Waiting for some routers to reload between Labs.  May was well put the time to good use.  Today we went all through OSPF with a fine tooth comb.  Once dissected with the comb, each strand was further splayed and examined under a microscope.  We then held a magnifying glass over the eyepiece of the microscope, then we projected it onto a wall and magnified it about a million times.

I think you get the idea.

I think I learned more about OSPF today that what I have in my 10 years of commercial/professional/telco/ISP experience.

I wanted to break things up a little so I did some IPv6 labs (mainly RIPng) over the past hour or so.  I’ll put some of my well dodgy notes from today’s OSPF lectures down, do some IPv6/OSPFv3 labs then later do some OSPFv2/IPv4 labs.

Here we go:

(this is meant to be a table - dont laugh.  Im a network guy not a web guy)

LSA Type  Advertised by?   Routing table entry    ”show ip ospf database ?”

1                    all                           O                                 router

2                     DRs                      -                                  network

3                  ABRs                       IA                               summary

4                    ABR                      -                                   asbr-sum

5                   ASBR                       E2/E1                          external

6                MOSPF                         -                                 *ignore lsa mospf

7                ASBR-NSSA                N1/N2                      nssa-external

 

I’ll just like to add that I think, even after all this time, “not so stubby area” sounds funny.

 

OSPF states - what’s happening?

Down - hellos sent, none received

INIT - received hello

2WAY  - hellos & router-ids exchanged, DR election

EXSTART - DR & BDR adjacency, DR & others master/slave

EXCHANGE - DDP packets, database exchange

LOADING - LSR/LSU/LASCK

FULL - wheeeeeeeee

 

ip ospf retransmission interval

 

If LSACK doesnt come, neighbour is considered down after dead timer expires

State can be FULL, but routes wont be inserted into routing table unless network types are ok

 

Your OSPF is stuck somewhere?

DOWN - interface down, no neighbour statement for non-broadcast

INIT - ACL blocking, corrupt DB

2WAY - DR to DROTHER

EXSTART/EXCHANGE mtu mismatch- fix mtu or ip ospf mtu-ignore

LOADING - bad LSAs coming in (why?), Hardware problem (usually RAM)

FULL - network types not matching

 

Network types:

Broadcast - Ethernet, 10/40 hello/dead, DR/BDR election. 224.0.0.5|6 multicast addresses, next hop = originating router, not advertising router.

non-broadcast - Frame-relay, 30/120, DR/BDR (needs neighbour command), next-hop originating router

point-to-multipoint (broadcast) - partial mesh Frame-relay, 30/120, no DR/BDR, 224.0.0.5 (ie no DR address, just 224.0.0.5 all OSPF address), next-hop advertising router - special O routes

point-to-multipoint non-broadcast - needs manual neighbour command and cost.  Used for non-equal bandwidth so you can influence routing:

(warning! ASCII art!)

_________1_______

|                          |

2                         3

|                          |

_________________

Say 1 has 1.5M link, 2 has 128k, 3 has 64k.

on 1:

router ospf 1

neighbor 2 cost 32

neighbor 3 cost 64

etc

 

fast neighbour down detection?

ip ospf dead-interval min hello-multiplier x

Dont run debugs when doing this… Unless you dont want to log into the router again

 

Authentication:

 

                    Area        Interface

enable      router            int

apply           int              int

 

Summarising:

R1———2———-3————-4

lets say R1 has a few loopbacks on it you wish to summarise.

if R1 is ASBR (summarising LSA type 5s and 7s)

summary-address xxx

if R2 is ABR (LSA type 1s):

area range xxxxx/yy

 

Filtering:

1——–2————-3———4(RIP)

          5

R1-R2-R5 area 1, R2-R3 area 0, R3-R4 area 2

LSA1  1) distribute-list on local router (on R5)  2) area 1 range xxxxxx not-adv (on R2)

