 0 0 650014 i
* 2.1.1.1 0 650002 650014 i
* 10.0.0.0 3.1.1.2 0 650014 650014 650014 650014 650014 i
*> 2.1.1.1 0 650002 650014 i
*> 11.0.0.0/24 3.1.1.2 0 650014 i
* 2.1.1.1 0 650002 650014 i
* 12.0.0.0/24 3.1.1.2 0 650014 650002 i
Weight of the Metric Next Hop route LocPrf of the network
*> 2.1.1.1 0 - 650002 i
*> 13.0.0.0/24 0.0.0.0 0 32768 i
* 14.0.0.0/24 2.1.1.1 0 650002 650014 i
*> 3.1.1.2 0 0 650014 i
* 20.0.0.0 3.1.1.2 0 650014 650002 i
*> 2.1.1.1 0 - 650002 i
*> 30.0.0.0 0.0.0.0 0 32768 i
*> 40.0.0.0 3.1.1.2 0 0 650014 i
* 2.1.1.1 0 650002 650014 i

R3 # show ip bgp 10.1.1.1
Entry of the BGP routing table for 10.0.0.0/8, version 19
Tracks: (2 available, best # 2, default table)
Update of announced groups:
one
Update age 3
650014 650014 650014 650014 650014
3.1.1.2 From 3.1.1.2 (14.0.0.1)
Origin of IGP, localpref 100, valid, external.
rx pathid: 0, tx pathid: 0
Update age 3
650002
2.1.1.1 of 2.1.1.1 (12.0.0.1)
Origin of IGP, localpref 100, valid, external, better.
rx pathid: 0, tx pathid: 0x0


R1 # traceroute 30.1.1.1
Write the escape sequence for the abortion.
Route route up to 30.1.1.1.
VRF information: (vrf in name / id, vrf out of name / id)
1.1.1.2 52 ms
2 2.1.1.2 [AS 650002] 120 milliseconds 140 ms 176 ms

R3 # traceroute 10.1.1.1
Write the escape sequence for the abortion.
Follow the road to 10.1.1.1
VRF information: (vrf in name / id, vrf out of name / id)
1 2.1.1.1 36 msec
1.1.1.1 [AS 650002] 112 ms. 92 ms 76 ms.

Introduction of BGP

Introduction of BGP

The Border Gateway Protocol (BGP) announces, learns and selects the best routes within the Internet. When they connect to Internet service providers, they generally use BGP to exchange routing information. Internet service providers around the world share routing information with one or more ISPs.

Autonomous system




A system of autonomy is a set of networks under a management technique. IGPs such as OSPF EIGRP operate within an independent system. We use BGP between independent systems to exchange routing information without loops.

Internal and external BGP




BGP is defined in two neighbor categories.
The internal BGP (iBGP) works within the same system itself.
External BGP (E BGP) operates between the multiple autonomy system

BGP features

BGP is an open standard protocol.
An external gateway protocol designed to guide an inter-AS domain to extend the reach of a large network network such as the Internet
Its support without class, VLSM, CIDR, automatic summary and manual
Incremental updates The BGP engine sends updates to the selected environment manually as unicast.
BGP is an application layer protocol that uses TCP for reliability, TCP port 179
Metric is qualities
The administrative distance is 20 for external updates (EBGP) and 200 for internal updates (i BGP)
Types of ISP connections
Lonely Homed
Double home sites
Multiple legs
Dual Multi-Rocket


Home


A single start site with an ISP connection is a single start. Staying alone is a good place for a site that does not rely heavily on the Internet or WAN. You can announce a fixed route or route and receive a default route from your ISP.



Double stored

The double-link site has two connections from the same ISP from one or two routers. One of the links may be basic and the other a backup, or the site may have a balanced load on both connections. We can use static or dynamic routing.

Multi-shop

Multi-homing is a link to connect one or more ISPs at the same time. This is done for redundancy and backup if an Internet service provider fails and for better performance if an Internet service provider provides a better route for frequently used networks. Multi-homed U also offers an independent ISP solution. BGP is generally used with multi-homed connections.


Double home

Dual-multi-homed means having two connections with multiple ISPs. The multipoint duplex gives you maximum redundancy. BGP is used with ISP and can be implemented internally as well.

Access Lists

Access lists

Access lists are basically a list of conditions that classify packets, which are really useful when you need to control network traffic.

Access lists are one of the most common and easy-to-understand access lists for filtering unwanted packets when implementing security policies. You can configure them to make very specific decisions about the organization of traffic patterns, so that they only allow a particular host to access web resources on the Internet while restricting others. By using the correct combination of the access list, network administrators can enforce almost any security policy they can create.



