ယခင္အပိုင္းမွာ IOS Image ႏွင့္ Configuration File ေတြကို hidden (secure) လုပ္ၿပီးခဲ့ပါၿပီ…
ယခုအပိုင္းမွာ restoration ကိုေျပာပါမယ္… Configuration File ကေနစပါမယ္…
Configuration File ကို မေတာ္တဆ ဖ်က္မိၿပီဆိုပါစို႔… device က reload ျဖစ္တဲ့အခါ default configuration file ႏွင့္သာ boot တက္လာပါတယ္… resilent feature ကိုလည္း disable အေနနဲ႔ေတြရပါတယ္…
Router# erase startup-config
Erasing the nvram filesystem will remove all configuration files! Continue? [confirm]
[OK]
Erase of nvram: complete
Router# show startup-config
startup-config is not present
Router# reload
System configuration has been modified. Save? [yes/no]: n
Proceed with reload? [confirm]
...
Router> enable
Router# show secure bootset
%IOS image and configuration resilience is not active
Restoration ကိုစလုပ္ပါမယ္… first, secure လုပ္ထားတဲ့ configuration file ကို flash ေပၚကို အရင္ extract လုပ္ရပါတယ္… second, extract လုပ္ၿပီးတဲ့ configuration file ကို running configuration ႏွင့္ အစားထိုးရပါတယ္… third, အားလံုးၿပီးတဲ့အခါ save လုပ္ရန္ အေရးႀကီးပါတယ္။
Router(config)# secure boot-config restore flash:archived-config
ios resilience:configuration successfully restored as flash:archived-config
Router(config)# ^C
Router# configure replace flash:archived-config
This will apply all necessary additions and deletions
to replace the current running configuration with the
contents of the specified configuration file, which is
assumed to be a complete configuration, not a partial
configuration. Enter Y if you are sure you want to proceed. ? [no]: y
Total number of passes: 1
Rollback Done
Router# copy run start
သတိထားရမွာက resilent feature ကို update ျပန္လုပ္ေပးဖို႔လိုပါတယ္… အဲဒီအတြက္ အရင္ resilent configuration file ကိုဖ်က္ၿပီးမွ update လုပ္ရပါတယ္။
Router(config)# no secure boot-config
%IOS_RESILIENCE-5-CONFIG_RESIL_INACTIVE: Disabled secure config archival [removed
flash:.runcfg-20101017-020040.ar]
Router(config)# secure boot-config
%IOS_RESILIENCE-5-CONFIG_RESIL_ACTIVE: Successfully secured config archive
[flash:.runcfg-20101017-024745.ar]
IOS ကေတာ့ configuration file restore လုပ္တာနဲ႔မတူတာ ေတြ႔ရပါတယ္… flash ကို format လုပ္ၿပီးသည့္တိုင္ secure-image လုပ္ထားတဲ့အတြက device က normal အတိုင္ reboot တက္လာပါတယ္…
Router# format flash:
Format operation may take a while. Continue? [confirm]
Format operation will destroy all data in "flash:". Continue? [confirm]
Writing Monlib sectors...
Monlib write complete
Format: All system sectors written. OK...
Format: Total sectors in formatted partition: 250848
Format: Total bytes in formatted partition: 128434176
Format: Operation completed successfully.
Format of flash: complete
Router# dir
Directory of flash:/
No files in directory
128237568 bytes total (104640512 bytes free)
Router# reload
Proceed with reload? [confirm]
*Oct 17 02:37:37.127: %SYS-5-RELOAD: Reload requested by console. Reload Reason
: Reload Command.
System Bootstrap, Version 12.3(8r)YH8, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 2006 by cisco Systems, Inc.
C1800 platform with 131072 Kbytes of main memory with parity disabled
Upgrade ROMMON initialized
program load complete, entry point: 0x80012000, size: 0xc0c0
Initializing ATA monitor library.......
program load complete, entry point: 0x80012000, size: 0xc0c0
Initializing ATA monitor library.......
program load complete, entry point: 0x80012000, size: 0x167e724
Self decompressing the image : #################################################
################################################################################
################################################################ [OK]
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Cisco IOS Software, C181X Software (C181X-ADVIPSERVICESK9-M), Version 12.4(24)T,
RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Thu 26-Feb-09 03:22 by prod_rel_team
...
Router> enable
Password:
Router# dir
Directory of flash:/
No files in directory
128237568 bytes total (104640512 bytes free)
Router# show version
Cisco IOS Software, C181X Software (C181X-ADVIPSERVICESK9-M), Version 12.4(24)T,
RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Thu 26-Feb-09 03:22 by prod_rel_team
...
ref: http://packetlife.net
9/12/2011
Friday, 9 December 2011
Resilent Configuration on Cisco (Part-1: Securing IOS and Configuration Files)
ဒီ featureကေတာ့ Flash ေပၚမွ boot image file ကိုေသာ္လည္းေကာင္း… NVRAM ေပၚမွ startup-config file ကိုေသာ္လည္းေကာင္း… အမွတ္မထင္ ဖ်က္မိတဲ့အခါ recoverလုပ္ဖို႔ ၄င္း file ေတြကို hidden လုပ္ေပးျခင္းျဖစ္ပါတယ္။ Boot image file ႏွင့္ startup-config file မ်ားကို resilent feature enable မလုပ္ထားတဲ့ devices ေတြမွာ dir command နဲ႔ၾကည့္ႏုိင္ပါတယ္။
Router# dir flash:
Directory of flash:/
1 -rw- 23587052 Jan 9 2010 17:16:58 +00:00 c181x-advipservicesk9-mz.124-24.T.bin
2 -rw- 600 Sep 26 2010 07:28:12 +00:00 vlan.dat
128237568 bytes total (104644608 bytes free)
Router# dir nvram:
Directory of nvram:/
189 -rw- 1396 startup-config
190 ---- 24 private-config
191 -rw- 1396 underlying-config
1 -rw- 0 ifIndex-table
2 -rw- 593 IOS-Self-Sig#3401.cer
3 ---- 32 persistent-data
4 -rw- 2945 cwmp_inventory
21 -rw- 581 IOS-Self-Sig#1.cer
196600 bytes total (130616 bytes free)
ကဲ… ေအာက္ပါ command နဲ႔ resilent feature ကို enableလုပ္ပါမယ္…
Router(config)# secure boot-image // for IOS
Router(config)# secure boot-config // for configuration file
Command effectiveness ကို show secure bootset command သံုးၿပီးၾကည့္လို႔ရပါတယ္။ (bootsetဆိုတာ boot image ႏွင့္ configuration file ႏွစ္ခုကို ေပါင္းၿပီးေခၚတာျဖစ္ပါတယ္။)
Router# show secure bootset
IOS resilience router id FHK110913UQ
IOS image resilience version 12.4 activated at 02:00:30 UTC Sun Oct 17 2010
Secure archive flash:c181x-advipservicesk9-mz.124-24.T.bin type is image (elf) []
file size is 23587052 bytes, run size is 23752654 bytes
Runnable image, entry point 0x80012000, run from ram
IOS configuration resilience version 12.4 activated at 02:00:41 UTC Sun Oct 17 2010
Secure archive flash:.runcfg-20101017-020040.ar type is config
configuration archive size 1544 bytes
ေနာက္… dir command ႏွင့္ ၾကည့္ရင္လည္း မေတြ႔ရေတာ့မွာ ျဖစ္ပါတယ္…
Router# dir flash:
Directory of flash:/
2 -rw- 600 Sep 26 2010 07:28:12 +00:00 vlan.dat
128237568 bytes total (104636416 bytes free)
ref: http://packetlife.net
9/12/2011
Router# dir flash:
Directory of flash:/
1 -rw- 23587052 Jan 9 2010 17:16:58 +00:00 c181x-advipservicesk9-mz.124-24.T.bin
2 -rw- 600 Sep 26 2010 07:28:12 +00:00 vlan.dat
128237568 bytes total (104644608 bytes free)
Router# dir nvram:
Directory of nvram:/
189 -rw- 1396 startup-config
190 ---- 24 private-config
191 -rw- 1396 underlying-config
1 -rw- 0 ifIndex-table
2 -rw- 593 IOS-Self-Sig#3401.cer
3 ---- 32 persistent-data
4 -rw- 2945 cwmp_inventory
21 -rw- 581 IOS-Self-Sig#1.cer
196600 bytes total (130616 bytes free)
ကဲ… ေအာက္ပါ command နဲ႔ resilent feature ကို enableလုပ္ပါမယ္…
Router(config)# secure boot-image // for IOS
Router(config)#
%IOS_RESILIENCE-5-IMAGE_RESIL_ACTIVE: Successfully secured running imageRouter(config)# secure boot-config // for configuration file
Router(config)#
%IOS_RESILIENCE-5-CONFIG_RESIL_ACTIVE: Successfully secured config archive [flash:.runcfg-20101017-020040.ar]Command effectiveness ကို show secure bootset command သံုးၿပီးၾကည့္လို႔ရပါတယ္။ (bootsetဆိုတာ boot image ႏွင့္ configuration file ႏွစ္ခုကို ေပါင္းၿပီးေခၚတာျဖစ္ပါတယ္။)
Router# show secure bootset
IOS resilience router id FHK110913UQ
IOS image resilience version 12.4 activated at 02:00:30 UTC Sun Oct 17 2010
Secure archive flash:c181x-advipservicesk9-mz.124-24.T.bin type is image (elf) []
file size is 23587052 bytes, run size is 23752654 bytes
Runnable image, entry point 0x80012000, run from ram
IOS configuration resilience version 12.4 activated at 02:00:41 UTC Sun Oct 17 2010
Secure archive flash:.runcfg-20101017-020040.ar type is config
configuration archive size 1544 bytes
ေနာက္… dir command ႏွင့္ ၾကည့္ရင္လည္း မေတြ႔ရေတာ့မွာ ျဖစ္ပါတယ္…
Router# dir flash:
Directory of flash:/
2 -rw- 600 Sep 26 2010 07:28:12 +00:00 vlan.dat
128237568 bytes total (104636416 bytes free)
ref: http://packetlife.net
9/12/2011
Friday, 2 December 2011
Thursday, 24 November 2011
Saturday, 30 July 2011
BGP - Part1
Introduction to BGP
BGP ဆိုတာ အဓိကအားျဖင့္ Corporate အျပင္ဘက္ Cloud (the Internet) မွာအသံုးျပဳတဲ့ EGP (Exterior Gateway Protocol) category ျဖစ္ပါတယ္။ ဘာလို႔ EGP ျဖစ္လည္းဆိုေတာ့က Corporate အတြင္းမွာသံုးတဲ့ IGP (eg. RIP, EIGRP, OSPF, etc.) ေတြနွင့္မတူပဲ different Autonomous System ေတြကို Routing လုပ္ေပးနိုင္တာေၾကာင့္ျဖစ္ပါတယ္။ ေနာက္… BGP က speed ထက္စာရင္ scalability ကို prefer ျဖစ္တဲ့ protocol ပါ။ Routing protocol of the internet လို႔လည္း တင္စားေခၚဆိုၾကပါတယ္။ BGP ကို အဓိကအားျဖင့္ Redundancy (Multi-homing) နွင့္ Security အတြက္ အသံုးျပဳၾကပါတယ္။
Note***: Autonomous System = collection of networks with same routing policy + single routing protocol + under single ownership, trust, and administrative control
BGP basics
•Runs on TCP connection (port 179)
•Path-vector protocol
•Incremental updates (if there is changes)
•2 types: eBGP (external) and iBGP (internal)
•Advertises prefix/length called Network Layer Reachability Info: (NLRI)
•Emphasize on scalability
BGP database
•Neighbor database: configured လုပ္ထားတဲ့ BGP neighbor ေတြရွိပါတယ္။ see with “sh ip bgp summary”။
•BGP database (or) Routing Information Base (RIP): BGP ကေနသိတဲ့ networks ေတြကို paths, attributes တို႔နွင့္တြဲသိမ္းထားပါတယ္။
•Routing table: network တစ္ခုခ်င္းဆီသို႔ေရာက္နုိင္မယ့္ list of path information နွင့္ next hop information ေတြပါရွိပါတယ္။
BGP message type
•Open: EIGRP က Hello နွင့္တူပါတယ္… neighbor တစ္ခု configure လုပ္ၿပီးရင္ ၄င္းneighbore နွင့္ peering လုပ္ဖို႔ အဲဒီ message (containing ASN, RID, Holdtime) ကိုပို႔ပါတယ္။
•Update: peers ေတြတစ္ခုနွင့္တစ္ခုအၾကား routing information ေတြပို႔ရင္သံုးပါတယ္။ <new routes, withdraw routes, path attributes>
•Keepalive: သူလည္း EIGRP က Hello နွင့္တူပါတယ္… peering session active ျဖစ္ေစရန္ 60sec တိုင္း ၄င္း message ကိုပို႔ပါတယ္။
•Notification: route problem ျဖစ္လာရင္ ၄င္း message ကို BGP neighbor ဆီကိုပို႔ၿပီး peering session ကို terminate လုပ္ပါတယ္။
12/5/2011
BGP ဆိုတာ အဓိကအားျဖင့္ Corporate အျပင္ဘက္ Cloud (the Internet) မွာအသံုးျပဳတဲ့ EGP (Exterior Gateway Protocol) category ျဖစ္ပါတယ္။ ဘာလို႔ EGP ျဖစ္လည္းဆိုေတာ့က Corporate အတြင္းမွာသံုးတဲ့ IGP (eg. RIP, EIGRP, OSPF, etc.) ေတြနွင့္မတူပဲ different Autonomous System ေတြကို Routing လုပ္ေပးနိုင္တာေၾကာင့္ျဖစ္ပါတယ္။ ေနာက္… BGP က speed ထက္စာရင္ scalability ကို prefer ျဖစ္တဲ့ protocol ပါ။ Routing protocol of the internet လို႔လည္း တင္စားေခၚဆိုၾကပါတယ္။ BGP ကို အဓိကအားျဖင့္ Redundancy (Multi-homing) နွင့္ Security အတြက္ အသံုးျပဳၾကပါတယ္။
Note***: Autonomous System = collection of networks with same routing policy + single routing protocol + under single ownership, trust, and administrative control
BGP basics
•Runs on TCP connection (port 179)
•Path-vector protocol
•Incremental updates (if there is changes)
•2 types: eBGP (external) and iBGP (internal)
•Advertises prefix/length called Network Layer Reachability Info: (NLRI)
•Emphasize on scalability
BGP database
•Neighbor database: configured လုပ္ထားတဲ့ BGP neighbor ေတြရွိပါတယ္။ see with “sh ip bgp summary”။
•BGP database (or) Routing Information Base (RIP): BGP ကေနသိတဲ့ networks ေတြကို paths, attributes တို႔နွင့္တြဲသိမ္းထားပါတယ္။
•Routing table: network တစ္ခုခ်င္းဆီသို႔ေရာက္နုိင္မယ့္ list of path information နွင့္ next hop information ေတြပါရွိပါတယ္။
BGP message type
•Open: EIGRP က Hello နွင့္တူပါတယ္… neighbor တစ္ခု configure လုပ္ၿပီးရင္ ၄င္းneighbore နွင့္ peering လုပ္ဖို႔ အဲဒီ message (containing ASN, RID, Holdtime) ကိုပို႔ပါတယ္။
•Update: peers ေတြတစ္ခုနွင့္တစ္ခုအၾကား routing information ေတြပို႔ရင္သံုးပါတယ္။ <new routes, withdraw routes, path attributes>
•Keepalive: သူလည္း EIGRP က Hello နွင့္တူပါတယ္… peering session active ျဖစ္ေစရန္ 60sec တိုင္း ၄င္း message ကိုပို႔ပါတယ္။
•Notification: route problem ျဖစ္လာရင္ ၄င္း message ကို BGP neighbor ဆီကိုပို႔ၿပီး peering session ကို terminate လုပ္ပါတယ္။
12/5/2011
Thursday, 16 June 2011
BGP - Part7
BGP synchronization
Rule: Synchronization ‘ON’ ထားတဲ့ BGP routerက သူ learning (via BGP) လုပ္ထားတဲ့ iBGP route ေတြကို IGP တစ္ခုခု(ႏွင့္/က) (internal network မွာ) ထပ္ၿပီး learning မလုပ္မျခင္း neighboring eBGP router ဆီကို adverstise လည္းမလုပ္… ၄င္းကိုယ္တိုင္လည္းမသံုး… ၿပီးေတာ့ transit area မွာရွိတဲ့ non-BGP router ေတြကလည္း BGP traffic ေတြကို drop လုပ္ပါတယ္။ Sync ကို default အားျဖင့္ IOS version 12.2(8)T မွစၿပီး ‘OFF’ လုပ္ေပးထားပါတယ္...