LSA3  3) dl on local router, 4) IP prefix list (on R3)

ip prefix-list TEST seq 5 deny 1.0.0.0/8

ip prefix-list TEST seq 10 permit 0/0 le 32

area 2 filter-list prefix-list TEST in

 

LSA5 or 7  5) DL on each router, 6) distribute-list out on R4 (ONLY TIME outbound), 7) summary-address x.x.x.x not-adv on ASBR R4

 

DB filtering:

if# ip ospf database-filter all out  -> blocks all outbound LSAs

router# neighbor X database-filter all out  -> must be point-to-multipoint

 

Cost:

reference/BW = cost   default ref=100

if changing, change on all routers

router# auto-cost reference-bandwidth xxx

you might need to configure all routers so that 10M Ethernet links have a cost of 85 etc

 

DB overload protection:

out: redist maximum-prefix xxx warn%

in: max-lsa xxx warn etc

I cant sleep.  What a fantastic opportunity!  I can do more labs!

I’ll do the rest of the frame-relay labs now.  If I have time left before class (we are doing OSPF and EIGRP today) I might see if I can squeeze in RIPv2 and/or IPv6 before Narbik beats us about the head with LSA floods and Not So Stubby Areas and the like.

Geeze… What a long day.  Apparently the easiest one of the whole course.  Spent the whole morning doing basic L2/Switching stuff, and then later (probably around 8pm) moving onto Frame Relay.  We just walked out of the classroom, and it is now 9:15pm.  I want to go through the rest of my L2 stuff (L2 QOS and Frame-relay) after a shower.  I picked up heaps today.  Most of the stuff I already know, but I split hairs and went extremely pedantic to convey the dodgy rough notes follow:

IP Source guard needs to have DHCP Snooping and port-security configured first

MAC ACL - Decnet reference is always Decnet phase IV, can only be applied inbound

Switchport protect wont let ports in the same vlan talk to each other, can talk to unprotected ports. 

Switchport Block stops unknown unicasts and multicasts, what defines “unknown” is if there is a MAC entry in the CAM table or not.

Private VLANs : Primary needs to be promiscuous, default gateway needs to be here.  You need to configure the mapping AND the host-association for it to work.  Isolated cant talk to each other, can to talk to promiscuous.  Community - can talk to others in same community and to promiscuous.  The switches need to be VTP transparent for PVLANs to work.

SRR queue - (before today I wanted all this to be in the “Far Queue”.  Say it out loud and you will understand.  Sharing = “real” shaping.  Shaping = “real” policing - WTF??  QOS map is easy.  Once you know the threshold and queue just keep adding to it.  One line can map 8 DSCP values.

Remember to turn mls qos on or it wont work.

PPP over FR - just remember make virtual-template, then apple VT to DLCI with frame-relay interface-dlci xxx ppp virtual-template y

 

Shower time…. Then Ill come back and do the rest of the Switching and Frame-relay labs.

OK Here I am.  Narbik is telling us what we are in for…  He expects us to work until 1am each morning and will give us his mobile number so we can call if we have any issues.

 

Day1

Switching

Frame Relay 60-70 pages of labs

Day 2

OSPF 

EIGRP

RIPv2 (maybe)

Day 3

BGP - 200 pages of labs

(He just told us he expects us to get 100% in the lab exam for the above topics)

RIP v2 (maybe)

Day 4

RIP v2 (if not already done)

Multicast

Day 5

QOS - 150 pages of labs

IPv6 - 150 pages of labs (includes RIPng, OSPFv3, IPv4 conversion/translation and tunneling)

NAT

IP Services (DHCP, NTP etc)

GRE

Security

Prefix-lists

Day 6

Mock labs, recaps, messing around

BEER

 

 

 

Nooooo… I’m not sitting the lab just yet.  I am attending Narbik’s bootcamp from Micronics training.  Anyone else going?  Leave a comment and we will see if we can catch up.

