Archive for the ‘ccnp’ Category
Woohoo! I passed the ROUTE test this morning. That means I’m done with the CCNP track! :)
If you remember, I took it over a week ago and had some bad luck on it. Alright, bad luck is the wrong phrase. I didn’t study enough and failed it. This time, though, I had a special weapon on my side – the ROUTE Foundations book. I haven’t used the Foundations books before, but, I saw some tweets about this one, so I picked it up off of Safari. In just a couple pages, I realized that I was reading the answers to several questions directly out of the book. It was amazing. I only studied my weak points and wound up with 144 more points than I did last time. I can’t say that was entirely because of the book, but I must say it was a big reason.
The test, like last time, was actually really good. The questions were well-written and clear for the most part. There were, of course, some that were confusing, but there weren’t any traps like you usually see in the other tests. A couple asked you to do contradictory things. There were a couple that just blasted you with information, but, if you read the question and know the material, the answer just pops right out at you. Overall, another great test. That makes 2 I’ve taken…and they’re both the 642-902. :)
I’m quite excited about finishing up. I’ve had a lot of failures along the way, but the support from the online community has been tremendous. Thanks to everyone who kept pushing me and telling me I could do it. I’m also happy to report that I kept the testing costs below the cost of the CCIE lab (barely) and that I may hold the record for number of P-level tests (8 P-levels tests and 10 overall) and overall Cisco test questions answered (535 questions). What an honor. *denotes sarcasm*
So, what’s next? I think I’m going to take a month or two off from networking to study up for a ham radio license. We get a lot of hurricanes down here, and having a good radio around will help us and the community out if such a disaster happens. I’m calling it prep for CCIE-Wireless. Heh. When I get done with that, I either plan on hitting up the CCIE-R&S or going down the CCDP track. I’m not really sure, but we’ll see when we get there.
Don’t worry. The blog will stay network-related. With the feedback from the study questions format, I think I’ll start a problem question and answer format. I’m also thinking of generating scenarios to work through. Again, we’ll see when we get there.
Send any trips to Delaware questions my way.
As always, corrections are requested.
- I’ve got IGRP and EIGRP both configured with the same AS number. What’s special about this configuration?
If both use the same AS number, then they automatically redistribute their routes into each other without using the redistribute command.
- When redistributing one IGP into another, where’s a good place to filter routes?
There’s no one good place, but at the router(s) that’s doing the redistribution is a good start. There’s no need to send an IGP a bunch of routes it doesn’t need.
- When redistributing one IGP into another, where’s a good place to summarize routes?
There’s no one good place, but that may be best done at the router just inside the redistributing router. If the redistributing router only sees the summary route, that’s what it will pass to the other IGP.
- What’s the default metric of RIP?
That’s infinity, so it’s unreachable with an explicit metric.
- I’ve redistributed OSPF into RIP, but I don’t see my subnets there. What gives?
RIP automatically summarized routes, so look for summaries instead of specific subnets.
- How can you limit the number of routes redistributed into EIGRP or OSPF?
Use the redistribute maximum-prefix X directive under the routing protocol, where X is the maximum number of routes.
- What are the metrics of connected routes when redistributed into EIGRP?
Those routes take the metric of the associated interface instead of using the metric you gave to the redistribution. [This seems fishy at best. Can anyone help clarify, please?]
- I have 845734928 interfaces on my router, but I only want to use 3 of them for EIGRP and only want to configure a single network statement. What’s the easiest way to do that?
Set all the interfaces as passive with the passive-interface default router subcommand. Next, make all your interesting interfaces non-passive with the no passive-interface X subcommand. Now you can configure network 0.0.0.0 255.255.255.255 to match all the interfaces, but only the interesting interfaces will participate.
- What is the term for the rank of trustworthiness a routing protocol provides?
- How can I change the AD of external EIGRP routes to 201 while keeping the default AD for internal EIGRP routes?
Router1(config-router)#distance eigrp 90 201
You have to set both, so you’ll have to remember that EIGRP has an AD of 90 for internal routes by default.
