Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
67 Cards in this Set
- Front
- Back
Network Fundamentals |
-Frame Switching - L2 -Packet Switching - L3 -Three Types of packet switching: -Process Switching (CPU = middle man) -Fast Switching (caches flows, 1st is CPU) -CEF (2 Tables:) -FIB (L3 forwarding information) -ADJ (L2 forwarding information) |
|
TCP Functions |
TCP Sliding window = Doubling of TCP segments for higher throughput (1, 2, 4, 8, etc.). This continues until the receiver doesn't ACK all segments. Or until maximum window size is reached. Global Synchronization = When a routers output queue fills to capacity, all TCP flows start to drop packets, causing TCP slow start WRED - Randomly drops packets to prevent Global Sync. |
|
UDP Functions |
Starvation = When UDP trumps TCP when there is congestion (because TCP throttles back) Put TCP in separate queues |
|
EIGRP |
-Distance Vector -IP Protocol 88 -Uses DUAL algorithm -Lowest BW + sum of delays -Multicast Address: 224.0.0.10 -3 tables (neighbor, topology, routing) -Timers (LAN: Hello = 5 / Hold = 15) -Timers (T1: Hello = 60 / Hold = 180) -Maximum Paths (default = 4) -Variance (default = 1) |
|
EIGRP neighbor requirements |
-Send/receive packets -Primary IP in same subnet -AS number -K-values -Authentication -Cannot be passive interface |
|
EIGRP Messages |
-Hello -Neighborship -Update -Topology Table Exchange -ACK -Topology Table Exchange -Query -Routes are lost -Reply -Routes are lost |
|
EIGRP Percent Bandwidth |
-Only 50% of BW is used by default -On multipoint interfaces (BW / # of PVCs) -ip bandwidth-percent eigrp <%> |
|
EIGRP Metric Manipulation |
-Offset-list = Adds value to FD/RD -(manipulates delay value) |
|
EIGRP Stub |
-router eigrp -eigrp stub -Limits the query Scope |
|
EIGRP Route Filtering |
-distribute-lists -(filters routes into topology or to neighbors) -Can call (route-maps, ACLs, Prefix-lists) |
|
Distribute List Logic |
-ACLs -PERMIT = DO NOT FILTER -DENY = FILTER ROUTE -Prefix-List -PERMIT = DO NOT FILTER -DENT = FILTER ROUTE -Route-map -PERMIT = DO NOT FILTER -DENY = FILTER -ACLs in Route-maps -PERMIT = TAKE ACTION -DENY = MOVE TO NEXT ROUTE-MAP SEQ. |
|
Route Summarization (EIGRP) |
interface <GiX/X> ip summary-address eigrp <AS#> <PREFIX> <MASK> -When route summarization is configured it resets neighbors -Router adds null0 to routing table to prevent loops |
|
EIGRP Default Router |
-Used to advertise 0.0.0.0/0 route -Three ways to advertise: -Static default route -Configure a default network -Use summary address (removes all other networks) |
|
Named EIGRP |
-router eigrp <NAME> -address-family ipv4 autonomous-system <AS#> -af-interface -Used to configure: -Passive interfaces -Hello/Hold timers -Summary Address -Split Horizon -topology base -Used to configure -Distribute-lists -Variance -Redistribution |
|
OSPF |
-Link State -IP Protocol 89 -Uses Dijkstra algorithm -Metric is cost (REFERENCE / BW) -Multicast Address (224:0.0.5 = all RTRs / .6 = DR) -OSPF Database (neighbors, topology, route) -Timers (BC/P2P: Hello = 10 / Hold = 40) -Timers (nBC/P2MP: Hello = 10 / Hold = 40) -Maximum Paths (default = 4) -Periodic Reflooding (30 minutes) |
|
OSPF Database (LSAs) |
Type 1 = Router LSA (INTRA AREA) Type 2 = Network LSA (INTRA AREA) Type 3 = Summary LSA (INTER AREA) Type 4 = ASBR Summary LSA (INTER AREA) Type 5 = External (ASBR) LSA (Redistribution) Type 7 = NSSA External ----------------------------------------------------------- OSPFv3 LSAs ----------------------------------------------------------- Type 8 = Link LSA (Link local address + global) Type 9 = Intra-Area-Prefix-LSA (carried prefixes) |
