Aaron's Worthless Words

As always, corrections are requested.

Study Questions

• I’ve got IGRP and EIGRP both configured with the same AS number.  What’s special about this configuration?

If both use the same AS number, then they automatically redistribute their routes into each other without using the redistribute command.

• When redistributing one IGP into another, where’s a good place to filter routes?

There’s no one good place, but at the router(s) that’s doing the redistribution is a good start.  There’s no need to send an IGP a bunch of routes it doesn’t need.

• When redistributing one IGP into another, where’s a good place to summarize routes?

There’s no one good place, but that may be best done at the router just inside the redistributing router.  If the redistributing router only sees the summary route, that’s what it will pass to the other IGP.

• What’s the default metric of RIP?

That’s infinity, so it’s unreachable with an explicit metric.

• I’ve redistributed OSPF into RIP, but I don’t see my subnets there.  What gives?

RIP automatically summarized routes, so look for summaries instead of specific subnets.

• How can you limit the number of routes redistributed into EIGRP or OSPF?

Use the redistribute maximum-prefix X directive under the routing protocol, where X is the maximum number of routes.

• What are the metrics of connected routes when redistributed into EIGRP?

Those routes take the metric of the associated interface instead of using the metric you gave to the redistribution.  [This seems fishy at best.  Can anyone help clarify, please?]

• I have 845734928 interfaces on my router, but I only want to use 3 of them for EIGRP and only want to configure a single network statement.  What’s the easiest way to do that?

Set all the interfaces as passive with the passive-interface default router subcommand.  Next, make all your interesting interfaces non-passive with the no passive-interface X subcommand.  Now you can configure network 0.0.0.0 255.255.255.255 to match all the interfaces, but only the interesting interfaces will participate.

• What is the term for the rank of trustworthiness a routing protocol provides?

Administrative distance

• How can I change the AD of external EIGRP routes to 201 while keeping the default AD for internal EIGRP routes?

Router1(config-router)#distance eigrp 90 201
You have to set both, so you’ll have to remember that EIGRP has an AD of 90 for internal routes by default.

• How can I change the AD of OSPF routes to 192.168.0.0/24 to 202?

Router1(config)#access-list 88 permit 192.168.0.0 0.0.0.255
Router1(config)#router ospf X
Router1(config)#distance 202 0.0.0.0 255.255.255.255 88

• Is it possible to set the AD of different OSPF routes types like intra-area and interarea?

Yes.  You can give it the old distance ospf inter-area X to change the AD.  It also works for intra-area and external routes.

• Is it possible to set the AD of an external OSPF route to 192.168.100.0/24 to 202 without changing the others?

I would have though you could use a route-map for that, but I can’t find a proper set command in a route-map.  [A little help, please.]

Aaron Conaway

I like to lean my head to the left, hit it with the palm of my right hand, and document what knowledge falls out.

More Posts - Website

I didn’t do so well on IGP redistribution the last time out, so here’s some more stuff to study.  As always, feel free to correct.

Study Questions

• What three things are needed to be able to redistribute one routing protocol into another?

1. One or more links into each routing protocol
2. A proper, working config for each protocol
3. The addition of the redistribute command to one or more of the protocols

• You just configured OSPF to redistribute EIGRP routes, but EIGRP, with the network statement of network 0.0.0.0 0.0.0.0, is configured with a passive interface.  Does this interface’s connected network get redistributed?

Yes, it does.  Even if it’s not participating in routing, it’s still an interface that EIGRP is configured to use, so it goes along for a ride on the redistribution train.

• Name three ways to set the metric of redistributed routes in EIGRP.

1.  default-metric …
2.  redistribute X metric …
3.  redistribute X route-map …

• How can I set the metric for all OSPF routes redistributed into EIGRP?

Use the redistribute ospf X metric command.

• You are redistributing OSPF into EIGRP and want to set the metric of one particular route to another set of metric values (BW, delay, etc.).  How do you do that?

Use a route-map to match the single route and to set the new values.

• Routes from what routing protocol need a metric set when redistributing into EIGRP?  Routes from what protocols don’t?

Routes from another EIGRP instance have their metrics copied over; all others need to have it set.

• What’s the default metric of a BGP route when redistributed into OSPF?  EIGRP?

BGP has a metric of 1 in OSPF.  There is not default metric in EIGRP without some configuration.

• You left out the subnet keyword when redistributing EIGRP into OSPF.  What is the result?

Only classful routes will be redistributed and only if EIGRP has a classful route to redistribute.

