Documente Academic
Documente Profesional
Documente Cultură
(Multicast ips ipv6- ff01:: single interface. Private multicasts like site local-ff05:: which is used
between routers within a branch, organizational address- ff08:: which is used between branches in vpn
tunnels. Global multicast ff0e:: Link local ff02:: Example for link local- FF02::5 FF02::6-ospf,
FF02::A-eigrp, FF02::9-RIPng, FF02::8-isis, FF02::D-pim, FF02::16-mldv2, FF02::1-all hosts, FF02::2-all
routers)
Igmp:- It is a messaging protocol used in communication between multicast host and multicast router.
(igmp ver3 is used for source specific multicast. It supports authentication, other security features.
Commonly used one is ver 2. Igmp ver 2 messages: membership report msg, ver1 membership report
msg, leave group msg, query msg)
Multicast Network designs:- 1.source tree- used in small network. Everyone directly contact the source
since everyone knows source ip 2.shared tree- used in large environment. There is a central point
called rp. only rp knows mulicast source address
RP:- Rendezvous point is a router which controls all multicast messages (request messages and
source information messages)
(RP types in ipv4- static rp,auto rp(cisco),bsr(open). In ipv6- staic, bsr, embedded rp)
(Auto rp-cisco proprietary method in which all routers automatically get rp information via multicast
address 224.0.1.40(used by mapping agent). Candidate rp use 224.0.1.39)
(auto rp listener- if we want to use sparse mode for auto-rp, we should use this command. Otherwise
we can use only sparse-dense mode)
(Bsr- open standard technology based on pimv2 in which there are 2 router roles; bsr and Rp candidate.
Bsr does the election of Rp and advertise the rp address)
PIM:- Pim is an open standard multicast routing protocol. It is responsible for exchanging multicast
messages between routers
(dense mode- uses source tree architecture. It doesn't contain Rps. It sends multicast streams without
request. Sparse mode- uses shared tree architecture. It sends streams only when it receives a request. In
ipv6 pim, only sparse mode is there)
RPF:- Rpf verifies that the multicast packets are coming from an interface which is the best path to to
reach the multicast source. Otherwise routers reject the packets
Multicast Bgp:- It is used to avoid RPF verification. When you enable multicast bgp, the multicast
packets can travel through any route
Msdp:- It is an open standard protocol used to advertise multicast source address between 2
rendezvous points in 2 AS.
(It uses Source Active(SA) messages between msdp peers to inform about multicast source. They also
exchange multicast request messages )
Mld:- Multicast Listener Discovery is the replacement of igmp used in ipv6 network for the
communication between multicast host and multicast router.
(mld ver 1 is based on igmp ver2, mld ver 2 is based on igmp ver3)
Embedded Rp:- It’s a simple method to inform rp address in a multicast network. In this method, rp
address is integrated in the multicast group id.
Bidirectional pim:- In this method, all communication is passing through Rp since no router learns
about multicast source ip
Source specific multicast:- This technology doesn’t require a rendezvous point since source ip address is
included in the membership report message (doesn’t need an rp to get the source ip information)
(We should use igmp v3. It supports only one multicast range which is 232.0.0.0/8)
Ipv6 and ipv4 integration:- There are methods like Dual stack, Tunnels, NAT-PT
Tunnels:- gre, ipv6ip, 6to4 automatic tunnel- we don't need to configure static point-point tunnels
and we can save number of tunnel interfaces in our dual stack router and lower the administrative
burden
(6to4 tunnel:- we don't specify tunnel destination. Router learns the tunnel destination (tunnel
destination means loopback ip of the branch router) from the destination ipv6 address (eg-when ping to
a tunnel/lan ipv6 ip). Becuse 2nd and 3rd portion of ipv6 (destination ip) will contain loopback ip
(loopback ip is in ipv4. we have to convert it to hexadecimal and add it to the ipv6 address); loopback ip
is used as tunnel source/destination.(The ipv6 address of Lan and tunnels must follow this rule so that
they contain the loopback ipv4 ip).Iana has reserved 2002/16 for this purpose.)
NAT-PT:- It is used to translate ipv6 address into ipv4 and vice versa. This is the only method
which permits communication between ip4 only network and ipv6 only network.There are 2 methods
static and dynamic.
(working:- Both source ip and destination ip are changed by the dual stack router on which Nat
configurations are done. If a packet travels from ipv4 network to ipv6 network, souce ip &destination
ip(which is the assigned ipv4 address of an ipv6 router) are changed to ipv6 by the nat router.)
Name Resolution:- It's a simple technique by which we can use names for communicating with
other devices
Policy Based Routing:- It is used to select a best path from multiple paths. It can be used for
redundancy and load balancing. It overrides the dynamic routing protocol.