|
OSPF Neighbor Requirements |
-Hello Interval -Dead Interval -Area ID -Subnet Mask -Stub Area Flag -Authentication |
|
OSPF Network Types |
|
|
OSPF Neighbor States |
Down Attempt -Static Neighbors Init. -Received HELLO from nbr. 2-Way -RTR B responds (I KNOW YOU) ExStart -First DBD from LSA header -Master/Slave election (^ R-ID) -DR Multicast Traffic Exchange -Detailed DBDs (until = LSIDs) Loading -Any missing LSAs? (received LSR, sending LSU) Full -LSAs sent,received, acked, & adj. --------------------------------------------------------------------- SPF Calc. -Each RTR calculates own paths |
|
OSPF Route Preference |
Intra-area Inter-area External |
|
OSPF Route Filtering |
-Filtering done on ABRs -Area <#> filter-list prefix <NAME> in/out -IN = Filter prefixes INTO the configured area -OUT = Filter prefixes OUT of configured area |
|
OSPF Route Filtering (BLOCKING in the routing table) |
-Can create traffic black holes -ONLY WORKS IN "IN" direction -distribute-list prefix <NAME> in |
|
OSPF Route Summarization |
-Only can be done on ABRs/ASBRs area <#> range <IP ADDRESS> <MASK> <COST> |
|
OSPF ASBR Summarization (on redistributed routes) |
summary-address <PREFIX> <MASK> |
|
OSPF Default Routing |
-Have to have default route, unless using the 'always' sub-command default-information originate <always> <metric XXX> <metric-type 1|2> <route-map> |
|
OSPF Stub area Default Routing Cost Change |
-Allows intra-area stub routers to use default routes for forwarding packets to ABRs area <X> default-cost <XXX> |
|
OSPF Stub area Types |
-Stub (Filters Type 5 LSAs) -Totally Stubby (Filters Type 3/4/5 LSAs) -NSSA (Filters Type 5, allows red.) -Totally NSSA (Filters Type 3/4/5, allows red.) Stub config: area <X> stub Totally stubby config: area <X> stub no-summary (ONLY ON ABRs) area <X> stub (ON INTRA RTRs.) NSSA config: area <X> nssa Totally NSSA config: area <X> nssa no-summary (ONLY ON ABRs) area <X> nssa (ON INTRA RTRs.) To inject default route into NSSA (ON ABR): area <x> nssa default-information-originate |
|
OSPF ASBR External route filtering |
-ONLY USE "OUT" IN DISTRIBUTE-LIST distribute-list prefix <NAME> out <EIGRP/CONN.> |
|
OSPF Virtual Links |
area <TRANSIT AREA> virtual-link <ROUTER-ID of Area 0 RTR> Virtual-link authentication: area <#> virtual-link <R-ID> authentication null area <#> virtual-link authentication-key <#> area<#> virtual-link authentication message-digestmessage-digest-key <#> md5 <PW> |
|
OSPF Path Manipulation |
-Change Metric -Route Summarization on ABR -Filtering on ABR -Changing metric-type on ASBR Within an area: -auto-cost reference BW -interface bandwidth -change OSPF cost at interface level ABR Preference: -Summarization -Filtering ASBR Preference -Metric Type -default cost (default information originate) |
|
Redistribution |
-SEED METRIC (RIP = hops, EIGRP = K-values) EIGRP into OSPF: redistribute EIGRP 100 subnets OSPF into EIGRP redistribute OSPF 1 metric <BW> <DLY> <RELI> <LOAD> <MTU> |
|
Route-maps |
You can match against: -interface -ip address -ip next-hop -ip route-source -metric -route-type -tag You can set: -metric <value> | <A B C D E> -metric-type -tag Verification: show route-map show ip access-list |
|
Administrative Distance |
EIGRP: distance eigrp <INTERNAL> <EXTERNAL> EIGRP INTERNAL ONLY: distance <X> <IP SCR> <WLD MASK> OSPF: distance ospf <EXTERNAL AD> <INTRA-AREA> <INTER-AREA> distance <VALUE> <R-ID> <0.0.0.0> |