• You left out the subnet keyword when redistributing OSPF into EIGRP .  What is the result?

There is no subnet keyword for redistribution under EIGRP.

• Routes from what routing protocol need a metric set when redistributing into OSPF?  Routes from what protocols don’t?

OSPF set metrics automatically.  If the route came from another OSPF process, the metric is copied over.  If the route came from BGP, the metric is set to 1; if it came from any other routing protocol, the metric is set to 20.

• What are three ways to manipulate the metric of redistributed routes in OSPF?

1.  default-metric …
2.  redistribute X metric …
3.  redistribute X route-map …

• My ASBR is advertising static routes into area 0, but I’m not seeing any type-5 LSAs in area 1.  What’s gives?

Assuming everything else is configured correctly and no filtering is done, area 1 is probably a stub area of some kind.

• My ASBR is advertising static routes into area 1, but I’m not seeing any type-5 LSAs in that area.  What gives?

Area 1 is probably an NSSA or totally NSSA area, so any external routes are flooded as type-7s – note type-5s.

• If I look at the OSPF database on my router, I see that a whole bunch of type-5 LSAs advertised from the router with the ID of 1.1.1.1.  What does that say about that router?

Among other things, that router is an ASBR and is redistributing external routes into that area.

• I see several routes in the OSPF database with a cost of 20.  What metric type are those routes?

More likely than not, they are type-2 routes (O E2).

• I have two type-5 LSAs for the same network through two different ABRs; both are of the type-2 metric.  How does the router decide which one to use?

Since both routes are E2, they will have a metric of 20 (unless manipulated somehow), so looking at the intra-area cost results in a tie.  The router will then look at the type-4 LSAs which contain the cost from the ABR to the ASBR.  Since each ABR floods these type-4s, the router knows which ABR is closer to the ASBR advertising the route.  The lower metric in the type-4 LSAs wins.

• I have two type-5 LSAs for the same network through two different ABRs; both are of the type-1 metric.  How does the router decide which one to use?

Since both routes are E1, the costs to the ABR are first compared since they may be different.  If tied, the type-4 LSA’s cost to the ASBR is compared.  If still tied, the external (type-5 LSAs) cost is compared.

• I have two type-5 LSAs for the same network through two different ABRs; one is type-1 and the other is type-2 ?  How does the router decide which one to use?

E1 routes are always preferred over E2 routes.

• Why can’t you redistribute static routes into a stubby network?  How can you make it work?

Stub networks do not flood type-5 LSAs, so the routes cannot be advertised into the area.  You can change it to a regular area to make it work.  You can also make it an NSSA or totally NSSA area.

• How do OSPF routes that come from type-7 LSAs appear in the routing table?

They appear as “O N1″ or “O N2″ depending on the metric type.

Aaron Conaway

I like to lean my head to the left, hit it with the palm of my right hand, and document what knowledge falls out.

More Posts - Website

I took the ROUTE test today and failed like I usually do.  That makes me 3-4 on these P-level tests if you’re scoring at home.  Don’t worry, though.  I’m not giving up.  :)

In atypical fashion, I must say that the ROUTE test was a good test.  Let me say that again.  The ROUTE test was a good test.  I said good, though…not great.  There were a few problems with it that I’ll get to, but, overall, this is the best test I’ve ever taken for a Cisco cert.  The questions were very well-written and there were no obvious omissions or wrong details.  I failed this test because I simply didn’t put in enough work.

It wouldn’t be a complete test experience without a workstation crash, though, and I had one right away.  The test guy logged me in, and I started the test.  Like all of the Cisco tests, this one started with the same tutorial that walks you through how to use the interface and whatnot; I’ve gone this enough times, so I didn’t need to look at that again.  I clicked “End Tutorial” and was asked to confirm.  When I clicked “Yes”, the desktop (sans icons) was showing unexpectedly, and nothing was happening.  I waited for 3 minutes before asking for help.  This center hadn’t ever given a Cisco test (they just got the stuff to give Vue tests), so they called up Vue’s support for some answers.  It seems that this is a known problem (with this test?), and a hard reboot would fix it.  It did, and I found myself back in the game.

Like I said before, the test was good.  I might even give it a very good if not for the lockup.  Every question was clearly written by what seemed to be an English-speaking author.  There were no difficult phrases that I had to read over and over again to interpret.  When I read the question, it was obvious what I was being asked to do.  I didn’t have to guess like a lot of the questions on the SWITCH test, and, let me tell you, having a verb in every sentence makes things easier.  I also only had one or two questions where I had to infer a piece of missing information.  It usually helps if you have all the information, and this test did a really good job of doing such in comparison to the last 8589248 tests I’ve taken.