IP SLA:- ip sla is an open standard proactive testing system. It will generate different types of
packets for testing reachability,state
(It supports icmp,http,ftp....eg:- we can use icmp echo for veryfing reachability)
Tracking:- It is a testing tool which can verify the status of interfaces, reachability of a network and
can even be used with routing protocols and methods to manipulate best path calculation.
(eg:- we can generate icmp echo using ip sla. And we can use track object to track ip sla for verifying
reachability)
URPF:- If the router finds out the receiving packet's source ip is reachable via another path, the packet
will be rejected
(Used to prevent ip spoofing attack. 2modes loose mode-accept packet if the source ip is found on the
routing table &strict mde- router accepts the packet verifying the incoming interface and the routing
table entry)
(distribute list (acl+distribute-list command) is used to filter network information passing to another
router. It is implemented in routing configuration ( so filtering works during redistribution also). Prefix
list/acl can be used with route-map to filter network information when the networks are redistributed
(In the case of bgp, we can apply it on neighbor command also). prefix list can alone filter traffic in the
case of bgp and it is applied as a neighbor command)
Qos:- Quality of Service (QoS) refers to the capability of a network to provide better service to
selected network traffic
Marking:- Marking is the process of sticking a value in the packet header and based on these
values, the packets are prioritized
( layer 2marking-cos(class of service) ,layer 3 marking- tos(type of service) or differentiated field which is
of two types 1. ip precedence marking(old one) 2. dscp marking )
(dscp marking:- contains 3 sections. 1.phb-per hop behaviour- it is equal to ip precedence value.eg: AF4
2.Dp-drop probability-contains values 1,2,3 and lower is better 3.Ecn-explicit congestion avoidance-
used for congestion avoidance)
NBAR (Network based application Recognition) protocol discovery:- It is a monitoring feature which
can collect statistics of the traffic passing through the router. It shows protocols,no.of
packets,bandwidth usage for five minutes
(Similar command to find no.of packets of different types of protocols ‘sh interface <i/f no> accounting’)
Queuing:- Queuing is the process of holding excess traffic in the router memories.
(2types. h/w queue:- it's a small buffer memory which is attached with the interface. It uses fifo. s/w
queue:- if h/w queue is full, router stores the additional packets on it's ram)
Tail drop:- Once the hardware and software queue is full, subsequent packets will be dropped. This
is called tail drop
Random Early Detection:- It is an open standard technology which randomly deletes the packets
from the queue for congestion avoidance. It deletes priority packets also
(Weighted RED: Cisco proprietary protocol which identify priority traffic based on marking values so that
packets from priority queue will not be deleted)
Policing:- Policing is used for restricting the bandwidth of unwanted traffic. It wil drop the excess
traffic when we create a police limit. It can be used to restrict the management and control traffic
(actions: conform-transmit ,exceed- transmit/drop/remark, violation-drop)
Shaping:- Shaping is an output policy used to maintain speed of outgoing traffic. It is used to
maintain a steady output traffic within the cir limit (set by isp)
(1.shape avg: If traffic is controlled within cir. 2.shape peak: If traffic is controlled above cir)
Nesting:- Nesting is the process of applying a policy map inside another policy map. Queuing
policy map is applied inside the policy map created for shaping)
Auto qos:- Router will automatically create all the classmaps and policymaps and it prioritize some
traffics.
(2types 1.auto qos for voip 2.auto discovery qos-router will inspect all the traffic and decide the
priority traffic. By default, we can reserve only 75% of total bandwidth. We can manually increase this
reservation limit using an interface level command)
VPN:- VPN is a network technology used to connect to a private network securely over the Internet.
2types. Remote access vpn, Sit-site vpn
Ipsec:- Ipsec is an industry standard framework containing different protocols and algorithms for
securing network. It offers data integrity(hashing), confidentiality(encryption), authentication
(security protocols used in ipsec are AH, ESP. AH&ESP supports authentication,hashing,anti-reply (using
sequence numbers) . Esp is the new one which supports encryption also. )
Encryption- It is the prcoess of transforming data from one to another form. 1.symmetric.
eg-des,3des,aes 2. asymmetric-one key used for encryption and another key for decryption.
eg-rsa
Hashing- It is used to check the errors of data while traveling from one to another location. It is used to
ensure data integrity. eg:- sha/md5 )
Negotiation protocols:- Protocols responsible for establishing, maintaining and terminating a vpn
session. eg:- ISAKMP, IKE (Internet key exchange), GDOI
(Phase 1 configuration is used to secure pre-shared key. For that we create isakmp policy.Phase 2
configuration is used to secure data (transform set creation) . phase 3 configuration is used to combine
access-list and transform set using crypto map and apply crypto map on an interface OR it is used to
create profile (on which we apply transform set ) and apply profile on tunnel interface)
GRE:- It is an open standard tunneling protocol used to connect 2 locations over the Internet.