ပံုအရ… R1က R4ဆီမွ iBGPႏွင့္ learning လုပ္ထားတဲ့ 200.1.(1 to 6).0 /24 ႏွင့္ 50.1.1.0 /24 network တို႔ကို neighboring eBGP router (ပံုမွာေတာ့မပါေတာ့ဘူး) ဆီကို advertise လည္းမလုပ္… ၄င္းကိုယ္တိုင္လည္းမသံုးမွာ မဟုတ္ပါ။ sh ip bgp ႏွင့္ၾကည့္ရင္ေတြ႔ရေသာ္လည္း best route (‘>’) မရွိတာကိုျမင္ရမွာျဖစ္ၿပီး sh ip route ႏွင့္ဆိုရင္ေတာ့ ၄င္း network ေတြႏွင့္ပတ္သက္တဲ့ BGP route ကိုလုံး၀ေတြ႔ရမွာမဟုတ္ပါဘူး။ Non-BGP router ေတြျဖစ္တဲ့ R3 ႏွင့္ R4 မွာလည္း 200.1.(1 to 6).0 /24 ႏွင့္ 50.1.1.0 /24 network knowledge မရွိတဲ့အတြက္ transit packet ေတြကို drop လုပ္ပါတယ္။
Solution:
In R1, R1(config)# router bgp 5500
# no synchronization
# do clear ip bgp *
In R4, R4(config)# router bgp 5500
# no synchronization
# do clear ip bgp *
Synchronization ကအဲေလာက္ပါပဲ… ဒါေပမယ့္ routing ကအဆင္ေျပမွာ မဟုတ္ေသးဘူး။ R1 မွာ အခုထိ best route (sh ip bgp) မေပၚေသးပါ… အေၾကာင္းက R1အတြက္ 200.1.(1 to 6).0 /24 ႏွင့္ 50.1.1.0 /24 ေတြကိုသြားဖို႔ next hop က R4ရဲ႕ interface မဟုတ္ပဲ R5ရဲ႕ interface (10.1.45.2) ျဖစ္ေနလို႔ပါ။ အဲတာကို next hop rule ညွိေနလို႔ျဖစ္ပါတယ္။ သူ႔မွာလည္း rule 2ခု ရွိပါတယ္…
For eBGP peers, change next hop address on advertised routes
For iBGP peers, do not change next hop address on advertised routes
အခုက second rule ေၾကာင့္ျဖစ္ပါတယ္… ဒါကိုေျဖရွင္းဖို႔ next hop setting ကို BGP configutaion ေအာက္မွာသြားျပင္ေပးရပါတယ္။
In R4, R4(config)# router bgp 5500
# neighbor 1.1.1.1 next-hop-self
# do clear ip bgp *
ref: Jeremy's CBT for CCNP Route
16/6/2011
Rule: Synchronization ‘ON’ ထားတဲ့ BGP routerက သူ learning (via BGP) လုပ္ထားတဲ့ iBGP route ေတြကို IGP တစ္ခုခု(ႏွင့္/က) (internal network မွာ) ထပ္ၿပီး learning မလုပ္မျခင္း neighboring eBGP router ဆီကို adverstise လည္းမလုပ္… ၄င္းကိုယ္တိုင္လည္းမသံုး… ၿပီးေတာ့ transit area မွာရွိတဲ့ non-BGP router ေတြကလည္း BGP traffic ေတြကို drop လုပ္ပါတယ္။ Sync ကို default အားျဖင့္ IOS version 12.2(8)T မွစၿပီး ‘OFF’ လုပ္ေပးထားပါတယ္...
In R1, R1(config)# router bgp 5500
# no synchronization
# do clear ip bgp *
In R4, R4(config)# router bgp 5500
# no synchronization
# do clear ip bgp *
Synchronization ကအဲေလာက္ပါပဲ… ဒါေပမယ့္ routing ကအဆင္ေျပမွာ မဟုတ္ေသးဘူး။ R1 မွာ အခုထိ best route (sh ip bgp) မေပၚေသးပါ… အေၾကာင္းက R1အတြက္ 200.1.(1 to 6).0 /24 ႏွင့္ 50.1.1.0 /24 ေတြကိုသြားဖို႔ next hop က R4ရဲ႕ interface မဟုတ္ပဲ R5ရဲ႕ interface (10.1.45.2) ျဖစ္ေနလို႔ပါ။ အဲတာကို next hop rule ညွိေနလို႔ျဖစ္ပါတယ္။ သူ႔မွာလည္း rule 2ခု ရွိပါတယ္…
For eBGP peers, change next hop address on advertised routes
For iBGP peers, do not change next hop address on advertised routes
အခုက second rule ေၾကာင့္ျဖစ္ပါတယ္… ဒါကိုေျဖရွင္းဖို႔ next hop setting ကို BGP configutaion ေအာက္မွာသြားျပင္ေပးရပါတယ္။
In R4, R4(config)# router bgp 5500
# neighbor 1.1.1.1 next-hop-self
# do clear ip bgp *
ref: Jeremy's CBT for CCNP Route
16/6/2011
BGP - Part6
Manual route injection
1. via Network command
2. via Redistribution
By Network command
In R2, R2(config)# router bgp 6500
# network 20.1.1.0 mask 255.255.255.0
# do s hip bgp
Network Next-hop Metric locPrf Weight Path
*> 20.1.1.0 0.0.0.0 0 0 i
Note***: 0.0.0.0 means “self-interface”
By Redistribution
*** 203.81.75.0 ႏွင့္ 203.81.76.0 network 2ခုကို ဖယ္ၿပီး redistribute လုပ္ၾကည့္ပါမယ္။
In R2, R2(config)# access-list 50 deny 203.81.75.0
# access-list 50 deny 203.81.76.0
# route-map FILTER
# match ip address 50
# router bgp 6500
# redistribute connected route-map FILTER
# no auto-summary
အဲတာအမွားႀကီး… connected ဆိုတာေလးကဖ်က္ေနတာဗ်… connected ဆိုေတာ့ 10.1.1.0 network ပါ redistribution process ထဲပါလာတယ္ေလ။ ဒီ configuration ႏွင့္ဆိုအဆင္မေျပေသးဘူးေပါ့ဗ်ာ… access-list ကိုပဲဖို႔ပဲရွိပါတယ္။ အရင္ access-list 50 ကိုဖ်က္ၿပီး အသစ္ျပန္ေရးရပါမယ္…
R2(config)# no access-list 50
# access-list 50 permit 203.81.71.0
# access-list 50 permit 203.81.72.0
# access-list 50 permit 203.81.73.0
# access-list 50 permit 203.81.74.0
15/6/2011
1. via Network command
2. via Redistribution
In R2, R2(config)# router bgp 6500
# network 20.1.1.0 mask 255.255.255.0
# do s hip bgp
Network Next-hop Metric locPrf Weight Path
*> 20.1.1.0 0.0.0.0 0 0 i
Note***: 0.0.0.0 means “self-interface”
By Redistribution
*** 203.81.75.0 ႏွင့္ 203.81.76.0 network 2ခုကို ဖယ္ၿပီး redistribute လုပ္ၾကည့္ပါမယ္။
In R2, R2(config)# access-list 50 deny 203.81.75.0
# access-list 50 deny 203.81.76.0
# route-map FILTER
# match ip address 50
# router bgp 6500
# redistribute connected route-map FILTER
# no auto-summary
အဲတာအမွားႀကီး… connected ဆိုတာေလးကဖ်က္ေနတာဗ်… connected ဆိုေတာ့ 10.1.1.0 network ပါ redistribution process ထဲပါလာတယ္ေလ။ ဒီ configuration ႏွင့္ဆိုအဆင္မေျပေသးဘူးေပါ့ဗ်ာ… access-list ကိုပဲဖို႔ပဲရွိပါတယ္။ အရင္ access-list 50 ကိုဖ်က္ၿပီး အသစ္ျပန္ေရးရပါမယ္…
R2(config)# no access-list 50
# access-list 50 permit 203.81.71.0
# access-list 50 permit 203.81.72.0
# access-list 50 permit 203.81.73.0
# access-list 50 permit 203.81.74.0
15/6/2011
Wednesday, 15 June 2011
BGP - Part5
Simple BGP configuration
အရင္ဆံုးသိသင့္တာက eBGP မွာပဲျဖစ္ျဖစ္ iBGP ျဖစ္ျဖစ္ loopback interface ကိုအသံုးမ်ားၾကပါတယ္။ ဘာျဖစ္လို႔လဲဆိုေတာ့ BGP ကို redundancy (Dual neighbor relationship) အတြက္သံုးၿပီး link availability ကိုေျဖရွင္းေပးတာျဖစ္လို႔ သာမန္ interface ႏွင့္သံုးရင္ link bandwidth ႏွင့္ BGP table memory အသုံးျပဳမႈက မလိုအပ္ပဲျမင့္ေနတာေၾကာင့္ျဖစ္ပါတယ္။ ကဲ iBGP configuration စပါၿပီ.....