There was one particular question that I found annoying, though, and I let someone have it in the comment section.  A diagram showed a about 10 routes all interconnected in various patterns with the Internet and data center connected into the mesh.  Each link had a number on it with no description of what it was…it was just a number.  The question asked how many possible paths there were from the data center to the Internet if a certain setting change was made (I don’t want to violate NDA here).  Well, the setting had a lot to do with routes submitted to the RTM, and question didn’t ask about routes.  It specifically said paths.  I counted 18 different paths from one end of the network to the other.  Too bad the answers were in the low single digits.  I just guessed at that one since I had no idea what they were asking.

As you figured out by now, this is yet another testing center.  I think this makes the 7th one I’ve tried over my testing career, and it was a duesy.  This one is only 30 minutes away, so it’s much more convenient than all the others, so it’s got that going for it.  The building it’s in is pretty old, but the room is well insulated from the outside.  On top of that, the town it’s in is a sleepy little fishing/tourist village, so all the traffic is at the other end of the road which makes for a very quiet facility.  The people were great, too.  They were helpful and apologetic about the lockup (even though I assured them it was a Vue problem like I’d seen in the past).  Plus, do you know any testing center with a view like this?  :)  I’ll definitely go back there again for my tests.

Moral of the Story:  Cisco put out a good test, but I’m too lazy to pass it.

Audio clip: Adobe Flash Player (version 9 or above) is required to play this audio clip. Download the latest version here. You also need to have JavaScript enabled in your browser.

Aaron Conaway

I like to lean my head to the left, hit it with the palm of my right hand, and document what knowledge falls out.

More Posts - Website

Corrigeme, por favor.

Study Notes

• What do IPSec tunnels give you when a branch office is on a broadband connection?

Privacy through encryption
Authentication of the remote peer through ISAKMP
Delivery of private data over the public Internet

• What do you need to configure to get your branch router talking to the Internet?

ISP connection configuration such as PPPoE or PPPoA
DHCP server configuration for internal users
NAT
Firewall services like inspection and filtering

• What kind of routes would you normally see on a small branch router with a single IPSec tunnel home?

You would usually just see a default route to the ISP; IPSec will intercept interesting traffic and take care of sending the packets home without having routes for home networks configured.

• What’s a really easy way to get routes to fail from a WAN link to a GRE tunnel when the WAN link dies?

Floating static routes

• What do GRE tunnels allow you to do that native IPSec tunnels don’t?

Run a routing protocol

• Your DSL provider has given you a VPI/VCI of 1/50 to use on your branch router’s ATM 0/0 interface.  Show me the full configuration to get basic web surfing working (ignore DNS and DHCP).

interface ATM0/0
no ip address
pvc 1/50
encapsulation aal5mus ppp dialer
dialer pool-member 1
!
interface Dialer9
encapsulation ppp
ip address negotiated
dialer pool 1
ppp authentication chap callin
ppp chap password MYPASSWORD
ip nat outside
!
interface E0/0
ip add 192.168.1.1 255.255.255.0
ip nat inside
!
ip route 0.0.0.0 0.0.0.0 Dialer9

• For what would you use an ACL when configuring IPSec tunnels?

You define interesting traffic with ACLs.

• What are the two basic configuration items in a crypto map for an IPSec tunnel?

Matching ACL
IPSec peer IP

Aaron Conaway

I like to lean my head to the left, hit it with the palm of my right hand, and document what knowledge falls out.

More Posts - Website

Feel free to correct.

Study Questions

• What’s the most primitive way to get traffic destined to a single host to use a different path than your dynamic IGP dictates?

Use a static route.

• What’s the most primitive way to get traffic sourced from a single host to use a different path than your dynamic IGP dictates?

Use policy-based routing (PBR).

• What’s the most primitive way to get traffic sourced from a single host and destined for another host to use a different path than your dynamic IGP dictates?

Use PBR.

• What are the steps to configure PBR?

Configure a route-map to match the desired traffic
Apply that route-map to an interface with the ip policy route-map command

• Configure PBR to send traffic that arrives on F0/0 from 10.0.0.5 destined for for 192.168.3.3 to be sent out the s0/0 interface.