- How can I change the AD of OSPF routes to 192.168.0.0/24 to 202?
Router1(config)#access-list 88 permit 192.168.0.0 0.0.0.255
Router1(config)#router ospf X
Router1(config)#distance 202 0.0.0.0 255.255.255.255 88
- Is it possible to set the AD of different OSPF routes types like intra-area and interarea?
Yes. You can give it the old distance ospf inter-area X to change the AD. It also works for intra-area and external routes.
- Is it possible to set the AD of an external OSPF route to 192.168.100.0/24 to 202 without changing the others?
I would have though you could use a route-map for that, but I can’t find a proper set command in a route-map. [A little help, please.]
I didn’t do so well on IGP redistribution the last time out, so here’s some more stuff to study. As always, feel free to correct.
- What three things are needed to be able to redistribute one routing protocol into another?
1. One or more links into each routing protocol
2. A proper, working config for each protocol
3. The addition of the redistribute command to one or more of the protocols
- You just configured OSPF to redistribute EIGRP routes, but EIGRP, with the network statement of network 0.0.0.0 0.0.0.0, is configured with a passive interface. Does this interface’s connected network get redistributed?
Yes, it does. Even if it’s not participating in routing, it’s still an interface that EIGRP is configured to use, so it goes along for a ride on the redistribution train.
- Name three ways to set the metric of redistributed routes in EIGRP.
1. default-metric …
2. redistribute X metric …
3. redistribute X route-map …
- How can I set the metric for all OSPF routes redistributed into EIGRP?
Use the redistribute ospf X metric command.
- You are redistributing OSPF into EIGRP and want to set the metric of one particular route to another set of metric values (BW, delay, etc.). How do you do that?
Use a route-map to match the single route and to set the new values.
- Routes from what routing protocol need a metric set when redistributing into EIGRP? Routes from what protocols don’t?
Routes from another EIGRP instance have their metrics copied over; all others need to have it set.
- What’s the default metric of a BGP route when redistributed into OSPF? EIGRP?
BGP has a metric of 1 in OSPF. There is not default metric in EIGRP without some configuration.
- You left out the subnet keyword when redistributing EIGRP into OSPF. What is the result?
Only classful routes will be redistributed and only if EIGRP has a classful route to redistribute.
- You left out the subnet keyword when redistributing OSPF into EIGRP . What is the result?
There is no subnet keyword for redistribution under EIGRP.
- Routes from what routing protocol need a metric set when redistributing into OSPF? Routes from what protocols don’t?
OSPF set metrics automatically. If the route came from another OSPF process, the metric is copied over. If the route came from BGP, the metric is set to 1; if it came from any other routing protocol, the metric is set to 20.
- What are three ways to manipulate the metric of redistributed routes in OSPF?
1. default-metric …
2. redistribute X metric …
3. redistribute X route-map …
- My ASBR is advertising static routes into area 0, but I’m not seeing any type-5 LSAs in area 1. What’s gives?
Assuming everything else is configured correctly and no filtering is done, area 1 is probably a stub area of some kind.
- My ASBR is advertising static routes into area 1, but I’m not seeing any type-5 LSAs in that area. What gives?
Area 1 is probably an NSSA or totally NSSA area, so any external routes are flooded as type-7s – note type-5s.
- If I look at the OSPF database on my router, I see that a whole bunch of type-5 LSAs advertised from the router with the ID of 220.127.116.11. What does that say about that router?
Among other things, that router is an ASBR and is redistributing external routes into that area.
- I see several routes in the OSPF database with a cost of 20. What metric type are those routes?
More likely than not, they are type-2 routes (O E2).
- I have two type-5 LSAs for the same network through two different ABRs; both are of the type-2 metric. How does the router decide which one to use?
Since both routes are E2, they will have a metric of 20 (unless manipulated somehow), so looking at the intra-area cost results in a tie. The router will then look at the type-4 LSAs which contain the cost from the ABR to the ASBR. Since each ABR floods these type-4s, the router knows which ABR is closer to the ASBR advertising the route. The lower metric in the type-4 LSAs wins.
