#########BGP ########
###############Transiting Non-BGP Speaking Devices ###########
Method 1: Redistribute BGP into IGP at the EBGP boundaries
Method 2: Create a GRE tunnel encompassing the NON BGP speaker. ibGP between the TUnnel end points to peer using the GRE Tunnel ip addresses
Method 1: NOTE: All IGP peers (EIGRP/OSPF) will see the redistributed BGP routes, ==> over 2,00,000 Internet routes
Method 2: NOTE: All IGP peers will not see the BGP routes
weight: can be applied on the neighbor stmt or via route-map inbound, affects only local router
local-prefrence: can be applied via route-map inbound, affects all neighbors in the AS
med: can be applied by EBGP neighbor via route-map outbound, affects only directly connected AS. Default metric is 0, so we need to apply metric higher than 1 on other branch to influence selection.
Lower the MED the better.
##########need to clarify: if I would have modified MED within my OWN AS via route-map inbound, would it make sense ??????
##########need to clarify: next-hop-self modification via route-map outbound or directly applying on the neighbor stmt, wht is the diff (if any) ?
no-export : Cannot Advertise to EBGP neighbor
no-advertise : Cannot Advertise to any neighbor
##########need to clarify: IN which scenarios will you use local-as ?
"The local-AS feature allows a router to appear to be a member of a second autonomous system (AS), in addition to its real AS. This feature can only be used for true eBGP peers. You cannot use this feature for two peers that are members of different confederation sub-ASs"
##########ORF################
Why do it ?
Outbound Route Filtering: Under Normal BGP Process, Upstream routers dump all their BGP updates/routes to their downstream peers.
This has two disadv:
1) BW wasted in sending updates on the link
2) Resources on the downstream router, to filter out unwanted routes.
So to avoid this, we can use ORF , where the downstream peer themselves ask for what prefixes they want.
########On upstream Router ( The guy dumping the prefixes) ########
router bgp 2
!
address-family ipv4
neighbor 155.1.146.4 activate
neighbor 155.1.146.4 capability orf prefix-list receive
exit-address-family
########On downstream Router ( The guy wanting partial prefixes) ########
!
router bgp 3
neighbor 155.1.146.1 remote-as 2
!
address-family ipv4
neighbor 155.1.146.1 activate
neighbor 155.1.146.1 capability orf prefix-list send
neighbor 155.1.146.1 prefix-list DENY_VLAN5 in
exit-address-family
################## aggregate-address x.x.x.x y.y.y.y summary-only ##############
without keyword summary-only : supernet and individual subnets sent
with keyword summary-only: only supernet sent
##########need to clarify: IN real lab, I will not have access to BB Routers.
In that case how do I verify , tht BB routers are indeed recieving the summary route only !
I mean in the scenario present in pg104 of Adv Technologies Lab:
I applied summary-only to R1's BGP, but didnt on R3.
So the R3's 10.2.0.0/16 and 10.3.0.0/16 were making it to AS1.
This I Realised only after seeing R4's sh ip bgp. But how do i know this in real lab ?
Ans: be deligent and ensure tht all routers neigboring with BB rtrs AS , i.e all entry points into BB's AS are secured
by issuing sh ip bgp neigh X.X.X.X advertised-routes cmd
they dont care abt sub optimal routing tht summary-only will create unless explicitly specified
################suppress-map ######################
suppress-map filters Out the specific networks that the aggregate advertises.
this has an indirect effect in the sense that remaining specific subnets are NOW advertised along with the summary.
==> when there is no suppress-map, and summary-only keyword is used, only summary is sent
now with suppress-map, the specific prefixes not mentioned in suppress-map are adv along with summary
==> suppress-map is at BGP process level, applies to all neighbors
################unsuppress-map ######################
Even though you have aggregate-add with summary-only option, if you have per neighbor (peer level) a unsuppress-map stmt, it will allow sending more specific prefixes which were normally suppressed by aggregate address
e.g: neighbor 155.1.0.5 unsuppress-map UNSUPPRESS
WHere UNSUPPRESS is the route-map permitting the prefix-list which has more specific subnest suppressed by aggregate-address .. summary-nly option
#################(resolved) need to clarify: aggregate-address as-set summary-only############
R1 & R2 dont get summary of 155.1.0.0/21 why ?
Despite R5 sending the summary route , R1 and R2 are reluctant to add them ..why ?
Rack1R1#sh ip bgp
Network Next Hop Metric LocPrf Weight Path
*> 155.1.1.0/24 0.0.0.0 0 32768 i
Rack1R1#
Rack1R2#sh ip bgp
Network Next Hop Metric LocPrf Weight Path
*> 155.1.2.0/24 0.0.0.0 0 32768 i
Rack1R3#sh ip bgp
Network Next Hop Metric LocPrf Weight Path
*> 155.1.0.0/21 155.1.0.5 0 0 5 {1,2} i
Rack1R3#
Rack1R5#sh ip bgp
Network Next Hop Metric LocPrf Weight Path
*> 155.1.0.0/21 0.0.0.0 100 32768 {1,2} i
s> 155.1.1.0/24 155.1.0.1 0 0 1 i
s> 155.1.2.0/24 155.1.0.2 0 0 2 i
s> 155.1.5.0/24 0.0.0.0 0 32768 i
Rack1R5#
Rack1R5#sh ip bgp neighbors 155.1.0.1 advertised-routes
Network Next Hop Metric LocPrf Weight Path
*> 155.1.0.0/21 0.0.0.0 100 32768 {1,2} i
Rack1R5#sh ip bgp neighbors 155.1.0.2 advertised-routes
Network Next Hop Metric LocPrf Weight Path
*> 155.1.0.0/21 0.0.0.0 100 32768 {1,2} i
Rack1R5#sh ip bgp neighbors 155.1.0.3 advertised-routes
Network Next Hop Metric LocPrf Weight Path
*> 155.1.0.0/21 0.0.0.0 100 32768 {1,2} i
ANS: http://www.cisco.com/warp/public/459/aggregation.html#aggregatingwiththeassetargument
-->(Avoid Loops) With the as-set argument, the path information in the BGP table for the aggregate route changes to include a set from 300 {200,100}. This set indicates that the aggregate actually summarizes routes that have passed through AS-200 and AS-100. The as-set information becomes important in the avoidance of routing loops because the information records where the route has been.
Note: Because the aggregate as-set has AS-1 & AS-2 only, R3 in AS-3 accepts the aggregate route and installs the route in the routing table. The BGP loop detection mechanism causes this route acceptance. The BGP loop detection mechanism does not detect its own AS in as-set.
-->Note: The as-set argument contains information about each individual route that the aggregate summarizes. Changes in the individual route cause an update of the aggregate.
Impact of the Use of suppress-map with Other Configuration Commands
The aggregate-address command includes other configuration commands, such as suppress-map. In order to understand the impact of the use of all the configuration commands in combination, note that aggregate-address only inherits the attributes from the more-specific routes when you use the as-set configuration command. Examples of the attributes that aggregate-address can inherit include no-export and no-advertise.
*
----- When you use the suppress-map configuration command along with the summary-only configuration command, the summary-only configuration command does not have any effect. With use of the suppress-map configuration command, the more-specific routes that the suppress-map suppresses are not advertised. However, the routes that the suppress-map does not cover are advertised in addition to the aggregated route. Therefore, the notes in this section apply to the use of suppress-map either with or without the summary-only configuration command.
*
-----When you use as-set with suppress-map, although the suppressed routes are not advertised, the aggregated route inherits the attributes of all the suppressed routes. But you can override the inherited attributes with the use of other configuration commands, such as attribute-map. The Change the Attributes of the Aggregate Route section describes the use of attribute-map.
*
-----When you use the as-set and suppress-map configuration commands with advertise-map, the aggregate forms. The aggregate inherits the attributes only out of the routes that are selected in the advertise-map, irrespective of whether suppress-map suppresses the route. See the Use advertise-map to Aggregate a Subset of Specific Routes section.
*
-----When you use advertise-map and attribute-map along with as-set and other configuration commands, the attribute-map overrides the attributes that are chosen in the advertise-map.
<<<----->>>In general, when you use advertise-map, only the advertise-map influences the aggregate. In the absence of advertise-map, the aggregate inherits the attributes of the more-specific routes, both suppressed and unsuppressed. In both the cases, you can use the attribute-map configuration command to override the chosen attributes.
######################the Aggregate inherits the community from the specific prefixes ==> use attribute-map ##################
So if there is an specific prefix being received from some ebgp peer, and lets say its community is no-export
then the aggregate will also carry the community no-export, thus having the effect tht no (ebgp/ibgp) peers will get it
thus to alliviate this, we have to use attribute-map and attach a route-map which sets the community to none.
#####################advertise-map, excludes the prefixes from being counted in the aggregate ##################
This means when we use as-set, the prefixes EXCLUDED by the advertise-map, thier parent AS# are not mentioned in the { }
Hence the remote AS which dont have their AS# in {} now accept the summary, even though they now MAY have a specific prefix covered by the aggregate
Read this on CCO http://www.cisco.com/warp/public/459/aggregation.html#aggregatingwiththeassetargument
########## allow-as in #######################
basically disables BGP loop prevention mechanisim
when ebgp peer receives an prefix update with its own AS# in the AS_PATH and if allow-as in is configured for that ebgp peer.
then the prefix is accepted.
This has to be configured on the peer where we want the prefix to be accepted in.
Sunday, April 27, 2008
Day4: BGP
09/04/2008
BGP
Path Vector Protocol, Exterior Gateway Protocol
Doesn't have its own transport uses TCP 179
Relies on IGP for basic IP reachability to route BGP, cannot use BGP alone
TIP:Make sure that when u reach to BGP section in Exam, that u read thru the entire section so that you dont have to redo the entire thing
Doesn't run on per interface basis like IGP, can be directly connected or can be remote
Confederations : Are using peering with diff AS, but not truly eBGP connection
When we say neighbor 1.2.3.4 remote-as 1000
==> we will listen for address 1.2.3.4 starting TCP session at port 179
==> Src of BGP packet, will be the interface IP
==> Server needs to agree on the src-ip to which it will accept the connection
Client uses tcp 179 as dst-port, server uses tcp 179 as the src-port
dont need to use update-source on btoh ends.
Only at the client needs it and this needs to be matched with wht is configured on the server
When we do peering with lo0, its is only for REDUNDANCY of control plane (BGP traffic), its not for load bal of data plane traffic.
Load Bal at data plane is a function of IGP.
By default TTL of BGP is 1
so if we do ebgp with non connected neighbors, we need to increase the TTL using ebgp-multihop, so that the TTL is extended to 255 (the max)
don't modify the 255 unless exam says so....