Common iBGP design
iBGP configuration steps
1.Defining loopback interfaces on both BGP routers
2.Configuring remote AS with other router’s loopback interface
3.Configuring “update-source” with loopback interface
4.Fig.2 အရ loopback ေတြကို OSPF process ထဲမွာပါသံုးရပါမယ္။
On R1, R1(config)# int lo 3
# ip address 1.1.1.1 255.255.255.255
# router ospf 1
# network 1.1.1.1 0.0.0.0 area 0
# router bgp 5800
# neighbor 2.2.2.2 remote-as 5800
# neighbor 2.2.2.2 update-source lo 3
On R2, R2(config)# int lo 4
# ip address 2.2.2.2 255.255.255.255
# router ospf 1
# network 2.2.2.2 0.0.0.0 area 0
# router bgp 5800
# neighbor 1.1.1.1 remote-as 5800
# neighbor 1.1.1.1 update-source lo 4
Common eBGP design
eBGP configuration steps
1.Defining loopback interfaces on both BGP routers
2.Configuring remote AS (different) with other router’s loopback interface
3.Configuring “update-source” with loopback interface
4.Loopback interfaces 2ခု reachability ရေအာင္ static route ထည့္ေပးရပါမယ္။
5.eBGP မွာ router ေတြက packet 1ခုပို႔ရင္ header မွာ TTL value ကို “1” (default) လို႔ထားၿပီးပို႔ပါတယ္။ အဓိပါယ္က destination interface ကိုေရာက္ပို႔ 1 hop (also means directly connected) ပဲရွိတာကိုေဖာ္ျပတာပါ။ အဲတာက router 2လံုးကို physical interface ႏွင့္ခ်ိတ္ဆက္ထားရင္ problem မရွိေပမယ့္ loopback ကိုသံုးတဲ့အခါ (loopback ေတြက directly connected interface မဟုတ္လို႔) multihop command ကိုသံုးရပါတယ္။
On R1, R1(config)# int lo 1
# ip address 1.1.1.1 255.255.255.255
# ip route 2.2.2.2 255.255.255.255 s0/0
# ip route 2.2.2.2 255.255.255.255 s0/1
# router bgp 5810
# neighbor 2.2.2.2 remote-as 6330
# neighbor 2.2.2.2 update-source lo 1
# neighbor 2.2.2.2 ebgp-multihop 2
On R2, R2(config)# int lo 2
# ip address 2.2.2.2 255.255.255.255
# ip route 1.1.1.1 255.255.255.255 s0/0
# ip route 1.1.1.1 255.255.255.255 s0/1
# router bgp 6330
# neighbor 1.1.1.1 remote-as 5810
# neighbor 1.1.1.1 update-source lo 2
# neighbor 1.1.1.1 ebgp-multihop 2
15/6/2011
အရင္ဆံုးသိသင့္တာက eBGP မွာပဲျဖစ္ျဖစ္ iBGP ျဖစ္ျဖစ္ loopback interface ကိုအသံုးမ်ားၾကပါတယ္။ ဘာျဖစ္လို႔လဲဆိုေတာ့ BGP ကို redundancy (Dual neighbor relationship) အတြက္သံုးၿပီး link availability ကိုေျဖရွင္းေပးတာျဖစ္လို႔ သာမန္ interface ႏွင့္သံုးရင္ link bandwidth ႏွင့္ BGP table memory အသုံးျပဳမႈက မလိုအပ္ပဲျမင့္ေနတာေၾကာင့္ျဖစ္ပါတယ္။ ကဲ iBGP configuration စပါၿပီ.....
Common iBGP design
1.Defining loopback interfaces on both BGP routers
2.Configuring remote AS with other router’s loopback interface
3.Configuring “update-source” with loopback interface
4.Fig.2 အရ loopback ေတြကို OSPF process ထဲမွာပါသံုးရပါမယ္။
On R1, R1(config)# int lo 3
# ip address 1.1.1.1 255.255.255.255
# router ospf 1
# network 1.1.1.1 0.0.0.0 area 0
# router bgp 5800
# neighbor 2.2.2.2 remote-as 5800
# neighbor 2.2.2.2 update-source lo 3
On R2, R2(config)# int lo 4
# ip address 2.2.2.2 255.255.255.255
# router ospf 1
# network 2.2.2.2 0.0.0.0 area 0
# router bgp 5800
# neighbor 1.1.1.1 remote-as 5800
# neighbor 1.1.1.1 update-source lo 4
Common eBGP design
1.Defining loopback interfaces on both BGP routers
2.Configuring remote AS (different) with other router’s loopback interface
3.Configuring “update-source” with loopback interface
4.Loopback interfaces 2ခု reachability ရေအာင္ static route ထည့္ေပးရပါမယ္။
5.eBGP မွာ router ေတြက packet 1ခုပို႔ရင္ header မွာ TTL value ကို “1” (default) လို႔ထားၿပီးပို႔ပါတယ္။ အဓိပါယ္က destination interface ကိုေရာက္ပို႔ 1 hop (also means directly connected) ပဲရွိတာကိုေဖာ္ျပတာပါ။ အဲတာက router 2လံုးကို physical interface ႏွင့္ခ်ိတ္ဆက္ထားရင္ problem မရွိေပမယ့္ loopback ကိုသံုးတဲ့အခါ (loopback ေတြက directly connected interface မဟုတ္လို႔) multihop command ကိုသံုးရပါတယ္။
On R1, R1(config)# int lo 1
# ip address 1.1.1.1 255.255.255.255
# ip route 2.2.2.2 255.255.255.255 s0/0
# ip route 2.2.2.2 255.255.255.255 s0/1
# router bgp 5810
# neighbor 2.2.2.2 remote-as 6330
# neighbor 2.2.2.2 update-source lo 1
# neighbor 2.2.2.2 ebgp-multihop 2
On R2, R2(config)# int lo 2
# ip address 2.2.2.2 255.255.255.255
# ip route 1.1.1.1 255.255.255.255 s0/0
# ip route 1.1.1.1 255.255.255.255 s0/1
# router bgp 6330
# neighbor 1.1.1.1 remote-as 5810
# neighbor 1.1.1.1 update-source lo 2
# neighbor 1.1.1.1 ebgp-multihop 2
15/6/2011
Tuesday, 14 June 2011
BGP - Part4
BGP path selection procedure
1.Next hop router ကို access လုပ္လို႔မရရင္ route ကို ဖ်က္ခ်ပါတယ္။
2.Route 2ခု ယွဥ္လာရင္ weight တန္ဖိုးမ်ားတာကို ေရြးပါတယ္။
3.Weight တူေနရင္ local preference တန္ဖိုးမ်ားတာကို best route အျဖစ္ယူပါတယ္။
4.Local preference ေတြတူေနရင္ locally injected route (via Network command) ကိုေရြးပါတယ္။
5.မရွိရင္ AS-path တိုတာကို ယူပါတယ္။
6.AS-path length ေတြပါတူေနရင္ေတာ့ origin type ကိုစဥ္းစားရပါေတာ့မယ္။ BGP Part3 မွာပါတဲ့ show ip bgp command ကို run တဲ့အခါ ေတြ႔ရတဲ့ Origin codes: i - IGP, e - EGP, ? – incomplete (redistribute route ေတြကိုေျပာတာပါ) ဆိုတာေတြပါ။ အဲဒီေနရာမွာ lowest origin code ကို prefer ျဖစ္ပါတယ္။ ဥပမာ… route 1ခုက ‘i’ ေနာက္ route 1ခုက ‘e’ ဆိုရင္ BGP က origin code: i ရွိတဲ့routeကိုေရြးပါတယ္။ i<e<? လို႔မွတ္ထားနုိင္ပါတယ္။
7.အဲတာေတာင္တူေနေသးရင္ MED နွင့္ဆံုးျဖတ္ပါတယ္။ MED ငယ္တာကိုယူတာပါ။
8.MED ေတြတူေနရင္ေကာ??? External route နွင့္ internal ယွဥ္ၿပီး external (eBGP route) ကိုေရြးယူပါတယ္။
9.External route 2ခုျဖစ္ေနရင္ နီးဆံုး IGP neighbor ရွိတဲ့ route ကိုေရြးပါတယ္။
10.ေနာက္ဆံုးအေနနွင့္ lowest BGP RID ရွိတဲ့ route က best route ျဖစ္သြားပါတယ္။
Starting very basic BGP configuration
အဲ… configuration မစခင္ eBGP ရဲ႕လိုအပ္ခ်က္ကိုေျပာပါမယ္…
1.Local router ရဲ႕ ASN နွင့္ neighbor router က reference လုပ္တဲ့ ASN တူရမယ္။
2.Connect လုပ္ထားတဲ့ router 2ခုရဲ႕ RID မတူရ။
3.MD5 authentication ကို configure လုပ္ထားရင္ တူရမယ္။
Configuration
E1(config)# router bgp 11
E1(router)# neighbor 10.1.1.2 remote-as 1
ISP(config)# router bgp 1
ISP(router)# neighbor 10.1.1.1 remote-as 11
14/6/2011
1.Next hop router ကို access လုပ္လို႔မရရင္ route ကို ဖ်က္ခ်ပါတယ္။
2.Route 2ခု ယွဥ္လာရင္ weight တန္ဖိုးမ်ားတာကို ေရြးပါတယ္။
3.Weight တူေနရင္ local preference တန္ဖိုးမ်ားတာကို best route အျဖစ္ယူပါတယ္။
4.Local preference ေတြတူေနရင္ locally injected route (via Network command) ကိုေရြးပါတယ္။
5.မရွိရင္ AS-path တိုတာကို ယူပါတယ္။
6.AS-path length ေတြပါတူေနရင္ေတာ့ origin type ကိုစဥ္းစားရပါေတာ့မယ္။ BGP Part3 မွာပါတဲ့ show ip bgp command ကို run တဲ့အခါ ေတြ႔ရတဲ့ Origin codes: i - IGP, e - EGP, ? – incomplete (redistribute route ေတြကိုေျပာတာပါ) ဆိုတာေတြပါ။ အဲဒီေနရာမွာ lowest origin code ကို prefer ျဖစ္ပါတယ္။ ဥပမာ… route 1ခုက ‘i’ ေနာက္ route 1ခုက ‘e’ ဆိုရင္ BGP က origin code: i ရွိတဲ့routeကိုေရြးပါတယ္။ i<e<? လို႔မွတ္ထားနုိင္ပါတယ္။
7.အဲတာေတာင္တူေနေသးရင္ MED နွင့္ဆံုးျဖတ္ပါတယ္။ MED ငယ္တာကိုယူတာပါ။
8.MED ေတြတူေနရင္ေကာ??? External route နွင့္ internal ယွဥ္ၿပီး external (eBGP route) ကိုေရြးယူပါတယ္။
9.External route 2ခုျဖစ္ေနရင္ နီးဆံုး IGP neighbor ရွိတဲ့ route ကိုေရြးပါတယ္။
10.ေနာက္ဆံုးအေနနွင့္ lowest BGP RID ရွိတဲ့ route က best route ျဖစ္သြားပါတယ္။
Starting very basic BGP configuration
အဲ… configuration မစခင္ eBGP ရဲ႕လိုအပ္ခ်က္ကိုေျပာပါမယ္…
1.Local router ရဲ႕ ASN နွင့္ neighbor router က reference လုပ္တဲ့ ASN တူရမယ္။
2.Connect လုပ္ထားတဲ့ router 2ခုရဲ႕ RID မတူရ။
3.MD5 authentication ကို configure လုပ္ထားရင္ တူရမယ္။
Configuration
E1(config)# router bgp 11
E1(router)# neighbor 10.1.1.2 remote-as 1
ISP(config)# router bgp 1
ISP(router)# neighbor 10.1.1.1 remote-as 11
14/6/2011
Types of ISP connections
Methods | # of Link | # of ISP |
Single homed | 1 | 1 |
Dual homed | 2 or more | 1 |
Single multi-homed | 1 | 2 or more |
Dual multi-homed | 2 or more | 2 or more |
14/6/2011
Monday, 13 June 2011
BGP - Part3
Understanding MED
Local router: R1
ISP routers: R2 and R3
Speed of R1-R2 link: 1.544Mbps
Speed of R1-R3 link: 768 kbps
ျပဳလုပ္ၿပီး configuration မ်ား... All connections between routers, BGP on R2 and R3 (including iBGP peering), loopback0 interface on R1 (with IP address of 1.1.1.1 /24)
Objective: ISP မွ local သို႔လာေသာ traffic ေတြကို R1-R2 link ကိုသာသံုးေစၿပီး R1-R3 link ကို backup link ျဖစ္ေအာင္ျပဳလုပ္ျခင္း။
Firstly... Basic BGP configuration on R1:
R1(config)# router bgp 65065
R1(config-router)# network 1.1.1.0 mask 255.255.255.0
R1(config-router)# neighbor 172.16.12.1 remote-as 65001
R1(config-router)# neighbor 172.16.12.5 remote-as 65001
.....
.....
*Mar 1 03:52:45.519: %BGP-5-ADJCHANGE: neighbor 172.16.12.1 Up
*Mar 1 03:52:49.515: %BGP-5-ADJCHANGE: neighbor 172.16.12.5 Up
Checking R2 and R3...
R2# sh ip bgp
BGP table version is 2, local router ID is 172.16.12.9
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
* i1.1.1.0 /24 172.16.12.10 0 100 0 65065 i
*> 172.16.12.2 0 0 65065 i
R3# sh ip bgp
BGP table version is 2, local router ID is 172.16.12.10
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
* i 1.1.1.0 /24 172.16.12.9 0 100 0 65065 i
*> 172.16.12.6 0 0 65065 i
Start tuning MED on R1:
R1(config-router)# exit
R1(config)# ip access-list standard BGP_NETWORKS
R1(config-std-nacl)# permit 1.1.1.0 0.0.0.255
R1(config-std-nacl)# route-map MED_100 permit 10
R1(config-route-map)# match ip address BGP_NETWORKS
R1(config-route-map)# set metric 100
R1(config-router)# neighbor 172.16.12.5 route-map MED_100 out
R1(config-router)# do clear ip bgp *
.....
.....
*Mar 1 04:06:05.014: %BGP-5-ADJCHANGE: neighbor 172.16.12.1 Down User reset
*Mar 1 04:06:05.014: %BGP-5-ADJCHANGE: neighbor 172.16.12.5 Down User reset
*Mar 1 04:06:43.766: %BGP-5-ADJCHANGE: neighbor 172.16.12.5 Up
*Mar 1 04:06:48.154: %BGP-5-ADJCHANGE: neighbor 172.16.12.1 Up
See result on R3
R3# sh ip bgp
BGP table version is 6, local router ID is 172.16.12.10
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i1.1.1.0 /24 172.16.12.9 0 100 0 65065 i
* 172.16.12.6 100 0 65065 i
13/6/2011
Local router: R1
ISP routers: R2 and R3
Speed of R1-R2 link: 1.544Mbps
Speed of R1-R3 link: 768 kbps
ျပဳလုပ္ၿပီး configuration မ်ား... All connections between routers, BGP on R2 and R3 (including iBGP peering), loopback0 interface on R1 (with IP address of 1.1.1.1 /24)
Objective: ISP မွ local သို႔လာေသာ traffic ေတြကို R1-R2 link ကိုသာသံုးေစၿပီး R1-R3 link ကို backup link ျဖစ္ေအာင္ျပဳလုပ္ျခင္း။
Firstly... Basic BGP configuration on R1:
R1(config)# router bgp 65065
R1(config-router)# network 1.1.1.0 mask 255.255.255.0
R1(config-router)# neighbor 172.16.12.1 remote-as 65001
R1(config-router)# neighbor 172.16.12.5 remote-as 65001
.....