- I have two type-5 LSAs for the same network through two different ABRs; both are of the type-1 metric. How does the router decide which one to use?
Since both routes are E1, the costs to the ABR are first compared since they may be different. If tied, the type-4 LSA’s cost to the ASBR is compared. If still tied, the external (type-5 LSAs) cost is compared.
- I have two type-5 LSAs for the same network through two different ABRs; one is type-1 and the other is type-2 ? How does the router decide which one to use?
E1 routes are always preferred over E2 routes.
- Why can’t you redistribute static routes into a stubby network? How can you make it work?
Stub networks do not flood type-5 LSAs, so the routes cannot be advertised into the area. You can change it to a regular area to make it work. You can also make it an NSSA or totally NSSA area.
- How do OSPF routes that come from type-7 LSAs appear in the routing table?
They appear as “O N1″ or “O N2″ depending on the metric type.
I took the ROUTE test today and failed like I usually do. That makes me 3-4 on these P-level tests if you’re scoring at home. Don’t worry, though. I’m not giving up. :)
In atypical fashion, I must say that the ROUTE test was a good test. Let me say that again. The ROUTE test was a good test. I said good, though…not great. There were a few problems with it that I’ll get to, but, overall, this is the best test I’ve ever taken for a Cisco cert. The questions were very well-written and there were no obvious omissions or wrong details. I failed this test because I simply didn’t put in enough work.
It wouldn’t be a complete test experience without a workstation crash, though, and I had one right away. The test guy logged me in, and I started the test. Like all of the Cisco tests, this one started with the same tutorial that walks you through how to use the interface and whatnot; I’ve gone this enough times, so I didn’t need to look at that again. I clicked “End Tutorial” and was asked to confirm. When I clicked “Yes”, the desktop (sans icons) was showing unexpectedly, and nothing was happening. I waited for 3 minutes before asking for help. This center hadn’t ever given a Cisco test (they just got the stuff to give Vue tests), so they called up Vue’s support for some answers. It seems that this is a known problem (with this test?), and a hard reboot would fix it. It did, and I found myself back in the game.
Like I said before, the test was good. I might even give it a very good if not for the lockup. Every question was clearly written by what seemed to be an English-speaking author. There were no difficult phrases that I had to read over and over again to interpret. When I read the question, it was obvious what I was being asked to do. I didn’t have to guess like a lot of the questions on the SWITCH test, and, let me tell you, having a verb in every sentence makes things easier. I also only had one or two questions where I had to infer a piece of missing information. It usually helps if you have all the information, and this test did a really good job of doing such in comparison to the last 8589248 tests I’ve taken.
There was one particular question that I found annoying, though, and I let someone have it in the comment section. A diagram showed a about 10 routes all interconnected in various patterns with the Internet and data center connected into the mesh. Each link had a number on it with no description of what it was…it was just a number. The question asked how many possible paths there were from the data center to the Internet if a certain setting change was made (I don’t want to violate NDA here). Well, the setting had a lot to do with routes submitted to the RTM, and question didn’t ask about routes. It specifically said paths. I counted 18 different paths from one end of the network to the other. Too bad the answers were in the low single digits. I just guessed at that one since I had no idea what they were asking.
As you figured out by now, this is yet another testing center. I think this makes the 7th one I’ve tried over my testing career, and it was a duesy. This one is only 30 minutes away, so it’s much more convenient than all the others, so it’s got that going for it. The building it’s in is pretty old, but the room is well insulated from the outside. On top of that, the town it’s in is a sleepy little fishing/tourist village, so all the traffic is at the other end of the road which makes for a very quiet facility. The people were great, too. They were helpful and apologetic about the lockup (even though I assured them it was a Vue problem like I’d seen in the past). Plus, do you know any testing center with a view like this? :) I’ll definitely go back there again for my tests.
