Tuesday, 5 July 2016

OSPF - Options Interview

Default Route in NSSA

There are two ways to have a default route in an NSSA. When you configure an area as NSSA, by default the NSSA ABR does not generate a default summary route. In the case of a stub area or an NSSA totally stub area, the NSSA ABR does generate a default summary route.

Default Summary Route

By defining an area as a NSSA totally stub area, the NSSA ABR generates a default summary route. As mentioned, if the NSSA area were not defined as totally stub, then a default summary route is not generated by NSSA ABR. This configuration generates a default summary route for a NSSA totally stub area.
router ospf 1
 Area 1 nssa no-summary

Default Type 7

This configuration generates a type 7 default route. You can configure this command on any NSSA ASBR or NSSA ABR with these rules:
  • NSSA ASBR can generate a default only when it has a default route in its routing table.
  • The default route must be known through non-OSPF protocol
  • NSSA ABR can generate a default route with or without a default route in its own routing table.
This command is used in order to generate an NSSA default route:
router ospf 1
 Area 1 nssa default-information-originate

Below lists the fields in the OSPF Type-1 Router-LSA:



Field


Description
V bitIndicates whether the advertising router is an endpoint of a virtual link.
E bitIndicates whether the advertising router is an Autonomous System Border Router (ASBR).
B bitIndicates whether the advertising router is an Area Border Router (ABR).
Number of LinksIndicates the number of links of the advertising router. A Router-LSA would contain the information of all router links of the advertising router.
Link TypeIndicates the 4 types of router links. Note: There are 2 types of point-to-point links – numbered and unnumbered.
Link ID andLink DataThe Link ID and Link Data values vary according to the Link Type. The Link ID identifies the object to which a link connects to; while the Link Data provides extra information for a link.
Note: The LSA header contains the Link-State ID while an LSA entry contains the Link ID allowing for easier differentiation.
MetricIndicates the OSPF cost of a router link.
ToS, ToS MetricRepresent the Type of Service and are normally set to 0.

 

Below describes the bits in the Options field:
DNUsed in MPLS-based Layer 3 Virtual Private Networks as defined in RFC 2547 – BGP/MPLS VPNs. When a route learnt from a customer network via OSPF is advertised across a BGP/MPLS VPN using Multiprotocol BGP, and advertised back to a customer network via OSPF, a loop can occur in which the OSPF route is redistributed back to the VPN service provider network via BGP. The DN bit prevents this type of routing loop. When an OSPF router received a Type 3, 5, or 7 LSA with the DN bit set, it cannot use that LSA in the OSPF route calculations.
OThe O bit is set when the originating router supports Type 9, 10, and 11 Opaque LSAs.
DCThe DC bit is set when the originating router supports OSPF over Demand Circuits.
LIndicates whether the OSPF packet contains a Link-Local Signaling (LLS) data block. This bit is set only in Hello and DBD packets. If the OSPF packet is cryptographically authenticated, the LLS data block must also be cryptographically authenticated.
Reference: RFC 4813 – OSPF Link-Local Signaling.
NThe N bit is used only in Hello packets. The N bit is set when the originating router supports Type-7 NSSA-External-LSAs. Neighboring routers with mismatched N bit value will not form neighbor relationship. This restriction ensures that all OSPF routers within an area support NSSA capabilities. When the N bit is set to 1, the E bit must be 0.
PThe P bit is used only in Type-7 NSSA-External-LSA headers. Due to this reason, the N and P bits can share the same position in the Options field. The P (Propagate) bit is set to inform the NSSA ABR to translate Type-7 LSAs into Type-5 LSAs.
MCThe MC bit is set when the originating router supports Multicast extensions to OSPF (MOSPF). Note: Cisco does not support MOSPF, mainly due to the reasons that it uses a dense-mode multicast forwarding scheme and is protocol dependent. A Cisco router would generate a %OSPF-4-BADLSATYPE error message upon receiving a Type-6 LSA. The ignore lsa mospf router subcommand configures an OSPF router to ignore Type-6 LSAs and therefore prevents the router from generating the error message.
EThe E (ExternalRoutingCapability) bit is set when the originating router is capable of accepting AS External LSAs. It will be set to 1 in all AS External LSAs and in all LSAs originated in the backbone and non-stub areas; and will be set to 0 in all Hellos and LSAs originated within a stub area. Additionally, this bit is used in to Hello packets to indicate the capability of a router interface to send and receive Type-5 AS-External-LSAs. Neighboring routers with mismatched E bit value will not form neighbor relationship. This restriction ensures that all OSPF routers within an area support the stub capabilities.
MTThe MT bit is set when the originating router supports Multitopology OSPF, MT-OSPF. However, MT-OSPF is still under the proposal stage and is not generally adopted yet. Older OSPF specifications specified this bit position as the T bit. The T bit was set when the originating router support TOS-based routing. However, OSPF TOS-based routing has never been deployed; therefore the T bit was also never been used.