Loop Prevention: cannot accept prefix with our own AS in the path
Can be override by using neighbor [address] allow-as-in
or
neighbor [addresss] as-override
==> V.V IMP ==>When we USE EBGP, the NEXT-HOP is modified to what we set as the peering address for EBGP
We can change this via route-map if we want to
Loop prevention in IBGP:
ibgp learned routes cannot be adv to another ibgp neigh
==> take the routes directly form the ibgp rtr originating the route
==> We need full mesh ibgp peering
===> This is only for CONTROL Plane traffic, real data flow is still based on ibgp next-hop value
To avoid full mesh, we can use route-reflector
or use confederations
there has to be a full mesh ( or RR) within a confederation
in IBGP there is no next-hop modification,
==> So in IGP we need to have those routes to the next-hop as looked up by IBGP
#########Route reflectors ##############
GOAL: Take updates from ibgp neigh and send out to other iBGP neighbors
Three Roles -
-EBGP neighbor
neigh in diff as
-Client peer
neigh with router-reflector-client
-Non-client Peer
neigh without router-reflector-cleint
Update Propagation
-EBGP
to ALL
-Client
to ALL (EBGP, Client, Non-Cleinet )
-Non-Client
to EBGP and to Client, CANNOT pass to non-client
Placement based on the above rules.
Generally, good design, will have all ibgp neig as clients except the other RR
sh ip bgp cmd analysis
> besides the prefix ==> best route and will be added to routing table and will be advertised further
i besides the PATH col, suggested these were originated by using network statements
? redistribution
r RIB Failure OR we already have a better route in the Routing table with lower AD (hardly the case in real life)
if a route is NOT a best path
1) do we have route to next-hop
2) if they are ibgp route, does bgp synchronisation rule come into play
#########################Confederations ###############################
Loop prevention: AS_PATH
Confederation: Sub Autonomous System use the Private AS range, but technically they don't have to
They do that, just to ensure that other's ISP actual AS numbers are not conflicting with the AS # that we have picked
Inside confederation, we need RR or full-Mesh ibGP
Exam Tip: Ensure that u read thru the entire BGP requirement to prevent picking incorrect BGP AS Number.
sh ip bgp cmd analysis
-next hop not modified
-() confederation number in parentheses]
LAB TIP: It may not be a requirement in LAB to have reachability to BBR prefixes. If its unclear , ask the proctor
BGP
Path Vector Protocol, Exterior Gateway Protocol
Doesn't have its own transport uses TCP 179
Relies on IGP for basic IP reachability to route BGP, cannot use BGP alone
TIP:Make sure that when u reach to BGP section in Exam, that u read thru the entire section so that you dont have to redo the entire thing
Doesn't run on per interface basis like IGP, can be directly connected or can be remote
Confederations : Are using peering with diff AS, but not truly eBGP connection
When we say neighbor 1.2.3.4 remote-as 1000
==> we will listen for address 1.2.3.4 starting TCP session at port 179
==> Src of BGP packet, will be the interface IP
==> Server needs to agree on the src-ip to which it will accept the connection
Client uses tcp 179 as dst-port, server uses tcp 179 as the src-port
dont need to use update-source on btoh ends.
Only at the client needs it and this needs to be matched with wht is configured on the server
When we do peering with lo0, its is only for REDUNDANCY of control plane (BGP traffic), its not for load bal of data plane traffic.
Load Bal at data plane is a function of IGP.
By default TTL of BGP is 1
so if we do ebgp with non connected neighbors, we need to increase the TTL using ebgp-multihop, so that the TTL is extended to 255 (the max)
don't modify the 255 unless exam says so....
Loop Prevention: cannot accept prefix with our own AS in the path
Can be override by using neighbor [address] allow-as-in
or
neighbor [addresss] as-override
==> V.V IMP ==>When we USE EBGP, the NEXT-HOP is modified to what we set as the peering address for EBGP
We can change this via route-map if we want to
Loop prevention in IBGP:
ibgp learned routes cannot be adv to another ibgp neigh
==> take the routes directly form the ibgp rtr originating the route
==> We need full mesh ibgp peering
===> This is only for CONTROL Plane traffic, real data flow is still based on ibgp next-hop value
To avoid full mesh, we can use route-reflector
or use confederations
there has to be a full mesh ( or RR) within a confederation
in IBGP there is no next-hop modification,
==> So in IGP we need to have those routes to the next-hop as looked up by IBGP
#########Route reflectors ##############
GOAL: Take updates from ibgp neigh and send out to other iBGP neighbors
Three Roles -
-EBGP neighbor
neigh in diff as
-Client peer
neigh with router-reflector-client
-Non-client Peer
neigh without router-reflector-cleint
Update Propagation
-EBGP
to ALL
-Client
to ALL (EBGP, Client, Non-Cleinet )
-Non-Client
to EBGP and to Client, CANNOT pass to non-client
Placement based on the above rules.
Generally, good design, will have all ibgp neig as clients except the other RR
sh ip bgp cmd analysis
> besides the prefix ==> best route and will be added to routing table and will be advertised further
i besides the PATH col, suggested these were originated by using network statements
? redistribution
r RIB Failure OR we already have a better route in the Routing table with lower AD (hardly the case in real life)
if a route is NOT a best path
1) do we have route to next-hop
2) if they are ibgp route, does bgp synchronisation rule come into play
#########################Confederations ###############################
Loop prevention: AS_PATH
Confederation: Sub Autonomous System use the Private AS range, but technically they don't have to
They do that, just to ensure that other's ISP actual AS numbers are not conflicting with the AS # that we have picked
Inside confederation, we need RR or full-Mesh ibGP
Exam Tip: Ensure that u read thru the entire BGP requirement to prevent picking incorrect BGP AS Number.
sh ip bgp cmd analysis
-next hop not modified
-() confederation number in parentheses]
LAB TIP: It may not be a requirement in LAB to have reachability to BBR prefixes. If its unclear , ask the proctor
Wednesday, April 09, 2008
Juniper Seminar: Humiliated for being HONEST !
Today there was a Juniper Seminar regarding their new product launch of L2 and L3 switches.
So excited that I was, I registered for their Seminar at least 3-4 weeks back.
And when I did attend it, half way through the session, during the lunch break when i was chatting with some old friends from my ex-companies, I was interrogated by several OFFICIAL Juniper people, as to why a Cisco Employee was attending the seminar.
They even asked me what I do and whom i report to . To which i politely answered.
Even then it wasn't reassuring to them. They felt it was inappropriate for a Cisco Employee to attend a Juniper Seminar.
They asked me to leave mid-way through the session.
WHY ?
I am still flabbergasted !!
I guess if i would have registered as a NON-CISCO employee ( like I have had attended all these years) they wouldn't have any issues.
So to put it simply: When Attending Juniper Seminar: Honesty is not the best policy !
After all I was humiliated and asked to leave mid-way was inappropriate for juniper to do, considering that I had registered 3 weeks back and had clearly filled in their online forms mentioning my employment with Cisco.
Also whats surprising is, it was not a CONFIDENTIAL ( by invite ONLY/ Closed Door) seminar. It was a Public Launch of their new switches. So i ask, what did they feel threatened from me attending their seminar ?
Over 300 people attended it.
I guess their are some cranky heads in Juniper India, Mumbai, who have lost their marbles.
I am a fan of their netscreen products and was wanting to learn more on those.
Just to clarify then and now as well, I have worked on NS500 and NS5200 for almost 1 year in my prior companies. Infact there were some support engineers whom I had interacted face to face for Netscreen issues then.
So by just joining Cisco, and mentioning that on the Registration Desk, Am i to be penalized ?
I am disappointed, Juniper India, Mumbai people let me down.
I guess they realize sooner than later that, by filtering out Cisco Employees from their seminars they are not really achieving anything.
I wonder what they would have done if Alcatel/ Nortel Employees would have attended ???
Wouldn't that be an issue ?
What is so threatening if a Cisco Employee attended their seminar ???
Some whimsical old nuts out there in Juniper.
I just wish that the right people (probably Public Relations) in Juniper (Worldwide) see this and ask for a rational explanation from the organizers in Juniper Mumbai.
If they really didn't want Cisco Employees to attend, why not CALL them on their provided contact number during registration and refuse. Why humiliate them when they have spent considerable time/resources to reach the seminar !
Disclaimer: The opinions expressed here are mine and mine alone. My current or past employers are not responsible for what I write here, the comments left by others, or the photos I may share. If you have questions, please contact me. Also, I am not a journalist or reporter. Don't "pitch" me.
So excited that I was, I registered for their Seminar at least 3-4 weeks back.
And when I did attend it, half way through the session, during the lunch break when i was chatting with some old friends from my ex-companies, I was interrogated by several OFFICIAL Juniper people, as to why a Cisco Employee was attending the seminar.
They even asked me what I do and whom i report to . To which i politely answered.
Even then it wasn't reassuring to them. They felt it was inappropriate for a Cisco Employee to attend a Juniper Seminar.
They asked me to leave mid-way through the session.
WHY ?
I am still flabbergasted !!
I guess if i would have registered as a NON-CISCO employee ( like I have had attended all these years) they wouldn't have any issues.
So to put it simply: When Attending Juniper Seminar: Honesty is not the best policy !
After all I was humiliated and asked to leave mid-way was inappropriate for juniper to do, considering that I had registered 3 weeks back and had clearly filled in their online forms mentioning my employment with Cisco.
Also whats surprising is, it was not a CONFIDENTIAL ( by invite ONLY/ Closed Door) seminar. It was a Public Launch of their new switches. So i ask, what did they feel threatened from me attending their seminar ?
Over 300 people attended it.
I guess their are some cranky heads in Juniper India, Mumbai, who have lost their marbles.
I am a fan of their netscreen products and was wanting to learn more on those.
Just to clarify then and now as well, I have worked on NS500 and NS5200 for almost 1 year in my prior companies. Infact there were some support engineers whom I had interacted face to face for Netscreen issues then.
So by just joining Cisco, and mentioning that on the Registration Desk, Am i to be penalized ?
I am disappointed, Juniper India, Mumbai people let me down.
I guess they realize sooner than later that, by filtering out Cisco Employees from their seminars they are not really achieving anything.
I wonder what they would have done if Alcatel/ Nortel Employees would have attended ???
Wouldn't that be an issue ?
What is so threatening if a Cisco Employee attended their seminar ???
Some whimsical old nuts out there in Juniper.
I just wish that the right people (probably Public Relations) in Juniper (Worldwide) see this and ask for a rational explanation from the organizers in Juniper Mumbai.
If they really didn't want Cisco Employees to attend, why not CALL them on their provided contact number during registration and refuse. Why humiliate them when they have spent considerable time/resources to reach the seminar !
Disclaimer: The opinions expressed here are mine and mine alone. My current or past employers are not responsible for what I write here, the comments left by others, or the photos I may share. If you have questions, please contact me. Also, I am not a journalist or reporter. Don't "pitch" me.