Data of the access list

If a specific condition is met, a specific action is taken. If the specified condition is not met, nothing will happen and the following statement is evaluated. The declaration of the access lists is a packet filter that is compared with the packets, is classified and executed. Once menus are created, they can be applied to incoming or outgoing traffic on any interface. An ACL application causes the router to analyze each packet that crosses that interface at the specified address and takes the appropriate action.

There are three important rules that a package tracks when compared to an access list:
The package is always compared to each line in the ACL list in sequential order, and will always start with the first statement of the ACL list, then go to declaration 2, then to the third statement, and so on.
·
The package is compared to the declaration of the access list until a match is made. Once the condition matches the statement in the access list, the package is handled without further comparisons.
·
There is an implicit "rejection" at the end of each access list, which means that if the package does not match any condition in any of the statements in the access list, the package will be ignored.
Type of access list (ACL)

1. Standard access lists This access list uses the source IP address only in the IP packet as a condition test. All decisions are made based on the source IP address. This means that standard ACLs allow or reject a complete set of protocols. Do not distinguish between any type of IP traffic, such as Web, Telnet, UDP, etc.

2.Extended access lists Extended ACLs can evaluate many other fields in the Layer 3 and Layer 4 headers for an IP packet. They can evaluate the source and destination IP addresses, the protocol field in the network layer header, and the port number in the transport layer header. This gives extended ACLs the ability to make more precise decisions when controlling traffic.

3.Access list Access name Access lists are standard or extended and are not really a type of area. To use ACLs as a packet filter, you must apply it to an interface on the router where you want to filter traffic. You must specify the traffic direction in which you want the ACLs. You must have different ACLs for incoming and outgoing traffic in an interface:

Inbound access control lists: when access lists are applied to the incoming packet in an interface, these packets are processed through the access list before being routed to the external interface. No package will be routed.

Outgoing ACLs When an access list is applied to outgoing packets in an interface, packets are routed to the outgoing interface and processed through the access list before they are queued.

Tuesday, April 16, 2019

STP Interview Questions

Frequently Asked Questions about Network Interviews:
In this high-tech world, there can not be anyone who has never used the Internet. Using the Internet, you can easily find an answer to what he / she does not know.
Earlier, when a person who wants to appear for an interview, must carefully review all relevant books and materials on the pages. But the Internet did so easily. There are several questions and answers to the interviews that are available today.
Therefore, preparation for interviews has become much simpler these days.
In this article, I listed the most important and frequently asked questions and answers about the basic network visual interviews for your easy understanding and reminder. This, in turn, will lead you to success in your career.


Wednesday, April 10, 2019

OSPF Authentication

OSPF can be configured to authenticate each OSPF message. This is usually done to prevent the unauthorized router from injecting erroneous routing information, thereby causing a denial of service attack.

Two types of authentication can be used:
1. Clear text authentication: Simple text passwords are used
2. MD5 Authentication: MD5 authentication is used. This type of authentication is more secure because the password does not enter in clear text over the network.

Note

With OSPF authentication enabled, routers must pass the authentication process before they become OSPF neighbors.


To configure clear text authentication, the following steps are required:


  1. Configure the OSPF password on the interface by using the PASSWORD ip ospf interface command key for authentication.

       2.Configure the interface to use OSPF clear text authentication by using the ospf ip                           authentication interface command.



In the following example, we will configure clear text authentication for OSPF.



Both Routers work OSPF. In R1, we need to enter the following commands:



You must enter the same commands in R2:



To verify that text authentication is enabled without encryption, we can use the show ip ospf interface INTERFACE_NUMBER / INTERFACE_TYPE command on any of the following:



Configuring OSPF authentication for MD5 is very similar to the clear text authentication configuration. Two things are also used:

1.You must first initialize an MD5 value on an interface by using the interface command VALUE for the digest-key-key 1 md5 for the ospf protocol

2.Then, you must configure the interface to use MD5 authentication by using the message digest summary interface and the ospf command for the ip interface command


The following is an example of a configuration in R1:



You can verify that R1 uses OSPF authentication for MD5 by entering the show ip ospf INTERFACE / INTERFACE_TYPE command:



Note
The OSPF authentication type can also be enabled on a zone basis, instead of configuring the OSPF authentication type for each interface. This is done by using the AREA_ID zone authentication command [message digest] in OSPF configuration mode. If you delete the message summary keyword, clear text authentication will be used for that area. All interfaces within the zone will use OSPF authentication.