R1(config)#ip access-list extended PBR-ACL1
R1(config)#permit ip host 10.0.0.5 host 192.168.3.3
R1(config)#route-map PBR-F0/0
R1(config-route-map)#match ip address PBR-ACL1
R1(config-route-map)#set interface s0/0
R1(config-route-map)#int f0/0
R1(config-if)#ip policy route-map PBR-F0/0

• What happens if you use PBR to redirect traffic to an IP that becomes unreachable?

That clause in the route-map is ignored, and the normal routing table is used.

• What difference does using default make in the set directive of the route-map?

If you use the default parameter in the set directive, then the router will first try to use the routing table to forward traffic before using the PBR settings.  The one caveat, though, is the default chosen for the traffic cannot be the default route; a more-specific route must be in the routing table or else the PBR logic rears its head.

• What is IP SLA?

IP SLA is a feature of a Cisco IOS device where a process measures the behavior of the network.

• Why is this topic in the ROUTE book?

You can configure a track object to use IP SLAs to get a “failed” or “ok” status.  That track object can be applied to static routes and PBR so that the routing is changed if the IP SLA measures a characteristic outside of normal parameters.

• What are the steps to configure IP SLA?

Create an IP SLA operation.
Define the type and parameters for the operation.
Define the frequency to run the operation.
Schedule when to start the operation.

• How do I use IP SLA to check if a host is pingable?

You use the icmp-echo as the operation type along with, at minimum, the IP address to ping.

• How can I use IP SLA to know whether a static route is usable or not?

First, create an IP SLA operation to ping the gateway for that route.

R1(config)#ip sla 5
R1(config-ip-sla)#icmp-echo 1.1.1.1
R1(config-ip-sla)#frequency 60  [ in seconds ]
R1(config-ip-sla)#exit
R1(config)#ip sla schedule 5 start-time now life forever

Then create a track object that references the IP SLA operation you just created.

R1(config)#track 2 ip sla 5 state
R1(config-track)#delay up 90 down 90 [ up if delay is below 90, down if above 90 ]

Finally, add the track to the static route.

R1(config)#ip route 10.0.0.0 255.255.0.0 1.1.1.1 track 2

Now, if the router can’t ping 1.1.1.1, the static route will be taken out of the routing table.

• What’s an IP SLA responder?

That’s (usually) a router that has been configured to interact with the IP SLA operation of another router to get characteristics of the connection between the two.  These characteristics include jitter and TCP establishment times.

• How can I use a track object in PBR?

In the set directive, you use the track parameter.  The sequence parameter is also used, but it’s not a part of the tracking process; it’s used to have the router go down a list of next hops until it finds on that’s available.  Here’s an example.

set ip next-hop verify-availability 192.168.0.1 1 track 5

• Ummm…the book doesn’t have anything about that; what gives?

The cert guide leaves that part out for some reason even though it’s a very important part of IP SLA and PBR.  Go figure.

What Command Was That

What command…

• …shows interfaces that have PBR configured on them?

show ip policy

• …shows the routing table and includes all the PBR configuration?

There isn’t one.  You have to remember to check for PBR when traffic isn’t flowing as you think it should.

• …shows the IP SLA configuration?

show ip sla configuration [ Duh! ]

• …shows the IP SLA statistics?

show ip sla statistics [ Duh, again! ]

• …shows the track objects on a router?

show track

Aaron Conaway

I like to lean my head to the left, hit it with the palm of my right hand, and document what knowledge falls out.

More Posts - Website

Feel free to correct.  I feel like I’m missing a big piece here, so please fill in a gap if you see one.  Thanks.  :)

Study Questions

• How many area 0s (zero) can you have in an OSPF implementation

Just one.

• If my company merges with another company, and we’re both running OSPF, how can we get our networks routing together properly?

The easiest thing to do is to connect your two area 0s together through some physical link.  If you can, you can use virtual links to connect an ABR to another ABR to extend the zones together.

• How do you configure virtual links?

R1(config-router)#area 1 virtual-link 1.1.1.1

• That IP in the virtual link command looks like a loopback.  What’s up with that?

It’s the RID of the router to which you want to connect.

• Why wouldn’t I just use a GRE tunnel between my two routes and put that in zone 0?

That’s a good question.  I would probably do that instead of virtual links if I had the choice because it eliminates any weird problems you may see with the virtual links.  [Someone pipe up on this one, please.]

• What types of authentication can you do with virtual links?

None
Clear text
MD5

• I’ve configured frame-relay map ip 1.2.3.4 101 on my s0/0/0.1, but I can’t get a neighbor to come up.  What gives?

