Monday, April 22, 2019

BGP AS Path Prepending

AS Path is the fourth BGP attribute, AS Path is known, the attribute is mandatory. BGP prefers the shortest route to reach the destination. In other words, the route that contains the shortest route to the tracks is more than satisfactory.

You can handle this using a pre-route AS. Manually manipulating the length of the AS track is called the previous AS route. The AS route should be extended with several copies of the sender's AS number.

The AS is used to prepend the route to:


1.Ensure a correct selection of the return route.
. Distribution of cargo traffic for multi-homed clients.


The prepayment results for the AS route can be observed on the receiving router.

Let's see the composition: -

Topology:




Objective:

Configure the topology according to the scheme and assign the IP address by structure.
The composition of IBGP and EBGP.
Configure AS 650014 to make sure that all routes in AS 650014 must leave router_1 to AS 650003 (30.0.0.0).
Configure AS 650014 to ensure that traffic is from 30.0.0.0 to 10.0.0.0. The return traffic must use the same route as the routing traffic routers_1_2_3.



R1 # Displays a brief IP interface

IP interface - correct address? Protocol State Method
FastEthernet0 / 0 10.1.1.1 Yes, even manual
Serial3 / 0 1.1.1.1 Yes Arrive manually
Serial3 / 3 4.1.1.2 Yes Manual lifting
Loopback0 11.0.0.1 Yes Manual Reach


R2 # Displays a brief IP interface

IP interface - correct address? Protocol State Method
FastEthernet0 / 0 20.1.1.1 Yes, manual lifting
Serial3 / 0 1.1.1.2 Yes Arrive manually
Serial3 / 1 2.1.1.1 Yes Manual lifting
Loopback0 12.0.0.1 Yes Manual Reach


R3 # Displays a brief IP interface

IP interface - correct address? Protocol State Method
FastEthernet0 / 0 30.1.1.1 Yes, manual lifting
Serial3 / 1 2.1.1.2 Yes Manual lifting
Serial3 / 2 3.1.1.1 Yes Manual lifting
Loopback0 13.0.0.1 Yes Reach manual

R4 # Displays a brief IP interface

IP interface - correct address? Protocol State Method
FastEthernet0 / 0 40.1.1.1 Yes, manual lifting
Serial3 / 2 3.1.1.2 Yes Manual lifting
Serial3 / 3 4.1.1.1 Yes Manual lifting
Loopback0 14.0.0.1 Yes Manual Reach




R1 (config) #router bgp 650014
R1 (config-router) #neighbor 4.1.1.1 remote as 650014
R1 (config-router) # Neighbor 1.1.1.2 Remote as 650002
R1 (config-router) # Red 10.0.0.0
R1 (config-router) # Red 1.0.0.0
R1 (config-router) # Red 4.0.0.0
R1 (config-router) # Network mask 11.0.0.0 255.255.255.0
R1 (router configuration)

R2 (config) #rout bgp 650002
R2 (config-router) # Neighbor 1.1.1.1 Remote like 650014

* March 13 12: 23: 30.111:% BGP-5-ADJCHANGE: Neighbor 1.1.1.1 Top

R2 (config-router) # Neighbor 2.1.1.2 Remote as 650003
R2 (config-router) # Red 20.0.0.0
R2 (config-router) # Red 1.0.0.0
R2 (config-router) # Red 2.0.0.0
R2 (config-router) # Network Mask 12.0.0.0 255.255.255.0
R2 (router configuration) #exit

R3 (config) #router bgp 650003
R3 (config-router) # Neighbor 2.1.1.1 Remote as 650002

* March 13 12: 25: 42,495:% BGP-5-ADJCHANGE: Neighbor 2.1.1.1 Top

R3 (config-router) # Neighbor 3.1.1.2 Remote as 650014
R3 (config-router) # Red 30.0.0.0
R3 (config-router) # Network 3.0.0.0
R3 (config-router) # Red 2.0.0.0
R3 (config-router) # Network mask 13.0.0.0 255.255.255.0
R3 (router configuration) #exit

R4 (config) #luter bgp 650014
R4 (config-router) # Neighbor 3.1.1.1 Remote as 650003