(dmvpn depends on 3 features that are multipoint gre, nhrp, and ipsec
Multipoint gre- A single multipoint gre tunnel can build connectio to multiple sites
Nhrp- Nhrp is used to resolve public ip from the tunnel ip. There are 2 types of routers based on nhrp.
NHC and NHS ;next hop client and next hop server. Nhs will have nbma address
Dmvpn modes. 1 hub and spoke- Even the communication to the other spoke passes through hub 2.
spoke-spoke- spokes can directly communicate with each other)
Getvpn:- It is a new vpn technology which is more flexible and scalable.It doesn't use any tunnel so that
it is used to secure mpls networks
Key server- key server is responsible for providing encryption keys and policies. It will periodically send
refreshing keys to the group members.Group member- It is usually found in branch office)
IKE GDOI- Modified version of isakmp. It is responsible for secure communication between KS and group
member.
(It uses RSA. It offers 2 different keys. KEK- It is used to secure rekey between the key server and
group members (using rsa keys, KS encrypts the key exchange with the group members ) TEK- It is
used to encrypt the data traffic between group members
Rekey- The KS periodically refresh the encryption keys and new keys are sent on a specific time period.
The process is rekey
(GDOI uses udp port number 848. IKE uses udp 500 )
BGP:- Border Gateway Protocol (BGP) is an exterior gateway protocol used to exchange routing
information among autonomous systems (AS) on the Internet
Bgp next-hop-process:- ibgp routers doesn't change next hop ip in routing updates. To solve this, we can
should use next-hop command
Bgp synchronization:- synchronization rule is used to prevent routing upates between ibgp routers. If
rule is enabled, ibgp can't exchange routing updates.
Ebgp multi-hop:- Ibgp routers can build neighborship with another router even if it is not directly
connected, but ebgp routers can't. To support this feature, we can use this command.
Ibgp split-horizon rule:- An ibgp router doesn’t forward update to another ibgp router if it is originally
learned from an ibgp neighbor.
(We can’t disable this feature. But we can do solutions for these like 1.full mesh topology
2.route-reflector- Route-reflector feature allows to forward routing updates between ibgp routers. This
is done on an ibgp router itself.
3.confederation-We can configure private Ass inside Primary AS to make the routers as ebgp routers
eventhough they are ibgp routers. Thus we can avoid the split-horizon problem)
(Well known (open standard) : 1.mandatory attributes (next hop,AS path,origin)which are present with
every route 2. discretionary attributes which may or may not be included with routing upates.
There are optional attributes(may be cisco proprietary) which fall into 2 groups. 1.transitive- bgp router
accepts the routing update even if the router doesn’t understand the attribute. 2.non transitive- bgp
router doesn’t accept the routing update with non transitive attributes, if router doesn’t understand it.
Path selection criteria- 1.prefer reachable next hop 2.highest weight 3.highest local preference......
Community attributes- 1.no-advertise (route will not be published) 2.local AS (within a single private AS)
3.No-export (route can travel between confederations, still can’t cross the Primary AS. Ie, route can
travel between private ASs) 4.Internet(route can travel to another AS) )
Peer Group:- It s a group of bgp routers. If there are multiple neighbors with identical bgp
configuration, you can add these neighbors to a group. )
Suernetting:- It is a way to aggregate ip addresses of same class. It is also called as CIDR (classless
inter-domain routing. It is called so since we can use any prefix length for any class. We don’t consider
class of ips. Eg:- We can use even /23 mask for class C network)
(Atomic aggregate- Used to tell the next router that the route is a summarized route
Aggregator- Used to add router-id and AS number of the router that performs aggregation)
VRF:- Vrf is a technique that virtually divides a router into multiple logical sessions. Each logical
session is known as vrf
Route-distinguisher:- When we create a vrf, we should add a unique number in it. It is called route
distinguisher. It is used to recognize routes in a bgp table
Route-target:- It is used for exporting routes from vrf to bgp, import routes from bgp to vrf.
MPLS:- MPLS is an open standard WAN technology created by IETF which increases the speed and
performance of network while reducing resource utilization
(packet is forwarded based on 32bit label. This label is inserted between layer 3 and layer 2 headers. So
some people calls this as layer 2.5 technology
Mpls tables- FIB, LIB (labels are stored in LIB. It contains local label and labels created by neighbors), LFIB
(When a packet arrives, MPLS router verifies this table and forwards the packet according to this table.
