How did 2010 turn out?  Not as well as I would have liked.

I don’t usually cover news from Cisco, but they’ve changed some certification stuff around again, and I thought I would bring it up.  This time they’ve changed the CCNA Voice, CCVP, and CCSP, so, if you’ve on those tracks, be careful what you’re studying!

CCNA Voice

Circle 28 February 2011 on your calendars.  That’s when the CCNA Voice track gets a shakeup.  The IIUC (640-460) exam will be no more, and passing CVOICE (642-436) will no longer be a valid way to get the cert.  After the big day, you’ll have to take ICOMM (640-461).  This seems to be a much broader exam instead of having the enterprise and commercial focuses in CVOICE and IIUC, respectively.  Look out for both CME- and CUCM-based topics including a troubleshooting section. 

Woohoo!  I passed the ROUTE test this morning.  That means I’m done with the CCNP track!  :)

If you remember, I took it over a week ago and had some bad luck on it.  Alright, bad luck is the wrong phrase.  I didn’t study enough and failed it.  This time, though, I had a special weapon on my side - the ROUTE Foundations book.  I haven’t used the Foundations books before, but, I saw some tweets about this one, so I picked it up off of Safari.  In just a couple pages, I realized that I was reading the answers to several questions directly out of the book.  It was amazing.  I only studied my weak points and wound up with 144 more points than I did last time.  I can’t say that was entirely because of the book, but I must say it was a big reason.

As always, corrections are requested.

Study Questions

• I’ve got IGRP and EIGRP both configured with the same AS number.  What’s special about this configuration?

If both use the same AS number, then they automatically redistribute their routes into each other without using the redistribute command.

• When redistributing one IGP into another, where’s a good place to filter routes?

There’s no one good place, but at the router(s) that’s doing the redistribution is a good start.  There’s no need to send an IGP a bunch of routes it doesn’t need.

Corrections, please.  I skipped a bunch of BGP intro stuff to get to the juicy center.  I’ll see if I can come back later and finish the other parts for posterity.

Study Notes

• Is BGP route selection a controversial subject?

Yes.  If you ask 1000 network guys the best way to influence BGP, you’ll probably get 1000 different answers.

• At what position in the PA list of a BGP update do you find the weight attribute?

You don’t.  Weight is a Cisco-proprietary thing.

Corrigeme, por favor.

Study Notes

• What do IPSec tunnels give you when a branch office is on a broadband connection?

Privacy through encryption Authentication of the remote peer through ISAKMP Delivery of private data over the public Internet

• What do you need to configure to get your branch router talking to the Internet?

ISP connection configuration such as PPPoE or PPPoA DHCP server configuration for internal users NAT Firewall services like inspection and filtering

Study Questions

• Your boss says that ever host in the network needs to be converted over to IPv6 by the end of the day.  Which of multipoint tunnels, point-to-point tunnels, or native IPv6 would be the most appropriate to use to help with that conversion?

Native IPv6

• The engineering department wants to permanently use IPv6 on their test boxes in two offices.  Which of multipoint tunnels, point-to-point tunnels, or native IPv6 would be the most appropriate to use?

Point-to-point tunnels

Study Questions

• Why would anyone develop a version of RIP that supports IPv6?

I have no idea.  Boredom, maybe.  Whatever the case, it works just like RIPv2, which is pretty scary.

• In EIGRP for IPv4, there are several requirements for two routers to neighbor up.  Which of those is not true for EIGRP for IPv6?

The two routers don’t need to be in the same subnet.  The concept of the link local address takes care of that need since neighbors always share a common medium like an Ethernet segment or a serial link.

Study Notes

• Exactly how big is an IPv6 address?

It’s 128 bits long.

• This shouldn’t be on the test, but how many unique addresses is that?

That’s 2^128 or a “3” with 38 zeros after it.  That’s also 2^95 addresses for each person on earth.

• Surely we’re not writing in binary, are we?