.....
*Mar 1 03:52:45.519: %BGP-5-ADJCHANGE: neighbor 172.16.12.1 Up
*Mar 1 03:52:49.515: %BGP-5-ADJCHANGE: neighbor 172.16.12.5 Up
Checking R2 and R3...
R2# sh ip bgp
BGP table version is 2, local router ID is 172.16.12.9
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
* i1.1.1.0 /24 172.16.12.10 0 100 0 65065 i
*> 172.16.12.2 0 0 65065 i
R3# sh ip bgp
BGP table version is 2, local router ID is 172.16.12.10
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
* i 1.1.1.0 /24 172.16.12.9 0 100 0 65065 i
*> 172.16.12.6 0 0 65065 i
Start tuning MED on R1:
R1(config-router)# exit
R1(config)# ip access-list standard BGP_NETWORKS
R1(config-std-nacl)# permit 1.1.1.0 0.0.0.255
R1(config-std-nacl)# route-map MED_100 permit 10
R1(config-route-map)# match ip address BGP_NETWORKS
R1(config-route-map)# set metric 100
R1(config-router)# neighbor 172.16.12.5 route-map MED_100 out
R1(config-router)# do clear ip bgp *
.....
.....
*Mar 1 04:06:05.014: %BGP-5-ADJCHANGE: neighbor 172.16.12.1 Down User reset
*Mar 1 04:06:05.014: %BGP-5-ADJCHANGE: neighbor 172.16.12.5 Down User reset
*Mar 1 04:06:43.766: %BGP-5-ADJCHANGE: neighbor 172.16.12.5 Up
*Mar 1 04:06:48.154: %BGP-5-ADJCHANGE: neighbor 172.16.12.1 Up
See result on R3
R3# sh ip bgp
BGP table version is 6, local router ID is 172.16.12.10
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i1.1.1.0 /24 172.16.12.9 0 100 0 65065 i
* 172.16.12.6 100 0 65065 i
13/6/2011
BGP - Part2
Internal-BGP (iBGP) and External-BGP (eBGP)
iBGP: iBGP ကို autonomous 1ခုအတြင္းမွာအသံုးျပဳ ပါတယ္။ ၄င္းကို External BGP router မွ route information ေတြကို internal network အတြင္းသို႔ inject လုပ္ခ်င္တာေၾကာင့္ အသံုးျပဳရ ျခင္းျဖစ္ပါတယ္။ iBGP ကိုအဓိကအားျဖင့္ internal network အတြင္းမွ internet ဘက္သို႔ထြက္ရန္ တစ္ခုထက္ပိုေသာ route မ်ားရွိပါကအသံုးျပဳပါတယ္။ iBGP ကို internal network မွာ fast converge လုပ္နုိင္ရန္ IGP protocol တစ္ခုခု or Static route နွင့္တြဲသံုးရပါတယ္။
eBGP: BGP route information ကို အျခား autonomous systems သို႔ distribute လုပ္ရန္အတြက္ eBGP ကိုသံုးပါတယ္ (eg. Routing between internal network and ISPs)။ eBGP ကို ISP သို႔ static route နွင့္ လြယ္လြယ္ကူကူေရာက္ရွိနုိင္ျခင္း (or) small-sized internal network ျဖစ္ေနပါက သံုးရန္မသင့္ေတာ္ပါ။
Some important parameters for BGP path selection
•Weight: outbound measurement / internally ျဖစ္ပါတယ္။ ဆိုလိုတာက router တစ္ခုတြင္ destination တစ္ေနရာအတြက္ ၄င္းကိုယ္ပိုင္ exit (to next hop) ကို administrator သတ္မွတ္ျခင္းျဖစ္ပါတယ္။ Router က၄င္းကိုသတ္မွတ္ေပးထားတဲ့ weight value ကို အျခား router ဆီသို႔ sharing (influencing) မလုပ္ပဲ ကိုယ္တိုင္အတြက္ ၄င္းေပၚတြင္သာ configure လုပ္တာျဖစ္လို႔ က်ေနာ္က internally လို႔ ထပ္ျဖည္႔ၿပီး မွတ္ထားပါတယ္။ လြယ္လြယ္မွတ္ခ်င္ရင္ ”ကိုယ့္ထြက္ေပါက္ ကိုယ့္ဘာသာသတ္မွတ္” တယ္လို႔သာမွတ္ထားလိုက္။ Router က weight တန္ဖိုးျမင့္တဲ့ route ကို best route လို႔သတ္မွတ္ပါတယ္။
•Local Preference: outbound measurement / externally ျဖစ္ပါတယ္။ Local network ရဲ႕ edge router မွာသာအသံုးမ်ားၿပီး internal network က host ေတြ internet ကိုထြက္ပို႔ ကိုယ္က သင့္ေတာ္တယ္ မသင့္ေတာ္တယ္လို႔ advertising (influencing so “externally”) လုပ္ရန္ဒီ parameter ကိုသံုးပါတယ္။ ဥပမာ… edge router A နွင့္ edge router B ကို internal router C က connect လုပ္ထားတယ္ဆိုပါစို႔… administrator က router A ရဲ႕ local preference ကို 200 လို႕ျပင္ထားၿပီး router B မွာ default (100) အတိုင္းထားပါက router C ရဲ႕ routing table တြင္ internet ကိုသြားဖို႔ best route ကို router A လို႔ေဖာ္ျပေနတာကိုေတြ႔နုိင္ပါတယ္။ မွတ္ခ်က္… eBGP မွာ effective မျဖစ္ပါ။
•Multiple-exit discriminator (MED): ISP ကေန ကိုယ့္ local network ကို၀င္ရန္ ပိုေကာင္းေသာ interface ကို edge router တြင္ သတ္မွတ္ေပး (eg. with route-map) ၿပီး ISP ကို advertise လုပ္ျခင္းျဖစ္ပါတယ္။ Dual-homed ပံုစံနွင့္ျမင္ၾကည့္ပါ။ အျခား parameter ေတြနဲ႔မတူတာက MED မွာ တန္ဖိုးနည္းတဲ့ route က best route ျဖစ္ပါတယ္။ အမွန္က ကိုယ့္ local network ကို ၀င္တာျဖစ္လို႔ (organization ဘက္ကၾကည့္ရင္) Multiple-entrance discriminator လို႔မွတ္ရင္ ပိုအဆင္ေျပပါလိမ့္မယ္။ Protocol designer ေတြက ISP ဘက္ကအျမင္နွင့္ၾကည့္တာေၾကာင့္ multiple-exit လို႔သံုးတာျဖစ္ပါတယ္။ Configuration နွင့္ၾကည့္ရင္ပိုျမင္နုိင္ပါတယ္…
•AS-path: Autonomous system တစ္ခုမွ ေနာက္ AS သို႔ route လုပ္ရာမွာျဖတ္သန္းခဲ့တဲ့ AS အေရအတြက္ျခင္း နွုိင္းယွဥ္ၿပီး AS-path တိုတာကို best route အျဖစ္ထားျခင္း ျဖစ္ပါတယ္။ AS-path မွာ routing loop ကို detect လုပ္နုိင္တဲ့ အားသာခ်က္ရွိပါတယ္။
13/6/2011
iBGP: iBGP ကို autonomous 1ခုအတြင္းမွာအသံုးျပဳ ပါတယ္။ ၄င္းကို External BGP router မွ route information ေတြကို internal network အတြင္းသို႔ inject လုပ္ခ်င္တာေၾကာင့္ အသံုးျပဳရ ျခင္းျဖစ္ပါတယ္။ iBGP ကိုအဓိကအားျဖင့္ internal network အတြင္းမွ internet ဘက္သို႔ထြက္ရန္ တစ္ခုထက္ပိုေသာ route မ်ားရွိပါကအသံုးျပဳပါတယ္။ iBGP ကို internal network မွာ fast converge လုပ္နုိင္ရန္ IGP protocol တစ္ခုခု or Static route နွင့္တြဲသံုးရပါတယ္။
eBGP: BGP route information ကို အျခား autonomous systems သို႔ distribute လုပ္ရန္အတြက္ eBGP ကိုသံုးပါတယ္ (eg. Routing between internal network and ISPs)။ eBGP ကို ISP သို႔ static route နွင့္ လြယ္လြယ္ကူကူေရာက္ရွိနုိင္ျခင္း (or) small-sized internal network ျဖစ္ေနပါက သံုးရန္မသင့္ေတာ္ပါ။
Some important parameters for BGP path selection
•Weight: outbound measurement / internally ျဖစ္ပါတယ္။ ဆိုလိုတာက router တစ္ခုတြင္ destination တစ္ေနရာအတြက္ ၄င္းကိုယ္ပိုင္ exit (to next hop) ကို administrator သတ္မွတ္ျခင္းျဖစ္ပါတယ္။ Router က၄င္းကိုသတ္မွတ္ေပးထားတဲ့ weight value ကို အျခား router ဆီသို႔ sharing (influencing) မလုပ္ပဲ ကိုယ္တိုင္အတြက္ ၄င္းေပၚတြင္သာ configure လုပ္တာျဖစ္လို႔ က်ေနာ္က internally လို႔ ထပ္ျဖည္႔ၿပီး မွတ္ထားပါတယ္။ လြယ္လြယ္မွတ္ခ်င္ရင္ ”ကိုယ့္ထြက္ေပါက္ ကိုယ့္ဘာသာသတ္မွတ္” တယ္လို႔သာမွတ္ထားလိုက္။ Router က weight တန္ဖိုးျမင့္တဲ့ route ကို best route လို႔သတ္မွတ္ပါတယ္။
•Local Preference: outbound measurement / externally ျဖစ္ပါတယ္။ Local network ရဲ႕ edge router မွာသာအသံုးမ်ားၿပီး internal network က host ေတြ internet ကိုထြက္ပို႔ ကိုယ္က သင့္ေတာ္တယ္ မသင့္ေတာ္တယ္လို႔ advertising (influencing so “externally”) လုပ္ရန္ဒီ parameter ကိုသံုးပါတယ္။ ဥပမာ… edge router A နွင့္ edge router B ကို internal router C က connect လုပ္ထားတယ္ဆိုပါစို႔… administrator က router A ရဲ႕ local preference ကို 200 လို႕ျပင္ထားၿပီး router B မွာ default (100) အတိုင္းထားပါက router C ရဲ႕ routing table တြင္ internet ကိုသြားဖို႔ best route ကို router A လို႔ေဖာ္ျပေနတာကိုေတြ႔နုိင္ပါတယ္။ မွတ္ခ်က္… eBGP မွာ effective မျဖစ္ပါ။
•Multiple-exit discriminator (MED): ISP ကေန ကိုယ့္ local network ကို၀င္ရန္ ပိုေကာင္းေသာ interface ကို edge router တြင္ သတ္မွတ္ေပး (eg. with route-map) ၿပီး ISP ကို advertise လုပ္ျခင္းျဖစ္ပါတယ္။ Dual-homed ပံုစံနွင့္ျမင္ၾကည့္ပါ။ အျခား parameter ေတြနဲ႔မတူတာက MED မွာ တန္ဖိုးနည္းတဲ့ route က best route ျဖစ္ပါတယ္။ အမွန္က ကိုယ့္ local network ကို ၀င္တာျဖစ္လို႔ (organization ဘက္ကၾကည့္ရင္) Multiple-entrance discriminator လို႔မွတ္ရင္ ပိုအဆင္ေျပပါလိမ့္မယ္။ Protocol designer ေတြက ISP ဘက္ကအျမင္နွင့္ၾကည့္တာေၾကာင့္ multiple-exit လို႔သံုးတာျဖစ္ပါတယ္။ Configuration နွင့္ၾကည့္ရင္ပိုျမင္နုိင္ပါတယ္…
•AS-path: Autonomous system တစ္ခုမွ ေနာက္ AS သို႔ route လုပ္ရာမွာျဖတ္သန္းခဲ့တဲ့ AS အေရအတြက္ျခင္း နွုိင္းယွဥ္ၿပီး AS-path တိုတာကို best route အျဖစ္ထားျခင္း ျဖစ္ပါတယ္။ AS-path မွာ routing loop ကို detect လုပ္နုိင္တဲ့ အားသာခ်က္ရွိပါတယ္။
13/6/2011
Saturday, 21 May 2011
Useful sites to beat Cisco exams
http://www.9tut.com << For CCNA R&S
http://voicetut.com << For CCNA Voice
http://www.securitytut.com << For CCNA Security
http://www.wirelesstut.com << For CCNA Wireless
http://www.dstut.com << For CCDA
http://www.digitaltut.com << For CCNP Route
http://www.certprepare.com << For CCNP Switch
http://www.networktut.com << For CCNP TShoot
http://www.iptut.com << For CCIP
http://www.rstut.com << For CCIE(R&S) Written
http://www.careercert.info << Cisco collections
Keep in mind that "We are not learning only Cisco but NETWORKING!"