* 13 Mar 12: 27: 46.807:% BGP-5-ADJCHANGE: Neighbor 3.1.1.1 Top

R4 (config-router) #neighbor 4.1.1.2 remote like 650014

* March 13 12: 28: 10.663:% BGP-5-SETTING: Neighbor 4.1.1.2

R4 (config-router) # Red 40.0.0.0
R4 (config-router) # Red 4.0.0.0
R4 (config-router) # Network 3.0.0.0
R4 (config-router) # Netmask 14.0.0.0 255.255.255.0
R4 (router configuration) #exit

R1 # See IP bgp
Router ID BGP 11.0.0.1, local AS number 650014
Fifth neighbor AS MsgRcvd MsgSent TblVer InQ OutQ State higher / lower State / PfxRcd
1.1.1.2 4 650002 14 16 21 - 0 00:08:00 7
4.1.1.1 4 650014 14 13 21 - 0 00:03:19 7

See the IPgpp summary
The BGP router ID 12.0.0.1, local AS number 650002
Fifth neighbor AS MsgRcvd MsgSent TblVer InQ OutQ State higher / lower State / PfxRcd
1.1.1.1 4 650014 17 15 14 - 0 00:09:06 9
2.1.1.2 4 650003 12 15 14 - 0 00:06:54 9

R3 # See the IP summary bgp
The BGP router ID 13.0

R1 # show ip bgp 30.1.1.1
Entry of the BGP routing table for 30.0.0.0/8, version 20
Tracks: (2 available, best # 1, default table)
Update of announced groups:
one
Update age 1
650003
3.1.1.1 of 4.1.1.1 (14.0.0.1)
Origin of IGP, metric 0, local prefix 100, fit, internal, best
rx pathid: 0, tx pathid: 0x0
Update age 1
650002
1.1.1.2 of 1.1.1.2 (12.0.0.1)
Origin of IGP, localpref 100, valid, external.
rx pathid: 0, tx pathid: 0

(By default, AS_650014, exit VIA R4 to access the prefix AS 650003 (30.0.0.0) by using shorter AS-PATH)


R1 (config) # access-list 10 Statement 30.0.0.0 0.255.255.255

R1 (config) # cisco-route route 10
R1 (config-route-map) #match ip address 10
R1 (config-route-map) #set Local preference 300
R1 (Configuration route map)

Roadmap Permit
R1 (Configuration route map)


R1 # show ip bgp 30.1.1.1
Entry of the BGP routing table for 30.0.0.0/8, version 22
Tracks: (1 available, best # 1, default table)
Update of announced groups:
two
Update 2 years
650002
1.1.1.2 of 1.1.1.2 (12.0.0.1)
Origin of IGP, localpref 300, valid, external, better.
rx pathid: 0, tx pathid: 0x0

(Now set the traffic back)

R3 # show ip bgp
The version of the BGP table is 18, and the ID of the local router is 13.0.0.1
Status codes: s deleted, d damped, h record, * fit,> better, i - internal,
Malfunction of the RIB, S Stale, m m, backup routes b, f RT-Filter,
Better external x, additional track, compressed from RIB,
Origin codes: i - IGP, e - EGP,? - incomplete
RPKI verification codes: V is valid, I is not valid, N does not exist

Weight of the Metric Next Hop route LocPrf of the network
* 1.0.0.0 3.1.1.2 0 650014 i
*> 2.1.1.1 0 - 650002 i
*> 2.0.0.0 0.0.0.0 0 32768 i
* 2.1.1.1 0 - 650002 i
* 3.0.0.0 3.1.1.2 0 0 650014 i
*> 0.0.0.0 0 32768 i
*> 4.0.0.0 3.1.1.2 0 0 650014 i
* 2.1.1.1 0 650002 650014 i
*> 10.0.0.0 3.1.1.2 0 650014 i
* 2.1.1.1 0 650002 650014 i
*> 11.0.0.0/24 3.1.1.2 0 650014 i
* 2.1.1.1 0 650002 650014 i
* 12.0.0.0/24 3.1.1.2 0 650014 650002 i
*> 2.1.1.1 0 - 650002 i
Weight of the Metric Next Hop route LocPrf of the network
*> 13.0.0.0/24 0.0.0.0 0 32768 i
* 14.0.0.0/24 2.1.1.1 0 650002 650014 i
*> 3.1.1.2 0 0 650014 i
* 20.0.0.0 3.1.1.2 0 650014 650002 i
*> 2.1.1.1 0 - 650002 i
*> 30.0.0.0 0.0.0.0 0 32768 i
*> 40.0.0.0 3.1.1.2 0 0 650014 i
* 2.1.1.1 0 650002 650014 i