No way.  IPv6 uses 32 hex characters.  Each character is 4 bits, so we wind up with 128 bits of data.

Feel free to correct.

Study Questions

• What’s the most primitive way to get traffic destined to a single host to use a different path than your dynamic IGP dictates?

Use a static route.

• What’s the most primitive way to get traffic sourced from a single host to use a different path than your dynamic IGP dictates?

Use policy-based routing (PBR).

• What’s the most primitive way to get traffic sourced from a single host and destined for another host to use a different path than your dynamic IGP dictates?

Use PBR.

As always, feel free to correct.

Study Notes

• When a router redistributes from one routing protocol to another, where does the router get the list of routes to redistribute?

From the routing table.  Only IGP A’s routes (not topology or successors) are redistributed into IGP B’s domain.

• What are two methods of filtering redistributed routes?

Use a route-map in the redistribute line or a distribute-list.

• Of the two methods for filtering, which one has more options?

The route-map method has more options.  You can match on all sorts of stuff, including an ACL or interface, and filter based on that.

As always, feel free to correct.

Study Questions

• When you redistribute OSPF into EIGRP, what are you really redistributing?

Routes knows via OSPF Networks of OSPF-enabled interfaces

• What’s the default cost of an EIGRP route redistributed into OSPF?

20

• What’s the default metric of an OSPF route redistributed into EIGRP?

There is none since EIGRP has all those nifty k-values that have to be processed.  Routes actually won’t redistribute without them.

Feel free to correct.  I feel like I’m missing a big piece here, so please fill in a gap if you see one.  Thanks.  :)

Study Questions

• How many area 0s (zero) can you have in an OSPF implementation

Just one.

• If my company merges with another company, and we’re both running OSPF, how can we get our networks routing together properly?

The easiest thing to do is to connect your two area 0s together through some physical link.  If you can, you can use virtual links to connect an ABR to another ABR to extend the zones together.

Feel free to correct all this stuff.  Additions are also welcome.

Study Questions

• How do I keep an area route from reaching a router in that area?

You don’t.  That defeats the whole purpose of having the topology database on every router.  If you filtered one route from a router, there’s no way that SPF could calculate routes correctly.

• Fine, then.  Where do I filter routes?

You filter routes on an ABR or ASBR.  Since routers only have the whole topology for their area, it’s safe to filter routes from another area or from a redistributed routing protocol.  On a more technical note, you’re filtering type-3 LSAs on an ABR and type-5 LSAs on an ASBR.

Corrections welcome.

Study Questions

• Why would you ever want to summarize routes?

Summarizing routes minimizes the routes advertised to the network.  For example, instead of advertising 192.168.0.0/24, 192.168.1.0/24…192.168.n.0/24, a router can advertise a single route to 192.168.0.0/16.  Keeping routing tables small saves hardware resources, minimizes convergence times, helps avoid route flapping, and makes the routing table easier to read for humans.

• When will an EIGRP router auto-summarize a route?

If a router has interfaces that that are in different classes of network (Class A, B, C), then that router will auto-summarize those routes up to the classful boundary.  For example, if you have a 10.0.0.1/24 and a 192.168.100.1/30, the router will advertise 10.0.0.0/8 and 192.168.100.0/24.

Or neighborships, as they call it in the book.  What a terrible word.

Study Questions

• What settings must match between two routers in order to become EIGRP neighbors?

Both routers must be in the same primary subnet Both routers must be configured to use the same k-values Both routers must in the same AS Both routers must have the same authentication configuration (within reason) The interfaces facing each other must not be passive

Study Questions

• How do you keep EIGRP from killing your WAN?

You can use the ip bandwidth-percent eigrp AS X command to limit the amount of bandwidth that EIGRP uses to update neighbors.

• How does EIGRP calculate how much bandwidth it can use for each frame relay PVC?

By default, EIGRP takes 50% of the (sub)interface’s configured bandwidth (with the bandwidth command) to use for updates on NBMA (non-broadcast mutliaccess) networks like frame relay.  This value is divided equally among all the PVC configured on that interface.