Moral of the Story: Cisco put out a good test, but I’m too lazy to pass it.
Corrections, please. I skipped a bunch of BGP intro stuff to get to the juicy center. I’ll see if I can come back later and finish the other parts for posterity.
- Is BGP route selection a controversial subject?
Yes. If you ask 1000 network guys the best way to influence BGP, you’ll probably get 1000 different answers.
- At what position in the PA list of a BGP update do you find the weight attribute?
You don’t. Weight is a Cisco-proprietary thing.
- List the attributes of a BGP route that a Cisco router evaluates in order of operation with a short description.
Next-hop : Is the next hop IP reachable?
Weight : A numeric value where bigger is better; this is of local significance and is not passed to any BGP peers
LOCAL_PREF : A numeric value where bigger is better; this is shared within an AS
Local : Is the next hop me (0.0.0.0)?
AS_PATH length : The number of AS hops to the destination; the closer the better
ORIGIN : Did this route come from an IGP (I), an EGP (E), or somewhere else(?)? I over E over ?
MED : Multi Exit Discriminator; can be used by one AS to influence routes to that AS; smaller is better
Neighbor type : eBGP are better than iBGP routes
IGP metric : Prefer the next-hop address that’s closest via an IGP like OSPF or EIGRP (or RIP, Ivan)
Route age : Prefer the oldest (and thus the most stable) route
Lowest BGP neighbor router ID : Do I have to explain that one?
Lowest BGP neighbor IP : You know what this is, right?
- Alright, what’s the mnemonic?
N WLLA OMNI
- Which attributes can be used to influence your path out to another AS?
- Which attributes can be used to influence another AS’s path to you?
- When you look at the output of show ip bgp, which column lists the MED?
The Metric column.
- If there are two entries for a network in the output of show ip bgp, in what order are they listed?
They are listed from youngest to oldest. You can infer the comparative age by looking at the order in which they appear. See “route age” in the attribute list.
- If I set the weight of a prefix with a route-map in the BGP neighbor config, but then set the weight of the neighbor, what shows up in the BGP table?
The neighbor weight trumps the prefix weight, so all routes from that neighbor will be weighted the same.
- What is different about weight compared to the other attributes?
Weight is actually not a BGP path attribute (PA). When a route is received from a BGP peer, the weight is set and stored locally; it is not an attribute carried in the routing update like AS_PATH or MED.
- If you receive the same route from both an eBGP and iBGP peer, what will the local preference be for each route assuming you haven’t changed the explicitly?
The eBGP route’s local preference will be null, and the iBGP route’s will be 100.
- What is maximum-paths in BGP land?
That’s the maxiumum number of routes that BGP will submit to the RTM if routes are still tied by the IGP metric step of the tie breaker process.
- I applied a route map to a BGP neighbor to change the AS path, but now all the routes are gone except for the influenced routes; what happened?
BGP always tries to filter routes if you use a route map, so you probably just forgot your explicit permit at the end of the route map.
- What super-common mechanism is typically used to change BGP attributes like MED or AS path?
- What does “>” mean in the output of show ip bgp?
That means the path indicated is the best path for the prefix.
What Command Was That
- …shows the weights for all BGP routes?
show ip bgp
- …shows the local preference for all BGP routes?
show ip bgp
- …shows the AS path for all BGP routes?
show ip bgp
- …show the MED for all BGP routes?
show ip bgp [ look under the Metric column ]
- …shows all the prefixes that a router knows via BGP?
show ip bgp [ is there a theme here? ]
- …shows the MED for a specific BGP route in the routing table without using show ip bgp?
show ip route x.x.x.x [ and look for the metric of the route; the number after the AD ]
- …shows why a BGP route wasn’t inserted into the routing table?
show ip bgp rib-failures
Corrigeme, por favor.
- What do IPSec tunnels give you when a branch office is on a broadband connection?
Privacy through encryption
Authentication of the remote peer through ISAKMP
Delivery of private data over the public Internet
- What do you need to configure to get your branch router talking to the Internet?