R3 # show ip bgp 10.1.1.1
Entry of the BGP routing table for 10.0.0.0/8, version 13
Tracks: (2 available, best # 1, default table)
Update of announced groups:
one
Update age 1
650014
3.1.1.2 From 3.1.1.2 (14.0.0.1)
Origin of IGP, localpref 100, valid, external, better.
rx pathid: 0, tx pathid: 0x0
Update 2 years
650002
2.1.1.1 of 2.1.1.1 (12.0.0.1)
Origin of IGP, localpref 100, valid, external.
rx pathid: 0, tx pathid: 0

R4 (config) # access-list 10 Statement 10.0.0.0 0.255.255.255

R4 (config) # cisco-map route 10
R4 (config-route-map) #match ip address 10
R4 (config-route-map) #set as-path prepend 650014 650014 650014 650014
R4 (Configuration route map)

Route Map - Permission
R4 (Configuration route map)

R4 (config) #luter bgp 650014
R4 (router configuration) #nei
R4 (config-router) # Neighbor 3.1.1.1 rou
R4 (config-router) # Neighbor 3.1.1.1 Road-m
R4 (config-router) # Neighbor 3.1.1.1 - Cisco Outbound Scheme
R4 (router configuration) #END

R3 # show ip bgp
The BGP table version is 19, the ID of the local router is 13.0.0.1
Status codes: s deleted, d damped, h record, * fit,> better, i - internal,
Malfunction of the RIB, S Stale, m m, backup routes b, f RT-Filter,
Better external x, additional track, compressed from RIB,
Origin codes: i - IGP, e - EGP,? - incomplete
RPKI verification codes: V is valid, I is not valid, N does not exist

Weight of the Metric Next Hop route LocPrf of the network
* 1.0.0.0 3.1.1.2 0 650014 i
*> 2.1.1.1 0 - 650002 i
*> 2.0.0.0 0.0.0.0 0 32768 i
* 2.1.1.1 0 - 650002 i
* 3.0.0.0 3.1.1.2 0 0 650014 i
*> 0.0.0.0 0 32768 i
*> 4.0.0.0 3.1.1.2 0 0 650014 i
* 2.1.1.1 0 650002 650014 i
* 10.0.0.0 3.1.1.2 0 650014 650014 650014 650014 650014 i
*> 2.1.1.1 0 650002 650014 i
*> 11.0.0.0/24 3.1.1.2 0 650014 i
* 2.1.1.1 0 650002 650014 i
* 12.0.0.0/24 3.1.1.2 0 650014 650002 i
Weight of the Metric Next Hop route LocPrf of the network
*> 2.1.1.1 0 - 650002 i
*> 13.0.0.0/24 0.0.0.0 0 32768 i
* 14.0.0.0/24 2.1.1.1 0 650002 650014 i
*> 3.1.1.2 0 0 650014 i
* 20.0.0.0 3.1.1.2 0 650014 650002 i
*> 2.1.1.1 0 - 650002 i
*> 30.0.0.0 0.0.0.0 0 32768 i
*> 40.0.0.0 3.1.1.2 0 0 650014 i
* 2.1.1.1 0 650002 650014 i

R3 # show ip bgp 10.1.1.1
Entry of the BGP routing table for 10.0.0.0/8, version 19
Tracks: (2 available, best # 2, default table)
Update of announced groups:
one
Update age 3
650014 650014 650014 650014 650014
3.1.1.2 From 3.1.1.2 (14.0.0.1)
Origin of IGP, localpref 100, valid, external.
rx pathid: 0, tx pathid: 0
Update age 3
650002
2.1.1.1 of 2.1.1.1 (12.0.0.1)
Origin of IGP, localpref 100, valid, external, better.
rx pathid: 0, tx pathid: 0x0


R1 # traceroute 30.1.1.1
Write the escape sequence for the abortion.
Route route up to 30.1.1.1.
VRF information: (vrf in name / id, vrf out of name / id)
1.1.1.2 52 ms
2 2.1.1.2 [AS 650002] 120 milliseconds 140 ms 176 ms

R3 # traceroute 10.1.1.1
Write the escape sequence for the abortion.
Follow the road to 10.1.1.1
VRF information: (vrf in name / id, vrf out of name / id)
1 2.1.1.1 36 msec
1.1.1.1 [AS 650002] 112 ms. 92 ms 76 ms.