|
Path manipulation with Redistribution |
-Changing metric values while redistributing -Changing metric-types -Route Filtering -Route Summarization |
|
IP SLA / PBR Configuration |
ip sla 1 icmp echo 8.8.8.8 source-interface gi0/1 frequency 1 ip sla schedule 1 start-time now life forever ! track 1 ip sla 1 delay down 1 up 1 ! route-map PBR permit 10 match ip address <XXX> set ip next-hop verify-availability next-hop-ip 1 track 1 ! interface Gi0/0 ip policy route-map PBR ------------------------------------------------------------------ show ip sla configuration show ip sla statistics show track debug ip policy traceroute x.x.x.x source y.y.y.y |
|
PBR Set options |
Four set options: -next hop ip -default next hop ip -interface -default interface PBR PROCESS DOES NOT PERFORM LOCALLY GENERATED PACKETS: ip local policy route-map <NAME> |
|
NTP |
NTP Clients poll NTP servers for date/time Stratum 1 = Directly connected to atomic clock Stratum 2 = 1 hop away Stratum 3 = 2 hops away Stratum 4 = 3 hops away NTP Server Configuration: clock set <HH:MM:SS> <DATE MONTH YEAR> ntp master ntp peer <x.x.x.x> ! interface Gi0/0 ntp broadcast ! ntp authentication-key <#> md5 <PASSWORD> ntp-trusted-key <#> Ntp authenticate NTP Client Configuration: ntp server <X.X.X.X> ntp broadcast client ! ntp authentication-key <#> md5 <PASS> ntp trusted-key <#> ntp authenticate ntp server <X.X.X.X> key <#> ------------------------------------------------------------------ show ntp status |
|
BGP |
-Path Vector -TCP 179 -Uses Path Attributes for metric -eBGP/iBGP neighbors -Public AS# Range: 1-64495 -Private AS# Range: 65512 - 65534 -Static Neighbors |
|
BGP Update Source/ ebgp multihop |
Update Source: -Used for loopback for additional redundancy (not link dependent) neighbor <X.X.X.X> update-source <LOOPBACK> eBGP multihop: -eBGP is set to 1 hop, and loopbacks are more than 1 hop away neighbor <X.X.X.X> ebgp-multihop |
|
BGP Neighbor States |
-IDLE -BGP process admin down/retry -Connect -Waiting for TCP connection to be completed -Active -TCP connection failed, connect-retry running -Opensent -TCP connection exists, sent BGP open mssg, waiting -Openconfirm -Open mssg sent and received from neighbor -Established -Neighbor param. match, peers can now exch. updates |
|
BGP Open Message |
-Used in neighbor establishment -Type 1 -BGP values & capabilities are exchanges -Contains: -Version -AS# -Hold-time -Router-ID -Optional Parameters length -BGP Capabilities |
|
BGP Update Message |
-Includes: withdrawn, changes, and new routes -Used to exchange PAs and the prefix/length (NLRI) -Type 2 -Contains: -Unfeasbile routes length -Withdrawn routes -Total path attributes length -Path Attributes (TLV - Type length value) -NLRI Prefix -NLRI Prefix Length |
|
BGP Notification Message |
-Used to signal a BGP error (neighbor relations) -Type 3 Contains: -Error code -Error subcode -Data |
|
BGP Keepalive Message |
-Maintains neighborship -Type 4 -No Data |
|
BGP AS_PATH Attribute |
-BGP uses AS_PATH by default for choosing the best route -AS_SEQ (Sequence of AS Paths 10.0.0.0/24 5 6 7 i) -AS_SET (Sequence of AS Paths for a route summary ( 5 {1 2 3} ) |
|
Injecting routes into BGP |
-Network command network <X.X.X.X> mask <Y.Y.Y.Y> -Redistribution redistribute connected -Route Summarization aggregate-address <PREFIX> <LENGTH> *to use route-summarization, you need a subset installed in the routing table |
|
BGP Status Codes |
