Blog

CCNP Route 300-101 – ICMP Unreachable and Redirects

by Samuel Mitchell, posted in Cisco, Routing & Switching

ICMP Destination Unreachable

The ICMP Destination Unreachable is a Type 3 message which is generated by the router to reflect device status being accessed.

ICMP Unreachable Type Code

0  – Network is unreachable

1 – Host is unreachable (telnet to unknown ip address on an existing interface)

2 – Protocol unreachable

3 – Port unreachable (use cisco trace route probe 1)

4 – Fragmentation need but DF set

5 – Source Routing

6 – 8 – unknown errors

9, 10, 13 – Admin Prohibited (telnet an interface with access-list filtering connection)

11, 12,14,15 – QoS, ToS, Precedence

ICMP Redirect

ICMP Redirect is a Type 5 message which routers use to advise source device of a better path.

ICMP Redirect Type Code:

  • 0 – Network
  • 1 – Host
  • 2 – Service & Network
  • 3 – Service & Host

I am covering these topics in my study preparation for CCNP and I will update this article as I go along.

CCNP Route 300-101 – RIPng

by Samuel Mitchell, posted in Cisco, Routing & Switching

RIPng (RIP next generation) is the routing protocol RIP version for IPv6.

  • Default hello messages timer: 30 seconds
  • Default dead timer: 180 seconds
  • Multicast address: FF02::9
  • Communication Protocol: UDP 521
  • Administrative distance of 120
  • RIP name is not required to be the same with the neighbors.

Configure RIPng on a Router:

  1. Enable IPv6 routing in the global mode

ipv6 unicast-routing

2. Configure RIPng

IPv6 router rip [NAME]

3. Configure interface for IPv6

ipv6 address X:X:X:X::/64 [eui-64]

or

ipv6 enable 

4. Configure interface for RIPng

ipv6 rip [NAME[ enable

output for command: show ipv6 route rip

IPv6 Routing Table – 6 entries
Codes: C – Connected, L – Local, S – Static, R – RIP, B – BGP
U – Per-user Static route, M – MIPv6
I1 – ISIS L1, I2 – ISIS L2, IA – ISIS interarea, IS – ISIS summary
O – OSPF intra, OI – OSPF inter, OE1 – OSPF ext 1, OE2 – OSPF ext 2
ON1 – OSPF NSSA ext 1, ON2 – OSPF NSSA ext 2
D – EIGRP, EX – EIGRP external
R 2222::/64 [120/2]
via FE80::C202:46FF:FED7:0, FastEthernet0/0

output for command: show ipv6 rip

RIP process “WAN”, port 521, multicast-group FF02::9, pid 218
Administrative distance is 120. Maximum paths is 16
Updates every 30 seconds, expire after 180
Holddown lasts 0 seconds, garbage collect after 120
Split horizon is on; poison reverse is off
Default routes are not generated
Periodic updates 207, trigger updates 7
Interfaces:
FastEthernet0/1
FastEthernet0/0
Redistribution:
None

output for command: show ipv6 protocol 

IPv6 Routing Protocol is “rip WAN”
Interfaces:
FastEthernet0/1
FastEthernet0/0
Redistribution:
None

output for command: show ipv6 rip next-hops

RIP process “WAN”, Next Hops
FE80::C202:46FF:FED7:0/FastEthernet0/0 [2 paths]

This article will be updated as I go along.

CCNP Route 300-101 – Unicast Reverse Path Forwarding (uRPF)

by Samuel Mitchell, posted in Cisco, Routing & Switching

Unicast Reverse Path Forwarding (uRPF) is a feature that allows the router to block unknown source IP address or spoofed IP address on an incoming interface. uRPF uses Cisco Express Forwarding (CEF) FIB to perform its function which means only CEF capable devices are supported.

uRPF has two modes:

  • Strict mode – uRPF only check source ip address of packets on configured interface.
  • Loose mode – uRPF check source ip address of packets on any interface. This mode is preferred for networks that has multiple up-links or interface.