Introduction of BGP

Introduction of BGP

The Border Gateway Protocol (BGP) announces, learns and selects the best routes within the Internet. When they connect to Internet service providers, they generally use BGP to exchange routing information. Internet service providers around the world share routing information with one or more ISPs.

Autonomous system




A system of autonomy is a set of networks under a management technique. IGPs such as OSPF EIGRP operate within an independent system. We use BGP between independent systems to exchange routing information without loops.

Internal and external BGP




BGP is defined in two neighbor categories.
The internal BGP (iBGP) works within the same system itself.
External BGP (E BGP) operates between the multiple autonomy system

BGP features

BGP is an open standard protocol.
An external gateway protocol designed to guide an inter-AS domain to extend the reach of a large network network such as the Internet
Its support without class, VLSM, CIDR, automatic summary and manual
Incremental updates The BGP engine sends updates to the selected environment manually as unicast.
BGP is an application layer protocol that uses TCP for reliability, TCP port 179
Metric is qualities
The administrative distance is 20 for external updates (EBGP) and 200 for internal updates (i BGP)
Types of ISP connections
Lonely Homed
Double home sites
Multiple legs
Dual Multi-Rocket


Home


A single start site with an ISP connection is a single start. Staying alone is a good place for a site that does not rely heavily on the Internet or WAN. You can announce a fixed route or route and receive a default route from your ISP.



Double stored

The double-link site has two connections from the same ISP from one or two routers. One of the links may be basic and the other a backup, or the site may have a balanced load on both connections. We can use static or dynamic routing.

Multi-shop

Multi-homing is a link to connect one or more ISPs at the same time. This is done for redundancy and backup if an Internet service provider fails and for better performance if an Internet service provider provides a better route for frequently used networks. Multi-homed U also offers an independent ISP solution. BGP is generally used with multi-homed connections.


Double home

Dual-multi-homed means having two connections with multiple ISPs. The multipoint duplex gives you maximum redundancy. BGP is used with ISP and can be implemented internally as well.

Access Lists

Access lists

Access lists are basically a list of conditions that classify packets, which are really useful when you need to control network traffic.

Access lists are one of the most common and easy-to-understand access lists for filtering unwanted packets when implementing security policies. You can configure them to make very specific decisions about the organization of traffic patterns, so that they only allow a particular host to access web resources on the Internet while restricting others. By using the correct combination of the access list, network administrators can enforce almost any security policy they can create.



Data of the access list

If a specific condition is met, a specific action is taken. If the specified condition is not met, nothing will happen and the following statement is evaluated. The declaration of the access lists is a packet filter that is compared with the packets, is classified and executed. Once menus are created, they can be applied to incoming or outgoing traffic on any interface. An ACL application causes the router to analyze each packet that crosses that interface at the specified address and takes the appropriate action.

There are three important rules that a package tracks when compared to an access list:
The package is always compared to each line in the ACL list in sequential order, and will always start with the first statement of the ACL list, then go to declaration 2, then to the third statement, and so on.
·
The package is compared to the declaration of the access list until a match is made. Once the condition matches the statement in the access list, the package is handled without further comparisons.
·
There is an implicit "rejection" at the end of each access list, which means that if the package does not match any condition in any of the statements in the access list, the package will be ignored.
Type of access list (ACL)

1. Standard access lists This access list uses the source IP address only in the IP packet as a condition test. All decisions are made based on the source IP address. This means that standard ACLs allow or reject a complete set of protocols. Do not distinguish between any type of IP traffic, such as Web, Telnet, UDP, etc.

2.Extended access lists Extended ACLs can evaluate many other fields in the Layer 3 and Layer 4 headers for an IP packet. They can evaluate the source and destination IP addresses, the protocol field in the network layer header, and the port number in the transport layer header. This gives extended ACLs the ability to make more precise decisions when controlling traffic.

3.Access list Access name Access lists are standard or extended and are not really a type of area. To use ACLs as a packet filter, you must apply it to an interface on the router where you want to filter traffic. You must specify the traffic direction in which you want the ACLs. You must have different ACLs for incoming and outgoing traffic in an interface:

Inbound access control lists: when access lists are applied to the incoming packet in an interface, these packets are processed through the access list before being routed to the external interface. No package will be routed.