ISP connection configuration such as PPPoE or PPPoA
DHCP server configuration for internal users
Firewall services like inspection and filtering
- What kind of routes would you normally see on a small branch router with a single IPSec tunnel home?
You would usually just see a default route to the ISP; IPSec will intercept interesting traffic and take care of sending the packets home without having routes for home networks configured.
- What’s a really easy way to get routes to fail from a WAN link to a GRE tunnel when the WAN link dies?
Floating static routes
- What do GRE tunnels allow you to do that native IPSec tunnels don’t?
Run a routing protocol
- Your DSL provider has given you a VPI/VCI of 1/50 to use on your branch router’s ATM 0/0 interface. Show me the full configuration to get basic web surfing working (ignore DNS and DHCP).
no ip address
encapsulation aal5mus ppp dialer
dialer pool-member 1
ip address negotiated
dialer pool 1
ppp authentication chap callin
ppp chap password MYPASSWORD
ip nat outside
ip add 192.168.1.1 255.255.255.0
ip nat inside
ip route 0.0.0.0 0.0.0.0 Dialer9
- For what would you use an ACL when configuring IPSec tunnels?
You define interesting traffic with ACLs.
- What are the two basic configuration items in a crypto map for an IPSec tunnel?
IPSec peer IP
- Your boss says that ever host in the network needs to be converted over to IPv6 by the end of the day. Which of multipoint tunnels, point-to-point tunnels, or native IPv6 would be the most appropriate to use to help with that conversion?
- The engineering department wants to permanently use IPv6 on their test boxes in two offices. Which of multipoint tunnels, point-to-point tunnels, or native IPv6 would be the most appropriate to use?
- A handful of departments want to use IPv6 for testing but have no schedule. Which of multipoint tunnels, point-to-point tunnels, or native IPv6 would be the most appropriate to use?
- You’ve implemented 6to4 tunnels and are turning up another router that should participate. What do you need to configure on the other routers to support the new one?
Nothing. The use of 6to4 tunnels requires a strict addressing scheme that is used to determine tunnel endpoints dynamically.
- You’ve implemented ISATAP tunnels and are turning up another router that should participate. What do you need to configure on the other routers to support the new one?
You need to add static routes pointing the new prefix across the IPv6 address of the new router’s tunnel interface.
- How does a router using 6to4 tunnels determine tunnel endpoints?
The second and third quartet of the destination address are used to figure out what the IPv4 tunnel endpoint is. For example, a host on 2002:a01:a01::/64 sits behind the tunnel endpoint at 10.1.10.1.
- Don’t you need to have some sort of IPv6 routing enabled to use 6to4 tunnels?
Since 6to4 tunnels use the reserved prefix of 2002::/16, all the routers just have to point that prefix out the tunnel interface. Since this covers all the networks that 6to4 uses, no other routes are necessary.
- How does a router using ISATAP tunnels determine tunnel endpoints?
The last two quartets (7 and 8) of the endpoint’s tunnel interface are used to determine the IPv4 tunnel endpoint. For example, a router with an IPv6 address of 2000::a04:b0b has an IPv4 tunnel endpoint of 10.4.11.11.
- What are the different types of IPv6 tunnels, and what are their tunnel modes?
Manual IPv6 point-to-point – tunnel mode ipv6ip
GRE point-to-point – tunnel mode gre ip
6to4 multipoint – tunnel mode ipv6ip 6to4
ISATAP multipoint – tunnel mode ipv6ip isatap
- Which tunnels types support OSPFv3?
Manual IPv6 and GRE
- How are routes learned on ISATAP tunnels?
Routes aren’t really learned. ISATAP requires a static route pointing prefixes towards a tunnel address on a distance router.
- How are the local link addresses determined on an ISATAP tunnel?
The local link address, like all local link addresses, starts with fe80 and ends with the IPv4 address of the tunnel source as the last two quartets; quartets 2 through 6 are all zeroes.
- What is required to be configured when using any of the tunnel types?