21/5/2011
http://voicetut.com << For CCNA Voice
http://www.securitytut.com << For CCNA Security
http://www.wirelesstut.com << For CCNA Wireless
http://www.dstut.com << For CCDA
http://www.digitaltut.com << For CCNP Route
http://www.certprepare.com << For CCNP Switch
http://www.networktut.com << For CCNP TShoot
http://www.iptut.com << For CCIP
http://www.rstut.com << For CCIE(R&S) Written
http://www.careercert.info << Cisco collections
Keep in mind that "We are not learning only Cisco but NETWORKING!"
21/5/2011
Sunday, 24 April 2011
Friday, 22 April 2011
OSPF - Part 6
Understanding OE1 and OE2 routes
OSPF အပိုင္းတြင္ အနည္းငယ္ရွဳပ္ေသာ ေနရာျဖစ္ပါတယ္။ မစခင္ အရင္ဆံုး ေအာက္ပါ concept 2ခုကို မွတ္ထားေစလိုပါတယ္။
OE1 = Redistribute cost + Cost to ASBR
OE2 = only Redistribute cost
Ok... ရွင္လင္းခ်င္း စတင္ပါမည္။
R1 က R2 နွင့္ R3 ကို OSPF area0 အတြင္းတြင္ ခ်ိတ္ဆက္ထားပါတယ္…
R2 နွင့္ R3 က R4 နွင့္ R5 ကို OSPF area1 အတြင္းတြင္ ခ်ိတ္ဆက္ထားပါတယ္…
R4 နွင့္ R5 က အျခား routing domain (EIGRP AS10) တြင္ရွိေသာ router R6 ကို ခ်ိတ္ဆက္ထားပါတယ္…
R6 က 10.1.6.0 /24 network ကို EIGRP ျဖင့္ advertise လုပ္ၿပီး ၄င္းnetworkအား R4 နွင့္ R5 တို႔က OSPF area အတြင္းသို႔ default parameters မ်ားျဖင့္ redistribute ျပန္လုပ္ပါတယ္။
R4:
router eigrp 10
redistribute ospf 1 metric 100000 100 255 1 1500
!
router ospf 1
redistribute eigrp 10 subnets
R5:
router eigrp 10
redistribute ospf 1 metric 100000 100 255 1 1500
!
router ospf 1
redistribute eigrp 10 subnets
Result: R1 က prefix 10.1.6.0 /24 ကို OSPF E2 (default) route အျဖစ္ R2 နွင့္ R3 ဆီမွ default cost (20 for EIGRP) ျဖင့္ရယူပါတယ္။ R1 ၏ routing table output ကို ေအာက္ပါအတိုင္း ေတြ႔နုိင္ပါတယ္…
R1#sh ip route ospf
10.0.0.0 /24 is subnetted, 8 subnets
O E2 10.1.6.0 [110/20] via 10.1.13.3, 00:09:43, FastEthernet0/0.13
[110/20] via 10.1.12.2, 00:09:43, FastEthernet0/0.12
O IA 10.1.24.0 [110/2] via 10.1.12.2, 00:56:44, FastEthernet0/0.12
O E2 10.1.46.0 [110/20] via 10.1.13.3, 00:09:43, FastEthernet0/0.13
[110/20] via 10.1.12.2, 00:09:43, FastEthernet0/0.12
O IA 10.1.35.0 [110/2] via 10.1.13.3, 00:56:44, FastEthernet0/0.13
O E2 10.1.56.0 [110/20] via 10.1.13.3, 00:09:43, FastEthernet0/0.13
[110/20] via 10.1.12.2, 00:09:43, FastEthernet0/0.12
Examining the details of the route 10.1.6.0 /24 on R1.
R1#show ip route 10.1.6.0
Routing entry for 10.1.6.0 /24
Known via "ospf 1", distance 110, metric 20, type extern 2, forward metric 2
Last update from 10.1.13.3 on FastEthernet0/0.13, 00:12:03 ago
Routing Descriptor Blocks:
10.1.13.3, from 10.1.5.5, 00:12:03 ago, via FastEthernet0/0.13
Route metric is 20, traffic share count is 1
* 10.1.12.2, from 10.1.4.4, 00:12:03 ago, via FastEthernet0/0.12
Route metric is 20, traffic share count is 1
Result တြင္ျမင္ရသည့္အတိုင္း 10.1.6.0 /24 network အတြက္ R2 နွင့္ R3 ကုိျဖတ္ၿပီးသြားလွ်င္ metric 20 ရွိမွာျဖစ္ပါတယ္။ Forward metric က “cost to ASBR(s)” (R1 to R4 or R5) ကိုေဖာ္ျပပါတယ္။ ထို႔အျပင္ OE2 route 2ခုလံုး metric value နွင့္ forward metric တို႔တူေနပါတယ္… ဘာလို႔ FastEthernet0/0.12 route ကို best route (other is Backup route) အျဖစ္ေရြးခ်ယ္ပါသလဲ??? အေျဖကရွင္းပါတယ္... TIE Breaker (use Router ID) ကို အသံုးျပဳသြားျခင္း ျဖစ္ပါတယ္။ ေနာက္တနည္းအားျဖင့္ metric type ကိုေျပာင္းျခင္း ျဖင့္လည္း path selection လုပ္နုိင္ပါတယ္။ R4 တြင္ျပင္ဆင္ၾကည့္ပါမယ္။
R4#config t
Enter configuration commands, one per line. End with CNTL/Z.
R4(config)#router ospf 1
R4(config-router)#redistribute eigrp 10 subnets metric-type 1
R4(config-router)#end
R4#
Result:
R1#show ip route 10.1.6.0
Routing entry for 10.1.6.0 /24
Known via "ospf 1", distance 110, metric 22, type extern 1
Last update from 10.1.12.2 on FastEthernet0/0.12, 00:00:35 ago
Routing Descriptor Blocks:
* 10.1.12.2, from 10.1.4.4, 00:00:35 ago, via FastEthernet0/0.12
Route metric is 22, traffic share count is 1
ယခုအခါတြင္ metic 22 (Redistribute cost + Cost to ASBR) ရွိေသာ E1 route 1ခုတည္းသာ install လုပ္ပါတယ္။ OSPF mechanism အရ E1 နွင့္ E2 ယွဥ္လွ်င္ E1 က E2 ထက္ cost ဘယ္ေလာက္မ်ားမ်ား E1ကို prefer လုပ္ပါတယ္။ တခုသတိထားရမွာက E1 route 2ခုရွိၿပီး metric တူေနပါက Load Balancing လုပ္နုိင္ပါတယ္။ ok… Metric ကိုထပ္ျပင္ၾကည့္ပါမယ္…
R4#config t
Enter configuration commands, one per line. End with CNTL/Z.
R4(config)#router ospf 1
R4(config-router)#redistribute eigrp 10 subnets metric-type 1 metric 100
R4(config-router)#end
R4#
Result: still preferring E1
R1#show ip route 10.1.6.0
Routing entry for 10.1.6.0 /24
Known via "ospf 1", distance 110, metric 102, type extern 1
Last update from 10.1.12.2 on FastEthernet0/0.12, 00:00:15 ago
Routing Descriptor Blocks:
* 10.1.12.2, from 10.1.4.4, 00:00:15 ago, via FastEthernet0/0.12
Route metric is 102, traffic share count is 1
R1 ၏ Link-state Database ထဲတြင္ E1 နွင့္ E2 2ခုလံုးေတြ႔ေနရ ေသာ္လည္း E1 route အား routing path အျဖစ္အသံုးျပဳထားသည္ကို ေတြ႔ရွိရပါမယ္…
R1#show ip ospf database external 10.1.6.0
OSPF Router with ID (10.1.1.1) (Process ID 1)
Type-5 AS External Link States
Routing Bit Set on this LSA
LS age: 64
Options: (No TOS-capability, DC)
LS Type: AS External Link
Link State ID: 10.1.6.0 (External Network Number )
Advertising Router: 10.1.4.4
LS Seq Number: 80000003
Checksum: 0x1C8E
Length: 36
Network Mask: /24
Metric Type: 1 (Comparable directly to link state metric)
TOS: 0
Metric: 100
Forward Address: 0.0.0.0
External Route Tag: 0
LS age: 1388
Options: (No TOS-capability, DC)
LS Type: AS External Link
Link State ID: 10.1.6.0 (External Network Number )
Advertising Router: 10.1.5.5
LS Seq Number: 80000001
Checksum: 0x7307
Length: 36
Network Mask: /24
Metric Type: 2 (Larger than any link state path)
TOS: 0
Metric: 20
Forward Address: 0.0.0.0
External Route Tag: 0
ref: Brian McGahan, CCIE #8593
22/4/2011
OSPF အပိုင္းတြင္ အနည္းငယ္ရွဳပ္ေသာ ေနရာျဖစ္ပါတယ္။ မစခင္ အရင္ဆံုး ေအာက္ပါ concept 2ခုကို မွတ္ထားေစလိုပါတယ္။
OE1 = Redistribute cost + Cost to ASBR
OE2 = only Redistribute cost
Ok... ရွင္လင္းခ်င္း စတင္ပါမည္။
R2 နွင့္ R3 က R4 နွင့္ R5 ကို OSPF area1 အတြင္းတြင္ ခ်ိတ္ဆက္ထားပါတယ္…
R4 နွင့္ R5 က အျခား routing domain (EIGRP AS10) တြင္ရွိေသာ router R6 ကို ခ်ိတ္ဆက္ထားပါတယ္…
R6 က 10.1.6.0 /24 network ကို EIGRP ျဖင့္ advertise လုပ္ၿပီး ၄င္းnetworkအား R4 နွင့္ R5 တို႔က OSPF area အတြင္းသို႔ default parameters မ်ားျဖင့္ redistribute ျပန္လုပ္ပါတယ္။
R4:
router eigrp 10
redistribute ospf 1 metric 100000 100 255 1 1500
!
router ospf 1
redistribute eigrp 10 subnets
R5:
router eigrp 10
redistribute ospf 1 metric 100000 100 255 1 1500
!
router ospf 1
redistribute eigrp 10 subnets
Result: R1 က prefix 10.1.6.0 /24 ကို OSPF E2 (default) route အျဖစ္ R2 နွင့္ R3 ဆီမွ default cost (20 for EIGRP) ျဖင့္ရယူပါတယ္။ R1 ၏ routing table output ကို ေအာက္ပါအတိုင္း ေတြ႔နုိင္ပါတယ္…
R1#sh ip route ospf
10.0.0.0 /24 is subnetted, 8 subnets
O E2 10.1.6.0 [110/20] via 10.1.13.3, 00:09:43, FastEthernet0/0.13
[110/20] via 10.1.12.2, 00:09:43, FastEthernet0/0.12
O IA 10.1.24.0 [110/2] via 10.1.12.2, 00:56:44, FastEthernet0/0.12
O E2 10.1.46.0 [110/20] via 10.1.13.3, 00:09:43, FastEthernet0/0.13
[110/20] via 10.1.12.2, 00:09:43, FastEthernet0/0.12
O IA 10.1.35.0 [110/2] via 10.1.13.3, 00:56:44, FastEthernet0/0.13
O E2 10.1.56.0 [110/20] via 10.1.13.3, 00:09:43, FastEthernet0/0.13
[110/20] via 10.1.12.2, 00:09:43, FastEthernet0/0.12
Examining the details of the route 10.1.6.0 /24 on R1.
R1#show ip route 10.1.6.0
Routing entry for 10.1.6.0 /24
Known via "ospf 1", distance 110, metric 20, type extern 2, forward metric 2
Last update from 10.1.13.3 on FastEthernet0/0.13, 00:12:03 ago
Routing Descriptor Blocks:
10.1.13.3, from 10.1.5.5, 00:12:03 ago, via FastEthernet0/0.13
Route metric is 20, traffic share count is 1
* 10.1.12.2, from 10.1.4.4, 00:12:03 ago, via FastEthernet0/0.12
Route metric is 20, traffic share count is 1
Result တြင္ျမင္ရသည့္အတိုင္း 10.1.6.0 /24 network အတြက္ R2 နွင့္ R3 ကုိျဖတ္ၿပီးသြားလွ်င္ metric 20 ရွိမွာျဖစ္ပါတယ္။ Forward metric က “cost to ASBR(s)” (R1 to R4 or R5) ကိုေဖာ္ျပပါတယ္။ ထို႔အျပင္ OE2 route 2ခုလံုး metric value နွင့္ forward metric တို႔တူေနပါတယ္… ဘာလို႔ FastEthernet0/0.12 route ကို best route (other is Backup route) အျဖစ္ေရြးခ်ယ္ပါသလဲ??? အေျဖကရွင္းပါတယ္... TIE Breaker (use Router ID) ကို အသံုးျပဳသြားျခင္း ျဖစ္ပါတယ္။ ေနာက္တနည္းအားျဖင့္ metric type ကိုေျပာင္းျခင္း ျဖင့္လည္း path selection လုပ္နုိင္ပါတယ္။ R4 တြင္ျပင္ဆင္ၾကည့္ပါမယ္။
R4#config t
Enter configuration commands, one per line. End with CNTL/Z.
