CCIE IE CoD IP ROuting
31/03/2008
####Load Balancing occurs at L2 #######
For e.g U might see multiple enteries in routing table for a particular detination
However, we might not have enabled the Load Balancing on L2, i.e CEF disabled
####Can we debug Traffic ? #########
UNless traffic is process switched, we will not see its debug on deb ip packet o/p
Also traffic LOCALLY destined to and from the router is always process switched
Thus to disable CEF, do no ip mroute-cache (for multicast) no ip route-cache at interface level to debug transist traffic
If at any stage in debug messages, if we see, encapsulation failed, ==> no L2 to l3 Mappings are available (true for Ethernet/FR)
########Floating Static ROute ############
Frame Relay: Main Interface Status ( UP/UP, etc) is based on LMI whereas
Sub-Interface Status is based on the PVC status
Hence route Pointed to Main Interface never goes down as long as the LMI from Switch are recd by the Router
==> Floating Static ROute with Higer AD never gets installed as the primary static route is never removed
For Point to Point Subinterface: If PVC goes down, then implicitly Main intf goes down as well
For Multipoint Subinterface: If PVC goes down, Sub iNtf goes down, but for Main intg to go down we need all the DLCI to go down
############GRE ######################
IP Protocol 47
has ability to do end to end keepalives
tunnel dest must not recurse out the tunnel interface, use one of the physical interfaces...
##################RIP ###################
RIP v2 works overs Multicast 224.0.0.9, but provides an option on chaninging it to Broadcast using cmd "ip rip v2 broadcast"
So why shud we know this ? Cos in LAB when we asked to FILTER (ACL) we can use Log stmt so tht we can see if it breaks RIP in the DENY Log
RIPv1 is not UNofficially a topic in LAB, but can exspect to be asked to support Rece or Send of RIP v1
RIPv2 might appear in LAB
no auto-summary is not always need to be applied, so dont make it a habit
wht's done at interface level overrides the stuff done at routing (global) level
default:send v1, rec v1 and v2 , but if we cchange this in routin proc, it changes the interface level stuff to send --v2 and rec -v2
Split Horizon: Enabled for all interfaces except for main int in FR
"ip spilt-horizon"
affects FR Hub and Spoke , so we need to disable under a FR sub-interface
If its main interface, split-horizin is disabled automatically
NOTE: For SVI, split-horizon is enabled
For EIGRP: Look into sh run to chk if its disabled or not
"sh ip interface" will show only for RIP
Under Router Rip, when u give a network cmd
==> it automatically advertises the Network is included under that network
To avoid that use Passive interface to disable sending the updates, but cannot stop receiving the updates and advertsing tht network via other interface
To avoid sending out (advertising) the network via other interfaces, use distribute list
If u dont want to rec updates, use ACL or use Authentication ON, and fail them (but this needs to set receive-ver v2),
OR, use neighbor cmd on the routers and on the switch black-hole the MAC address used by the Multicast Address
OR, use distance and set it to 255, but can only affect inbound routes not for outbound routes
Offset-list
Can be used to increase (cannot decrease) the metric along with an ACL
if access-list "0" is provided mean all routers
Can be used also for RIp by {Poisoning} by setting unusable routers by adding offset to 15 or 16, need to find in REAL LAB. Think about the HOP count already received by you. No HARD Coded Rule
Access-list used for Offset List need to be such that it doesnt look at the subnet mask, it only needs to look at the NETWORK portion of the route only.
for e.g : /24 route , access-list 1 permit 150.1.5.0 0.0.0.0 and not 0.0.0.255
o validate-update-source. ==>Disable the validation of the source IP address of incoming RIP routing updates.
REMEMBER: CCIE Test is not a test for Best Practise and Design, So even though ur traffic takes a sub-optimal routing, U DONT CARE, UNLESS THEY ASK U TO WORRY ABT IT
REMEMBER: Similary for REDUCNDANCY case. If they dont explicity ask, we dont worry abt it
#################### PPP ###################################
Features as compared v/s HDLC
-Authentication
-Multilink
-Reliability (RFC 1663)
-ppp reliable-link
-Error Thresholds
-ppp quality percentage
-Optimised PPP Negotiation
-ROuting
-peer neighbor route (ON by Default)
##peer neighbor route##
-Used to provide reacability whe both ends of the PPP link are not on the same logical subnet e.g ip Unnumbered
-Can be safely disabled when both ends of the link are on the same logical IP subnet
- Only needed if using ip unnumbered
NOTE: Subnet mask is not learned with PPP, So it can cause routing issues, Beware.
IN REAL World: Either FR or PPP or HDLC , in WAN Env, you cannot ping yourself
Cos the Ping Packet is placed on the Wire, if the Link's down and if the Remote End is down, then
u cant ping remote end and u cant ping urself, since the packet it sent across the wire. Even if u ping urself, the Packet is sent across the wire
REMEMBER: For PPP Authentication PAP (or CHAP) password must be saved using useranme ... password 0 (or 7) ......
Dont get trapped into using username .... secret ......
Since secret == mean encrypt using MD5,
==> PAP/CHAP cannot work with this HASH value, they need the clear text value to generate their own HASH
###################Policy ROuting ########################
NOTE: When creating new access-list, alwasy ensure that its not already created for some other task
by issuing sh ip access-list.
No comments:
Post a Comment