What Command Was That?
- …shows the status of an IPv6 tunnel?
show ipv6 interface tunnel X
show ipv6 interface brief
show interfaces tunnel X
- …shows the routes involved with an IPv6 tunnel?
show ipv6 route
- …pings a distant host over an IPv6 tunnel terminated on the router?
ping ipv6 distantaddress source localaddress
- Why would anyone develop a version of RIP that supports IPv6?
I have no idea. Boredom, maybe. Whatever the case, it works just like RIPv2, which is pretty scary.
- In EIGRP for IPv4, there are several requirements for two routers to neighbor up. Which of those is not true for EIGRP for IPv6?
The two routers don’t need to be in the same subnet. The concept of the link local address takes care of that need since neighbors always share a common medium like an Ethernet segment or a serial link.
- I configured EIGRP for IPv6 on my completely IPv6 router, but it’s not working. Nothing happens. What’s going on?
For one, you have to do a no shutdown as an EIGRP subcommand; by default, EIGRP for IPv6 is in a shutdown state. Another reason could be that a router ID hasn’t been set; EIGRP for IPv6 still uses the IPv4 addresses to establish a router ID, so you may have to set one manually.
- I tried to configure EIGRP for IPv6 with the network statements, but it’s not taking the command. What gives?
You actually configure EIGRP for IPv6 (and RIPng and OSPFv3) the “new way” by using the interfaces. Try doing a ipv6 eigrp X as an interface subcommand.
- When redistributing one IPv6 IGP into another, what kinds of routes will and won’t be redistributed?
Only routes discovered via the original IGP will be redistributed. Connected routes, even the ones configured in the original IGP, won’t be redistributed. Link local addresses and local routes will also NOT be redistributed.
- Show me a simple RIPng config.
R1(config)#ipv6 router rip PROC-NAME
R1(config-if)#ipv6 rip PROC-NAME enable
- Show me a simple EIGRP for IPv6 config.
R1(config)#ipv6 router eigrp 8
R1(config-if)#ipv6 eigrp 8
- Show me a simple OSPFv3 config.
R1(config)#ipv6 router ospf 4
R1(config-if)#ipv6 ospf 4 area 0
- How do you include connected routes when redistributing one IGP into another in IPv6?
Use the include-connected directive in the redistribution command.
- In EIGRP for IPv6, what address shows up as the next hop in the routing table?
The link local address of the advertising router.
What Command Was That
What command is used to…
- …show all the IPv6 routes?
show ipv6 route
- …shows the status of OSPFv3 neighbors?
show ipv6 ospf neighbor
- …shows the status of RIPng neighbors?
There is none; RIPng doesn’t have neighbors.
- …shows a route to a specific prefix?
show ipv6 route prefix::/length
- Exactly how big is an IPv6 address?
It’s 128 bits long.
- This shouldn’t be on the test, but how many unique addresses is that?
That’s 2^128 or a “3″ with 38 zeros after it. That’s also 2^95 addresses for each person on earth.
- Surely we’re not writing in binary, are we?
No way. IPv6 uses 32 hex characters. Each character is 4 bits, so we wind up with 128 bits of data.
- Surely all 32 characters aren’t just written out together in one continuous string, are they?
No again. They’re written in groups of 4 separated by colons. For example, 2000:1234:0184:AB33:0000:0000:1084:0001 is a valid IPv6 address.
- That’s still a lot of characters; tell me that there’s a shortcut to writing those out.
There are two shortcuts, actually. First, you can omit leading zeros in an octet (4 hex digits). You can also replace a single run of octets that are all zeros with a double colon (::). If we took our example above and shortened it, we would wind up with 2000:1234:184:AB33::1084:1. Notice that some octets are less than 4 characters longs and that the two octets of zeros are replaced wih the double colon.
- If an implementation plan says that you should statically configure all the IPv6 addresses on a bunch of routers, what should you do?
You should send the plan back for revision since there are two methods to statically configure an IPv6 address – static and static with EUI-64.