Outgoing ACLs When an access list is applied to outgoing packets in an interface, packets are routed to the outgoing interface and processed through the access list before they are queued.

Tuesday, April 16, 2019

STP Interview Questions

Frequently Asked Questions about Network Interviews:
In this high-tech world, there can not be anyone who has never used the Internet. Using the Internet, you can easily find an answer to what he / she does not know.
Earlier, when a person who wants to appear for an interview, must carefully review all relevant books and materials on the pages. But the Internet did so easily. There are several questions and answers to the interviews that are available today.
Therefore, preparation for interviews has become much simpler these days.
In this article, I listed the most important and frequently asked questions and answers about the basic network visual interviews for your easy understanding and reminder. This, in turn, will lead you to success in your career.


Wednesday, April 10, 2019

OSPF Authentication

OSPF can be configured to authenticate each OSPF message. This is usually done to prevent the unauthorized router from injecting erroneous routing information, thereby causing a denial of service attack.

Two types of authentication can be used:
1. Clear text authentication: Simple text passwords are used
2. MD5 Authentication: MD5 authentication is used. This type of authentication is more secure because the password does not enter in clear text over the network.

Note

With OSPF authentication enabled, routers must pass the authentication process before they become OSPF neighbors.


To configure clear text authentication, the following steps are required:


  1. Configure the OSPF password on the interface by using the PASSWORD ip ospf interface command key for authentication.

       2.Configure the interface to use OSPF clear text authentication by using the ospf ip                           authentication interface command.



In the following example, we will configure clear text authentication for OSPF.



Both Routers work OSPF. In R1, we need to enter the following commands:



You must enter the same commands in R2:



To verify that text authentication is enabled without encryption, we can use the show ip ospf interface INTERFACE_NUMBER / INTERFACE_TYPE command on any of the following:



Configuring OSPF authentication for MD5 is very similar to the clear text authentication configuration. Two things are also used:

1.You must first initialize an MD5 value on an interface by using the interface command VALUE for the digest-key-key 1 md5 for the ospf protocol

2.Then, you must configure the interface to use MD5 authentication by using the message digest summary interface and the ospf command for the ip interface command


The following is an example of a configuration in R1:



You can verify that R1 uses OSPF authentication for MD5 by entering the show ip ospf INTERFACE / INTERFACE_TYPE command:



Note
The OSPF authentication type can also be enabled on a zone basis, instead of configuring the OSPF authentication type for each interface. This is done by using the AREA_ID zone authentication command [message digest] in OSPF configuration mode. If you delete the message summary keyword, clear text authentication will be used for that area. All interfaces within the zone will use OSPF authentication.

Sunday, April 7, 2019

What are ACLs?

ACLs are a set of the most common rules for filtering network traffic. They are used in network devices with packet filtering capabilities (such as routers or firewalls). The ACLs are applied according to the interface of the packets that exit or enter an interface.

For example, on how to use ACLs, consider the following network topology:




Let's say that the S1 server contains some important documents that should be available only to manage the company. We can configure the access list in R1 to allow access to S1 only for network administration users. Any other traffic going to S1 will be blocked. In this way, we can make sure that only the authorized user can access the confidential files in S1.

IPv6 Routing Protocols

Like IPv4, IPv6 also supports routing protocols that allow routers to exchange information about connected networks. IPv6 routing protocols can be internal (RIPng, EIGRP for IPv6 ...) and external (BGP).




As with IPv4, IPv6 routing protocols can be vector and link state. An example of a distance vector protocol is RIPng with the number of Kmtri jumps. An example of a link state routing protocol is OSPF with cost as a measure.

IPv6 supports the following routing protocols:



  • RIPng (the new generation of RIP)
  • OSPFv3
  • EIGRP for IPv6
  • IS-IS for IPv6
  • MP-BGP4 (Multiprotocol BGP-4)

Sunday, March 17, 2019

Configure descriptions

Adding a description to an interface on a Cisco device does not provide additional functionality. However, this is useful for administrative purposes because it helps you to better understand the function of the interface. A description of an interface is important locally and can have up to 240 characters. It can be configured with the description command from the interface sub-mode:

DEVICE (Config) Interface Fa0 / 1
DEVICE (config-if) Description WAN to London


Configuration example:



Description of commands

The description appears in the result of the show running-config command:



Show the description of the current configuration.

To delete the description, use the interface mode command "No description" (or the abbreviation "no desc"):



command without description