* = Valid Path > = Beth Path i = learned via iBGP R = RIB Failure -already in my routing table as a lower dist. -maximum size limit on routing table -memory failure 0.0.0.0 (next hop) = I own this route |
|
BGP advertising rules |
-ONLY ADVERTISE BEST ROUTE -Do not advertise iBGP learned routes to iBGP peers -iBGP routers do not update next-hop to iBGP peers neighbor <X.X.X.X> next-hop-self |
|
BGP Filtering |
-Distribute-lists -IN = PREVENT UPDATES ENTERING BGP TABLE -OUT = PREVENT BEST BGP ROUTE ADVERTISED -filter-lists -route-maps Common uses for BGP filtering: -prevent becoming a transit network |
|
Clearing BGP neighbors |
-You can clear BGP neighbors without resetting neighborship neighbor <X.X.X.X> soft-reconfiguration inbound clear ip bgp 1.1.1.1 soft in -or- This doesn't require configuration clear ip bgp 1.1.1.1 in clear ip bgp 1.1.1.1 out |
|
BGP Path Attributes |
Now We Love Oranges AS Oranges Mean Pure Refreshment -Next-hop reach. -Weight -OUTBOUND (LOCAL) (HIGHER IS BEST) neighbor <IP> weight 100 -Local Pref -OUTBOUND (LOCAL TO AS) (HIGHEST IS BEST) bgp default local-preference <XXXX> (or use a route-map) -Originate -(Prefer network & redistributed over summary) -AS_Path -INBOUND (set as-path in route-map) -Origin -Origin Codes (IGP > EGP > ?) -MED -INBOUND (local to AS only) (set metric in route-map) -bgp <x> always-compare-med -Paths -(eBGP > iBGP) ---------------------------------------------- Three Tie breakers: Oldest BGP route Lowest neighbor BGP RID Lowest Neighbor IP Address |
|
BGP Address Family |
MP-BGP -IPv4 Unicast -IPv4 Multicast -IPv6 Unicast -VPNv4 Routes (MPLS VPN) By default BGP only advertises IPv4. Three options for configuration: -Dual BGP Sessions -Single BGP IPv4 -Single BGP IPv6 |
|
RIPng (IPv6) |
-AD 120 -UDP 521 (NG) 520 (v2) -Multicast address: FF02::9 -Link local next-hops -RIP NAME PROCESSES DO NOT HAVE TO MATCH --------------------------------------------------------------------- ipv6 unicast-routing ipv6 router rip <NAME> ! interface <Gi0/0> ipv6 rip <NAME> enable interface |
|
EIGRPv6 |
-Multicast address: FF02::A -Link Local next hop IP address -------------------------------------------------------------- ipv6 unicast-routing ipv6 router eigrp <#> eigrp router-id <X.X.X.X> no shutdown ! interface <Gi0/0> ipv6 eigrp 100 |
|
OSPFv3 |
-Type 8 LSA - Link LSA (link local + global) -Type 9 LSA - Intra-area-prefix-lsa (prefix info.) ----------------------------------------------------------------- ipv6 unicast-routing ipv6 router ospf <#> router-id <X.X.X.X> ! interface <Gi0/0> ipv6 ospf <#> area <X> |
|
IPv6 |
IPv6 Static route: IPv6 route 2111:1111::/64 [LL/Gbl Next hop] *you need to specify interface w/ LL IPv6 Access-list configuration: ipv6 access-list test permit TCP any 2001:AAAA::/64 eq telnet ! interface Gi0/0 ipv6 traffic-filter test in |
|
IPv4 & IPv6 coexistence |
-Dual Stack (hosts/RTRs use both IPv4/v6) -Tunneling (P2P, Multipoint) -NAT-PT (nat protocol translator) -MCT -manual tunnels (IP: 41) -GRE -default tunnel -6to4 (IP: 2002) -dynamic multipoint tunnel -2nd/3rd quartets to store IPv4 address -ISATAP -dynamic multipoint tunnel -easily supports global unicasts -7th/8th quartets to store IPv4 address |
|
MCT/GRE Configuration |
MCT Configuration: interface Tunnel 0 ipv6 address 2001::1/64 tunnel source gi0/0 tunnel mode ipv6ip tunnel destination 192.168.0.1 ! ip route 0.0.0.0 0.0.0.0 tunnel 0 ---------------------------------------------------------- GRE Configuration: tunnel mode gre ip --------------------------------------------------------- show interface tunnel show ipv6 interface brief debug tunnel |
