SNMP & NTP
SNMP – Simple network management protocol
- Manager – Monitoring device
- Agent – Devices being monitored
- MIB – management information Base
- UDP port 161
- Uses GETs and SETs
- SNMP Traps
- Agent informs the manager.
- SNMPv1 and 2c have community strings.
- SNMPv3 has encryption and authentication.
- auth – Group using the AuthNoPriv Security Level
- Authentication: yes
- Privacy ( encryption ): no
- noauth – Group using the noAuthNoPriv Security Level
- Authentication: no
- Privacy ( encryption ): no
- Priv – Group using the AuthPriv Security Level
- Authentication: yes
- Privacy ( encryption ): yes
- auth – Group using the AuthNoPriv Security Level
- If no read view is defined , all objects can be read.
- If no write view is defined , no objects can be written.
- If no notify view is defined , group members are not sent notifications.
DMVPN
- Point-to-multipoint layer 3 overlay VPN
- Logical hub and spoke topology
- Direct spoke to spoke is support
DMVPN uses a combination of:
- Multipoint GRE tunnels (mGRE)
- Next Hop Resolution Protocol ( NHRP )
- IPsec Crypto Profiles
- Routing
VPN
- Virtual Private Network
- Route exchange privacy
- Path determination for packets
- Data Security
- IPSec IP security
- Collection of standized protocols that provide
- Confidentiality
- Integrity
- Authentication
- Anti-Reply
NAT64
- Transition technique designed to allow native IPv6 hosts to access IPv4-only content.
- (Translation technique not a tunneling technique).
- Primarily used to allow v6 hosts to initiate connections to IPv4 content.
- Mechanisms do exist to allow the reverse.
- Stateful and stateless versions.
- stateful can use any prefix
- stateless has restriction on prefix
NAT64 and DNS64 co-existance.
- IPv6 host sends AAAA DNS Query
- DNS64 server tries AAAA lookup and fails
- DNS64 server successfully resolves IPv4 address
- DNS64 server generates AAAA DNS response of <IPv6 prefix:IPv4 adress> and sends it back to the client.
IPv6 Tunnels
- point-to-point tunnels
- MCT ( manually configured tunnel )
- GRE ( Generic Routing Encapsulation )
- Virtual point-to-point between two IPv4 routers
- IPv6 iGP routing protocols can run over these virtual links.
IPv6 iGP redistribution
Similarities to IPv4
- Redistribution takes routes from the IP routing table, not from the iGP databases.
- Route maps can be used for filtering, metrics, route tags.
- Admnistrative distance has not changed.
- Options to prevent routing loops; Administrative distance, route tags, filtering.
- Syntax is the same.
Differences to IPv4
- Supported “match” commands in route-maps vary on iGP
- OSPF/RIP cannot match op “route-type” with a Route-map
- EIGRP has no problems using “route-type”
- Route-map matching IPv6 ACLs must have IPv6 prefix as source portion and “any” as destination of ACL.
- OSPF/RIP cannot match op “route-type” with a Route-map
- IPv6 redistribute connected does not include interfaces running the iGP;
- redistribute include-connected
IPv6 RIPng EIGRP OSPFv3
RIPng
- UPD port number 521
- No autosummarization for IPv6
- Destination address FF02::9
- Link-Local next-hops
- IPv6 uses IPv6 AH/ESP Authentication
- Enable it on the interface
- ipv6 rip CCNP enable fa0/0
- No network command
EIGRP IPv6
- EIGRP uses the neighbor’s link local address as the next-hop
- Destination FF02::AA
- Authentication relies on the IPv6 built-in authentication nad privacy
- IPv4 defaults to auto summarization, IPv6 doesn’t
- ipv6 unicast-routing
- ipv6 route eigrp 100
- (config-if)#ipv6 eigrp 100
- eigrp router-id RID
BGP Path Attributes
BGP Path Attributes
“We Love Oranges AS Oranges Mean Pure Refreshment”
Path | Description |
---|---|
W | Weight (highest) |
L | Local_pref (higest) |
O | Originate (Local) |
AS | AS_PATH (shortest) |
O | ORIGIN code ( igp > egp > incomplete) |
M | MED (lowest) |
P | Paths ( External > Internal) |
R | RID (Lowest) |
R1#sh ip bgp 40.40.40.0 *Mar 1 00:17:21.323: %SYS-5-CONFIG_I: Configured from console by console R1#sh ip bgp 40.40.40.0 BGP routing table entry for 40.40.40.0/24, version 4 Paths: (2 available, best #1, table Default-IP-Routing-Table) Advertised to update-groups: 1 30 3.3.3.2 from 3.3.3.2 (3.3.3.2) Origin IGP, metric 0, localpref 100, valid, external, best 20 2.2.2.2 from 2.2.2.2 (20.20.20.1) Origin IGP, metric 0, localpref 100, valid, external R1#sh ip bgp BGP table version is 4, local router ID is 3.3.3.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 20.20.20.0/24 2.2.2.2 0 0 20 i *> 30.30.30.0/24 3.3.3.2 0 0 30 i *> 40.40.40.0/24 3.3.3.2 0 0 30 i * 2.2.2.2 0 0 20 i
BGP Filtering
- BGP filtering can be done on any routers
- Filtering can be done inbound and outbound
- After filtering is applied BGP neighbor must be reset or cleared for the filter to take effect
- clear ip bgp 20.20.20.20 in/out preferred
- clear ip bgp * (hard reset)
- clear ip bgp 20.20.20.20 soft in/out