A non-broadcast medium can’t detect neighbors dynamically.  You need static neighbors, or you can add the broadcast keyword to the end of your map statement.

• What is the big problem with partial mesh frame relay topologies when OSPF comes into play?

Not all routers are connected directly, so some routes won’t see all the neighbors.  When OSPF routes propagate on broadcast medium, the next-hop is the router what propagated it; you’ll wind up seeing routes to routers to which you don’t connect.

• How do you get over the partial mesh problem?

You can statically configure frame relay maps pointing the IPs of the unconnected routers to the DLCI of a router that is connected to them (like a central hub router).

• What network types use DRs and BDRs?

Anything multiaccess, so the NBMA and BMA.

• Which network types can dynamically discover neighbors?

Broadcast and point-to-multipoint

• Why do you have to configure static neighbors on NBMA and point-to-multipoint non-broadcast links?

Since OSPF uses multicast to talk to neighbors, a router treats the packets like a broadcast.  Since these network types don’t have a broadcast capability, the only way a neighbor will be established would be through static statements.

• You have a hub-and-spoke topology over a frame relay cloud.  One of your hubs sees routes for all the networks at the other other hub sites.  Is all as well as it seems?

No.  The routes to the other hub networks will have their next hop set to the frame relay IP of each hub router.  Since one hub router can’t get directly to others, the router won’t be able to pass traffic to those sites at all.  You’ll need to statically map those IPs to the DLCI of the hub site for traffic to flow as expected.

What Command Was That

Which command(s)…

• …define a virtual link using the MD5 has of the key “test”?

R1(config-router)#area 1 virtual-link 1.1.1.1 authentication message-digest
R1(config-router)#area 1 virtual-link 1.1.1.1 message-digest-key 1 md5 test

• …configure a static OSPF neighbor?

R1(config-router)#neighbor 1.2.3.4 [cost X] [priority Y]

• …shows the status of a virtual link?

show ip ospf virtual-links
show ip ospf neighbor

• …shows the authentication type and youngest key for a virtual link?

show ip ospf virtual-links

• …displays the network type for an interface?

show ip ospf interface

Aaron Conaway

I like to lean my head to the left, hit it with the palm of my right hand, and document what knowledge falls out.

More Posts - Website

Feel free to correct all this stuff.  Additions are also welcome.

Study Questions

• How do I keep an area route from reaching a router in that area?

You don’t.  That defeats the whole purpose of having the topology database on every router.  If you filtered one route from a router, there’s no way that SPF could calculate routes correctly.

• Fine, then.  Where do I filter routes?

You filter routes on an ABR or ASBR.  Since routers only have the whole topology for their area, it’s safe to filter routes from another area or from a redistributed routing protocol.  On a more technical note, you’re filtering type-3 LSAs on an ABR and type-5 LSAs on an ASBR.

• Show me an example of keeping the area 1’s route of 192.168.0.0/24 from hitting area 0.

R1(config)#ip prefix-list PL1 deny 192.168.0.0/24
R1(config)#ip prefix-list PL1 permit 0.0.0.0/0 le 32
R1(config)#router ospf 1
R1(config-router)#area 0 filter-list prefix PL1 in

• How about keeping a router from even learning about that same route from area 1?

R1(config)#router ospf 1
R1(config-router)#area 1 filter-list prefix PL1 out

• You know that that seems a little backwards, don’t you?

You have to think of filtering in terms of the area instead of in terms of the router.  You’re filtering into the area or out of the area…not into or out of the router.

• How do you keep the OSPF route to 192.168.0.0/24 from being submitted to the routing table?

I’ll use the same prefix list above.
R1(config)#router ospf 1
R1(config-router)#distribute-list prefix PL1 in

• Isn’t that almost the same syntax to filter EIGRP routes?

Almost.

• How do I send area 1 the summary route of 192.168.0.0/16 from area 0?  That would be a type-3 LSA.

On the ABR:  R1(config-router)#area 1 range 192.168.0.0 255.255.0.0

How do I do the same thing for external routes (type-5 LSAs)?

On the ASBR:  R1(config-router)#summary-address 192.168.0.0 255.255.0.0

• If you see “totally” in the stub area description, what does that mean?

Someone at Cisco is a surfer.  It also means that there are no type-3 LSAs in that area.

• Is the term “stubby” an insult?

No.  It’s a term for an OSPF area that has certain types of LSAs filtered.  Summary routes are usually involved.  This is not filtering that we discussed above, though.  This is keeping all instances of an LSA type from entering an area.