Last time, we talked about a nifty little lab I set up for redistribution and how the OSPF ASBRs acted a little differently than I expected.  This time, let’s look at how changing external OSPF routes to a metric-type of 1 (E1) affects the routing tables.

Here’s the network again.

The static routes are being redistributed into their respective IGPs, and EIGRP is being redistributed into OSPF.  Let’s look at the routing table on R1.

I did my standard 2ish-hour drive to the closest testing center today to take the SWTCH test (642-813).  Utter failure.  That’s 3 for those scoring at home.

The test was the absolute worst I’ve ever taken.  I know that I complain a lot, but this is totally justified in my eyes.  My 4th grade spelling tests were better than this.  I’ve seen kindergarten plays with better production value.

First of all, it was poorly written.  Whoever wrote those questions has a few pieces of information about English sentence structure missing from their skill set.  A sentence needs a verb, right?  Well, a lot of the sentences were missing those.  It’s kind of important to know what the whole point of the sentence is, or is that too much to ask?  The “drag this over here” exercise questions all started with the same 13-word phrase that left the question so long that it was unreadable.  A couple of commas would have been nice in some.  Others I just had to infer from the answers what they were trying to ask.

I’ve got a few switches daisy chained together with single links and have enabled UplinkFast on them.  This switch is not the root bridge; F0/24 is the root port and F0/23 is a blocked alternate port. I’ve got debug spanning-tree uplinkfast on to help out.

SW3#sh span | incl 0/2[34]
Fa0/23           Altn BLK 3019      128.23   P2p
Fa0/24           Root FWD 3019      128.24   P2p

Now let’s unplug F0/24 and see what happens.

Here’s an STP exercise for you.  Given the bridge priorities, MAC addresses, and interface types in the diagram, calculate the root bridge, root ports, designated ports, and blocked ports.  You can click on the image to enlarge it.  I’ll post a solution in the next few days.  As always, feel free to comment and ridicule my utter idiocy.  Be gentle, though; I don’t usually post exercises like this.

Send any configuration BPDUs questions my way.

Two down, two to go.  After much groaning and moaning, I’ve finally passed my ONT test.  The path to this point has been full of road blocks and covered in potholes, but I finally managed to power through it.  Thank $deity.

If you remember, I’ve had quite a time with finding a testing center that’s convenient (or open for that matter), so I took the test at yet another center to see what they offer.  The facility was great; it was very quiet and clean, and the people were wonderfully friendly, which is a new concept to me.  Usually, the people don’t care about testers, but, being a center for inmates at state prisons (yes, prisoners), they do nothing but vocational and professional testing there.  That’s a lot better than the facilities who give their own students priority or who make money on training instead of testing.  The center is just over 2 hours away, but I think this place may be the best so far.  I’ll have to see what the future holds, though.

I’m still working on the ONT test and doing labs, so I marked up a lab for me to work.  I’m using the same setup as I did last time.  The two routers are 3640s running 12.4(25b).

Part of the lab was to identify HTTP traffic coming into F0/0 and mark it as CS3.  That’s pretty easy, right?  Of course, the lab I made up was a little more complicated, but the point comes clear with a simpler example.

I failed the ONT test today.  It was an utter lack of subject matter knowledge that did me in from the beginning.  When the first three questions mention things that I’ve never even heard, it’s going to be a long test.  I’ll take blame on it for sure, but the test was a lot darker than I imagined it would be.

I heard from a couple people that the ONT test was the easiest of the 4 CCNP test.  I must say today’s test was a LOT harder than the ISCW test I took back in December.  Most of the questions were fair, but there were a few that were down-right evil or unanswerable.  Without giving too much away, there were some matching questions that had multiple items with multiple answers, rendering the answer to a guess.  I even ran into a CLI question about the WLC, which surely wasn’t mentioned anywhere I studied, and I don’t have a spare sitting around on which to test.  The icing, though, was the number of questions about FRTS; I know I need to understand it, but the magical question dice landed on that topic way too many times in my opinion.