Monday, April 07, 2008
Adv Technologies: EIGRP
#########EIGRP Authentication########
Takes some time, so will need to be patient. Need to chage system clock (clock set 00:22:00 1 Feb 2007) for Auth to kick in
OR
clear ip eigrp neigh will do
Also there is a typo, can u spot the mistake ?
key chain EIGRP
key 1
key-string CISCO123
accept-lifetime 00:00:00 Mar 1 2002 00:15:00 Jan 1 2007
send-lifetime 00:00:00 Mar 1 2002 00:00:00 Jan 1 2007
key 2
key-string CISCO456
accept-lifetime 23:45:00 Dec 31 2006 infinite
send-lifetime 00:00:00 Jan 1 2007 infinite
Rack1R4#sh key chain
Key-chain EIGRP:
key 1 -- text "CISCO123 "
accept lifetime (00:00:00 UTC Mar 1 2002) - (00:15:00 UTC Jan 1 2007) [valid now]
send lifetime (00:00:00 UTC Mar 1 2002) - (00:00:00 UTC Jan 1 2007) [valid now]
key 2 -- text "CISCO456"
accept lifetime (23:45:00 UTC Dec 31 2006) - (infinite)
send lifetime (00:00:00 UTC Jan 1 2007) - (infinite)
Rack1R4#
Rack1R5#sh key cha
Key-chain EIGRP:
key 1 -- text "CISCO123"
accept lifetime (00:00:00 UTC Jan 1 2002) - (00:15:00 UTC Jan 1 2007) [valid now]
send lifetime (00:00:00 UTC Jan 1 2002) - (00:00:00 UTC Jan 1 2007) [valid now]
key 2 -- text "CISCO456"
accept lifetime (23:45:00 UTC Dec 31 2006) - (infinite) [valid now]
send lifetime (00:00:00 UTC Jan 1 2007) - (infinite)
Rack1R5#
Ans: in R4 router, there is an additional space in the Key 1 "CISCO123 "
#########EIGRP Stub########
From Non Stub router only UPDATES are sent out to stub neighbor, no QUERIES sent to stub
But a Non Stub router will receive QUERIES from stub neighbor and will reply to the same.
########### Leak-map ########################
ip summary-address eigrp 100 0.0.0.0 0.0.0.0 leak-map LEAK
The benefit of route leaking (advertising a route) is that the leaked route is more specific than a summarized route and is therefore the preferred route.
#######How To ############
Configuring an EIGRP Summary Address to Leak a Component Route
There might be times when you have summarized routes, but you want a particular route to be advertised. The benefit of route leaking (advertising a route) is that the leaked route is more specific than a summarized route and is therefore the preferred route. Perform this task to leak an EIGRP route that would otherwise be suppressed by a summary route.
In general, leaking an EIGRP route is achieved by defining a standard IP access list (or IP prefix list) to identify the component route as a source address. Then the access list is referenced in a route map (in a match ip address command), and the route map is referenced by the leak-map keyword in the ip summary-address eigrp command.
You can use a single access list to permit all the routes that you want to leak through a single summary.
##Behavior if EIGRP Route Leaking Is Configured Incompletely##
The following default behavior occurs if the ip summary-address eigrp command is configured using the leak-map keyword and either the route map or access list is not configured:
--If the leak-map keyword is configured to reference a nonexistent route map, the configuration of this keyword has no effect. The summary address is advertised, but all component routes are suppressed.
--If the leak-map keyword is configured, but the access list does not exist or the route map does not reference the access list, the summary address and all component routes are sent.
###############ip default-network ############################
When deciding whether to use a default static route or a default network, keep in mind that if you want the routing protocol to propagate the default route, the ip default-network command will do that for you. But if you want only the local router to have the default route, a static IP route is the way to go.
http://blog.internetworkexpert.com/2008/01/15/issues-with-the-ip-default-network-command/
##############Changing Internal and External AD of EIGRP Routes ############
NOTE: We can not change distance for individual external EIGRP prefixes
distance eigrp 99 200
e.g all internal routes set to AD99 and external routes set to AD200
However we can still change {selectively} AD of internal routes from 99 to something else as shwon below, but cannot {selectively} change AD of external routes
NOTE: that you specify neighbor’s IP address (like with RIP and unlike OSPF)
when you fine-tune AD based on access-list
"distance 199 155.1.45.5 0.0.0.0 10"
e.g: This will set the routes recd from source-ip 155.1.45.5 to AD 199 if the routes match that in ACL 10
#################Filtering with Distribute Lists ############
router eigrp 100
distribute-list 99 in Serial 0/0
distribute-list 99 in Serial 0/1
A bit advanced distribute-list with route-map
router eigrp 100
distribute-list route-map FILTER_EIGRP in serial 0/1
distribute-list route-map FILTER_EIGRP in serial 0/0
Where all the magic happens in FILTER_EIGRP route-map to match against tag 100 and then selectively permit only those routes in, rest are filtered#########EIGRP AUthentication########
Takes some time, so will need to be patient. Need to chage system clock (clock set 00:22:00 1 Feb 2007) for Auth to kick in
OR
clear ip eigrp neigh will do
Also there is a typo, can u spot the mistake ?
key chain EIGRP
key 1
key-string CISCO123
accept-lifetime 00:00:00 Mar 1 2002 00:15:00 Jan 1 2007
send-lifetime 00:00:00 Mar 1 2002 00:00:00 Jan 1 2007
key 2
key-string CISCO456
accept-lifetime 23:45:00 Dec 31 2006 infinite
send-lifetime 00:00:00 Jan 1 2007 infinite
Rack1R4#sh key chain
Key-chain EIGRP:
key 1 -- text "CISCO123 "
accept lifetime (00:00:00 UTC Mar 1 2002) - (00:15:00 UTC Jan 1 2007) [valid now]
send lifetime (00:00:00 UTC Mar 1 2002) - (00:00:00 UTC Jan 1 2007) [valid now]
key 2 -- text "CISCO456"
accept lifetime (23:45:00 UTC Dec 31 2006) - (infinite)
send lifetime (00:00:00 UTC Jan 1 2007) - (infinite)
Rack1R4#
Rack1R5#sh key cha
Key-chain EIGRP:
key 1 -- text "CISCO123"
accept lifetime (00:00:00 UTC Jan 1 2002) - (00:15:00 UTC Jan 1 2007) [valid now]
send lifetime (00:00:00 UTC Jan 1 2002) - (00:00:00 UTC Jan 1 2007) [valid now]
key 2 -- text "CISCO456"
accept lifetime (23:45:00 UTC Dec 31 2006) - (infinite) [valid now]
send lifetime (00:00:00 UTC Jan 1 2007) - (infinite)
Rack1R5#
Ans: in R4 router, there is an additional space in the Key 1 "CISCO123 "
#########EIGRP Stub########
From Non Stub router only UPDATES are sent out to stub neighbor, no QUERIES sent to stub
But a Non Stub router will receive QUERIES from stub neighbor and will reply to the same.
########### Leak-map ########################
ip summary-address eigrp 100 0.0.0.0 0.0.0.0 leak-map LEAK
The benefit of route leaking (advertising a route) is that the leaked route is more specific than a summarized route and is therefore the preferred route.
#######How To ############
Configuring an EIGRP Summary Address to Leak a Component Route
There might be times when you have summarized routes, but you want a particular route to be advertised. The benefit of route leaking (advertising a route) is that the leaked route is more specific than a summarized route and is therefore the preferred route. Perform this task to leak an EIGRP route that would otherwise be suppressed by a summary route.
In general, leaking an EIGRP route is achieved by defining a standard IP access list (or IP prefix list) to identify the component route as a source address. Then the access list is referenced in a route map (in a match ip address command), and the route map is referenced by the leak-map keyword in the ip summary-address eigrp command.
You can use a single access list to permit all the routes that you want to leak through a single summary.
##Behavior if EIGRP Route Leaking Is Configured Incompletely##
The following default behavior occurs if the ip summary-address eigrp command is configured using the leak-map keyword and either the route map or access list is not configured:
--If the leak-map keyword is configured to reference a nonexistent route map, the configuration of this keyword has no effect. The summary address is advertised, but all component routes are suppressed.
--If the leak-map keyword is configured, but the access list does not exist or the route map does not reference the access list, the summary address and all component routes are sent.
###############ip default-network ############################
When deciding whether to use a default static route or a default network, keep in mind that if you want the routing protocol to propagate the default route, the ip default-network command will do that for you. But if you want only the local router to have the default route, a static IP route is the way to go.
http://blog.internetworkexpert.com/2008/01/15/issues-with-the-ip-default-network-command/
##############Changing Internal and External AD of EIGRP Routes ############
NOTE: We can not change distance for individual external EIGRP prefixes
distance eigrp 99 200
e.g all internal routes set to AD99 and external routes set to AD200
However we can still change {selectively} AD of internal routes from 99 to something else as shwon below, but cannot {selectively} change AD of external routes
NOTE: that you specify neighbor’s IP address (like with RIP and unlike OSPF)
when you fine-tune AD based on access-list
"distance 199 155.1.45.5 0.0.0.0 10"
e.g: This will set the routes recd from source-ip 155.1.45.5 to AD 199 if the routes match that in ACL 10
#################Filtering with Distribute Lists ############
router eigrp 100
distribute-list 99 in Serial 0/0
distribute-list 99 in Serial 0/1
A bit advanced distribute-list with route-map
router eigrp 100
distribute-list route-map FILTER_EIGRP in serial 0/1
distribute-list route-map FILTER_EIGRP in serial 0/0
Where all the magic happens in FILTER_EIGRP route-map to match against tag 100 and then selectively permit only those routes in, rest are filetered (denied)
(denied)
Takes some time, so will need to be patient. Need to chage system clock (clock set 00:22:00 1 Feb 2007) for Auth to kick in
OR
clear ip eigrp neigh will do
Also there is a typo, can u spot the mistake ?
key chain EIGRP
key 1
key-string CISCO123
accept-lifetime 00:00:00 Mar 1 2002 00:15:00 Jan 1 2007
send-lifetime 00:00:00 Mar 1 2002 00:00:00 Jan 1 2007
key 2
key-string CISCO456
accept-lifetime 23:45:00 Dec 31 2006 infinite
send-lifetime 00:00:00 Jan 1 2007 infinite
Rack1R4#sh key chain
Key-chain EIGRP:
key 1 -- text "CISCO123 "
accept lifetime (00:00:00 UTC Mar 1 2002) - (00:15:00 UTC Jan 1 2007) [valid now]
send lifetime (00:00:00 UTC Mar 1 2002) - (00:00:00 UTC Jan 1 2007) [valid now]
key 2 -- text "CISCO456"
accept lifetime (23:45:00 UTC Dec 31 2006) - (infinite)
send lifetime (00:00:00 UTC Jan 1 2007) - (infinite)
Rack1R4#
Rack1R5#sh key cha
Key-chain EIGRP:
key 1 -- text "CISCO123"
accept lifetime (00:00:00 UTC Jan 1 2002) - (00:15:00 UTC Jan 1 2007) [valid now]
send lifetime (00:00:00 UTC Jan 1 2002) - (00:00:00 UTC Jan 1 2007) [valid now]
key 2 -- text "CISCO456"
accept lifetime (23:45:00 UTC Dec 31 2006) - (infinite) [valid now]
send lifetime (00:00:00 UTC Jan 1 2007) - (infinite)
Rack1R5#
Ans: in R4 router, there is an additional space in the Key 1 "CISCO123 "
#########EIGRP Stub########
From Non Stub router only UPDATES are sent out to stub neighbor, no QUERIES sent to stub
But a Non Stub router will receive QUERIES from stub neighbor and will reply to the same.