- What the heck is EUI-64?
EUI-64 is a IEEE standard for deriving a unique ID from a MAC address. It splits the MAC address in half, shoves a “FFFE” in the middle (since MACs are 48-bits long and we need 16 more bits to make 64), and toggles the 7th bit in the whole string.
- What are you talking about?
Example time! Your MAC is 0000.3333.1938. First, we split the MAC in half and shove in the “FFFE” to give us 0000:03FF:FE33:1938. Next, we toggle the 7th bit in the string to give us 0200:03FF:FE33:1938.
- What are the two methods for dynamically assigning an IP address?
Stateful DHCP and Stateless autoconfig.
- What’s the difference between stateful and stateless DHCP?
Stateful DHCP functions similarly to the IPv4 version where a DHCP server gives a host and IP address, mask, etc., and keeps a record of the lease. Stateless DHCP simply tells a host what DNS servers to use without recording the transaction.
- How do I calculate the network and broadcast addresses in IPv6?
You don’t! There’s no such thing as either.
- That’s cool, but how do I address groups of addresses?
IPv6 makes use of multicasting to do that. All multicast addresses are in the prefix FF/8, and can serve many purposes. For example, all hosts on a subnet respond to FF02::1, and all routers respond to FF02::2.
- Your all-knowing Network Architect wants all the IPv6 addresses of the routers to be the lowest in a prefix like you do with IPv4. How can you assign the addresses like that?
You can statically configure the whole 128-bit address. You can also set the MAC address to 0000.0000.0001 (or whatever) and use the static with EUI-64 method.
- What’s the better of the two methods?
There is never a better method to use. You have to figure out what you want to do and which method would be best suited for your situation.
- What risks do you take with changing a MAC address?
If you change two or more routers to the same MAC address, you will have all sorts of problems from IPv6 conflicts down to CAM table flapping. Be careful!
- What are the different types of IPv6 address and what do they do?
Global unicast – a globally-unique address that can be used throughout the world
Unique local – a site-unique address that can be used throughout your organization (like RFC1918)
Link local – an address that is only addressable on a single segment/subnet/prefix
- For what is the link local address used?
Every host has a link local address that is used to communicate on a link (or subnet). This address always begins with FE80/10 and uses the EUI-64 technique to generate the full address.
- How does an IPv6 host (like your laptop) get its default gateway?
The host sends a router soliciation (RS) ICMP message sourced from it’s link-local address. Each router on the subnet then responds with a router advertisement (RA) that says it’s available for use as a gateway.
- What must you configure on your router to allow it to respond to RS messages?
You only need to enable IPv6 and have a global unicast IPv6 address configured.
- My ARP table is empty; why is that?
IPv6 doesn’t use ARP like IPv4 does. Instead, IPv6 uses neighbor discovery to populate the layer3-to-layer2 mappings. The process is similar to the router discovery, except that the host suse neighbor soliciation (NS) and neighbor advertisement (NA) packets.
- How does an IPv6 host detect duplicate addresses?
When a host comes up, it calculates an address called the solicited node multicast address, which is a special multicast group in the prefix FF02::1:FF00:0/104. The last 24 bits of the address are taken off the end of an IPv6 address configured on the device to finish the address. Each address on the device gets one, so you may have a lot of solicited node multicast addresses. To the point, when the box is bringing up the interface(s), a NS is sent to the solicited node multicast address (which basically is hosts with somewhat similar IPv6 address configured), and, if a NA is received with the same address that the device has configured, there’s a duplicate IP!¹
- Why doesn’t a host just use FF00::1 to detect duplicates?
This is just an efficiency thing. There’s no need to ask every node on the segment what address they have when you can just ask a small subset of nodes that have similar addresses.
What Command Was That
What command is used to…
- …show all the IPv6 routes on a router?
show ipv6 route
- …show a brief summary of the IPv6 interfaces?
show ipv6 interface brief
- …show all the multicast groups of which a router is a member?
show ipv6 interface X
- …shows all the neighbors that have been discovered?
show ipv6 neighbor
- …shows all the routers that have been discovered?
show ipv6 routers
1 Thanks to Jochen for clearing that up for me!
Feel free to correct.