• What the heck is a type-7 LSA?

If an NSSA has an external route it needs to flood, it uses a type-7 instead of a type-5.  This allows a router in a NSSA to advertise external routes without being bombarded by type-5s from other areas.

• What are the four types of stubby areas?  What LSA types do they filter?  What LSA types do they allow?

Stub – filters type-5s – allows type-3s
Totally stubby – filters type-3s and type-5s
NSSA – Filters type-5s – allows type-3s and type-7s
Totally NSSA – Filters type-3s and type-5s – allows type-7s

• What area can never be a stubby?

Area 0, of course.

• If area 1 is a stub, what LSA types will area 0 see from it?

Type-3s.  The routes from area 1 are still advertised into area 0 as normal.

• How about if area 1 is a totally NSSA?

Type-3s and type-5s.  The routes from area 1 are still advertised into area 0 as normal, and the type-7s would be translated to type-5s.  [Someone check me on this one.]

• Where do you configure an area to be a stub?

On all the routers in the area.  The same goes for NSSA.

• Where do you configure an area to be a totally stubby?

The totally stubby part is configured on the ABR.  The other routers in the area should be configured as stub.  The same goes for totally NSSA.

• What route always shows up in a stubby or totally stubby area unless someone has done something weird?

0.0.0.0/0

• Speaking of the default route, how do you manually summarize the default route in OSPF?

You can use the area 1 range 0.0.0.0 0.0.0.0. You can also use the default-information originate command in OSPF.

• What would you see on the internal routers if you had an ABSR that only had full BGP tables from your ISP configured with default-information originate?

You would see nothing.  You need to have a default route somewhere for the router to advertise into OSPF.  Since BGP full routes don’t contain a default, it won’t advertise.

What Command Was That

What command…

• …shows what type of stubby area an area is configured to be?

show ip ospf

Aaron Conaway

I like to lean my head to the left, hit it with the palm of my right hand, and document what knowledge falls out.

More Posts - Website

Feel free to correct.

Study Questions

• The obvious first question involves the common LSA types and their function.  Can you list them?

Type-1 – Router – Lists each router their connected IP addresses
Type-2 – Network – Lists all the transit, or multiaccess, networks
Type-3 – Net Summary – Defines a  host route for interarea routes; this is from the ABR
Type-4 – ASBR Summary – Defines a host route for an external (to OSPF) route; this is from an ASBR
Type-5 – AS External – Lists the networks advertised into OSPF from external sources (redistribution)
Type-7 – NSSA External – External routes injected into a not-so-stubby area

• What information about the OSPF area does a router’s OSPF database contain?

Everything, basically.  The database includes all the routers in the area, the IPs of every OSPF-enable interface, all the networks, and the costs of each hop.  The SPF algorithm uses all this information to figure out the best path to all networks advertised.

• Define the reference bandwidth in OSPF.  What’s the default value, and how do you change it?

The reference bandwidth is the bandwidth that is divided by an interface bandwidth to get a the cost for that link.  The default value is 100Mbps, which can be changed with the auto-cost reference-bandwidth OSPF subcommand.

• How can you override the cost on an interface?

You can change the reference bandwidth, but that will change the costs of all interfaces.  The ip ospf cost X command on an interface will do the trick.  You can also give it the old bandwidth change (the one that tends to break or influence other things).

• What is the formula for calculating the cost of an interface?

reference bandwidth / interface bandwidth

• What are the five OSPF message types, and what do they do?

Hello – Establishes neighbor relationships
Database Description (DBD) – Send summaries of the LSAs a router has
Link State Requests (LSR) – Sent to a router to ask for more details on an LSA
Link State Update (LSU) – Reply to an LSR that includes the details of the requested LSA
Link State Acknowledgment (LSAck) – An acknowledgement of the DBD

• How often does a router send its full OSPF database to its neighbors?

It doesn’t.  It does, however, send any self-originated LSAs (LSAs that it generated) every 30 minutes (1800 seconds).

• R1 is an ABR to area 1 with an area 0 route to a network with a cost of 100.  R2, also the same ABR setup, advertises the same route to area 1 (and, thus, R1) with a cost of 10.  Which route does R1 take?

ABRs always take an intra-area route over and interarea route, so the path with a cost of 100 will be chosen.

• You see a type-2 LSA in a router’s database.  Without knowing what the details of the LSA are, list some things you can assume have happened.