########### Leak-map ########################
ip summary-address eigrp 100 0.0.0.0 0.0.0.0 leak-map LEAK
The benefit of route leaking (advertising a route) is that the leaked route is more specific than a summarized route and is therefore the preferred route.
#######How To ############
Configuring an EIGRP Summary Address to Leak a Component Route
There might be times when you have summarized routes, but you want a particular route to be advertised. The benefit of route leaking (advertising a route) is that the leaked route is more specific than a summarized route and is therefore the preferred route. Perform this task to leak an EIGRP route that would otherwise be suppressed by a summary route.
In general, leaking an EIGRP route is achieved by defining a standard IP access list (or IP prefix list) to identify the component route as a source address. Then the access list is referenced in a route map (in a match ip address command), and the route map is referenced by the leak-map keyword in the ip summary-address eigrp command.
You can use a single access list to permit all the routes that you want to leak through a single summary.
##Behavior if EIGRP Route Leaking Is Configured Incompletely##
The following default behavior occurs if the ip summary-address eigrp command is configured using the leak-map keyword and either the route map or access list is not configured:
--If the leak-map keyword is configured to reference a nonexistent route map, the configuration of this keyword has no effect. The summary address is advertised, but all component routes are suppressed.
--If the leak-map keyword is configured, but the access list does not exist or the route map does not reference the access list, the summary address and all component routes are sent.
###############ip default-network ############################
When deciding whether to use a default static route or a default network, keep in mind that if you want the routing protocol to propagate the default route, the ip default-network command will do that for you. But if you want only the local router to have the default route, a static IP route is the way to go.
http://blog.internetworkexpert.com/2008/01/15/issues-with-the-ip-default-network-command/
##############Changing Internal and External AD of EIGRP Routes ############
NOTE: We can not change distance for individual external EIGRP prefixes
distance eigrp 99 200
e.g all internal routes set to AD99 and external routes set to AD200
However we can still change {selectively} AD of internal routes from 99 to something else as shwon below, but cannot {selectively} change AD of external routes
NOTE: that you specify neighbor’s IP address (like with RIP and unlike OSPF)
when you fine-tune AD based on access-list
"distance 199 155.1.45.5 0.0.0.0 10"
e.g: This will set the routes recd from source-ip 155.1.45.5 to AD 199 if the routes match that in ACL 10
#################Filtering with Distribute Lists ############
router eigrp 100
distribute-list 99 in Serial 0/0
distribute-list 99 in Serial 0/1
A bit advanced distribute-list with route-map
router eigrp 100
distribute-list route-map FILTER_EIGRP in serial 0/1
distribute-list route-map FILTER_EIGRP in serial 0/0
Where all the magic happens in FILTER_EIGRP route-map to match against tag 100 and then selectively permit only those routes in, rest are filtered#########EIGRP AUthentication########
Takes some time, so will need to be patient. Need to chage system clock (clock set 00:22:00 1 Feb 2007) for Auth to kick in
OR
clear ip eigrp neigh will do
Also there is a typo, can u spot the mistake ?
key chain EIGRP
key 1
key-string CISCO123
accept-lifetime 00:00:00 Mar 1 2002 00:15:00 Jan 1 2007
send-lifetime 00:00:00 Mar 1 2002 00:00:00 Jan 1 2007
key 2
key-string CISCO456
accept-lifetime 23:45:00 Dec 31 2006 infinite
send-lifetime 00:00:00 Jan 1 2007 infinite
Rack1R4#sh key chain
Key-chain EIGRP:
key 1 -- text "CISCO123 "
accept lifetime (00:00:00 UTC Mar 1 2002) - (00:15:00 UTC Jan 1 2007) [valid now]
send lifetime (00:00:00 UTC Mar 1 2002) - (00:00:00 UTC Jan 1 2007) [valid now]
key 2 -- text "CISCO456"
accept lifetime (23:45:00 UTC Dec 31 2006) - (infinite)
send lifetime (00:00:00 UTC Jan 1 2007) - (infinite)
Rack1R4#
Rack1R5#sh key cha
Key-chain EIGRP:
key 1 -- text "CISCO123"
accept lifetime (00:00:00 UTC Jan 1 2002) - (00:15:00 UTC Jan 1 2007) [valid now]
send lifetime (00:00:00 UTC Jan 1 2002) - (00:00:00 UTC Jan 1 2007) [valid now]
key 2 -- text "CISCO456"
accept lifetime (23:45:00 UTC Dec 31 2006) - (infinite) [valid now]
send lifetime (00:00:00 UTC Jan 1 2007) - (infinite)
Rack1R5#
Ans: in R4 router, there is an additional space in the Key 1 "CISCO123 "
#########EIGRP Stub########
From Non Stub router only UPDATES are sent out to stub neighbor, no QUERIES sent to stub
But a Non Stub router will receive QUERIES from stub neighbor and will reply to the same.
########### Leak-map ########################
ip summary-address eigrp 100 0.0.0.0 0.0.0.0 leak-map LEAK
The benefit of route leaking (advertising a route) is that the leaked route is more specific than a summarized route and is therefore the preferred route.
#######How To ############
Configuring an EIGRP Summary Address to Leak a Component Route
There might be times when you have summarized routes, but you want a particular route to be advertised. The benefit of route leaking (advertising a route) is that the leaked route is more specific than a summarized route and is therefore the preferred route. Perform this task to leak an EIGRP route that would otherwise be suppressed by a summary route.
In general, leaking an EIGRP route is achieved by defining a standard IP access list (or IP prefix list) to identify the component route as a source address. Then the access list is referenced in a route map (in a match ip address command), and the route map is referenced by the leak-map keyword in the ip summary-address eigrp command.
You can use a single access list to permit all the routes that you want to leak through a single summary.
##Behavior if EIGRP Route Leaking Is Configured Incompletely##
The following default behavior occurs if the ip summary-address eigrp command is configured using the leak-map keyword and either the route map or access list is not configured:
--If the leak-map keyword is configured to reference a nonexistent route map, the configuration of this keyword has no effect. The summary address is advertised, but all component routes are suppressed.
--If the leak-map keyword is configured, but the access list does not exist or the route map does not reference the access list, the summary address and all component routes are sent.
###############ip default-network ############################
When deciding whether to use a default static route or a default network, keep in mind that if you want the routing protocol to propagate the default route, the ip default-network command will do that for you. But if you want only the local router to have the default route, a static IP route is the way to go.
http://blog.internetworkexpert.com/2008/01/15/issues-with-the-ip-default-network-command/
##############Changing Internal and External AD of EIGRP Routes ############
NOTE: We can not change distance for individual external EIGRP prefixes
distance eigrp 99 200
e.g all internal routes set to AD99 and external routes set to AD200
However we can still change {selectively} AD of internal routes from 99 to something else as shwon below, but cannot {selectively} change AD of external routes
NOTE: that you specify neighbor’s IP address (like with RIP and unlike OSPF)
when you fine-tune AD based on access-list
"distance 199 155.1.45.5 0.0.0.0 10"
e.g: This will set the routes recd from source-ip 155.1.45.5 to AD 199 if the routes match that in ACL 10
#################Filtering with Distribute Lists ############
router eigrp 100
distribute-list 99 in Serial 0/0
distribute-list 99 in Serial 0/1
A bit advanced distribute-list with route-map
router eigrp 100
distribute-list route-map FILTER_EIGRP in serial 0/1
distribute-list route-map FILTER_EIGRP in serial 0/0
Where all the magic happens in FILTER_EIGRP route-map to match against tag 100 and then selectively permit only those routes in, rest are filetered (denied)
(denied)
Sunday, April 06, 2008
Day3: OSPF
Day 3
OSPF
Process ID is LOCALLY Significant
Must have atleast one UP/UP inerface trunning IPV4 for router OSPF to pick it as Router-ID
Network Statement : Misconception: Network Statement relates to Subnet Mask of the network that you are trying to oroiginate
network Statement only is used to pick interface that matches the network statement
For e.g : network 0.0.0.0 255.255.255.255 area 0 ==> ALl interfaces , does not mean that we are originating the Default nwk
In older IOS, the order of entering the network statements were significant, NOt anymore, the newer IOS reorders the network statement to order more specific match first
Forming Adjacencies
########Must Match ####
-area
-hello/dead timers
- MTU
-(OR) ip ospf mtu-ignore
-compatible network types
-stub flags
-authentication
#########Must be unique #########
-Intf IP Address
- OSPF Router-ID
When doing OSPF Adj, chk sh system mtu, it must match one witht he router or use "ip mtu" cmd to change the MTU on rtr on certain interfaces
RECOMMEND: Manually define router-ID, assuming addressing is globally unique, but if u use Anycast IP, then u can have IP duplicates
RECOMMEND: Avoid using Rtr-ID 1.1.1.1 or 2.2.2.2 or like, cos BBRs (backbone routers )cud be using the same, and this can casue inconsistencies in the OSPF Databases.
###############Types###############################
-Broadcast
-Non-Broadcast
-Point-to-Point
-Point-to-Multipoint
-Point-to-Multipoint Non-Boradcast
-Loopback
-Broadcast
-Send Hellos as multicast
-224.0.0.5 (all ospf rtrs in seg ) /224.0.0.6 (all DR/BDR rtrs in the seg)
-uses DR/BDR, to minimise LSA Replication 9Like BGP Router Reflector)
in FR Hub and spoke env
- interface level cmd: "ip ospf network broadcast" on all neighbor's interfaces required.
- ip ospf prio 0 req for spoke sites, so as to avoid them becoming DR/BDR
- no neighbor cmds required on hub
- frame-realy map stmts need broadcast keyword
- If you notice: Next HOp Modification doesn't happen.
- if you notice: DR/BDR are elected.