R4(config)#router ospf 1
R4(config-router)#redistribute eigrp 10 subnets metric-type 1
R4(config-router)#end
R4#
Result:
R1#show ip route 10.1.6.0
Routing entry for 10.1.6.0 /24
Known via "ospf 1", distance 110, metric 22, type extern 1
Last update from 10.1.12.2 on FastEthernet0/0.12, 00:00:35 ago
Routing Descriptor Blocks:
* 10.1.12.2, from 10.1.4.4, 00:00:35 ago, via FastEthernet0/0.12
Route metric is 22, traffic share count is 1
ယခုအခါတြင္ metic 22 (Redistribute cost + Cost to ASBR) ရွိေသာ E1 route 1ခုတည္းသာ install လုပ္ပါတယ္။ OSPF mechanism အရ E1 နွင့္ E2 ယွဥ္လွ်င္ E1 က E2 ထက္ cost ဘယ္ေလာက္မ်ားမ်ား E1ကို prefer လုပ္ပါတယ္။ တခုသတိထားရမွာက E1 route 2ခုရွိၿပီး metric တူေနပါက Load Balancing လုပ္နုိင္ပါတယ္။ ok… Metric ကိုထပ္ျပင္ၾကည့္ပါမယ္…
R4#config t
Enter configuration commands, one per line. End with CNTL/Z.
R4(config)#router ospf 1
R4(config-router)#redistribute eigrp 10 subnets metric-type 1 metric 100
R4(config-router)#end
R4#
Result: still preferring E1
R1#show ip route 10.1.6.0
Routing entry for 10.1.6.0 /24
Known via "ospf 1", distance 110, metric 102, type extern 1
Last update from 10.1.12.2 on FastEthernet0/0.12, 00:00:15 ago
Routing Descriptor Blocks:
* 10.1.12.2, from 10.1.4.4, 00:00:15 ago, via FastEthernet0/0.12
Route metric is 102, traffic share count is 1
R1 ၏ Link-state Database ထဲတြင္ E1 နွင့္ E2 2ခုလံုးေတြ႔ေနရ ေသာ္လည္း E1 route အား routing path အျဖစ္အသံုးျပဳထားသည္ကို ေတြ႔ရွိရပါမယ္…
R1#show ip ospf database external 10.1.6.0
OSPF Router with ID (10.1.1.1) (Process ID 1)
Type-5 AS External Link States
Routing Bit Set on this LSA
LS age: 64
Options: (No TOS-capability, DC)
LS Type: AS External Link
Link State ID: 10.1.6.0 (External Network Number )
Advertising Router: 10.1.4.4
LS Seq Number: 80000003
Checksum: 0x1C8E
Length: 36
Network Mask: /24
Metric Type: 1 (Comparable directly to link state metric)
TOS: 0
Metric: 100
Forward Address: 0.0.0.0
External Route Tag: 0
LS age: 1388
Options: (No TOS-capability, DC)
LS Type: AS External Link
Link State ID: 10.1.6.0 (External Network Number )
Advertising Router: 10.1.5.5
LS Seq Number: 80000001
Checksum: 0x7307
Length: 36
Network Mask: /24
Metric Type: 2 (Larger than any link state path)
TOS: 0
Metric: 20
Forward Address: 0.0.0.0
External Route Tag: 0
ref: Brian McGahan, CCIE #8593
22/4/2011
Thursday, 21 April 2011
Download Hacker Evolution Untold
You need to install it on different directory (eg. D:\)...
Enjoy it!!!
passwd: iwannahack
21/4/2011
Tuesday, 19 April 2011
OSPF - Part 5
Redistribution external routes into OSPF
Basic concept of redistribution
Autonomous system (or) routing protocol မတူတဲ့အခါ တစ္ခုနွင့္တစ္ခု route လုပ္နုိင္ရန္ redistribution ကိုလုပ္ေပးရပါတယ္။ အဓိကသိရမွာက routing protocols ေတြရဲ႔ topology table ေတြက မတူတဲ့အတြက္ redistribution လုပ္တဲ့အခါမွာ IP routing table ကိုပဲအသံုးျပဳပါတယ္။
Example:
Injecting into EIGRP
ASBR1(config)# router eigrp 1
ASBR1(config-router)# redistribute ospf 1
Injecting into OSPF
ASBR1(config)# router ospf 1
ASBR1(config-router)# redistribute eigrp 1
Command syntax (optionals) for redistributing routes into OSPF
redistribute protocol [process-id | as-number][metric value][matric-type value][route-map name][subnets]
protocol: bgp, igrp, eigrp, isis, ospf, and rip
metric (optional): ပံုမွန္အားျဖင့္default-metric command တြင္သတ္မွတ္ထားေသာ metric value ကိုယူပါတယ္။
metric-type (optional): OSPF external route types (OE1 အတြက္ 1 or OE2 အတြက္ 2) ကိုေရြးခ်ယ္ေပးရပါတယ္။ မေရြးပါက default အားျဖင့္ 2 ဟုသတ္မွတ္ပါတယ္။
route-map (optional): route filtering အတြက္အသံုးျပဳပါတယ္။
subnets (optional): အဲဒီ keyword မပါရင္ classful network ေတြကိုသာ redistribute လုပ္ပါတယ္။
Default metric for OSPF redistribution
1. BGP ကလာရင္ 1
2. Other OSPF process ကလာရင္ source route's metric နွင့္တူသည္။
3. all other sources (eg. eigrp) ကလာရင္ 20.
ဆက္ရန္..........
19/4/2011
Basic concept of redistribution
Autonomous system (or) routing protocol မတူတဲ့အခါ တစ္ခုနွင့္တစ္ခု route လုပ္နုိင္ရန္ redistribution ကိုလုပ္ေပးရပါတယ္။ အဓိကသိရမွာက routing protocols ေတြရဲ႔ topology table ေတြက မတူတဲ့အတြက္ redistribution လုပ္တဲ့အခါမွာ IP routing table ကိုပဲအသံုးျပဳပါတယ္။
Example:
Injecting into EIGRP
ASBR1(config)# router eigrp 1
ASBR1(config-router)# redistribute ospf 1
Injecting into OSPF
ASBR1(config)# router ospf 1
ASBR1(config-router)# redistribute eigrp 1
Command syntax (optionals) for redistributing routes into OSPF
redistribute protocol [process-id | as-number][metric value][matric-type value][route-map name][subnets]
protocol: bgp, igrp, eigrp, isis, ospf, and rip
metric (optional): ပံုမွန္အားျဖင့္default-metric command တြင္သတ္မွတ္ထားေသာ metric value ကိုယူပါတယ္။
metric-type (optional): OSPF external route types (OE1 အတြက္ 1 or OE2 အတြက္ 2) ကိုေရြးခ်ယ္ေပးရပါတယ္။ မေရြးပါက default အားျဖင့္ 2 ဟုသတ္မွတ္ပါတယ္။
route-map (optional): route filtering အတြက္အသံုးျပဳပါတယ္။
subnets (optional): အဲဒီ keyword မပါရင္ classful network ေတြကိုသာ redistribute လုပ္ပါတယ္။
Default metric for OSPF redistribution
1. BGP ကလာရင္ 1
2. Other OSPF process ကလာရင္ source route's metric နွင့္တူသည္။
3. all other sources (eg. eigrp) ကလာရင္ 20.
ဆက္ရန္..........
19/4/2011
OSPF - Part 4
OSPF Costs
Default costs
1.1785 on 56kbps serial link
2.64 on T1 (1.544Mbps serial link)
3.10 on Ethernet
4.1 on Fast Ethernet
5.1 on Gigabit Ethernet
Calculation
Cost = 100Mbps/bandwidth, where 100Mbps is default reference bandwidth
Command syntax:
router(config-if)# ip ospf cost value(0~65535)
OR
router(config-if)# ospf auto-cost reference-bandwidth value(1~4,294,967)
100Mbps သည္ default reference bandwidth ျဖစ္ကာ ၄င္းအားတိုးျမင့္ျခင္းျဖင့္ (eg. 1000Mbps) network performance ကို ျမင့္တင္နိုင္သည္။ ဥပမာ… default အားျဖင့္ Gigabit Ethernet cost ကို 1 (Fast Ethernet နွင့္တူသည္) ဟုထားေသာေၾကာင့္ ထိေရာက္ေသာ network performance ကိုမရရွိနုိင္ပါ… reference bandwidth ကိုတိုးျမင့္ျခင္းျဖင့္ ေျဖရွင္းရသည္။
Example: ref: http://ccietobe.blogspot.com/
R1#show ip route | begin Gateway
Gateway of last resort is not set
1.0.0.0 /32 is subnetted, 2 subnets
C 1.1.1.1 is directly connected, Loopback0
C 1.1.1.2 is directly connected, Loopback1
2.0.0.0 /32 is subnetted, 1 subnets
O 2.2.2.2 [110/65] via 172.12.12.2, 00:08:50, Serial1/0
4.0.0.0 /32 is subnetted, 1 subnets
O IA 4.4.4.4 [110/129] via 172.12.12.2, 00:08:50, Serial1/0
172.12.0.0 /24 is subnetted, 2 subnets
C 172.12.12.0 is directly connected, Serial1/0
O IA 172.12.23.0 [110/128] via 172.12.12.2, 00:08:50, Serial1/0
R1#show ip ospf int s1/0 | inc Cost
Process ID 1, Router ID 1.1.1.1, Network Type POINT_TO_POINT, Cost: 64
Chaging the reference-bandwidth:
R1(config)#router ospf 1
R1(config-router)#auto-cost reference-bandwidth 1000
% OSPF: Reference bandwidth is changed.
R1#show ip ospf int s1/0 | inc Cost
Process ID 1, Router ID 1.1.1.1, Network Type POINT_TO_POINT, Cost: 647
Calculations:
100000000/1544000 = 64
1000000000/1544000 = 647
R1#show ip route | begin Gateway
Gateway of last resort is not set
1.0.0.0 /32 is subnetted, 2 subnets
C 1.1.1.1 is directly connected, Loopback0
C 1.1.1.2 is directly connected, Loopback1
2.0.0.0 /32 is subnetted, 1 subnets
O 2.2.2.2 [110/648] via 172.12.12.2, 00:01:30, Serial1/0
4.0.0.0 /32 is subnetted, 1 subnets
O IA 4.4.4.4 [110/712] via 172.12.12.2, 00:01:30, Serial1/0
172.12.0.0 /24 is subnetted, 2 subnets
C 172.12.12.0 is directly connected, Serial1/0
O IA 172.12.23.0 [110/711] via 172.12.12.2, 00:01:30, Serial1/0
19/4/2011
Default costs
1.1785 on 56kbps serial link
2.64 on T1 (1.544Mbps serial link)
3.10 on Ethernet
4.1 on Fast Ethernet
5.1 on Gigabit Ethernet
Calculation
Cost = 100Mbps/bandwidth, where 100Mbps is default reference bandwidth
Command syntax:
router(config-if)# ip ospf cost value(0~65535)
OR
router(config-if)# ospf auto-cost reference-bandwidth value(1~4,294,967)
100Mbps သည္ default reference bandwidth ျဖစ္ကာ ၄င္းအားတိုးျမင့္ျခင္းျဖင့္ (eg. 1000Mbps) network performance ကို ျမင့္တင္နိုင္သည္။ ဥပမာ… default အားျဖင့္ Gigabit Ethernet cost ကို 1 (Fast Ethernet နွင့္တူသည္) ဟုထားေသာေၾကာင့္ ထိေရာက္ေသာ network performance ကိုမရရွိနုိင္ပါ… reference bandwidth ကိုတိုးျမင့္ျခင္းျဖင့္ ေျဖရွင္းရသည္။
Example: ref: http://ccietobe.blogspot.com/
Gateway of last resort is not set
1.0.0.0 /32 is subnetted, 2 subnets
C 1.1.1.1 is directly connected, Loopback0
C 1.1.1.2 is directly connected, Loopback1
2.0.0.0 /32 is subnetted, 1 subnets
O 2.2.2.2 [110/65] via 172.12.12.2, 00:08:50, Serial1/0
4.0.0.0 /32 is subnetted, 1 subnets
O IA 4.4.4.4 [110/129] via 172.12.12.2, 00:08:50, Serial1/0
172.12.0.0 /24 is subnetted, 2 subnets
C 172.12.12.0 is directly connected, Serial1/0
O IA 172.12.23.0 [110/128] via 172.12.12.2, 00:08:50, Serial1/0
R1#show ip ospf int s1/0 | inc Cost
Process ID 1, Router ID 1.1.1.1, Network Type POINT_TO_POINT, Cost: 64
Chaging the reference-bandwidth:
R1(config)#router ospf 1
R1(config-router)#auto-cost reference-bandwidth 1000
% OSPF: Reference bandwidth is changed.
R1#show ip ospf int s1/0 | inc Cost
Process ID 1, Router ID 1.1.1.1, Network Type POINT_TO_POINT, Cost: 647
Calculations:
100000000/1544000 = 64
1000000000/1544000 = 647
R1#show ip route | begin Gateway
Gateway of last resort is not set
1.0.0.0 /32 is subnetted, 2 subnets
C 1.1.1.1 is directly connected, Loopback0
C 1.1.1.2 is directly connected, Loopback1
2.0.0.0 /32 is subnetted, 1 subnets
O 2.2.2.2 [110/648] via 172.12.12.2, 00:01:30, Serial1/0
4.0.0.0 /32 is subnetted, 1 subnets
O IA 4.4.4.4 [110/712] via 172.12.12.2, 00:01:30, Serial1/0
172.12.0.0 /24 is subnetted, 2 subnets
C 172.12.12.0 is directly connected, Serial1/0
O IA 172.12.23.0 [110/711] via 172.12.12.2, 00:01:30, Serial1/0
19/4/2011
Sunday, 10 April 2011
5 Fast-ways to boost your energy
1. Eating a high-fiber cereal: Body digests fiber more slowly, which can provide a longer-lasting energy supply during the day.
2. Laying off the caffeine: Caffeine provides that quick pick-me-up by stimulating the central nervous system. But more than 200 or 300 mg (two to three cups) a day can work against you by causing jitteriness, digestive problems, and headaches. And consuming caffeine too late in the day can prevent a good night’s sleep.