Type-2 LSAs mean a transit network (multiaccess network) is turned up somewhere.
This transit network has two or more OSPF routers on it.
An election for DR and BDR has taken place.
The DR has started acting as a pseudonode for the transit network.
All other area routers have been told about that transit network.
[There are many others, I'm sure.]

• What configuration is required to enable unequal-cost load balancing in OSPF?

This isn’t EIGRP; you can’t do that.

• It seems that your OSPF database has 95 equal-cost paths to the same network.  By default, how many show up in the routing table?

Four.  You can change this with the maximum-paths directive under OSPF.

• Your 700 series router has been elected the DR on a transit network.  How do you make sure your 12000 series is elected instead?

On the 12000′s interface, set the priority higher with the ip ospf priority x command.

What Command Was That

What command…

…shows all the type-1 (router) LSAs that a router has seen?

show ip ospf database router

…shows all the type-2 (network) LSAs that a router has seen?

show ip ospf database network

…shows all the type-3 (network summary) LSAs that a router has seen?

show ip ospf database summary

…shows the maximum paths OSPF will send to the routing table?

show ip protocols

…shows what transit networks exist in the area?

show ip ospf database network

…shows all the routers in the area?

show ip ospf database router

…shows what router advertise a particular transit network?

show ip ospf database

…shows the DR and BDR for a transit network?

show ip ospf interface

…shows the reference bandwidth?

show ip protocols

…shows how many times the SPF algorithm has been run in an area?

show ip ospf
- OR -
show ip ospf statistics

…shows how many of each message type a router has sent?

show ip ospf traffic

Aaron Conaway

I like to lean my head to the left, hit it with the palm of my right hand, and document what knowledge falls out.

More Posts - Website

Feel free to correct.

Study Questions

• What are the definitions of the hello and dead intervals?

The hello intervals is how often a router sends hello messages.  The dead interval is how long to wait before considering a neighbor dead from lack of hello messages; this is 4x the hello interval by default.

• How do you keep OSPF from trying to detect neighbors on an interface?

Don’t configure a network statement for that interface
Make that interface passive

• What type of routers connect to multiple areas?

Area border router (ABR)

• What fields in the hello packet need to match in order for a router to neighbor with another via OSPF?

Subnet
Area
Hello and dead intervals
IP MTU
Authentication method
Authentication key

• What’s another way to put an interface into an OSPF area other than the old network statement?

R1(config-if)#ip ospf 1 area 0

• Don’t the process IDs have to match?

No.

• How is the router ID calculated?

The router ID is discovered just as EIGRP does it.  First, it looks for a route-id command.  If one does not exist, the highest IP of on a up/up loopback interface is used.  If one does not exist, the highest IP of the rest of the up/up interfaces is used.

• What is the protocol, source, and destination in an OSPF hello packet?

OSPF used protocol 89 (not TCP or UDP) sourced from the interface sending the packet to 224.0.0.5.

• What happens after neighbors are brought up successfully?

Topology databases are exchanged.  Each router sends all the information it has about the area to its new neighbor.

• What would happen if the MTUs of two potential neighbors was different?

The routers will become neighbors, but the topology exchange will not occur successfully.  [I think I’m missing a piece here.  This seems very prescriptive in a situation where I would expect more chaos.]

• What types of authentication can be configured with OSPF?

None (type 0)
Cleartext (type 1)
MD5 hash (type 2)

• How do you configure a router to use MD5 authentication with OSPF?

R1(config-router)#area 0 authentication message-digest

• That didn’t work.  What are we missing?

You have to set the key, dummy.  Do that on the interface.

R1(config-if)#ip ospf message-digest-key 1 md5 KEY

• What is a DR?  How about a BDR?

A designated router (DR) is a router that has been elected to advertise all the router for a multi-access segment (like a LAN segment).  Every time a change occurs in the network, the router that detected it will notify the DR, who will then relay the information to the other routers on that segment.  The backup designated router (BDR) takes over that functionality if the DR fails.

• What are the default hello intervals for broadcast, point-to-point, NBMA, and point-to-multipoint interfaces?

Broadcast:  10 sec
P-P:  10 sec
NBMA:  30
P-M:  30

• How do you change the default hello timer?

R1(config-if)#ip ospf hello-interval X

• What types of segments use DRs and BDRs?

Only broadcast and NBMA segments use DRs and BDRs.

• What are some important states of an OSPF neighbor?  [Yes, there are others.]

INIT:   A router has received a hello from another router, but its own hello has not been acknowledged.
2WAY:  A router has received a hello and a acknowledgement from another router
EXSTART:  The DRs and BDRs are elected, and exchanges are beginning with them
FULL:  The router has successfully exchanged topology data with the neighbor

What Command Was That?