DR/BDR Election
-Priority, 0 ==> wont participate in election, 255 is max and its best
-No premption in DR/BDR election
==> once DR/BDR are elected, later on a higher prio rtr cannot preempt the DR
-Router-ID
if all teh devices in the segment have the same priority, thena the router0-d wil be chosen
Higer rtr-id is better
Rtr-ID doesnt need to be a valid IP or valid routeable Number, its can be any number in dotted decimal format, for e.g 255.255.255.255 will be the most preferred rtr id
-- Caveat: DR/BDR also depends on whiuch Router is configured first and whose OSPF process converges faster.
#########Debug OSPF####
access-list 100 permit 89 any any
debug ip packet 100
How to find who is the DR in Broadcast/NBMA segments using sho ip ospf Database cmd ??????????
Ans:--The "Net Link States" table shows Who is the DR (BDR cant be found) in teh Adv Router Column for the given Segment as represented by the Link ID
Network Type : NBMA (Updates sent as Replicated Unicast) Has DR/BDR Election, but needs neighbor stmts to be added for Updates to be sent to it as unicast
Hello = 30s , Dead = 120s
FR Main Int
FR multipoint sub-int
ATM interfaces
in FR Hub and spoke env
- Default Network Type for FR (NBMA)
- neighbor cmds under ospf process required on hub, since updates sent as Unicast
- frame-realy map stmts DON'T need broadcast keyword
- ip ospf prio 0 req for spoke sites, so as to avoid them becoming DR/BDR
- If you notice: Next HOp Modification doesn't happen.
- if you notice: DR/BDR are elected.
#################OSPF Network Point to Multipoint #####################
-Not a default Option , need to ue intf cmd "ip ospf network point-to-multipoint"
-Sends hellos as Multicast on 224.0.0.5
-Modifies the next hop
-No DR/BDR elecetion
-Adds in routing table Host /32 route for end points of the links, then uses recursive looksups to find the interface.
-Ensure that you have a broadcast keyword in frame-relay map cmd to allow multicast traffic
-U need to have ONLY 1 Mapping from Spoke to HUB. Rest of L2 mapping is taken care at L3 via OSPF mulitpoint technology
The functional difference between OSPF network type point-to-multipoint versus
broadcast and non-broadcast network types is how point-to-multipoint deals with nexthop
resolution on a non-broadcast media. OSPF network type point-to-multipoint treats
the network as a collection of point-to-point links instead of one flat broadcast network.
With the network types non-broadcast and broadcast, OSPF does not understand that
the underlying layer 2 topology may not mirror a flat layer 3 network. With OSPF network
types broadcast and non-broadcast, next hop values are not modified when updates are
transmitted across an NBMA media. This implies that devices on the NBMA cloud
require layer 3 to layer 2 resolution for any endpoint injecting routes into the network.
With OSPF network type point-to-multipoint, next hop values are modified to the address
of the directly connected neighbor when they are advertised across the NBMA cloud.
This implies that routers on the NBMA network only need layer 3 to layer 2 resolution for
directly connected neighbors when running OSPF network point-to-mulitpoint.
in FR Hub and spoke env
- NOT a Default Network Type for FR
- NO neighbor cmds under ospf process required on hub, since updates sent as multicast
- frame-realy map stmts need broadcast keyword, but only "ONE" map stmt to the HUB, rest are resolved by
- ip ospf prio 0 NOT req for spoke sites, NO DR/BDR in this TYpe
- If you notice: Next HOp Modification DOES happen. There are /32 Routes added for the Link address and the Remtoe networks are pointed to this Link /32 Address.
- if you notice: DR/BDR are NOT elected ( Not supported).
#################OSPF Network Point to Multipoint NonBroadcast #######
-Not a Default Option, use intf cmd "ip ospf network point-to-multipoint non-broadcast"
- Sends hellos as unicast
-neighbor stmts required
-no DR/BDR electioin
- Modifies next-hop
-Can be used when we have PVCs with different costs
-in ethernet : diff BW values for diff neighbors in the link
in FR Hub and spoke env
- NOT a Default Network Type for FR
- Neighbor cmds under ospf process required on hub, since updates sent as unicast
- frame-realy map stmts DON'T need broadcast keyword, AND only "ONE" map stmt to the HUB, rest are resolved by L3 (OSPF)
- ip ospf prio 0 NOT req for spoke sites, NO DR/BDR in this TYpe
- If you notice: Next HOp Modification DOES happen. There are /32 Routes added for the Link address and the Remtoe networks are pointed to this Link /32 Address.
- if you notice: DR/BDR are NOT elected ( Not supported).
- if you notice: ONLY this Network Type, allows COST to be modifed under OSPF process when defining neighbors. => neighbor 10.0.0.4 cost 50 , etc
##########How to change the Cost of a Link ? #########################
Typically to be used in scenarios where u have links > 100mbps , for e.g gig, 10g, OC3, etc
- Interface"Bandwidth"
- Interface "ip ospg cost"
- Process "auto-cost"
-Process "neighbor w.x.y.z cost" ==> used in Multipoint
TIP: How to calculate the Cost of an OPSF Link without using the formual ourselves ?
Ans: Configure on of the physcial lkinsk and change their BW in kbps and then type "sh ip ospf interface" to get its cost
############Point to Point #########
-no DR/BDR
-Update sent as Multicast
"ip ospf 1 area 0 " ==> Eabled at Interface level means that we include the interface for a given area, and ALSO, the secondary addresses if any configured on the itnerface are also enabled for OSPF
This means the secondary addresses will also send out "hello" and form adj
in FR Hub and spoke env
- NOT a Default Network Type for FR
- NO Neighbor cmds under ospf process required on hub, since updates sent as multicast
- frame-realy map stmts need broadcast keyword, since only 1 neighbor, only 1 MAP stmt
- ip ospf prio 0 NOT req for spoke sites, NO DR/BDR in this TYpe
- If you notice: Next HOp Modification DOES NOT happen.
- if you notice: DR/BDR are NOT elected ( Not supported).
Summaray: OSPF network Types
Broadcast can be adj to Non-Broadcast as they both have DR/BDR concept, however we need to ensure tha the Hello/Dead timers are matched
Point-to-point can be adj with Point-to-Multipoint OR adj with point-to-multipoint non-broadcast, as they dont have DR/BDR concept, however we need to ensure tha the Hello/Dead timers are matched
V.V IMP: What gets affected with non-compatible nwks but it appears that u are formining adj , but actually its a neighbor relnaship but not truly adj
-unicast/multicast
-DR/BDR Election
-Next-hop processing
######### OSPF fast Hellos ##############
ip ospf dead-interval minimal hello-multiplier 5
- interface level cmd
- dead int = 1s , hello= 200msx5=1000ms =1s
-so hello sent out every 200ms
OSPF
Process ID is LOCALLY Significant
Must have atleast one UP/UP inerface trunning IPV4 for router OSPF to pick it as Router-ID
Network Statement : Misconception: Network Statement relates to Subnet Mask of the network that you are trying to oroiginate
network Statement only is used to pick interface that matches the network statement
For e.g : network 0.0.0.0 255.255.255.255 area 0 ==> ALl interfaces , does not mean that we are originating the Default nwk
In older IOS, the order of entering the network statements were significant, NOt anymore, the newer IOS reorders the network statement to order more specific match first
Forming Adjacencies
########Must Match ####
-area
-hello/dead timers
- MTU
-(OR) ip ospf mtu-ignore
-compatible network types
-stub flags
-authentication
#########Must be unique #########
-Intf IP Address
- OSPF Router-ID
When doing OSPF Adj, chk sh system mtu, it must match one witht he router or use "ip mtu" cmd to change the MTU on rtr on certain interfaces
RECOMMEND: Manually define router-ID, assuming addressing is globally unique, but if u use Anycast IP, then u can have IP duplicates
RECOMMEND: Avoid using Rtr-ID 1.1.1.1 or 2.2.2.2 or like, cos BBRs (backbone routers )cud be using the same, and this can casue inconsistencies in the OSPF Databases.
###############Types###############################
-Broadcast
-Non-Broadcast
-Point-to-Point
-Point-to-Multipoint
-Point-to-Multipoint Non-Boradcast
-Loopback
-Broadcast
-Send Hellos as multicast
-224.0.0.5 (all ospf rtrs in seg ) /224.0.0.6 (all DR/BDR rtrs in the seg)
-uses DR/BDR, to minimise LSA Replication 9Like BGP Router Reflector)
in FR Hub and spoke env
- interface level cmd: "ip ospf network broadcast" on all neighbor's interfaces required.
- ip ospf prio 0 req for spoke sites, so as to avoid them becoming DR/BDR
- no neighbor cmds required on hub
- frame-realy map stmts need broadcast keyword
- If you notice: Next HOp Modification doesn't happen.
- if you notice: DR/BDR are elected.
DR/BDR Election
-Priority, 0 ==> wont participate in election, 255 is max and its best
-No premption in DR/BDR election
==> once DR/BDR are elected, later on a higher prio rtr cannot preempt the DR
-Router-ID
if all teh devices in the segment have the same priority, thena the router0-d wil be chosen
Higer rtr-id is better
Rtr-ID doesnt need to be a valid IP or valid routeable Number, its can be any number in dotted decimal format, for e.g 255.255.255.255 will be the most preferred rtr id
-- Caveat: DR/BDR also depends on whiuch Router is configured first and whose OSPF process converges faster.
#########Debug OSPF####
access-list 100 permit 89 any any
debug ip packet 100
How to find who is the DR in Broadcast/NBMA segments using sho ip ospf Database cmd ??????????
Ans:--The "Net Link States" table shows Who is the DR (BDR cant be found) in teh Adv Router Column for the given Segment as represented by the Link ID
Network Type : NBMA (Updates sent as Replicated Unicast) Has DR/BDR Election, but needs neighbor stmts to be added for Updates to be sent to it as unicast
Hello = 30s , Dead = 120s
FR Main Int
FR multipoint sub-int
ATM interfaces
in FR Hub and spoke env
- Default Network Type for FR (NBMA)
- neighbor cmds under ospf process required on hub, since updates sent as Unicast
- frame-realy map stmts DON'T need broadcast keyword
- ip ospf prio 0 req for spoke sites, so as to avoid them becoming DR/BDR
- If you notice: Next HOp Modification doesn't happen.
- if you notice: DR/BDR are elected.
#################OSPF Network Point to Multipoint #####################
-Not a default Option , need to ue intf cmd "ip ospf network point-to-multipoint"
-Sends hellos as Multicast on 224.0.0.5
-Modifies the next hop
-No DR/BDR elecetion
-Adds in routing table Host /32 route for end points of the links, then uses recursive looksups to find the interface.
-Ensure that you have a broadcast keyword in frame-relay map cmd to allow multicast traffic
-U need to have ONLY 1 Mapping from Spoke to HUB. Rest of L2 mapping is taken care at L3 via OSPF mulitpoint technology
The functional difference between OSPF network type point-to-multipoint versus
broadcast and non-broadcast network types is how point-to-multipoint deals with nexthop
resolution on a non-broadcast media. OSPF network type point-to-multipoint treats
the network as a collection of point-to-point links instead of one flat broadcast network.
