QuistED.net

• Virtual Private Network
  • Route exchange privacy
  • Path determination for packets
  • Data Security
    • IPSec IP security
  • Collection of standized protocols that provide
    • Confidentiality
    • Integrity
    • Authentication
    • Anti-Reply

(more…)

• Transition technique designed to allow native IPv6 hosts to access IPv4-only content.
  • (Translation technique not a tunneling technique).
• Primarily used to allow v6 hosts to initiate connections to IPv4 content.
  • Mechanisms do exist to allow the reverse.
• Stateful and stateless versions.
  • stateful can use any prefix
  • stateless has restriction on prefix

NAT64 and DNS64 co-existance.

1. IPv6 host sends AAAA DNS Query
2. DNS64 server tries AAAA lookup and fails
3. DNS64 server successfully resolves IPv4 address
4. DNS64 server generates AAAA DNS response of <IPv6 prefix:IPv4 adress> and sends it back to the client.

(more…)

• point-to-point tunnels
• MCT ( manually configured tunnel )
• GRE ( Generic Routing Encapsulation )

• Virtual point-to-point between two IPv4 routers
• IPv6 iGP routing protocols can run over these virtual links.

(more…)

Similarities to IPv4

• Redistribution takes routes from the IP routing table, not from the iGP databases.
• Route maps can be used for filtering, metrics, route tags.
• Admnistrative distance has not changed.
• Options to prevent routing loops; Administrative distance, route tags, filtering.
• Syntax is the same.

Differences to IPv4

• Supported “match” commands in route-maps vary on iGP
  • OSPF/RIP cannot match op “route-type” with a Route-map
    • EIGRP has no problems using “route-type”
  • Route-map matching IPv6 ACLs must have IPv6 prefix as source portion and “any” as destination of ACL.
• IPv6 redistribute connected does not include interfaces running the iGP;
  • redistribute include-connected

RIPng

• UPD port number 521
• No autosummarization for IPv6
• Destination address FF02::9
• Link-Local next-hops
• IPv6 uses IPv6 AH/ESP Authentication
• Enable it on the interface
  • ipv6 rip CCNP enable fa0/0
• No network command

EIGRP IPv6

• EIGRP uses the neighbor’s link local address as the next-hop
• Destination FF02::AA
• Authentication relies on the IPv6 built-in authentication nad privacy
• IPv4 defaults to auto summarization, IPv6 doesn’t
  • ipv6 unicast-routing
  • ipv6 route eigrp 100
  • (config-if)#ipv6 eigrp 100
  • eigrp router-id RID

(more…)

BGP Path Attributes

“We Love Oranges AS Oranges Mean Pure Refreshment”

R1#sh ip bgp 40.40.40.0
*Mar  1 00:17:21.323: %SYS-5-CONFIG_I: Configured from console by console
R1#sh ip bgp 40.40.40.0
BGP routing table entry for 40.40.40.0/24, version 4
Paths: (2 available, best #1, table Default-IP-Routing-Table)
  Advertised to update-groups:
     1
  30
    3.3.3.2 from 3.3.3.2 (3.3.3.2)
      Origin IGP, metric 0, localpref 100, valid, external, best
  20
    2.2.2.2 from 2.2.2.2 (20.20.20.1)
      Origin IGP, metric 0, localpref 100, valid, external

R1#sh ip bgp
BGP table version is 4, local router ID is 3.3.3.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 20.20.20.0/24    2.2.2.2                  0             0 20 i
*> 30.30.30.0/24    3.3.3.2                  0             0 30 i
*> 40.40.40.0/24    3.3.3.2                  0             0 30 i
*                   2.2.2.2                  0             0 20 i

(more…)

• BGP filtering can be done on any routers
• Filtering can be done inbound and outbound
• After filtering is applied BGP neighbor must be reset or cleared for the filter to take effect
  • clear ip bgp 20.20.20.20 in/out  preferred
  • clear ip bgp *   (hard reset)
  • clear ip bgp 20.20.20.20 soft in/out

(more…)

sh ip bgp

R1#sh ip bgp
BGP table version is 6, local router ID is 10.10.10.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
     0.0.0.0          0.0.0.0                                0 i
 r>  1.1.1.0/30       20.20.20.1               0             0 20 ?
 r>  20.20.20.0/24    20.20.20.1               0             0 20 ?
 *>  30.30.30.0/24    20.20.20.1               0             0 20 ?
 *>i 40.40.40.0/24    1.1.2.2                  0    100      0 i

(more…)

Injecting routes into BGP.

• Use the network command.
  • Different than the network command in iGP; it isn’t used to listen/active interfaces.
  • the BGP network command looks for the prefix in the routing table and originates that into the BGP table.
  • If no mask is defined, IOS assumes a classful network.
  • Classful route is added if:
    • the exact route is in the ip routing table
    • Any subset of routes are in the routing table (only with auto-summery)
  • create a null0 route
    •  ip route 30.30.30.0 255.255.255.0 null0

router bgp 20
 bgp log-neighbor-changes
 network 30.30.30.0 mask 255.255.255.0
 neighbor 10.10.10.1 remote-as 10
 neighbor 10.10.10.1 ebgp-multihop 255
 neighbor 10.10.10.1 update-source Loopback1

(more…)

• Multiple path attributes to determine the best path for a certain prefix.
• When no path attributes are set, BGP uses the AS_PATH to determine the best route.
  • Shortest AS path wins
• AS_SEQ is the component of the AS_PATH attribute.
  • 10.10.10.0/24 20 10
    • AS-SEQ (in order)
• With summarization:
  • 10.10.0.0/16 20 10 { 1 2 5 4 3 }  
  • Prefix AS-PATH AS-SEQ  { AS-SET } 
    • AS-SET are not in order
• Prevents Routing loops.
• If a BGP router received an update with it’s own AS#, it indicates a loop.
• If a BGP router received an update with it’s own AS#, it drops the route.