Strict mode configuration

R1(config-if)# ip verify unicast source reachable-via rx [access-list]

The RX parameter determines the strict mode in the command

Loose mode configuration

R1(config-if)# ip verify unicast source reachable-via any [access-list]

The Any parameter determines the loose mode in the command

uRPF verification

You can verify the blocking of spoofed ip address by using the following command:

show ip interface [interface #] | section IP verify

The verification drops shows the number of drop spoofed source packets on the interface as seen in the image below.uRPF

R2 spoofed IP address 1.2.2.2 is trying to reach destination ip address 3.3.3.3 but it is blocked by R1 using uRPF. You can see R1 show command displays 5 verification drops.

You can also create an access-list to log any deny packets and assigned it to the uRPF using the following command:

! Create Extended Access-list

R1(config)# access-list 100 deny ip any any log

! Under the interface assigned access-list to the uRPF

R1(config-if)# ip verify unicast source reachable-via rx 100

for the same example of R1, the uRPF packet drop will be shown by the access list 100 log as seen below:

uRPF_accesslist-log

I hope this article helps to understand the use uRPF. 

CCNP Route 300-101 – Cisco Express Forwarding (CEF)

by Samuel Mitchell, posted in Cisco, Routing & Switching

The Cisco Express Forwarding (CEF) is a Topology-Based switching technology. It is enabled by default on most cisco router and layer 3 switches.

device(config)# ip cef

The CEF is made up of two tables:

  • Forwarding Information Base (FIB)
  • Adjacency table

Forwarding Information Base (FIB) table – maintains next-hop Layer 3 address information based on the information in the IP routing table. CEF use the FIB to make IP destination prefix-based switching decisions. The command to show FIB below:

show ip cef

Adjacency Table – maintains Layer 2 next-hop addresses for all FIB entries. If the information is not available, ARP is used to discover this information. The command to show adjacency table below:

show adjacency

Type of Adjacency That requires Special Handling

  • Null – Packets destined for a Null0 interface
  • Glean – used for directly connected routes. Tells router to check ARP table
  • Punt – used for packets that cant be forwarded by CEF. it is sent to next level switching method
  • Discard – packets discarded by access-list or other policy
  • Drop – packets cant forward because of encapsulation error or unsupported protocol.

CEF can be enabled in one of two modes:

  • Central CEF mode – When CEF mode is enabled, the CEF FIB and adjacency tables reside on the route processor, and the route processor performs the express forwarding. You can use CEF mode when line cards are not available for CEF switching, or when you need to use features not compatible with distributed CEF switching.
  • Distributed CEF (dCEF) mode – When dCEF is enabled, line cards maintain identical copies of the FIB and adjacency tables. The line cards can perform the express forwarding by themselves, relieving the main processor – Gigabit Route Processor (GRP) – of involvement in the switching operation. This is the only switching method available on the Cisco 12000 Series Router.

Packets that CEF cannot handle:

  • IP Header Option
  • Expiring TTL
  • Tunnel interface
  • Exceed MTU
  • IGMP Redirect

 

Reference:

https://www.cisco.com/c/en/us/support/docs/routers/12000-series-routers/47321-ciscoef.html#cef-ops

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipswitch_cef/configuration/15-mt/isw-cef-15-mt-book/isw-cef-overview.html?referring_site=RE&pos=1&page=https://www.cisco.com/c/en/us/support/docs/routers/12000-series-routers/47321-ciscoef.html#GUID-993D4B0C-C032-420D-8304-F56AAB1CECC6

 

VMware VCP 6.7-DCV – Objective 1.10 – Describe virtual machine (VM) file structure

by Samuel Mitchell, posted in VMware

The following notes will assist you to prepare for this objective:

  • You need to know the files that make up a VM and what they do
    • VMX, VMDK, VSWP, VMSD, VMSN, etc
  • You need to know their behaviour
    • What gets created if missing?
    • What is naming convention of files?
    • What is the snapshot naming behaviour?
    • Any differences between VMFS5 and VMFS6?
    • How do resources reservation affects files?
  • You should also be familiar with virtual disk types
  • Try in your home lab to create VMs with
    • Thin provisioned disk
    • Thick provisioned disk
    • Eager zero thick provisioned disk
    • Could you convert from one disk type to another? How exactly?
  • Get to a vSphere host command line and look at what gets created
    • Nothin like doing to lock this into your memory!