With the network types non-broadcast and broadcast, OSPF does not understand that
the underlying layer 2 topology may not mirror a flat layer 3 network. With OSPF network
types broadcast and non-broadcast, next hop values are not modified when updates are
transmitted across an NBMA media. This implies that devices on the NBMA cloud
require layer 3 to layer 2 resolution for any endpoint injecting routes into the network.
With OSPF network type point-to-multipoint, next hop values are modified to the address
of the directly connected neighbor when they are advertised across the NBMA cloud.
This implies that routers on the NBMA network only need layer 3 to layer 2 resolution for
directly connected neighbors when running OSPF network point-to-mulitpoint.
in FR Hub and spoke env
- NOT a Default Network Type for FR
- NO neighbor cmds under ospf process required on hub, since updates sent as multicast
- frame-realy map stmts need broadcast keyword, but only "ONE" map stmt to the HUB, rest are resolved by
- ip ospf prio 0 NOT req for spoke sites, NO DR/BDR in this TYpe
- If you notice: Next HOp Modification DOES happen. There are /32 Routes added for the Link address and the Remtoe networks are pointed to this Link /32 Address.
- if you notice: DR/BDR are NOT elected ( Not supported).
#################OSPF Network Point to Multipoint NonBroadcast #######
-Not a Default Option, use intf cmd "ip ospf network point-to-multipoint non-broadcast"
- Sends hellos as unicast
-neighbor stmts required
-no DR/BDR electioin
- Modifies next-hop
-Can be used when we have PVCs with different costs
-in ethernet : diff BW values for diff neighbors in the link
in FR Hub and spoke env
- NOT a Default Network Type for FR
- Neighbor cmds under ospf process required on hub, since updates sent as unicast
- frame-realy map stmts DON'T need broadcast keyword, AND only "ONE" map stmt to the HUB, rest are resolved by L3 (OSPF)
- ip ospf prio 0 NOT req for spoke sites, NO DR/BDR in this TYpe
- If you notice: Next HOp Modification DOES happen. There are /32 Routes added for the Link address and the Remtoe networks are pointed to this Link /32 Address.
- if you notice: DR/BDR are NOT elected ( Not supported).
- if you notice: ONLY this Network Type, allows COST to be modifed under OSPF process when defining neighbors. => neighbor 10.0.0.4 cost 50 , etc
##########How to change the Cost of a Link ? #########################
Typically to be used in scenarios where u have links > 100mbps , for e.g gig, 10g, OC3, etc
- Interface"Bandwidth"
- Interface "ip ospg cost"
- Process "auto-cost"
-Process "neighbor w.x.y.z cost" ==> used in Multipoint
TIP: How to calculate the Cost of an OPSF Link without using the formual ourselves ?
Ans: Configure on of the physcial lkinsk and change their BW in kbps and then type "sh ip ospf interface" to get its cost
############Point to Point #########
-no DR/BDR
-Update sent as Multicast
"ip ospf 1 area 0 " ==> Eabled at Interface level means that we include the interface for a given area, and ALSO, the secondary addresses if any configured on the itnerface are also enabled for OSPF
This means the secondary addresses will also send out "hello" and form adj
in FR Hub and spoke env
- NOT a Default Network Type for FR
- NO Neighbor cmds under ospf process required on hub, since updates sent as multicast
- frame-realy map stmts need broadcast keyword, since only 1 neighbor, only 1 MAP stmt
- ip ospf prio 0 NOT req for spoke sites, NO DR/BDR in this TYpe
- If you notice: Next HOp Modification DOES NOT happen.
- if you notice: DR/BDR are NOT elected ( Not supported).
Summaray: OSPF network Types
Broadcast can be adj to Non-Broadcast as they both have DR/BDR concept, however we need to ensure tha the Hello/Dead timers are matched
Point-to-point can be adj with Point-to-Multipoint OR adj with point-to-multipoint non-broadcast, as they dont have DR/BDR concept, however we need to ensure tha the Hello/Dead timers are matched
V.V IMP: What gets affected with non-compatible nwks but it appears that u are formining adj , but actually its a neighbor relnaship but not truly adj
-unicast/multicast
-DR/BDR Election
-Next-hop processing
######### OSPF fast Hellos ##############
ip ospf dead-interval minimal hello-multiplier 5
- interface level cmd
- dead int = 1s , hello= 200msx5=1000ms =1s
-so hello sent out every 200ms
Day 2: IP Routing, PPP, RIP
CCIE IE CoD IP ROuting
31/03/2008
####Load Balancing occurs at L2 #######
For e.g U might see multiple enteries in routing table for a particular detination
However, we might not have enabled the Load Balancing on L2, i.e CEF disabled
####Can we debug Traffic ? #########
UNless traffic is process switched, we will not see its debug on deb ip packet o/p
Also traffic LOCALLY destined to and from the router is always process switched
Thus to disable CEF, do no ip mroute-cache (for multicast) no ip route-cache at interface level to debug transist traffic
If at any stage in debug messages, if we see, encapsulation failed, ==> no L2 to l3 Mappings are available (true for Ethernet/FR)
########Floating Static ROute ############
Frame Relay: Main Interface Status ( UP/UP, etc) is based on LMI whereas
Sub-Interface Status is based on the PVC status
Hence route Pointed to Main Interface never goes down as long as the LMI from Switch are recd by the Router
==> Floating Static ROute with Higer AD never gets installed as the primary static route is never removed
For Point to Point Subinterface: If PVC goes down, then implicitly Main intf goes down as well
For Multipoint Subinterface: If PVC goes down, Sub iNtf goes down, but for Main intg to go down we need all the DLCI to go down
############GRE ######################
IP Protocol 47
has ability to do end to end keepalives
tunnel dest must not recurse out the tunnel interface, use one of the physical interfaces...
##################RIP ###################
RIP v2 works overs Multicast 224.0.0.9, but provides an option on chaninging it to Broadcast using cmd "ip rip v2 broadcast"
So why shud we know this ? Cos in LAB when we asked to FILTER (ACL) we can use Log stmt so tht we can see if it breaks RIP in the DENY Log
RIPv1 is not UNofficially a topic in LAB, but can exspect to be asked to support Rece or Send of RIP v1
RIPv2 might appear in LAB
no auto-summary is not always need to be applied, so dont make it a habit
wht's done at interface level overrides the stuff done at routing (global) level
default:send v1, rec v1 and v2 , but if we cchange this in routin proc, it changes the interface level stuff to send --v2 and rec -v2
Split Horizon: Enabled for all interfaces except for main int in FR
"ip spilt-horizon"
affects FR Hub and Spoke , so we need to disable under a FR sub-interface
If its main interface, split-horizin is disabled automatically
NOTE: For SVI, split-horizon is enabled
For EIGRP: Look into sh run to chk if its disabled or not
"sh ip interface" will show only for RIP
Under Router Rip, when u give a network cmd
==> it automatically advertises the Network is included under that network
To avoid that use Passive interface to disable sending the updates, but cannot stop receiving the updates and advertsing tht network via other interface
To avoid sending out (advertising) the network via other interfaces, use distribute list
If u dont want to rec updates, use ACL or use Authentication ON, and fail them (but this needs to set receive-ver v2),
OR, use neighbor cmd on the routers and on the switch black-hole the MAC address used by the Multicast Address
OR, use distance and set it to 255, but can only affect inbound routes not for outbound routes
Offset-list
Can be used to increase (cannot decrease) the metric along with an ACL
if access-list "0" is provided mean all routers
Can be used also for RIp by {Poisoning} by setting unusable routers by adding offset to 15 or 16, need to find in REAL LAB. Think about the HOP count already received by you. No HARD Coded Rule
Access-list used for Offset List need to be such that it doesnt look at the subnet mask, it only needs to look at the NETWORK portion of the route only.
for e.g : /24 route , access-list 1 permit 150.1.5.0 0.0.0.0 and not 0.0.0.255
o validate-update-source. ==>Disable the validation of the source IP address of incoming RIP routing updates.
REMEMBER: CCIE Test is not a test for Best Practise and Design, So even though ur traffic takes a sub-optimal routing, U DONT CARE, UNLESS THEY ASK U TO WORRY ABT IT
REMEMBER: Similary for REDUCNDANCY case. If they dont explicity ask, we dont worry abt it
#################### PPP ###################################
Features as compared v/s HDLC
-Authentication
-Multilink
-Reliability (RFC 1663)
-ppp reliable-link
-Error Thresholds
-ppp quality percentage
-Optimised PPP Negotiation
-ROuting
-peer neighbor route (ON by Default)
##peer neighbor route##
-Used to provide reacability whe both ends of the PPP link are not on the same logical subnet e.g ip Unnumbered
-Can be safely disabled when both ends of the link are on the same logical IP subnet
- Only needed if using ip unnumbered
NOTE: Subnet mask is not learned with PPP, So it can cause routing issues, Beware.
IN REAL World: Either FR or PPP or HDLC , in WAN Env, you cannot ping yourself
Cos the Ping Packet is placed on the Wire, if the Link's down and if the Remote End is down, then
u cant ping remote end and u cant ping urself, since the packet it sent across the wire. Even if u ping urself, the Packet is sent across the wire
REMEMBER: For PPP Authentication PAP (or CHAP) password must be saved using useranme ... password 0 (or 7) ......
Dont get trapped into using username .... secret ......
Since secret == mean encrypt using MD5,
==> PAP/CHAP cannot work with this HASH value, they need the clear text value to generate their own HASH
###################Policy ROuting ########################
NOTE: When creating new access-list, alwasy ensure that its not already created for some other task
by issuing sh ip access-list.
31/03/2008
####Load Balancing occurs at L2 #######
For e.g U might see multiple enteries in routing table for a particular detination
However, we might not have enabled the Load Balancing on L2, i.e CEF disabled
####Can we debug Traffic ? #########
UNless traffic is process switched, we will not see its debug on deb ip packet o/p
Also traffic LOCALLY destined to and from the router is always process switched
Thus to disable CEF, do no ip mroute-cache (for multicast) no ip route-cache at interface level to debug transist traffic
If at any stage in debug messages, if we see, encapsulation failed, ==> no L2 to l3 Mappings are available (true for Ethernet/FR)
########Floating Static ROute ############
Frame Relay: Main Interface Status ( UP/UP, etc) is based on LMI whereas
Sub-Interface Status is based on the PVC status
Hence route Pointed to Main Interface never goes down as long as the LMI from Switch are recd by the Router
==> Floating Static ROute with Higer AD never gets installed as the primary static route is never removed
For Point to Point Subinterface: If PVC goes down, then implicitly Main intf goes down as well
For Multipoint Subinterface: If PVC goes down, Sub iNtf goes down, but for Main intg to go down we need all the DLCI to go down
############GRE ######################
IP Protocol 47
has ability to do end to end keepalives
tunnel dest must not recurse out the tunnel interface, use one of the physical interfaces...
