Tuesday, January 14, 2020

New Year - New Posts!

How long is it since I've posted!

A lot has happened since my CCDP Arch posts. I passed my CCDP - Yey! I've re-certified all my Cisco certs with a last gasp effort last autumn whilst the counter to the 4th November (expiry day) was counting down.

It took me 3 attempts to clear the CCNP - ROUTE , with a week to go, which brings my routing up to date given my last routing exam was the BSCI.

2020 marks my first time at Cisco Live as well. Really looking forward to Barcelona on the 27th and I'll be adding a few posts around my experiences as a first timer.

Finally I'm intending on picking up the ENCOR study material and get my self prepared for the CCIE lab - eek! - Not sure if I'll clear it but what the hell, I'll pick up a load of skills on the way.

Good luck in your NetworkStudies folks!

Tuesday, March 18, 2014

CCDP - ARCH - Command Reference

This article looks to collect together the most frequent commands associated with the CCDP ARCH exam.

The point being that these are easy marks to pick up on the exam when you get a question such as 'Name the command that allows you to [insert task here]'

This list is by no means complete and I'll add further commands as I find them.

OSPF - Originate a default route in to OSPF
    #router ospf 10
        #default-information originate [always]

OSPF - On the ABR filter out all advertised routes accept those listed in the range command
Limits the size of the DB and reduces the flooding internally
    #router ospf 1
         #area 20 range

OSPF - On the ASBR filter routes sent out externally to those explicitly listed.
    #router ospf 20
         #summary address [prefix] [mask]

OSPF - Tune the OSPF hello timer interval for faster convergence
    #interface f0/0
        #ip ospf hello-interval [seconds]

OSPF - tune SPF timers to increase efficiency
    #conf t
          #timers throttle spf [spf-start] [spf-hold] [spf-max-wait]

OSPF - Increase the reference bandwidth to factor in high speed link such as 10GB ethernet, do this across all links for consistency
    #router ospf 20
          #auto-cost reference-bandwidth 10000 (for 10Gb ethernet links)

EIGRP - Originate a default route in to EIGRP
    #conf t
         #ip default-network [network ip]

EIGRP - configure unequal-cost load balancing
    #router eigrp 1
       #variance 2

BGP -configure neighbor as a Client of the route reflector
    #router bgp 65123
        #neighboor route-reflector-client

IPv6 - enable IPv6 routing for use with RIPng, EIGRP for Ipv, OSPFv3 etc
    #conf t
         #ip v6 unicast-routing

IPv6 - Define a base prefix to use for addressing:
  #conf t
       #ipv6 general-prefix [prefix]

CEF - Eliminate CEF Polarisation where one redundant link ends up being preferred to the other
    #conf t
         #mls ip cef load-sharing

EtherChannel - Use this to ensure all links within an Etherchannel bundle are utilised effectiviely
    #conf t
        #port-channel load-balance src-dst-port

FlexLinks  - Configure a port to act as a resilient backup for FlexLinks. Configure this on the primary link.
    #interface f0/10
       #switchport backup-interface [interface id]

Friday, March 7, 2014

CCDP - ARCH - Well Known Multicast Addresses

In the CCDP ARCH exam there are numerous refereences to Multicast addresses.

This post is to simply catalogue those that are specifically refered to in the various reading materials I've covered.

Address Scope:
  • /4 - Class D reservation
Address type:
  • to - assigned by IANA for services (detailed below)
  • to - Control Block - assigned by IANA for traffic crossing public networks e.g.- NTP
  • to - AD-HOC block assigned by IANA for addresses that don't fit the above ranges
  • to - AD-HOC block assigned by IANA for addresses that don't fit the above ranges
  • to  AD-HOC block assigned by IANA for addresses that don't fit the above ranges
  • - Source-Specfic Multicast Addresses
  • - GLOP addresses - Originally experimental now publically assigned addresses for use by ISPs and any organisation want to ublich content over Multicast
  • - Uni-cast Prefix addresses
  • - Administratively scoped IPv4 addresses, locally assigned, not globally unique
Well Known Addresses:

  • The All Hosts multicast group addresses all hosts on the same network segment.

  • The All Routers multicast group addresses all routers on the same network segment.

  • The Open Shortest Path First (OSPF) All OSPF Routers address is used to send Hello packets to all OSPF routers on a network segment.

  • The OSPF All Designated Routers ""(DR)"" address is used to send OSPF routing information to designated routers on a network segment.