The Link ID, Link Data, Link Type, Number of TOS, Metric, TOS, and TOS metric fields appear one or more times in a Router-LSA corresponding to the Number of Links field.
Note: Cisco supports only TOS = 0. The ToS and ToS Metric fields appear corresponding to the Number of TOS field. Ex: If Number of TOS is 2, there will be 2 32-bit words containing 2 instances of these fields. If Number of TOS is 0, there will be no instances of these fields.

Below lists the Link ID and Link Data values for the various Type-1 Router-LSA link types:



Type


Description


Link ID


Link Data
1Point-to-point numbered connection to another routerThe Router ID of neighboring routerPhysical interface IP address of the router to the network
1Point-to-point unnumbered connection to another routerThe Router ID of neighboring routerThe MIB-II ifIndex value of the unnumbered interface [1]
2Connection to a transit networkPhysical interface IP address of the DRPhysical interface IP address of the router to the network
3Connection to a stub networkIP network number or subnet numberSubnet mask
4Virtual linkThe Router ID of virtual link neighborPhysical interface IP address of the router to reach the virtual link neighbor
[1] – This value usually starts with 0.
Posted by at No comments:

Thursday, 9 June 2016

Unix Commands

ifconfig -a
netstat
arp -a  -- 20 mins for completed entry and 3 mins for incomplete entry

tcpdump

Posted by at No comments:

Tuesday, 12 April 2016

MITG Architecture

PSC:
====

Line Card ----- PSC Card
* L2 checks happen at Line card and it passes it to npu of psc card.
* Both are connected using a starchannel

And each psc card has a cpu and npu

* npu is also a cpu which is required for specific purpose(flow lookup and forwarding decision)
* cpu is used for generic purpose and runs processes for each mechanism like bgp, sessmgr, ospf

DPC Card:
=======

Each DPC card has 4 cpu's where the processes will be running along with switch fabric card(SF card)

MIO card:
=======

              ------------------------
5/1-5     |     NPU1                 |
              |                               |
              |                               |
5/6-10   |    NPU 2     CPU1  |
              |                                |
              |                                |
5/11-15  |    NPU3      CPU2  |
              |                                |
              |                                |
5/16-20  |  NPU4                   |
              |                               |
              ------SFCARD-------


Each MIO card has 4 npu's and 2 cpu's, SFcard(Switch Fabric)

a) Whenever BGP comes up a flow is installed on npu and for each flow an action is specified in the form of BIA.

BIA is added to each packet by npu and forwarded to sf card of that MIO.

BIA contains  | Slot | Module | Port |
     Slot : Demux card number
     Module : which cpu of the card
     Port :  which socket

b) When SF card receives the packet it looks at the Destination BIA and decides which card it has to forward to.

c) SF card if DPC card receives the packet and forwards it to relevant CPU.

d) Kernel in the cpu will forward it to ip stack and get it processed.
    Kernel will take care of device drivers and the processes.


                                                        DPC CPU Hierarchy
                                                        ------------------------

                                                          Application
                                                          ---------------
                                                          Socket Layer
                                                          ----------------
                                                              Kernel
                                                          --------------
                                                           HW Device





 Packet Flow from ingress to Egress:
=========================

Ingress Context | Egress Context
  (ctx id -2 )              (ctx id -3)

a) Packet receives on NPU of demux DPC (corresponding Ingress context)
b) Sessmgr of demux DPC card forwards it to corresponding DPC card(decided based on which subscriber is allotted to which DPC card)
c) Sessmgr of receiving DPC decides which context-id it has to forward it to.
d) NPU of the DPC will look into corresponding routing table and will take a forwarding decision.

All NPU's of all the DPC cards will have exact same database, which contains ingress flows, routing tables of all the context's.

Demux card decides which session manager of which DPC card should handle which subscriber.

Fragmentation and Reassembly happens at Incoming NPU.