##################RIP ###################
RIP v2 works overs Multicast 224.0.0.9, but provides an option on chaninging it to Broadcast using cmd "ip rip v2 broadcast"
So why shud we know this ? Cos in LAB when we asked to FILTER (ACL) we can use Log stmt so tht we can see if it breaks RIP in the DENY Log
RIPv1 is not UNofficially a topic in LAB, but can exspect to be asked to support Rece or Send of RIP v1
RIPv2 might appear in LAB
no auto-summary is not always need to be applied, so dont make it a habit
wht's done at interface level overrides the stuff done at routing (global) level
default:send v1, rec v1 and v2 , but if we cchange this in routin proc, it changes the interface level stuff to send --v2 and rec -v2
Split Horizon: Enabled for all interfaces except for main int in FR
"ip spilt-horizon"
affects FR Hub and Spoke , so we need to disable under a FR sub-interface
If its main interface, split-horizin is disabled automatically
NOTE: For SVI, split-horizon is enabled
For EIGRP: Look into sh run to chk if its disabled or not
"sh ip interface" will show only for RIP
Under Router Rip, when u give a network cmd
==> it automatically advertises the Network is included under that network
To avoid that use Passive interface to disable sending the updates, but cannot stop receiving the updates and advertsing tht network via other interface
To avoid sending out (advertising) the network via other interfaces, use distribute list
If u dont want to rec updates, use ACL or use Authentication ON, and fail them (but this needs to set receive-ver v2),
OR, use neighbor cmd on the routers and on the switch black-hole the MAC address used by the Multicast Address
OR, use distance and set it to 255, but can only affect inbound routes not for outbound routes
Offset-list
Can be used to increase (cannot decrease) the metric along with an ACL
if access-list "0" is provided mean all routers
Can be used also for RIp by {Poisoning} by setting unusable routers by adding offset to 15 or 16, need to find in REAL LAB. Think about the HOP count already received by you. No HARD Coded Rule
Access-list used for Offset List need to be such that it doesnt look at the subnet mask, it only needs to look at the NETWORK portion of the route only.
for e.g : /24 route , access-list 1 permit 150.1.5.0 0.0.0.0 and not 0.0.0.255
o validate-update-source. ==>Disable the validation of the source IP address of incoming RIP routing updates.
REMEMBER: CCIE Test is not a test for Best Practise and Design, So even though ur traffic takes a sub-optimal routing, U DONT CARE, UNLESS THEY ASK U TO WORRY ABT IT
REMEMBER: Similary for REDUCNDANCY case. If they dont explicity ask, we dont worry abt it
#################### PPP ###################################
Features as compared v/s HDLC
-Authentication
-Multilink
-Reliability (RFC 1663)
-ppp reliable-link
-Error Thresholds
-ppp quality percentage
-Optimised PPP Negotiation
-ROuting
-peer neighbor route (ON by Default)
##peer neighbor route##
-Used to provide reacability whe both ends of the PPP link are not on the same logical subnet e.g ip Unnumbered
-Can be safely disabled when both ends of the link are on the same logical IP subnet
- Only needed if using ip unnumbered
NOTE: Subnet mask is not learned with PPP, So it can cause routing issues, Beware.
IN REAL World: Either FR or PPP or HDLC , in WAN Env, you cannot ping yourself
Cos the Ping Packet is placed on the Wire, if the Link's down and if the Remote End is down, then
u cant ping remote end and u cant ping urself, since the packet it sent across the wire. Even if u ping urself, the Packet is sent across the wire
REMEMBER: For PPP Authentication PAP (or CHAP) password must be saved using useranme ... password 0 (or 7) ......
Dont get trapped into using username .... secret ......
Since secret == mean encrypt using MD5,
==> PAP/CHAP cannot work with this HASH value, they need the clear text value to generate their own HASH
###################Policy ROuting ########################
NOTE: When creating new access-list, alwasy ensure that its not already created for some other task
by issuing sh ip access-list.
Tuesday, April 01, 2008
Power of Positive Talk !
(Via an Email )
Power of Positive Talk
I remember my dad teaching me the power of language at a very young age. Not only did my dad understand that specific words affect our mental pictures, but he understood words are a powerful programming factor in lifelong success.
One particularly interesting event occurred when I was eight. As a kid, I was always climbing trees, poles, and literally hanging around upside down from the rafters of our lake house. So, it came to no surprise for my dad to find me at the top of a 30-foot tree swinging back and forth. My little eight-year-old brain didn't realize the tree could break or I could get hurt. I just thought it was fun to be up so high.
My older cousin, Tammy, was also in the same tree. She was hanging on the first big limb, about ten feet below me. Tammy's mother also noticed us at the exact time my dad did. About that time a huge gust of wind came over the tree. I could hear the leaves start to rattle and the tree begin to sway. I remember my dad's voice over the wind yell, "Bart, Hold on tightly." So I did. The next thing I know, I heard Tammy screaming at the top of her lungs, laying flat on the ground. She had fallen out of the tree.
I scampered down the tree to safety. My dad later told me why she fell and I did not. Apparently, when Tammy's mother felt the gust of wind, she yelled out, "Tammy, don't fall!" And Tammy did… fall.
My dad then explained to me that the mind has a very difficult time processing a negative image. In fact, people who rely on internal pictures cannot see a negative at all. In order for Tammy to process the command of not falling, her nine-year-old brain had to first imagine falling, then try to tell the brain not to do what it just imagined. Whereas, my eight-year-old brain instantly had an internal image of me hanging on tightly.
This concept is especially useful when you are attempting to break a habit or set a goal. You can't visualize not doing something. The only way to properly visualize not doing something is to actually find a word for what you want to do and visualize that. For example, when I was thirteen years old, I played for my junior high school football team. I tried so hard to be good, but I just couldn't get it together at that age. I remember hearing the words run through my head as I was running out for a pass, "Don't drop it!" Naturally, I dropped the ball.
My coaches were not skilled enough to teach us proper "self-talk." They just thought some kids could catch and others couldn't. I'll never make it pro, but I'm now a pretty good Sunday afternoon football player, because all my internal dialogue is positive and encourages me to win. I wish my dad had coached me playing football instead of just climbing trees. I might have had a longer football career.
Here is a very easy demonstration to teach your kids and your friends the power of a toxic vocabulary. Ask them to hold a pen or pencil. Hand it to them. Now, follow my instructions carefully. Say to them, "Okay, try to drop the pencil." Observe what they do.
Most people release their hands and watch the pencil hit the floor. You respond, "You weren't paying attention. I said TRY to drop the pencil. Now please do it again." Most people then pick up the pencil and pretend to be in excruciating pain while their hand tries but fails to drop the pencil.
The point is made.
If you tell your brain you will "give it a try," you are actually telling your brain to fail. I have a "no try" rule in my house and with everyone I interact with. Either people will do it or they won't. Either they will be at the party or they won't. I'm brutal when people attempt to lie to me by using the word try. Do they think I don't know they are really telegraphing to the world they have no intention of doing it but they want me to give them brownie points for pretended effort? You will never hear the words "I'll try" come out of my mouth unless I'm teaching this concept in a seminar.
If you "try" and do something, your unconscious mind has permission not to succeed. If I truly can't make a decision I will tell the truth. "Sorry John. I'm not sure if I will be at your party or not. I've got an outstanding commitment. If that falls through, I will be here. Otherwise, I will not. Thanks for the invite."
People respect honesty. So remove the word "try" from your vocabulary.
My dad also told me that psychologists claim it takes seventeen positive statements to offset one negative statement. I have no idea if it is true, but the logic holds true. It might take up to seventeen compliments to offset the emotional damage of one harsh criticism.
These are concepts that are especially useful when raising children.
Ask yourself how many compliments you give yourself daily versus how many criticisms. Heck, I know you are talking to yourself all day long. We all have internal voices that give us direction.
So, are you giving yourself the 17:1 ratio or are you shortchanging yourself with toxic self-talk like, " I'm fat. Nobody will like me. I'll try this diet. I'm not good enough. I'm so stupid. I'm broke, etc. etc."
If our parents can set a lifetime of programming with one wrong statement, imagine the kind of programming you are doing on a daily basis with your own internal dialogue. Here is a list of Toxic Vocabulary words.
Notice when you or other people use them.
ؠBut: Negates any words that are stated before it.
ؠTry: Presupposes failure.
ؠIf: Presupposes that you may not.
ؠMight: It does nothing definite. It leaves options for your listener.
ؠWould Have: Past tense that draws attention to things that didn't actually happen.
ؠShould Have: Past tense that draws attention to things that didn't actually happen (and implies guilt.)
ؠCould Have: Past tense that draws attention to things that didn't actually happen but the person tries to take credit as if it did happen.
ؠCan't/Don't: These words force the listener to focus on exactly the opposite of what you want. This is a classic mistake that parents and coaches make without knowing the damage of this linguistic error.
Examples:
Toxic phrase: "Don't drop the ball!"
Likely result: Drops the ball
Better language: "Catch the ball!"
Toxic phrase: "You shouldn't watch so much television."
Likely result: Watches more television.
Better language: "I read too much television makes people stupid. You might find yourself turning that TV off and picking up one of those books more often!"
Exercise: Take a moment to write down all the phrases you use on a daily basis or any Toxic self-talk that you have noticed yourself using. Write these phrases down so you will begin to catch yourself as they occur and change them.
Regards,
--
Do forward it to your friends wherever you can to spread the knowledge. You will surely be remembered for Good.
Regards,
About the Writer
By qualification the writer is a B.tech(CSE), MBA(Finance), CFA, CFP, NCFM (All modules), AMFI (advisors) and expert Technical and Fundamental Analyst.
The writer of this article(technicals.expert@gmail.com) is a technical expert and the purpose of whom is to educate the investors/traders/students with the expert stock market terminologies and knowledge so as to equip them with the right arms to battle in the stock market or their career.
Remember "Free Tips" are for today which may work or not but KNOWLEDGE is a tip forever which will never fail.
The writer has recently started an educationary group http://groups.google.com/group/stock-market-experts for making people aware of technical and fundamental analysis and the software training/softwares used in the stock market.
Power of Positive Talk
I remember my dad teaching me the power of language at a very young age. Not only did my dad understand that specific words affect our mental pictures, but he understood words are a powerful programming factor in lifelong success.
One particularly interesting event occurred when I was eight. As a kid, I was always climbing trees, poles, and literally hanging around upside down from the rafters of our lake house. So, it came to no surprise for my dad to find me at the top of a 30-foot tree swinging back and forth. My little eight-year-old brain didn't realize the tree could break or I could get hurt. I just thought it was fun to be up so high.