  • The Routing Information Protocol (RIP) version 2 group address is used to send routing information to all RIP2-aware routers on a network segment.

  • The Enhanced Interior Gateway Routing Protocol (EIGRP) group address is used to send routing information to all EIGRP routers on a network segment.

  • Protocol Independent Multicast (PIM) Version 2

  • Virtual Router Redundancy Protocol (VRRP)

  • - 21 IS-IS over IP

  • Internet Group Management Protocol (IGMP) version 3

  • Hot Standby Router Protocol version 2 (HSRPv2) / Gateway Load Balancing Protocol (GLBP)

  • Network Time Protocol clients listen on this address for protocol messages when operating in multicast mode.

  • The Cisco multicast router AUTO-RP-ANNOUNCE address is used by RP mapping agents to listen for candidate announcements.

  • The Cisco multicast router AUTO-RP-DISCOVERY address is the destination address for messages from the RP mapping agent to discover candidates.

  • H.323 Gatekeeper discovery address

  • Simple Service Discovery Protocol address

  • Tuesday, January 14, 2014

    CCDP - ARCH - Spark's rules for Design

    Last year I passed the CCDA and I'm presently studying for the ARCH exam and during my studies I've noticed common themes in how to approach network design.

    In general I've found that it comes down to making the best of what you've got (unless you're Google and simply commission your own hardware and build your very own private internet - coming to home near you soon...)

    Based on that I've noted the following observations during my studies:

    • Divide and Conquer! - Large flat networks are generally a bad idea, they propagate all the broadcast/multicast traffic to all hosts, make poor use of available network resourse (bandwidth, increase work on routers/firewalls etc),  are difficult to scale, increase the impact of a network event across the environment. Where possible segment it. For example:
      • OSPF - Make use of backbone routers in Area 0 and then use different areas to limit the propagation of Link State Advertisiements. In doing this you reduce the amount bandwidth used up by the OSPF process, you reduce the about of processing load on the routers within each area and the LSA's are limited to each area (reducing the content of the Routing Table). Originate the Default Route from Area 0 and where possible make use of Stub, Totally Stubby and Not-So-Stubby-Areas to reduce LSA/Route propagation.
      • Campus Design - Make good use of Hierarchical designs with a Core, Distribution/ Aggregation, Access Layers. These scale well, limits broadcast domains and make troubleshooting more logical
      • IP Address Assignment - Use contiguous networks and avoid any discontiguous subnets. Contiguous subnets makes address assignment easier (more efficient allocation of address space), troubleshooting easier, you can trace through the network easier, allows for efficient route summarisation and redistribution.
    • Summarise it! - Expanding on the previous point, when advertising routes, where possible advertise summary routes for destinations in a given area/zone. By advertising a summarised route you are reducing the size of routing tables on upstream routers and you then limit the impact of route flaps within the network. If a single link goes down then a route that is advertised as a /30 would need removing from all routers that have a route for this network. If the failed link falls under a /24 route then the upstream routers don't observe the link flap and do not have to re-calculate the shortest path which inturn means that resources on upstream routers are not utlised unneccesarily.
    • Keep It Simple! - At the dead of night that on call network engineer will not thank you for building that convoluted network that makes use of lesser know commands just because it's fancy. Always consider how difficult troubleshooting the proposed solution will be and keep it simple. For example:
      • Avoid OSPF virtual links - an network outage in the transit area could cut off the remote area to area 0
      • Keep access lists consistent - Agree on a naming convention for access lists, object-groups, hosts. Agree on how an access list will be named and how it will be constructed and stick to it. Being consistent will make for a cleaner running-config and will make reading it easier which in turn should make troubleshooting easier
    Now, the point of the rules above is to apply each rule as measure of how to approach exam questions. For any given question can the rules above be applied and the correct answer revealed? (Of course you should know your stuff when it comes to sitting an exam but sometimes you get blind sided by a badly worded question)

    Remember to be methodical and ultimately consider What Would Cisco Do...?

    Wednesday, December 11, 2013

    CCDP - ARCH - Route filtering

    Filter routes inbound to a router via a 'distribute-list' cmd to prevent inbound rutes from being learned.

    Filter routes outbound to a neighbour via a 'redistribute [protocol] [process number] route-map FILTER' cmd and a deny statement on the FILTER route-map to stop routes from being advertised towards a neighbour.