My plan to use the IE CoDs to recap stuff I missed before was a prudent one. Make sure you BUY THESE! Top stuff and I’m glad I got them. I didnt miss much when going through Narbik’s book and when I did the super lab at the end I worked out I would have got 87 points* (by own calculations). The IE CoDs are great and are a worthwhile investment.  The online ones are good because they get updated for you.

*I think the “Super Lab” included in Soup-to Nuts isnt that hard.  The book appears to get you ready for the next step, not ready for the real lab.

I finished Narbik’s book today. Pretty happy with that I might add. Certainly picked up a few gotchyas on the way through there. I just hope I remember them all for the upcoming months. Tomorrow I will go over the things I had trouble with on the InternetworkExpert CoD. Then I will repeat those sections of soup-to-nuts again and see if I do better.

One thing that has an incredibly high suck factor is the fact IPv6 does NOT WORK over frame-relay on my lab setup.  I tried various methods of configuring (point-to-point, multipoint, frame maps) and nothing.  I’m not that fussed though…  I went through the answers thinking “I would type this line here” and there they were were I wanted them.  A few things were different but thats all good.  I havent done enough testing to see if it is a problem with the IOS I am using or if it is something else.  My guess is IOS rather than being a dynamips/GNS3 problem because the frame mappings work fine with IPv4, as well as running IP across the links.  So Im saying IPv6 IOS bug…

Im going to be generous once again and include the startup-configs I rewrote to work on my dynamips setup.  I improved the configs as I went through the lab so some of them might not be a straight copy and paste, also some labs I did not edit as they had the same initial config as a previous lab.  You will find these here and there.  So if these things save you about 15-30 mins on the start of 90% of the labs I am sure you wont be complaining to me too much

initial-configs

Now to open a bottle of some fine Barossa Valley Shiraz.  mmmm

Right now I am working on the IP Services section of the Soup-to-Nuts book.

When you think about it… Any day on the job says, “go and configure xxx” “set the network up to yyy” or you might think, “something would work better if I did zzz” Normally you go away for a couple of hours and come back and its done and everyone is happy… You normally get it right too.

You might even get presented something you havent seen before. I just finished the lab on DRP in the IP Services section of Narbik’s book. I have never seen DRP before. All you need to do is press the ? key a few times and the answer is in front of you. Check the answer guide and all the work I did was right.

I think we can carry this on to how a medical professional would work.. A doctor could patch someones bleeding up. A doctor could reset a broken arm. A (specialist) doctor can perform open heart surgery.  Just like a specialist network professional can configure OSPF, tweak BGP peerings and halt a nasty DoS attack.

Now… Can a doctor reset a broken arm, do some nasal surgery, remove a cancerous growth and combat a cardiac arrest all at once and sort it all out within eight hours and have the patient mobile, living and otherwise fully  at the end of the operation?

CCIE is easy!  All you need is the ? key.  Who am I kidding?

Ive been studying for a while, and I have nearly finished Narbik’s Soup-to-Nuts workbook. When I finish it, I will go over the Internetwork Expert CoDs for a few topics I missed then repeat those sections in the book.

I missed a few things on:
OSPF
BGP*
Multicast
Dynamic and Reflexive ACLs

I’m pretty happy with it so far

* I am pretty comfortable with BGP… Been working in ISPs/Hosting etc for a while. It’s mainly regexp that gets me.. sometimes I would use ^xxx when the solution requires _xxx or .xxx etc

This is my first post of my under construction CCIE blog. Speaking to Arden convinced me to start so here I go.

I am studying for my CCIE (Routing and Switching) at the moment. The materials I am using are:

InternetworkExpert Workbooks and Class on Demand. The CoDs are FANTASTIC and are a requirement if you wish to pursue your CCIE.
Narbik’s Soup-to-Nuts book
Micronics bootcamp - May 2008 in Sydney
Dynamips PC - 4 GB RAM, Ubuntu 7.10, GNS3

Feel free to post comments!