SNMP & NTP

SNMP – Simple network management protocol

  • Manager – Monitoring device
  • Agent – Devices being monitored
  • MIB – management information Base
  • UDP port 161
  • Uses GETs and SETs
  • SNMP Traps
    • Agent informs the manager.
  • SNMPv1 and 2c have community strings.
  • SNMPv3 has encryption and authentication.
    • auth – Group using the AuthNoPriv Security Level
      • Authentication: yes
      • Privacy ( encryption ): no
    • noauth – Group using the noAuthNoPriv Security Level
      • Authentication: no
      • Privacy ( encryption ): no
    • Priv – Group using the AuthPriv Security Level
      • Authentication: yes
      • Privacy ( encryption ): yes
  • If no read view is defined , all objects can be read.
  • If no write view is defined , no objects can be written.
  • If no notify view is defined , group members are not sent notifications.

(more…)

DMVPN

LAB III ( DMVPN, MGRE, NHRP, EIGRP)

  • Point-to-multipoint layer 3 overlay VPN
  • Logical hub and spoke topology
  • Direct spoke to spoke is support

DMVPN uses a combination of:

  • Multipoint GRE tunnels (mGRE)
  • Next Hop Resolution Protocol ( NHRP )
  • IPsec Crypto Profiles
  • Routing

(more…)

VPN

  • Virtual Private Network
    • Route exchange privacy
    • Path determination for packets
    • Data Security
      • IPSec IP security
    • Collection of standized protocols that provide
      • Confidentiality
      • Integrity
      • Authentication
      • Anti-Reply

(more…)

NAT64

  • Transition technique designed to allow native IPv6 hosts to access IPv4-only content.
    • (Translation technique not a tunneling technique).
  • Primarily used to allow v6 hosts to initiate connections to IPv4 content.
    • Mechanisms do exist to allow the reverse.
  • Stateful and stateless versions.
    • stateful can use any prefix
    • stateless has restriction on prefix

NAT64 and DNS64 co-existance.

  1. IPv6 host sends AAAA DNS Query
  2. DNS64 server tries AAAA lookup and fails
  3. DNS64 server successfully resolves IPv4 address
  4. DNS64 server generates AAAA DNS response of <IPv6 prefix:IPv4 adress> and sends it back to the client.

(more…)

IPv6 Tunnels

  • point-to-point tunnels
  • MCT ( manually configured tunnel )
  • GRE ( Generic Routing Encapsulation )
  • Virtual point-to-point between two IPv4 routers
  • IPv6 iGP routing protocols can run over these virtual links.

(more…)

IPv6 iGP redistribution

Similarities to IPv4

  • Redistribution takes routes from the IP routing table, not from the iGP databases.
  • Route maps can be used for filtering, metrics, route tags.
  • Admnistrative distance has not changed.
  • Options to prevent routing loops; Administrative distance, route tags, filtering.
  • Syntax is the same.

Differences to IPv4

  • Supported “match” commands in route-maps vary on iGP
    • OSPF/RIP cannot match op “route-type” with a Route-map
      • EIGRP has no problems using “route-type”
    • Route-map matching IPv6 ACLs must have IPv6 prefix as source portion and “any” as destination of ACL.
  • IPv6 redistribute connected does not include interfaces running the iGP;
    • redistribute include-connected

 

 

 

IPv6 RIPng EIGRP OSPFv3

RIPng

  • UPD port number 521
  • No autosummarization for IPv6
  • Destination address FF02::9
  • Link-Local next-hops
  • IPv6 uses IPv6 AH/ESP Authentication
  • Enable it on the interface
    • ipv6 rip CCNP enable fa0/0
  • No network command

EIGRP IPv6

  • EIGRP uses the neighbor’s link local address as the next-hop
  • Destination FF02::AA
  • Authentication relies on the IPv6 built-in authentication nad privacy
  • IPv4 defaults to auto summarization, IPv6 doesn’t
    • ipv6 unicast-routing
    • ipv6 route eigrp 100
    • (config-if)#ipv6 eigrp 100
    • eigrp router-id RID

(more…)

BGP Path Attributes

BGP Path Attributes

 

“We Love Oranges AS Oranges Mean Pure Refreshment”

PathDescription
WWeight (highest)
LLocal_pref (higest)
OOriginate (Local)
ASAS_PATH (shortest)
OORIGIN code ( igp > egp > incomplete)
MMED (lowest)
PPaths ( External > Internal)
RRID (Lowest)
R1#sh ip bgp 40.40.40.0
*Mar  1 00:17:21.323: %SYS-5-CONFIG_I: Configured from console by console
R1#sh ip bgp 40.40.40.0
BGP routing table entry for 40.40.40.0/24, version 4
Paths: (2 available, best #1, table Default-IP-Routing-Table)
  Advertised to update-groups:
     1
  30
    3.3.3.2 from 3.3.3.2 (3.3.3.2)
      Origin IGP, metric 0, localpref 100, valid, external, best
  20
    2.2.2.2 from 2.2.2.2 (20.20.20.1)
      Origin IGP, metric 0, localpref 100, valid, external

R1#sh ip bgp
BGP table version is 4, local router ID is 3.3.3.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 20.20.20.0/24    2.2.2.2                  0             0 20 i
*> 30.30.30.0/24    3.3.3.2                  0             0 30 i
*> 40.40.40.0/24    3.3.3.2                  0             0 30 i
*                   2.2.2.2                  0             0 20 i

(more…)

BGP Filtering

  • BGP filtering can be done on any routers
  • Filtering can be done inbound and outbound
  • After filtering is applied BGP neighbor must be reset or cleared for the filter to take effect
    • clear ip bgp 20.20.20.20 in/out  preferred
    • clear ip bgp *   (hard reset)
    • clear ip bgp 20.20.20.20 soft in/out

(more…)

BGP Next-hop & iBGP switching

sh ip bgp

R1#sh ip bgp
BGP table version is 6, local router ID is 10.10.10.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
     0.0.0.0          0.0.0.0                                0 i
 r>  1.1.1.0/30       20.20.20.1               0             0 20 ?
 r>  20.20.20.0/24    20.20.20.1               0             0 20 ?
 *>  30.30.30.0/24    20.20.20.1               0             0 20 ?
 *>i 40.40.40.0/24    1.1.2.2                  0    100      0 i

(more…)