    CCDP - ARCH - Migrate Routing Protocols By Manipulating the AD

    High level steps to move from one RP to another by manipulating the AD:
    1) Configure the new RP and manually set the AD to be Higher (and therefore less preferred) than the current RP
    2) Configure all devices as necessary and then check the topology using appropriate show commands
    3) Ensure the new RP has all the required routes in its database
    4) Either by increasing the AD on the current RP or by reducing the AD on the New RP change the AD so that the new RP is the preferred RP to use
    5) Use show commands to ensure that the new RP is populating the routing table correctly (there shouldn't be any routes learned via the old protocol - if there are some then troubleshoot accordingly)
    6) Remove the old RP from the routers
    7) Move to normal running

    Thursday, November 14, 2013

    CCDP - ARCH - UDLD (UniDirectional Link Detection):

    • Used where there are fibre links between switches (but can also be applied to Copper interfaces)
    • Interface could be seen as Up/Up but due to a mismatch on the tx/rx pairs the comms become unidirectional 
    • UDLD Normal mode error-disabled the end that detected the unidirectional state - default mode
    • UDLD Agressive mode disables both ends - set it with the [agressive] switch
    • Uses 15 sec hello timer
    • Can be applied globally or on the interface

    Tuesday, November 12, 2013

    CCDP - ARCH - STP tools

    The following tools can be used to manage STP and L2 switching loops:

    • PortFast: applied to a port connecting to an end user/host. Transitions the ports straight to forwarding
    • UplinkFast: Offers L2 link load balancing, up to 5 secs convergence time once a link fails
    • BackboneFast: Invoked when an inferor BPDU is received on a root port or blocked port. Reduces convergence times after an indirect failure.
    • Loop Guard: Stops a bridging loop by preventing an Alternate port or Root port becoming a Designated port.
    • Root Guard: Protects the Root switch by preventing other switches from taking the Root role.
    • BPDU Guard: Apply to PortFast enabled ports. If the port recieves a BPDU the port gets shutdown
    • UDLD (UniDirectional Link Detection): Detects when one-way connection exists on a copper/fibre link. Interface moves to a shutdown state and an alarm is triggered.
    • Bridge Assurance: If a port that should receive BPDU's suddenly stops receiving them the port is moved to an 'Inconsistant' state and shutdown. Prevents potential loops

    Wednesday, October 16, 2013

    Well Known Ports

    The full range of available ports is 0 - 65536 and can be used dynamically by any application however in general ports 0 - 1024 are pre-defined and 'well known' which is to say 22 is always ssh, 80 is http and so on.

    Port NumberDescription
    1TCP Port Service Multiplexer (TCPMUX)
    5Remote Job Entry (RJE)
    18Message Send Protocol (MSP)
    20FTP -- Data
    21FTP -- Control
    22SSH Remote Login Protocol
    25Simple Mail Transfer Protocol (SMTP)
    29MSG ICP
    42Host Name Server (Nameserv)
    49Login Host Protocol (Login)
    Domain Name System (DNS)
    69Trivial File Transfer Protocol (TFTP)
    70Gopher Services
    X.400 Standard
    108SNA Gateway Access Server
    Simple File Transfer Protocol (SFTP)
    118SQL Services
    Newsgroup (NNTP)
    NTP - Network Time Protocol
    137NetBIOS Name Service
    139NetBIOS Datagram Service
    143Interim Mail Access Protocol (IMAP)
    150NetBIOS Session Service
    156SQL Server
    179Border Gateway Protocol (BGP)
    190Gateway Access Control Protocol (GACP)
    194Internet Relay Chat (IRC)
    197Directory Location Service (DLS)
    389Lightweight Directory Access Protocol (LDAP)
    396Novell Netware over IP
    444Simple Network Paging Protocol (SNPP)
    458Apple QuickTime
    546DHCP Client
    547DHCP Server

    Wednesday, October 2, 2013

    Output Characters from PING

    This table is taken from the following Cisco article:
    Understanding PING and Traceroute Commands

    The table below lists the possible output characters from the ping facility:
    !Each exclamation point indicates receipt of a reply.
    .Each period indicates the network server timed out while waiting for a reply.
    UA destination unreachable error PDU was received.
    QSource quench (destination too busy).
    MCould not fragment.
    ?Unknown packet type.
    &Packet lifetime exceeded.

    And I just want to log this here for quick reference. Thanks