3. Drinking more water: According to research at Tufts University, even mild dehydration reduces concentration and brings down your mood. It also drains energy.
4. Going for a walk outside: California State University scientists found that a brisk 10-minute walk increases your energy level and sustains it for two hours. Recent studies show that spending 20 minutes a day outdoors can significantly increase vitality.
5. Munching on pumpkin seeds: They contain a lot of magnesium, and research shows that too little of the mineral can sap your energy. Almonds, cashews, halibut, spinach, and soybeans are other good sources of magnesium.
ref: Reader Digest
10/4/2011
2. Laying off the caffeine: Caffeine provides that quick pick-me-up by stimulating the central nervous system. But more than 200 or 300 mg (two to three cups) a day can work against you by causing jitteriness, digestive problems, and headaches. And consuming caffeine too late in the day can prevent a good night’s sleep.
3. Drinking more water: According to research at Tufts University, even mild dehydration reduces concentration and brings down your mood. It also drains energy.
4. Going for a walk outside: California State University scientists found that a brisk 10-minute walk increases your energy level and sustains it for two hours. Recent studies show that spending 20 minutes a day outdoors can significantly increase vitality.
5. Munching on pumpkin seeds: They contain a lot of magnesium, and research shows that too little of the mineral can sap your energy. Almonds, cashews, halibut, spinach, and soybeans are other good sources of magnesium.
ref: Reader Digest
10/4/2011
Friday, 8 April 2011
Network Protocol Handbook
Note***: It's second edition not a final one.
Download here for fourth edition (.chm format).
8/4/2011
Tuesday, 5 April 2011
OSPF - Part 3
Default route in OSPF
Command Syntax: default-information originate [always][metric value][metric-type type-value][route-map name]
ဒီcommand ကိုသံုးရင္ default အားျဖင္႔ default route ကို OSPF area အတြင္းသို႔ LSA Type5 (OE2) ျဖင့္ flood လုပ္သည္။ Default route ၁ခု routing table ထဲတြင္ရွိရန္လိုသည္… သို႔မဟုတ္ command တြင္ always ကိုထည့္ေပးရသည္။ Default metric value မွာ 1 ျဖစ္ၿပီး ငယ္တဲ့ metric ရွိေသာ route ကိုသာ သံုးျပဳသည္။ OE1, OE2 option အတြက္ metric-type 1 or 2 ဟူ၍ ညွိယူရသည္။ When to advertise (or) when to withdraw default route permission အတြက္ route-map ကိုအသံုးျပဳသည္။
Virtual Link
OSPF Area အားလံုးသည္ Area0 နွင့္ခ်ိတ္ဆက္ရမည္ဟူေသာ concept အရ ပံုတြင္ျပထားသည့္အတိုင္း Area2 သည္ Area0 နွင့္ တိုက္ရိုက္မခ်ိတ္ဆက္နုိင္ပါက Virtual-link ကိုအသံုးျပဳနုိင္သည္။ ABR (R1 and R2) မ်ားသည္ virtual-link ေပၚတြင္ unicast packet ျဖင့္ဆက္သြယ္ၾကသည္။ Virtual-link ေပၚတြင္ LSA မ်ား periodic re-flooding မျဖစ္ေစရန္ router မ်ားသည္ LSA packet မ်ားထဲတြင္ Do-Not-Age (DNA) bit ကို ON ရသည္။ အေရးႀကီးဆံုးမွာ Transit Area (Area1) သည္ Stub area မျဖစ္ရပါ။
Example configuration:
R1(config)# router ospf 1
R1(config)# area 1 virtual-link 4.4.4.4
R2(config)# router ospf 1
R2(config)# area 1 virtual-link 1.1.1.1
Virtual-link command တြင္အသံုးျပဳထားေသာ RID မ်ားကို ping ၍မရနိုင္ပါ။
OSPF Authentication
SimpleRouter(config)# router ospf 3
# area 0 authentication
# int fa0/0
# ip ospf authentication
# ip ospf authentication-key HELLO
MD5Router(config)# router ospf 3
# area 0 authentication message-digest
# int fa0/0
# ip ospf authentication message-digest
# ip ospf message-digest-key 1 md5 HELLO
၄င္းcommand နွစ္ေၾကာင္းသံုးလ်ွင္ Area ၁ခုလံုး Authentication သံုးရမည္။
Authentication on Virtual-link (using previous figure)
Simple
Router(config)# router ospf 1
# area 1 virtual-link 4.4.4.4 authentication authentication-key HELLO
MD5
Router(config)# router ospf 1
# area 1 virtual-link 4.4.4.4 authentication message-digest-key 1 md5 HELLO
5/4/2011
ဒီcommand ကိုသံုးရင္ default အားျဖင္႔ default route ကို OSPF area အတြင္းသို႔ LSA Type5 (OE2) ျဖင့္ flood လုပ္သည္။ Default route ၁ခု routing table ထဲတြင္ရွိရန္လိုသည္… သို႔မဟုတ္ command တြင္ always ကိုထည့္ေပးရသည္။ Default metric value မွာ 1 ျဖစ္ၿပီး ငယ္တဲ့ metric ရွိေသာ route ကိုသာ သံုးျပဳသည္။ OE1, OE2 option အတြက္ metric-type 1 or 2 ဟူ၍ ညွိယူရသည္။ When to advertise (or) when to withdraw default route permission အတြက္ route-map ကိုအသံုးျပဳသည္။
Virtual Link
OSPF Area အားလံုးသည္ Area0 နွင့္ခ်ိတ္ဆက္ရမည္ဟူေသာ concept အရ ပံုတြင္ျပထားသည့္အတိုင္း Area2 သည္ Area0 နွင့္ တိုက္ရိုက္မခ်ိတ္ဆက္နုိင္ပါက Virtual-link ကိုအသံုးျပဳနုိင္သည္။ ABR (R1 and R2) မ်ားသည္ virtual-link ေပၚတြင္ unicast packet ျဖင့္ဆက္သြယ္ၾကသည္။ Virtual-link ေပၚတြင္ LSA မ်ား periodic re-flooding မျဖစ္ေစရန္ router မ်ားသည္ LSA packet မ်ားထဲတြင္ Do-Not-Age (DNA) bit ကို ON ရသည္။ အေရးႀကီးဆံုးမွာ Transit Area (Area1) သည္ Stub area မျဖစ္ရပါ။
Example configuration:
R1(config)# router ospf 1
R1(config)# area 1 virtual-link 4.4.4.4
R2(config)# router ospf 1
R2(config)# area 1 virtual-link 1.1.1.1
Virtual-link command တြင္အသံုးျပဳထားေသာ RID မ်ားကို ping ၍မရနိုင္ပါ။
OSPF Authentication
SimpleRouter(config)# router ospf 3
# area 0 authentication
# int fa0/0
# ip ospf authentication
# ip ospf authentication-key HELLO
MD5Router(config)# router ospf 3
# area 0 authentication message-digest
# int fa0/0
# ip ospf authentication message-digest
# ip ospf message-digest-key 1 md5 HELLO
၄င္းcommand နွစ္ေၾကာင္းသံုးလ်ွင္ Area ၁ခုလံုး Authentication သံုးရမည္။
Authentication on Virtual-link (using previous figure)
Simple
Router(config)# router ospf 1
# area 1 virtual-link 4.4.4.4 authentication authentication-key HELLO
MD5
Router(config)# router ospf 1
# area 1 virtual-link 4.4.4.4 authentication message-digest-key 1 md5 HELLO
5/4/2011
Friday, 1 April 2011
OSPF - Part 2
Router ID (RID)
OSPF network မွာရွိေသာ router တစ္လံုးခ်င္းဆီတြင္ unique router ID ရွိၾကသည္။ ပံုမွန္အားျဖင့္ loopback address ကို RID အျဖစ္သတ္မွတ္ၿပီး loopback မရွိက active ျဖစ္ေနေသာ အႀကီးဆံုး address ပိုင္ဆိုင္ထားသည့္ interface ကို RID ဟုသတ္မွတ္ပါသည္။ RID ကို manually လည္းသတ္မွတ္ နုိင္ပါသည္။ router-id command > loopback > interface address ဟုမွတ္ထားနုိင္သည္။
DR and BDR routers
DR ေခၚ Designated Router သည္ OSPF group ၁ခုအတြင္း priority (သို႔) RID အျမင့္ဆံုးျဖစ္သည္။ Broadcast traffic (route information, updates) မ်ားကို DR မွသာ လႊတ္သည္။ DR ေရြးခ်ယ္ရာတြင္ ပထမအဆင့္အေနျဖင့္ priority ခ်င္းယွဥ္ၿပီး ပိုျမင့္ေသာ router က DR ျဖစ္လာသည္။ အကယ္၍ priority တူေနပါက RID အျမင့္ဆံုးကို ေရြးခ်ယ္သည္။ priority > RID ဟုမွတ္ထားနုိင္သည္။
OSPF Router Types
• Backbone Router (BR): 1, 2, 3
• Area Border Router (ABR): 3
• Autonomous System Boundary Router (ASBR): 6
LSA Packet Types (နဲနဲေလးေတာ့ရွဳပ္မယ္)
• Type1 (Router LSA): OSPF run ထားတဲ့ router တိုင္း generate လုပ္ၿပီး Area 1ခု အတြင္းမွာပဲသြားသည္။
• Type2 (Network LSA): DR ကပဲ generate လုပ္ၿပီး Area 1ခု အတြင္းတြင္သာသြားသည္။
• Type3 (Internal Summary LSA): ABR မွ generate လုပ္ၿပီး ကပ္ရပ္ OSPF area ၏ information (summary route) ကို Backbone router မ်ားဆီ သို႔ပို႔သည္။
• Type4 (External Summary LSA): ABR မွ generate လုပ္ၿပီး ASBR ဆီသို႔ ေရာက္နုိင္မည့္ route ကိုေဖာ္ျပသည္။ Backbone router မ်ားဆီ သို႔ပို႔သည္။
• Type5 (AS LSA): ASBR ကသာ ၄င္း LSA ကို generate လုပ္ၿပီး AS မတူတဲ့ external network information (eg. EIGRP) ကို internal router ေတြဆီ သို႔ပို႔သည္။ LSA Type5 ကို External Type1 (OE1) နွင့္ Type2 (OE2) ဟူ၍ 2မ်ိဳးထပ္ခြဲသည္။
• Type6 (Multicast LSA): a Cisco router will ignore this type and generate syslog entry if it receives one.
• Type7 (NSSA LSA): NSSA area မွ ASBR က generate လုပ္ၿပီး external network information ကို ABR ဆီသို႔ပို႔သည္။ ABR က Type5 LSA ျဖင့္အျခား area ဆီသို႔ redistribute ျပန္လုပ္ေပးသည္။ Type5 ကဲ့သို႔ External Type1 (ON1) နွင့္ Type2 (ON2) ဟူ၍ 2မ်ိဳးထပ္ခြဲသည္။
ဂေလာက္သိရင္ OK ၿပီ…..
OSPF Area Types
• Backbone Area: Area0
• Stubby Area: Default route နွင့္ summary route ကိုသာ လက္ခံၿပီး external routes ေတြကို လက္မခံပါ။ Allow Type2, 3, 4 LSAs and Block Type5 LSA. Area0 ကို stub area လုပ္ျခင္း သည္းခံပါ…
• Totally Stubby Area: Default route သာ လက္ခံသည္။ Allow Type2 and Block Type3, 4, 5 LSAs…
• Not-So-Stubby (NSSA) Area: ပံုမွန္ stubby area နွင့္တူၿပီး ၄င္း areaတြင္ ASBR (အျခား AS မွ external route မ်ားလက္ခံရန္) ရွိေသာေၾကာင့္ Type7 LSA ကိုပါလက္ခံသည္။
• Totally NSSA Area: ပံုမွန္ NSSA area နွင့္တူၿပီး ၄င္း areaတြင္ ASBR ရွိေသာေၾကာင့္ Type7 LSA ကိုပါလက္ခံသည္။
OSPF network မွာရွိေသာ router တစ္လံုးခ်င္းဆီတြင္ unique router ID ရွိၾကသည္။ ပံုမွန္အားျဖင့္ loopback address ကို RID အျဖစ္သတ္မွတ္ၿပီး loopback မရွိက active ျဖစ္ေနေသာ အႀကီးဆံုး address ပိုင္ဆိုင္ထားသည့္ interface ကို RID ဟုသတ္မွတ္ပါသည္။ RID ကို manually လည္းသတ္မွတ္ နုိင္ပါသည္။ router-id command > loopback > interface address ဟုမွတ္ထားနုိင္သည္။
DR and BDR routers
DR ေခၚ Designated Router သည္ OSPF group ၁ခုအတြင္း priority (သို႔) RID အျမင့္ဆံုးျဖစ္သည္။ Broadcast traffic (route information, updates) မ်ားကို DR မွသာ လႊတ္သည္။ DR ေရြးခ်ယ္ရာတြင္ ပထမအဆင့္အေနျဖင့္ priority ခ်င္းယွဥ္ၿပီး ပိုျမင့္ေသာ router က DR ျဖစ္လာသည္။ အကယ္၍ priority တူေနပါက RID အျမင့္ဆံုးကို ေရြးခ်ယ္သည္။ priority > RID ဟုမွတ္ထားနုိင္သည္။
• Backbone Router (BR): 1, 2, 3
• Area Border Router (ABR): 3
• Autonomous System Boundary Router (ASBR): 6
LSA Packet Types (နဲနဲေလးေတာ့ရွဳပ္မယ္)
• Type1 (Router LSA): OSPF run ထားတဲ့ router တိုင္း generate လုပ္ၿပီး Area 1ခု အတြင္းမွာပဲသြားသည္။
• Type2 (Network LSA): DR ကပဲ generate လုပ္ၿပီး Area 1ခု အတြင္းတြင္သာသြားသည္။
• Type3 (Internal Summary LSA): ABR မွ generate လုပ္ၿပီး ကပ္ရပ္ OSPF area ၏ information (summary route) ကို Backbone router မ်ားဆီ သို႔ပို႔သည္။
• Type4 (External Summary LSA): ABR မွ generate လုပ္ၿပီး ASBR ဆီသို႔ ေရာက္နုိင္မည့္ route ကိုေဖာ္ျပသည္။ Backbone router မ်ားဆီ သို႔ပို႔သည္။
• Type5 (AS LSA): ASBR ကသာ ၄င္း LSA ကို generate လုပ္ၿပီး AS မတူတဲ့ external network information (eg. EIGRP) ကို internal router ေတြဆီ သို႔ပို႔သည္။ LSA Type5 ကို External Type1 (OE1) နွင့္ Type2 (OE2) ဟူ၍ 2မ်ိဳးထပ္ခြဲသည္။
• Type6 (Multicast LSA): a Cisco router will ignore this type and generate syslog entry if it receives one.