Reference: vSphere ESXi vCenter-Server 67 Virtual Machine Admin Guide pdf

VMware VCP 6.7-DCV – Objective 1.6 – Describe and differentiate among vSphere, HA, DRS, and SDRS functionality

by Samuel Mitchell, posted in VMware

The following notes will assist you to prepare for this objective:

  • HA has come a long way, don’t rely on legacy knowledge of HA to meet objective
  • Learn the newer features, pre-reqs and limitations of:
    • Proactive HA
    • Orchestrated Restart
    • Fault Tolerance (FT) vSMP
  • HA can’t work around everything
    • For example datastore connectivity loss or unable to satisfy reservation
  • Ensure you can explain the basic modes of DRS
    • Disable, Manual, Partial, Full Automated, per-VM
  • DRS has come a long way
    • Predictive DRS
    • Limitations of vMotion have been overcome
  • What are the vMotion pre-reqs?
    • CPU compatibility
    • Network configuration
    • Compatible virtual hardware
  • What virtual hardware options can and cannot be migrated with DRS?
  • SDRS often gets overlooked
    • Remember it has 2 dimensions to optimization
      • Space utilization & I/O latency
      • What are you being asked in the question?

Reference: 

vSphere Availability Guide pdf

vSphere Resource Guide pdf

Brian Graf Blog – https://www.brianjgraf.com/2016/10/17/vsphere-6-5-vsphere-ha-whats-new-part-3-orchestrated-restart/

VMware VCP 6.7-DCV – Objective 1.5 – Manage vCenter inventory efficiently

by Samuel Mitchell, posted in VMware

The following notes will assist you to prepare for this objective:

  • What is efficient?
    • Think about vCenter inventory hierarchy and its organization
    • Parents/children/siblings
  • What constructs do you have available to you to organize objects?
    • Datacenter object
    • Cluster object
    • Folder object
    • Resource pool
    • vApp
  • Be aware of dependency
    • Can you create a cluster before a datacenter?
    • Can you put a datacenter in a folder?
    • Try these simple operations in your test lab
  • Are there any constraints on inventory object creation?
    • Resource pools and vApps have scope
  • Can you scale beyond a vCenter?

Reference:

vCenter Server and Host Management Guide pdf – chapter 8 – Organizing the inventory

VMware VCP 6.7-DCV – Objective 1.4 – Differentiate between NIOC and SIOC

by Samuel Mitchell, posted in VMware

The following notes will assist you to prepare for this objective:

  • This objective is about managing noisy neighbors!
    • NIOC for network & SIOC for storage
  • You need to demonstrate understanding of
    • What dimensions you can control and applied-to
    • Limitations of service
    • Pre-reqs for implementation
  • Foundation knowledge of proportional share allocation is expected
    • What does low, medium & high mean?
    • What happens when you use numbers instead of labels?
    • How does the power on of another VM affect share allocation?

Reference:

vSphere Resource Management Guide pdf – Chapter 9-Managing Storage I/o Resources

vSphere Networking Guide pdf – Chapter 11 – vSphere Network I/O Control

VMware VCP 6.7-DCV – Objective 1.3 – Describe storage types for vSphere

by Samuel Mitchell, posted in VMware

The following notes will assist you to prepare for this objective:

  • Ensure you are clear on the differences between
    • Block (LUN/vVOL)
    • File access
    • vSAN
  • Read storage questions slowly and carefully
    • Are you being asked about VMs and their virtual hard disks?
    • Are you being asked about what storage vSphere can address?
  • VMware loves acronyms
    • For this objective, you need to learn lots of them
  • For example
    • Can you differentiate SIOC from VAIO?
    • Do you know if RDM is possible with NFS?
    • Happy with VASA providers?

Reference: vSphere 6.7 Storage Guide

VMware VCP 6.7-DCV – Objective 1.2 – Identify vCenter high availability (HA) requirements

by Samuel Mitchell, posted in VMware

The following notes will assist you to prepare for this objective:

  • Be very clear that this is vCenter availability management NOT host
  • Learn the topology of a vCenter HA deployment
    • Nodes
    • Roles of nodes
    • What can and can’t they do? Particularly witness
  • Set up vCenter HA in your lab, so much more interesting study than just reading
    • Easy to enable/disable
  • Make sure you read the vCenter HA section of the vSphere Availability Guide

Reference: vSphere 6.7 Availability Guide pdf – Chapter 4 – vCenter High Availability