My older cousin, Tammy, was also in the same tree. She was hanging on the first big limb, about ten feet below me. Tammy's mother also noticed us at the exact time my dad did. About that time a huge gust of wind came over the tree. I could hear the leaves start to rattle and the tree begin to sway. I remember my dad's voice over the wind yell, "Bart, Hold on tightly." So I did. The next thing I know, I heard Tammy screaming at the top of her lungs, laying flat on the ground. She had fallen out of the tree.
I scampered down the tree to safety. My dad later told me why she fell and I did not. Apparently, when Tammy's mother felt the gust of wind, she yelled out, "Tammy, don't fall!" And Tammy did… fall.
My dad then explained to me that the mind has a very difficult time processing a negative image. In fact, people who rely on internal pictures cannot see a negative at all. In order for Tammy to process the command of not falling, her nine-year-old brain had to first imagine falling, then try to tell the brain not to do what it just imagined. Whereas, my eight-year-old brain instantly had an internal image of me hanging on tightly.
This concept is especially useful when you are attempting to break a habit or set a goal. You can't visualize not doing something. The only way to properly visualize not doing something is to actually find a word for what you want to do and visualize that. For example, when I was thirteen years old, I played for my junior high school football team. I tried so hard to be good, but I just couldn't get it together at that age. I remember hearing the words run through my head as I was running out for a pass, "Don't drop it!" Naturally, I dropped the ball.
My coaches were not skilled enough to teach us proper "self-talk." They just thought some kids could catch and others couldn't. I'll never make it pro, but I'm now a pretty good Sunday afternoon football player, because all my internal dialogue is positive and encourages me to win. I wish my dad had coached me playing football instead of just climbing trees. I might have had a longer football career.
Here is a very easy demonstration to teach your kids and your friends the power of a toxic vocabulary. Ask them to hold a pen or pencil. Hand it to them. Now, follow my instructions carefully. Say to them, "Okay, try to drop the pencil." Observe what they do.
Most people release their hands and watch the pencil hit the floor. You respond, "You weren't paying attention. I said TRY to drop the pencil. Now please do it again." Most people then pick up the pencil and pretend to be in excruciating pain while their hand tries but fails to drop the pencil.
The point is made.
If you tell your brain you will "give it a try," you are actually telling your brain to fail. I have a "no try" rule in my house and with everyone I interact with. Either people will do it or they won't. Either they will be at the party or they won't. I'm brutal when people attempt to lie to me by using the word try. Do they think I don't know they are really telegraphing to the world they have no intention of doing it but they want me to give them brownie points for pretended effort? You will never hear the words "I'll try" come out of my mouth unless I'm teaching this concept in a seminar.
If you "try" and do something, your unconscious mind has permission not to succeed. If I truly can't make a decision I will tell the truth. "Sorry John. I'm not sure if I will be at your party or not. I've got an outstanding commitment. If that falls through, I will be here. Otherwise, I will not. Thanks for the invite."
People respect honesty. So remove the word "try" from your vocabulary.
My dad also told me that psychologists claim it takes seventeen positive statements to offset one negative statement. I have no idea if it is true, but the logic holds true. It might take up to seventeen compliments to offset the emotional damage of one harsh criticism.
These are concepts that are especially useful when raising children.
Ask yourself how many compliments you give yourself daily versus how many criticisms. Heck, I know you are talking to yourself all day long. We all have internal voices that give us direction.
So, are you giving yourself the 17:1 ratio or are you shortchanging yourself with toxic self-talk like, " I'm fat. Nobody will like me. I'll try this diet. I'm not good enough. I'm so stupid. I'm broke, etc. etc."
If our parents can set a lifetime of programming with one wrong statement, imagine the kind of programming you are doing on a daily basis with your own internal dialogue. Here is a list of Toxic Vocabulary words.
Notice when you or other people use them.
ؠBut: Negates any words that are stated before it.
ؠTry: Presupposes failure.
ؠIf: Presupposes that you may not.
ؠMight: It does nothing definite. It leaves options for your listener.
ؠWould Have: Past tense that draws attention to things that didn't actually happen.
ؠShould Have: Past tense that draws attention to things that didn't actually happen (and implies guilt.)
ؠCould Have: Past tense that draws attention to things that didn't actually happen but the person tries to take credit as if it did happen.
ؠCan't/Don't: These words force the listener to focus on exactly the opposite of what you want. This is a classic mistake that parents and coaches make without knowing the damage of this linguistic error.
Examples:
Toxic phrase: "Don't drop the ball!"
Likely result: Drops the ball
Better language: "Catch the ball!"
Toxic phrase: "You shouldn't watch so much television."
Likely result: Watches more television.
Better language: "I read too much television makes people stupid. You might find yourself turning that TV off and picking up one of those books more often!"
Exercise: Take a moment to write down all the phrases you use on a daily basis or any Toxic self-talk that you have noticed yourself using. Write these phrases down so you will begin to catch yourself as they occur and change them.
Regards,
--
Do forward it to your friends wherever you can to spread the knowledge. You will surely be remembered for Good.
Regards,
About the Writer
By qualification the writer is a B.tech(CSE), MBA(Finance), CFA, CFP, NCFM (All modules), AMFI (advisors) and expert Technical and Fundamental Analyst.
The writer of this article(technicals.expert@gmail.com) is a technical expert and the purpose of whom is to educate the investors/traders/students with the expert stock market terminologies and knowledge so as to equip them with the right arms to battle in the stock market or their career.
Remember "Free Tips" are for today which may work or not but KNOWLEDGE is a tip forever which will never fail.
The writer has recently started an educationary group http://groups.google.com/group/stock-market-experts for making people aware of technical and fundamental analysis and the software training/softwares used in the stock market.
Realty Check, Two Weeks into Preparation
Its time for a quick realty check. Its been over two weeks since I started preparing for the LAB.
Honestly, as per my original strategy, I was supposed to devote 3 hours per day until end of May08. However If I look back at the past 2 weeks, I don't really think I have been able to do that.
Is procrastination catching up on me ?
I am looking for excuses here. I know, I am not able to gain momentum. But I want to be able to give myself 2 more weeks from today before I panic.
At the moment I am taking it easy. Yes I am running LATE. I hope to cover up on lost hours. I don't know how though !
I still cant seem to get over my need to sleep for 8 hours or more. I tried a couple of times to get up early and sit back late. But its sapping my energy out the next day. I look Jaded and can't concentrate. I fell sick and had acidity and indigestion issues.
I still cant seem to gather the necessary concentration to be able to sit for hours reading/viewing Technical Content. The mind starts to wander off in 25-30mins and the lapses are concerning to say the least.
Do I need the whip to keep myself on track ?
I reacll back in schooling/engineering days, I was not like this. If I can only find the difference in such a large change in attitude it will help.
All I need is the concentration and commitment. I have the ability.
As far as reading the CoD goes, I am still at Day 2 and this part of the CoD is the easiest. I wonder what will happen when i reach the difficult sections , BGP/Multicast/IOS Security/..........
Its frustrating to let my own self down. But life (procrastination) has made me learn to get comfortable with it and forget. I dont want to procrastinate.
I want to wake UP.
The time is NOW !
Honestly, as per my original strategy, I was supposed to devote 3 hours per day until end of May08. However If I look back at the past 2 weeks, I don't really think I have been able to do that.
Is procrastination catching up on me ?
I am looking for excuses here. I know, I am not able to gain momentum. But I want to be able to give myself 2 more weeks from today before I panic.
At the moment I am taking it easy. Yes I am running LATE. I hope to cover up on lost hours. I don't know how though !
I still cant seem to get over my need to sleep for 8 hours or more. I tried a couple of times to get up early and sit back late. But its sapping my energy out the next day. I look Jaded and can't concentrate. I fell sick and had acidity and indigestion issues.
I still cant seem to gather the necessary concentration to be able to sit for hours reading/viewing Technical Content. The mind starts to wander off in 25-30mins and the lapses are concerning to say the least.
Do I need the whip to keep myself on track ?
I reacll back in schooling/engineering days, I was not like this. If I can only find the difference in such a large change in attitude it will help.
All I need is the concentration and commitment. I have the ability.
As far as reading the CoD goes, I am still at Day 2 and this part of the CoD is the easiest. I wonder what will happen when i reach the difficult sections , BGP/Multicast/IOS Security/..........
Its frustrating to let my own self down. But life (procrastination) has made me learn to get comfortable with it and forget. I dont want to procrastinate.
I want to wake UP.
The time is NOW !
As time goes by !
Today I have finished a Year at Cisco.
Yes its been a roller coaster ride.
The key achievements that I can put forth are
### Professional ###
1) Went to Colombia, my FIRST Overseas Engagement and got a CAP award on my very FIRST assignment
2) Bought a Maruti Swift VXi, my FIRST CAR
3) Completed a Major ISC Upgrade at India's Largest Tier-1 ISP, my FIRST interaction with Indian ISPs
### Personal ###
3) Became a Proud Father, my FIRST child
4) Completed CCIE Written, my Certification for a long long time
5) Chasing CCIE Lab
6) Living my DREAM !
So what holds for me in future ?
1) CCIE LAB
2) More Onsite Engagements ?
So as you see, I haven't particularly managed to amass tons of money, but i did chase quite a few FIRSTs.
I sleep well at nights, and for me, if at the end of the day, if you can sleep well, you have done a satisfying job at work.
I really haven't got to a stage where I can see myself one year down the line in Cisco. Honestly, there has been a lot happening at Personal Front to take my focus off.
lets see how it all goes.
Happy Anniversary Dharmesh@Cisco.
Yes its been a roller coaster ride.
The key achievements that I can put forth are
### Professional ###
1) Went to Colombia, my FIRST Overseas Engagement and got a CAP award on my very FIRST assignment
2) Bought a Maruti Swift VXi, my FIRST CAR
3) Completed a Major ISC Upgrade at India's Largest Tier-1 ISP, my FIRST interaction with Indian ISPs
### Personal ###
3) Became a Proud Father, my FIRST child
4) Completed CCIE Written, my Certification for a long long time
5) Chasing CCIE Lab
6) Living my DREAM !
So what holds for me in future ?
1) CCIE LAB
2) More Onsite Engagements ?
So as you see, I haven't particularly managed to amass tons of money, but i did chase quite a few FIRSTs.
I sleep well at nights, and for me, if at the end of the day, if you can sleep well, you have done a satisfying job at work.
I really haven't got to a stage where I can see myself one year down the line in Cisco. Honestly, there has been a lot happening at Personal Front to take my focus off.
lets see how it all goes.
Happy Anniversary Dharmesh@Cisco.
Subscribe to:
Posts (Atom)