• Type7 (NSSA LSA): NSSA area မွ ASBR က generate လုပ္ၿပီး external network information ကို ABR ဆီသို႔ပို႔သည္။ ABR က Type5 LSA ျဖင့္အျခား area ဆီသို႔ redistribute ျပန္လုပ္ေပးသည္။ Type5 ကဲ့သို႔ External Type1 (ON1) နွင့္ Type2 (ON2) ဟူ၍ 2မ်ိဳးထပ္ခြဲသည္။
ဂေလာက္သိရင္ OK ၿပီ…..
OSPF Area Types
• Backbone Area: Area0
• Stubby Area: Default route နွင့္ summary route ကိုသာ လက္ခံၿပီး external routes ေတြကို လက္မခံပါ။ Allow Type2, 3, 4 LSAs and Block Type5 LSA. Area0 ကို stub area လုပ္ျခင္း သည္းခံပါ…
• Totally Stubby Area: Default route သာ လက္ခံသည္။ Allow Type2 and Block Type3, 4, 5 LSAs…
• Not-So-Stubby (NSSA) Area: ပံုမွန္ stubby area နွင့္တူၿပီး ၄င္း areaတြင္ ASBR (အျခား AS မွ external route မ်ားလက္ခံရန္) ရွိေသာေၾကာင့္ Type7 LSA ကိုပါလက္ခံသည္။
• Totally NSSA Area: ပံုမွန္ NSSA area နွင့္တူၿပီး ၄င္း areaတြင္ ASBR ရွိေသာေၾကာင့္ Type7 LSA ကိုပါလက္ခံသည္။
Stub Type | Allow LSA Types | Block LSA Types | Default route |
Stubby | 1, 2, 3, 4 | 5 | Yes |
Totally Stubby | 1, 2 | 3, 4, 5 | Yes |
NSSA | 1, 2, 3, 4, 7 | 5 | Yes |
Totally NSSA | 1, 2, 7 | 3, 4, 5 | Yes |
Note***: Totally Stubby နွင့္ Totally NSSA တို႔သည္ Cisco Proprietary မ်ားျဖစ္ၾကသည္။
1/4/2011
OSPF - Part 1
OSPF (Open Shortest Path First)
Cisco စာအုပ္မွ OSPF အေၾကာင္း ဖတ္ထားသမ်ွ သိသေလာက္ ရွဲပါမည္။ (လိုတာကူျဖည့္ေပးပါရန္။)
OSPF Features
1. Areas မ်ားနွင့္ အလုပ္လုပ္သည္။
2. Routing update traffic မ်ားေလ်ွာ့ခ်နုိင္သည္။
3. VLSM support လုပ္သည္။
4. Router အေရအတြက္ သည္ unlimited ျဖစ္သည္။ သို႔ေသာ္ Area တစ္ခုအတြင္း အမ်ားဆံုး 50 routers သာထားသင့္သည္။
5. Open standard ျဖစ္သည္။
6. Default အားျဖင့္ auto summarization ပိတ္ထားသည္။
Neighbor and adjacencies
Broadcast link ေတြမွာ neighbors ေတြဆီသို႔ Hello packet မ်ားကို 224.0.0.5 multicast address ျဖင့္ 10 seconds တစ္ခါပို႔ၿပီး Non-broadcast link ေတြမွာ 30 seconds တစ္ခါပို႔သည္။ Route changes ျဖစ္လ်ွင္ DR ဆီသို႔ changes ရွိေသာ routerက 224.0.0.6 multicast address ျဖင့္ changes ကိုပို႔ၿပီး DR မွ၄င္း changes ကိုက်န္ routers မ်ားထံ 224.0.0.5 ျဖင့္ျပန္ပို႔သည္။ OSPF packet type အားလံုးကို IP protocol 89 ျဖင့္ encapsulation လုပ္သည္။
Possible states of neighbor relationship
1. Down
2. Init: neighbor router မွ hello packet စတင္ရရွိခ်ိန္။
3. 2-way: neighbor နွင့္ bi-directional communication link တည္ေဆာက္ၿပီးခ်ိန္။
4. Exstart: DR/BDR election လုပ္ၿပီး link state info: sequence ေတြဖလွယ္္ၿပီးခ်ိန္။ (only DR & BDR)
5. Exchange: Database Descriptor (DBD) packet (DDP ဟုလည္း ေခၚသည္) exchange လုပ္ေသာအခ်ိန္။
6. Loading: လိုအပ္ေသာ route မ်ားအတြက္ link state info: ေတြဖလွယ္ခ်ိန္။
7. Full: Fully adjacent state
8. Attempt: manually configure လုပ္ထားတဲ့ NBMA network မွာေတြ႔ရွိနုိင္သည္။ Dead interval ကုန္၍ Hello packet မရလ်ွင္ unicast packet ပို႔ေသာအခ်ိန္လည္းျဖစ္သည္။
OSPF Packet Types
1. Hello
2. DBD: router ID lists + sequence number
3. Link state request (LSR): လိုအပ္ေသာ link-state info: request လုပ္ရန္ DBD packetအေနာက္ကသြားသည္။
4. LSU: LSR ကို reply လုပ္ေသာ packet (containing request info:)
5. LSAck: LS info: ေတြရရွိၾကာင္း acknowledge ျပန္ေသာ packet
OSPF packet header format + Data
Version: OSPF version (2 or 3)
Type: packet type 5ခုထဲမွ တခုခု ျဖစ္ေၾကာင္း ေဖာ္ျပသည္။
Authentication Type: no authentication (or) plain-text (or) MD5
Authentication Data
Data: packet type 5ခုေပၚမူတည္ၿပီး data ကြဲျပားသည္။
1/4/2011
Cisco စာအုပ္မွ OSPF အေၾကာင္း ဖတ္ထားသမ်ွ သိသေလာက္ ရွဲပါမည္။ (လိုတာကူျဖည့္ေပးပါရန္။)
OSPF Features
1. Areas မ်ားနွင့္ အလုပ္လုပ္သည္။
2. Routing update traffic မ်ားေလ်ွာ့ခ်နုိင္သည္။
3. VLSM support လုပ္သည္။
4. Router အေရအတြက္ သည္ unlimited ျဖစ္သည္။ သို႔ေသာ္ Area တစ္ခုအတြင္း အမ်ားဆံုး 50 routers သာထားသင့္သည္။
5. Open standard ျဖစ္သည္။
6. Default အားျဖင့္ auto summarization ပိတ္ထားသည္။
Neighbor and adjacencies
Broadcast link ေတြမွာ neighbors ေတြဆီသို႔ Hello packet မ်ားကို 224.0.0.5 multicast address ျဖင့္ 10 seconds တစ္ခါပို႔ၿပီး Non-broadcast link ေတြမွာ 30 seconds တစ္ခါပို႔သည္။ Route changes ျဖစ္လ်ွင္ DR ဆီသို႔ changes ရွိေသာ routerက 224.0.0.6 multicast address ျဖင့္ changes ကိုပို႔ၿပီး DR မွ၄င္း changes ကိုက်န္ routers မ်ားထံ 224.0.0.5 ျဖင့္ျပန္ပို႔သည္။ OSPF packet type အားလံုးကို IP protocol 89 ျဖင့္ encapsulation လုပ္သည္။
Possible states of neighbor relationship
1. Down
2. Init: neighbor router မွ hello packet စတင္ရရွိခ်ိန္။
3. 2-way: neighbor နွင့္ bi-directional communication link တည္ေဆာက္ၿပီးခ်ိန္။
4. Exstart: DR/BDR election လုပ္ၿပီး link state info: sequence ေတြဖလွယ္္ၿပီးခ်ိန္။ (only DR & BDR)
5. Exchange: Database Descriptor (DBD) packet (DDP ဟုလည္း ေခၚသည္) exchange လုပ္ေသာအခ်ိန္။
6. Loading: လိုအပ္ေသာ route မ်ားအတြက္ link state info: ေတြဖလွယ္ခ်ိန္။
7. Full: Fully adjacent state
8. Attempt: manually configure လုပ္ထားတဲ့ NBMA network မွာေတြ႔ရွိနုိင္သည္။ Dead interval ကုန္၍ Hello packet မရလ်ွင္ unicast packet ပို႔ေသာအခ်ိန္လည္းျဖစ္သည္။
OSPF Packet Types
1. Hello
2. DBD: router ID lists + sequence number
3. Link state request (LSR): လိုအပ္ေသာ link-state info: request လုပ္ရန္ DBD packetအေနာက္ကသြားသည္။
4. LSU: LSR ကို reply လုပ္ေသာ packet (containing request info:)
5. LSAck: LS info: ေတြရရွိၾကာင္း acknowledge ျပန္ေသာ packet
OSPF packet header format + Data
Type: packet type 5ခုထဲမွ တခုခု ျဖစ္ေၾကာင္း ေဖာ္ျပသည္။
Authentication Type: no authentication (or) plain-text (or) MD5
Authentication Data
Data: packet type 5ခုေပၚမူတည္ၿပီး data ကြဲျပားသည္။
1/4/2011
Tuesday, 29 March 2011
Junos on GNS3 (Part3-Put it on GNS3)
FINAL IMPORTANT SETP
Junos Installation ကိုျမင္ရရန္ Putty ကိုအဆင္သင့္ျပင္ရမည္…
Browse > juniperinstallation.txt (save)
Get Ready Session (Note***: ေအာက္ပါ command ကို run ၿပီးမွ Open လုပ္ပါ။)
C:\juniper\Qemu> qemu -L . -m 512 -hda junos-binary.img -serial telnet:127.0.0.1:1001,server,nowait,nodelay –localtime
Installation ၿပီးလ်ွင္(ကလိၾကည့္ပါ) putty ကိုပိတ္ပါ။ Prompt တြင္ Ctrl+Alt+2 ကိုနွိပ္ပါ… ၿပီးလ်ွင္ q နွိပ္ၿပီးထြက္ေလာ့။ GNS3 အတြက္ JUNOS ready ျဖစ္လတံ့။
Steps to Adding Juniper Routers in GNS3
1. QEMU Folder ထဲတြင္ရွိေသာ junos-binary.img ကို Folder အျပင္သို႔ copy လုပ္ပါ။
2. junos1.img ပာု ျပင္ပါ… (juniper router 2 လံုးသံုးလိုက junos2.img ကိုထပ္လုပ္ရမည္။)
3. GNS3 ကိုဖြင့္ပါ… Juniper router ကိုယူၿပီး right-click > configuration ကိုနွိပ္ပါ။
4. JunOs image တြင္ junos1.img ရွိရာလမ္းကိုထည့္ေပးပါ။ (eg: C:\juniper\juniper1.img)
5. OK!!! Run ၿပီး right-click > console (putty) နွင့္စတင္ ကလိနုိင္ၿပီျဖစ္သည္။
Junos Installation ကိုျမင္ရရန္ Putty ကိုအဆင္သင့္ျပင္ရမည္…
Browse > juniperinstallation.txt (save)
Get Ready Session (Note***: ေအာက္ပါ command ကို run ၿပီးမွ Open လုပ္ပါ။)
C:\juniper\Qemu> qemu -L . -m 512 -hda junos-binary.img -serial telnet:127.0.0.1:1001,server,nowait,nodelay –localtime
Installation ၿပီးလ်ွင္(ကလိၾကည့္ပါ) putty ကိုပိတ္ပါ။ Prompt တြင္ Ctrl+Alt+2 ကိုနွိပ္ပါ… ၿပီးလ်ွင္ q နွိပ္ၿပီးထြက္ေလာ့။ GNS3 အတြက္ JUNOS ready ျဖစ္လတံ့။
Steps to Adding Juniper Routers in GNS3
1. QEMU Folder ထဲတြင္ရွိေသာ junos-binary.img ကို Folder အျပင္သို႔ copy လုပ္ပါ။
2. junos1.img ပာု ျပင္ပါ… (juniper router 2 လံုးသံုးလိုက junos2.img ကိုထပ္လုပ္ရမည္။)
3. GNS3 ကိုဖြင့္ပါ… Juniper router ကိုယူၿပီး right-click > configuration ကိုနွိပ္ပါ။
4. JunOs image တြင္ junos1.img ရွိရာလမ္းကိုထည့္ေပးပါ။ (eg: C:\juniper\juniper1.img)
-THE END-
29/3/2011
Subscribe to:
Posts (Atom)