This table contains n/w address, incoming label,outgoing label, outgoing i/f
MPLS routers:- CE, Edge LSR (provider edge router)-router located at edge of service provider
responsible for label imposition and disposition, LSR (label switch router)- MPLS core router responsbile
for label swapping )
LDP:- Protocols repsonsible for exchanging labels between mpls neighbors. TDP which is cisco
proprietary (tag distribution protocol) and LDP (label distribution protocol) )
MPLS VPN:- It is the combination of mpls, multiprotocol bgp, vrf. It provides data separation, provides
any to any connectivity between multiple locations.
IS-IS:- It is an open standard link-state dynamic routing protocol. The old IS-IS is redesigned by IETF and
is known as Integrated IS-IS (based on tcp/ip like all other protocols being used now; uses ip address
while old one was based on osi, and used clnp(connectionless n/w protocol) address
L1 router- can't communicate with routers in another area. L2 router- can communicate with rouers in
other areas by communicating with L2 routers. L1/L2- used as border router
NSAP(Network service access point) address- also known as net(n/w entity title) address used with
integrated is-is. It is of length 20 bytes. It contains 3 fields. a.NSAP selector(NSEL). It is always set to 0. It
is of length 1 byte. b. s/m id- 6 bytes portion which represents a device c.area id (usually
we use 3/4 bytes eventhough we can expand this field upto 13 bytes )
Is-is network types:- point-point, bma, nbma. In bma&nbma, DIS (designated is-is) router is selected and
DIS exchange routes. routing updates are called LSP(link state packet)
Securing management traffic- 1.permit only the safe source ip using access-list (access-class
command in line vty) 2.change port number of telnet using rotary command (only telnet’s port no.
can be changed) 3.assign management interface (and specify allowed protocols through that
interface)
AAA:- AAA is an access control mechanism used to prevent unauthorized access to our network. It
includes authentication(verifying credentials like username&password) ,authorization(control the
actions of a user based on different levels of permissions), accounting(accounting is the process of
keeping track of a user’s activity while accessing a network’s resources, including the amount of time
spent in the network, the services accessed and the amount of data transferred during the session.
Accounting data is used for capacity planning, billing)
Firewall:- A firewall is the thing responsible for traffic filtering. It may be software or hardware
firewall.
Zone based firewall: It’s an advanced firewall. It divides the network into multiple areas called zones.
Different zones will not communicate each other unless we create zone pairs and apply policies in it
Intrusion Detection System (IDS):- It is a device used to detect malicious traffic as well as abnormal
situations in a network. It verifies every incoming packets and if it finds out any problem, it will inform us
using syslog messages or SDEE messages (Security device event exchange)
(It can't prevent any traffic since it is not connected in line. A firewall/switch will take a copy of every
traffic and send it to IDS.eg:- cisco 4215, cisco ios ids)
Intrusion Prevention System (IPS):- It is a device which detects and prevents malicious
traffic/abnormal traffic in a network.
(It is connected as an inline device so that every traffic is passing through ips. If it detects a malicious
traffic, it will prevent the traffic first. Then inform using syslog messages or SDEE
IPS actions- True positive-IPS detects and prevents attacks, True negative- IPS reports that there is no
attack since no attack happens, False positive-IPS misunderstands some traffic as a malicious traffic,
False negative- IPS didn't find any attack, but attack is going on
Honey pot:- It is a less secure server in our network. It is used to attract the attackers for observing
their attacking style.
(usually used on ISP sides, without any configuration changes on client sides)
Syslog messages:- These are the messages created by router/switch/firewall which describes
important informations about the device and it's current condition.
For telnet/ssh connections, we need to use the command 'terminal monitor' in the privilege mode in
order to enable syslog messages over the telnet/ssh connections
Netflow:- Netflow is a service used to collect statistics of network flows. Flow means continuous
streaming of packets which follow the same 7 criteria. 1.source ip 2.destination ip 3.source mac
4.destination mac 5.source interface 6.protocol 7.marking value
(cisco supported netflow versions are 1,5,9. IETF has standardized netflow as version 10. It is officially
called as ipfix (internet protocol flow information export)
Flexible netflow- Mofified version of netflow which includes 3 fields. flow record-responsible for
collecting necessary fields in a traffic flow like i/f, ip address. flow exporter-responsible for sending
statistics to netflow collector. flow monitor- flow record,flow exporter are applied on flow monitor. It
allows us to change cache memory entries and timeout.)
(snmp components- snmp server, managed devices, snmp agent (s/w on managed device), management
information base (MIB)- It is the database belongs to snmp server and client. It contains thousands of
object IDs like bandwidth usage, port number, protocol...
snmp polling- The server sends messages on every 60 seconds to the clients for asking information. This
process is called polling
Trapping:- Snmp client sends information to snmp server even without receiving request
Versions:- ver1-old ver2c- popular. Uses community string for authentication ver3-most secure version
since this uses encryption also.