- What’s the most primitive way to get traffic destined to a single host to use a different path than your dynamic IGP dictates?
Use a static route.
- What’s the most primitive way to get traffic sourced from a single host to use a different path than your dynamic IGP dictates?
Use policy-based routing (PBR).
- What’s the most primitive way to get traffic sourced from a single host and destined for another host to use a different path than your dynamic IGP dictates?
- What are the steps to configure PBR?
Configure a route-map to match the desired traffic
Apply that route-map to an interface with the ip policy route-map command
- Configure PBR to send traffic that arrives on F0/0 from 10.0.0.5 destined for for 192.168.3.3 to be sent out the s0/0 interface.
R1(config)#ip access-list extended PBR-ACL1
R1(config)#permit ip host 10.0.0.5 host 192.168.3.3
R1(config-route-map)#match ip address PBR-ACL1
R1(config-route-map)#set interface s0/0
R1(config-if)#ip policy route-map PBR-F0/0
- What happens if you use PBR to redirect traffic to an IP that becomes unreachable?
That clause in the route-map is ignored, and the normal routing table is used.
- What difference does using default make in the set directive of the route-map?
If you use the default parameter in the set directive, then the router will first try to use the routing table to forward traffic before using the PBR settings. The one caveat, though, is the default chosen for the traffic cannot be the default route; a more-specific route must be in the routing table or else the PBR logic rears its head.
- What is IP SLA?
IP SLA is a feature of a Cisco IOS device where a process measures the behavior of the network.
- Why is this topic in the ROUTE book?
You can configure a track object to use IP SLAs to get a “failed” or “ok” status. That track object can be applied to static routes and PBR so that the routing is changed if the IP SLA measures a characteristic outside of normal parameters.
- What are the steps to configure IP SLA?
Create an IP SLA operation.
Define the type and parameters for the operation.
Define the frequency to run the operation.
Schedule when to start the operation.
- How do I use IP SLA to check if a host is pingable?
You use the icmp-echo as the operation type along with, at minimum, the IP address to ping.
- How can I use IP SLA to know whether a static route is usable or not?
First, create an IP SLA operation to ping the gateway for that route.
R1(config)#ip sla 5
R1(config-ip-sla)#frequency 60 [ in seconds ]
R1(config)#ip sla schedule 5 start-time now life forever
Then create a track object that references the IP SLA operation you just created.
R1(config)#track 2 ip sla 5 state
R1(config-track)#delay up 90 down 90 [ up if delay is below 90, down if above 90 ]
Finally, add the track to the static route.
R1(config)#ip route 10.0.0.0 255.255.0.0 18.104.22.168 track 2
Now, if the router can’t ping 22.214.171.124, the static route will be taken out of the routing table.
- What’s an IP SLA responder?
That’s (usually) a router that has been configured to interact with the IP SLA operation of another router to get characteristics of the connection between the two. These characteristics include jitter and TCP establishment times.
- How can I use a track object in PBR?
In the set directive, you use the track parameter. The sequence parameter is also used, but it’s not a part of the tracking process; it’s used to have the router go down a list of next hops until it finds on that’s available. Here’s an example.
set ip next-hop verify-availability 192.168.0.1 1 track 5
- Ummm…the book doesn’t have anything about that; what gives?
The cert guide leaves that part out for some reason even though it’s a very important part of IP SLA and PBR. Go figure.
What Command Was That
- …shows interfaces that have PBR configured on them?
show ip policy
- …shows the routing table and includes all the PBR configuration?
There isn’t one. You have to remember to check for PBR when traffic isn’t flowing as you think it should.
- …shows the IP SLA configuration?
show ip sla configuration [ Duh! ]
- …shows the IP SLA statistics?
show ip sla statistics [ Duh, again! ]
- …shows the track objects on a router?