Elements of Cisco Unified Wireless Network

• Client devices - Cisco compatible extensions on WLAN clients
• Mobility platform - allows configuration of LWAPs through WLCs
• Network unification - integration into the rest of the network with WLCs doing RF management, IPS, etc.
• World-class network management - centralized management through WCS
• Unified advanced services - supports advanced technologies and threat detection

WLAN Implementation

Autonomous and LWAP

Category	Autonomous	LWAP
Access Point	Autonomous APs	LWAPs
Control	Individual configurations	Configuration through WLCs
Dependency	Independent operations	Dependent on WLC
Management	CiscoWorks WLSE and WDS	WCS
Redundancy	Through APs	Through WLCs

Wireless LAN Services Engine (WLSE)

• Traditional WLAN weaknesses
  • SSID for security
  • Vulnerable to rogue APs
  • MAC filtering for security
  • WEP
• WEP weaknesses
  • Disribution of static keys is not scalable
  • WEP keys can be cracked easily
  • Vulnerable to dictionary attacks
  • No protection against rogue APs
• Benefits of 802.1x
  • Centralized authentication through Radius via AAA
  • Mutual authentication between client and auth server
  • Can use multiple encryption algorithms (AES, WPA, TKIP, WEP)
  • Automatic dynamic WEP keys
  • Roaming
• Requirements of 802.1x
  • EAP-capable client (supplicant)
  • 802.1x-capable AP (authenticator)
  • EAP-capable auth server

Table 1. Characteristics of the EAP variants

Here are some more notes from my studies.  Of course, no one cares about them but me, but it’s my blog.  I’m sure someone will find it useful.  Please help to correct dumbass mistakes.

• Congestion

  • Speed mismatch - traffic leaves a lower-bandwidth interface than the one it came in on
  • Aggregation problem - lots of links with one egress of equal bandwidth
  • Confluence problem - a bunch of traffic needs to egress out of the same interface

• Queuing

Here’s another set of notes from my ONT studies.  I’m sure someone will find it useful.  Please help to correct dumbass mistakes.

• Classification is done with traffic desriptors

  • Ingress interface
  • CoS value on ISL or 802.1P frames
  • Source/destination IP address
  • IP Precedence or DSCP value
  • MPLS EXP
  • Application type

• Layer 3 QoS

  • Type of Service (ToS) is 8-bit field.
  • First 3 bits of ToS are the IP precedence.
  • First 6 bits of ToS are the DSCP value.
  • Last 2 bits of ToS are explicit congestion notification (ECN).

• Layer 2 QoS

I’ll try to keep it a little shorter this time.

Major issues for converged enterprise networks

• Available bandwidth: competition among applications
  • Fixes
    • Increase bandwidth: More power!
    • Properly queue based on classification and marking: QoS
    • Compress: cRTP, TCP header compression, etc.
• Delay: Lead time to get a packet to the destination
  • Types of delay
    • Processing delay: routing, switch delay
    • Queuing delay: how long a frame stays in an output queue
    • Serialization delay:  how long to put the frame on the wire
    • Propagation delay: the time to cross the physical medium
• Jitter (delay variation): Variation is the delay
  • Different delays mean different arrival times
  • De-jitter buffers save up packets to reduce jitter (like the old CD writers)
  • Fixes
    • More bandwidth
    • Prioritize sensitive data and forward first
    • Remark (reclassify) packets based on sensitivity
    • Enable L2 payload compression: make sure compression delay isn’t worse than the jitter
    • Use header compression
• Packet loss: Packets are lost in the network somewhere
  • Fixes
    • More bandwidth
    • Increase buffers space: more room for the queue on the interface
    • Provide guaranteed bandwidth: Queuing and QoS
    • Congestion avoidance
      • Random Early Detection (RED) and weighted RED (WRED) drop packets before the queue is full
      • Selective dropping is better than FIFO or LIFO dropping

QoS History

Here are some of the notes I’ve been taking while reading over the ONT book. I hope it benefits somebody.  Feel free to correct any stupid mistakes as a paraphrase to avoid a lawsuit.