Buffering happens at receiving NPU.

Flow control is taken care by flow drivers of MIO card.

NPU is responsible for both "ingress flow lookup"and "egress forwarding"







Posted by at No comments:

Tuesday, 29 March 2016

Global Edge -MicroSemi Interview

ethernet header
vlan header

there is an entry with mac address - vlan and if you receive a frame with same mac address and different vlan what will the switch do?

what will switch do if it receives a untagged frame on trunk port?
what will switch do if it receives a untagged frame on access port?


rstp convergence 

tcl - removing an element from the list
converting array to list in tcl
Posted by at No comments:

Wednesday, 16 March 2016

Interview Qns

Why ospf area is needed?
Why backbone area?
packet captures?
why sequence number in TCP?
BGP messages?

Posted by at No comments:

Sunday, 7 February 2016

DIAG

HSRP:
====

Cause: CE1
Resolution: increase CE1's hsrp priority
Wireshark: Select the first HSRP negotiation packet

CE1 is HSRP Standby with nd-preference High
CE2 is HRSP Active with nd-preference Low


MCAST:
======

#1 root-cause of the issue?
 "no route to reach RP from R3"

 #2 what is the info needed from L1 engineeer to confirm the root-cause?
 "why is '10.1.4.1' not found in RIB table in R3"

 #3 quick Fix
 "ip route 10.1.4.1 255.255.255.255 10.0.0.17"


Port-Security:
=============

Part - 1.1 : Which switch has the problem?
Answer : Select device SW3
Part - 1.2 : Which command to use for identifying the problem?
Answer : Show ip int brief

Part 2.1 : Which Device has the problem?
Answers : Select device Host-1
Part 2.2 : Which command to use for identifying the problem?
Answers : MAC address of interface Ex/x

VTP:
====

Part - 1.1 : Which switch has the problem?
Answer : Select device SW3
Part - 1.2 : Which command to use for identifying the problem?
Answer : Show vtp status

Part 2.1 : Which Device has the problem?
Answers : Select device Sw3
Part 2.2 : Which command to use for identifying the problem?
Answers : Show vtp password(ask for vtp password)

DMVPN-1:
=======
*In Logs you can see " Midchain parent maintenance for IP Midchain out of Tunnel0, addr X.X.X.X - looped chain attempting to stack" (X.X.X.X address is R15's NBMA address)

Part 3.1 : Which Device we will select?
R15

Part 3.2 : Which command to use for identifying the problem?
Device: Redistribute connected
Command Line: exclude (e0/0) nbma from eigrp

DMVPN-2:
=======

On Site A, the R16 interface E1/0 is configured with /29 network. It should be configured with /30 mask

Part 3.1 : Which Device has the problem?
Select Device: R16

Part 3.2 : Which command to use for identifying the problem & What is the resolution?
Device: Show ip int brief
Command Line: Increase the subnet mask length to /30

URPF:
====

When a packet is received at the interface where Unicast RPF and ACLs have been configured, the following actions occur:

Step 1 Input ACLs configured on the inbound interface are checked.

Step 2 Unicast RPF checks to see if the packet has arrived on the best return path to the source, which it does by doing a reverse lookup in the FIB table.

Step 3 CEF table (FIB) lookup is carried out for packet forwarding.

Step 4 Output ACLs are checked on the outbound interface.

Step 5 The packet is forwarded.
Posted by at No comments:

Friday, 5 February 2016

Config Sectipon 5

R17:
===


R17#show running-config | sec flow
 ip flow ingress
ip flow-export version 9
ip flow-top-talkers
 top 10
 sort-by bytes
 cache-timeout 10
 match source address 123.20.1.9 255.255.255.255
 match output-interface Tunnel0
 match protocol 1

R17#
*Jan  6 18:26:23.476: %SYS-5-CONFIG_I: Configured from console by console
R17#sh ip flow top-talkers

SrcIf         SrcIPaddress    DstIf         DstIPaddress    Pr SrcP DstP Bytes
Et0/2         123.20.1.9      Tu0           123.19.19.19    01 0000 0800   500
1 of 10 top talkers shown. 1 of 6 flows matched.


NTP:
===
[06/01/16 7:53:55 pm] Con: show ntp status -> you will see
Clock is synchronized, stratum 4
[06/01/16 7:54:25 pm] Con: client's stratum = (Server's stratum) + 1
Posted by at No comments:
Subscribe to: Posts (Atom)