What command…

• …shows all the OSPF neighbors?

show ip ospf neighbor

• …shows the number of OSPF neighbors on an interface?

show ip ospf interface
- OR -
show ip ospf interface brief

• …shows the DR and BDR on an interface?

show ip ospf interface

• …shows the authentication method used?

show ip ospf interface

• …shows the hello and dead intervals configured on the router?

show ip ospf interface

• …shows the OSPF network type for an interface?

show ip ospf interface

• …shows the state of a neighbor?

show ip ospf neighbor
- OR -
show ip ospf neighbor detail

Aaron Conaway

I like to lean my head to the left, hit it with the palm of my right hand, and document what knowledge falls out.

More Posts - Website

Corrections welcome.

Study Questions

• Why would you ever want to summarize routes?

Summarizing routes minimizes the routes advertised to the network.  For example, instead of advertising 192.168.0.0/24, 192.168.1.0/24…192.168.n.0/24, a router can advertise a single route to 192.168.0.0/16.  Keeping routing tables small saves hardware resources, minimizes convergence times, helps avoid route flapping, and makes the routing table easier to read for humans.

• When will an EIGRP router auto-summarize a route?

If a router has interfaces that that are in different classes of network (Class A, B, C), then that router will auto-summarize those routes up to the classful boundary.  For example, if you have a 10.0.0.1/24 and a 192.168.100.1/30, the router will advertise 10.0.0.0/8 and 192.168.100.0/24.

• You have two routers advertising the same summarized route.  How do you make one preferred over the other?

Adjust the delay or bandwidth so one is favored.

• What is suboptimal forwarding in regards to summarization?

A summary route could be advertised from a router that’s not in the optimal path to the destination.  If that route is chosen by a downstream router, traffic is passed to that router instead of a more optimal path through another router.

• How do you avoid suboptimal forwarding in regards to summarization?

Disable summarization.  Advertising real networks will result in the optimal path being calculated.

• How do you manually summarize the route 192.168.100.0/22?

R1(config-if)#ip summary-address eigrp 1 192.168.100.0 255.255.252.0

• When will a summarized route stop being advertised by a router?

When the router no longer has any routes that fall inside the summary route, the summary is removed.  That is, if a router is advertising 192.168.100.0/22, the route will be removed if the router no longer has ANY routes that are in the 192.168.10[0123].0 networks.

• What’s the biggest route a router can summarize?

The default route.

• What are two ways to advertise a default route in EIGRP?

Advertise a static default route through redistribute static
Summarize 0/0 out of an interface

• How do you keep one part of the network from having a route to another part of the network?

This is done with route filtering.

• When configuring route filtering in EIGRP, what’s the big keyword?

distribute-list

• What are the three techniques for filtering routes?

ACLs
Prefix lists
Route-maps

• Do you mean to tell me that route filtering also uses ACLs and route-maps?

Yes.  Welcome to Cisco Systems.

• How do you use an ACL to filter out the route 192.168.0.0/24?

access-list 1 deny 192.168.0.0 0.0.0.255
access-list 1 permit any
router eigrp 1
 distribute-list 1 out

• How do you use a prefix list to filter out the route 192.168.0.0/24?

ip prefix-list PL1 deny 192.168.0.0/24
ip preffix-list PL1 permit 0.0.0.0/0 le 32
router eigrp 1
 distribute-list prefix PL1 out

• How do you use a route-map to filter out the route 192.168.0.0/24?

access-list 1 permit 192.168.0.0 0.0.0.255
route-map RM1 deny 10
 match ip address 1
route-map RM1 permit 999
router eigrp 1
 distribute-list route-map RM1 out

-OR-

ip prefix-list PL1 permit 192.168.0.0/24
route-map RM1 deny 10
 match ip address prefix-list PL1
route-map RM1 permit 999
router eigrp 1
 distribute-list route-map RM1 out

What Command Was That?

What command…

• …shows you the prefix lists configured?

show ip prefix-list

• …shows the summary route being advertised for a particular network?

show ip route 192.168.0.0 255.255.0.0 longer-prefixes

• …shows what networks are being summarizes on a router?

show ip protocols

• …shows what route a router considers to be a default candidate?

show ip route (look for the *)

• …shows the default network?

show ip route

Aaron Conaway

I like to lean my head to the left, hit it with the palm of my right hand, and document what knowledge falls out.

More Posts - Website