|
6to4 tunnel configuration |
-DOES NOT SUPPORT IGPs -Two options for addressing: -Embed IPv4 into IPv6 behind 2002 prefix -Use a global prefix to people in the cloud ------------------------------------------------------------------ interface tunnel 0 ipv6 address 2002:0101:0101::1/64 tunnel source ser0/0 tunnel mode ipv6ip 6to4 ! ipv6 route 2002::/16 tunnel 0 ------------------------------------------------------------------ option 2: ipv6 route 2001:eeee::/48 tunnel 0 <2002:120b:120b::11> |
|
ISATAP tunnel configuration |
-Client must be dual-stacked -Designed for transporting IPv6 within a site -Can use any IPv6 (/64) prefix -64-bit interface identifier -First 32 bits contain 0000:5EFE -Remaining 32 bits encode the IP address Sample Host IPv6 Address: FE80::0000:5EFE:3211:FFFE:11 ----------------------------------------------------------------- interface tunnel 0 ipv6 address 2001:1111:2222:aaaa::/64 eui-64 no ipv6 nd suppress-ra tunnel source 30.1.1.1 tunnel mode ipv6ip isatap interface ser0/0 ip address 30.1.1.1 255.255.255.0 IF 6to4 = 2002 prefix IF ISATAP = 0000:5efe |
|
NAT64 / DNS64 |
NAT64: -Allows IPv6 hosts to access IPv4 content -V6 -> V4 connections -Stateful = Any IPv6 address (keeps NAT info) -Stateless = Restricted to certain IPv6 address -SPECIFIC PREFIXES NEEDED: -Well known = 64:ff9b::/96 -NSP = derived from global IPv6 prefix DNS64: -Allows IPv6 host to resolve requested IPv4 -Looks for A record, and sends it back AAAA ----------------------------------------------------- Stateless NAT64 Configuration: interface Gi0/0 nat64 enable ! interface Gi0/1 nat64 enable nat64 prefix stateless 2001::/64 nat64 route 2.2.0.0/16 fa0/0 Stateful NAT64 Configuration: nat64 prefix stateful 2001::/64 nat64 v4 pool INE 2.2.3.2 2.2.3.20 nat64 v6v4 list test pool INE overload |
|
VPN/IPsec |
-Peer-to-Peer VPN: (peering with ISP) -Overlay VPN: Peers are your own routers IPsec: -Confidentiality -Integrity -Authentication -Anti-replay SA = Secure Association (Tunnel) IKE = Internet Key Exhange Phase 1 = ISAKMP Session (transform sets) Phase 2 = SA associations Transport mode = used for RA VPN Tunnel Mode = used for S2S VPN |
|
VRF |
-Creates Separate Routing table ---------------------------------------------------------- ip VRF <NAME> ! interface Gi0/0 ip vrf forwarding <NAME> ! ip route vrf <NAME> <PREFIX> <SUBNET> <NH> ----------------------------------------- show ip vrf show ip vrf interfaces show ip route vrf show ip protocols vrf |
|
DMVPN |
Point to multipoint L3 overlay VPN (hub & spoke) DMVPN uses: -Multipoint GRE (mGRE) -Next Hop Resolution Protocol (NHRP) -IPsec Crypto Profiles -Routing ----------------------------------------------------------------- Point to Point GRE: interface tunnel 0 ip address 10.1.3.1 255.255.255.0 tunnel source loopback 0 tunnel destination 3.3.3.2 Multipoint GRE: interface tunnel 0 ip address 10.1.3.1 255.255.255.0 tunnel source loopback 0 tunnel mode gre multipoint |
|
IPv6 Client Addressing Options |
|
|
PPP |
-Two authentication methods: PAP/CHAP (secure) username R2 password secret ! interface ser0/0 encapsulation ppp ppp authentication chap ppp chap hostname <name> |
|
PPPoE |
-Primarily used for DSL -Uses dialer interfaces on the client side -MTU needs to be lowered to 1492 pppoe enable pppoe-client dial-pool-number 1 ! interface dialer 1 mtu 1492 ip address negotiated encapsulation ppp dialer pool 1 ppp chap password 0 cisco ! interface fa0/0 pppoe-client dial-pool-number 1 |