There’s way too much info here.  I’ll refine the process a little better for the next topics.

Benefits of Packet Telephony Networks

• More efficient use of bandwidth and equipment - Packet telephony networks don’t dedicate channels or a static bandwidth to a call; it’s just another network application.
• Consolidate network expense - The common infrastructure (IP-based networks) keeps you from having to support another distinct network for voice like in traditional PBX implementations.
• Improved employee productivity - The phone can be used for more than just phone calls by utilizing the XML interface to run applications or provide content from the network.
• Access to new communications devices - IP phones can communicate with computers, network gear, PDAs, etc., and not just the PBX.

Packet Telephony Components

I took and passed the ISCW test today.  I was super-nervous going into it, which is weird for me, but I finally calmed down after the first few questions.  Here’s my take.  I don’t want to get into any trouble so I’m not going to include very much detail.

The testing center wasn’t very good at all.  It’s in an old building on the busiest road in town, and the noise from the street was barely dampened by the 1960s building materials.  I can tell you that there are three different pipes in the walls since their vibrations resonated through the room every time somebody flushed or brewed some coffee.  There was also a little foot traffic, which can be expected anywhere; they were working through some software problems on another testing station and were very respectful, so it wasn’t too bad.  The worst part of the whole ordeal, though, was the Microsoft class I sat through while taking the test.  They were across the hall, but it sounded like they were in the room with me.  Usually, you hear the instructor yelling at the top of his lungs so the whole class can hear, but I could hear questions being asked and papers being moved.  I think I can go pass a test of AD replication, though.  I certainly won’t be using that facility for any more tests.

I’m at training for the ISCW test this week, and this topic came up yesterday.  Since it came up last week at the office, I figure it was a sign from $deity that it was time for a blog entry.

An admin in another business unit was trying to set up command access for some of his techs.  He was going through a couple of routers and assigning commands to privilege levels so that his techs could access them.  He was having a boat load of problems, though, and couldn’t get it to work

EtherChannel lets you aggregate links into one logical connection, but the distribution of traffic is not uniform.  It does not use per-packet load-balancing or the like to determine what interface in the bundle to use.  Instead, it uses a XOR function on packet information to generate a hash that is used to determine what interface to use.

By default, the switch will use both the source and destination IP addresses to generate the hash, but there are lots of others.

I’ve decided to take on the CCNP certification, so I’m going to wind up with a few posts will be more my own notes than anything.  :)

A switch port on a 2960 comes up with a default configuration on VLAN 1.  What happens from the perspective of spanning-tree?

• First, the port comes up on blocking mode.  This is to make sure that loops aren’t created without first listening to the network to see what’s going on.
• Next, if the port may be a root or designated port, the port is moved to the listening state.  In this state, the port can send and receives BPDUs only.  It can’t send traffic, but it can discover the other switches participating in STP.
• After the forwarding delay, the port goes into the learning state.   In this state, the port can send and receive BPDUs as in listening, but it can now receive traffic.  It can’t yet send any.
• After the forwarding delay again, the port goes into the forwarding state.  The port can now send and receive data.

If the port is configured with spanning-tree portfast, the mode goes from blocking directly to forwarding without going through these steps.  Obviously you don’t want a switch plugged into a port configured for portfast since you may wind up with a loop.

I got my CCNP certification library the other day to finally get myself another cert, so I’ve been doing some reading of late. The thing I hate about certs is that, even if you have all the experience in the world, there’s always a whole mess of academic stuff that no one really knows or cares about. One of those things is the Cisco Network Hierarchical Model. This model is purely academic and comes with the caveat that you may or may not want to need to use this model in your situation. In other words, here’s what we recommend, but do what you want to make your network run properly.