BGP OSPF Questions: Difference between revisions

← Older edit

BGP OSPF Questions (view source)

Revision as of 21:11, 4 November 2022

18,459 bytes removed , 1 year ago

m

→‎load balacing mehtods

Amanjosan2008

Bureaucrats, Administrators

4,400

edits

Revision as of 15:28, 29 June 2021 (view source) Amanjosan2008 (talk \| contribs) (→‎OSPF) ← Older edit		Latest revision as of 21:11, 4 November 2022 (view source) Amanjosan2008 (talk \| contribs) m (→‎load balacing mehtods)
(5 intermediate revisions by the same user not shown)
Line 20: Medium branch - up to 100 users .for medium/large we should have mutlilayer architecture to provide high availiblity and resilency, Large branch - up to 200 users or more ~~= Queing - FIFO,PQ,WFO,CBWFQ =~~ * PQ - High priorty queue is always serviced first irrrespective traffic coming fron other queue. * WFQ - Flow based ,each flow consist of source port ,destination port ,source and destination WFO always give prefernce smaller flows and lower packet size * CBWFQ - Each traffic is classifed and placed in class ,each class is allcated some amount of bandwidth ,queues are always serviced on basis amount of allocated bandwidth to queue . * Random Early Detection (RED) is a congestion avoidance mechanism that takes advantage of the congestion control mechanism of TCP. By randomly dropping packets prior to periods of high congestion, RED tells the packet source to decrease its transmission rate. WRED drops packets selectively based on IP precedence. Edge routers assign IP precedences to packets as they enter the network. (WRED is useful on any output interface where you expect to have congestion. However, WRED is usually used in the core routers of a network, rather than at the edge.) WRED uses these precedences to determine how it treats different types of traffic. * When a packet arrives, the following events occur: ~~1. The average queue size is calculated.~~ ~~2. If the average is less than the minimum queue threshold, the arriving packet is queued.~~ 3. If the average is between the minimum queue threshold for that type of traffic and the maximum threshold for the interface, the packet is either dropped or queued, depending on the packet drop probability for that type of traffic. ~~4. If the average queue size is greater than the maximum threshold, the packet is dropped.~~ = IPSEC = Line 107 ⟶ 93: Data packets for protocols that require Layer 7 inspection can also go through the fast path. ~~= EIGRP =~~ EIGRP runs on ip protocol 88, ospf 89 * Eigrp is hybrid protocol and has some properties of distance vector and some link state. * Distance vector - Only knows what its directly connected neibors are advertizing and link state because it form adjancies . * Inorder to form adjancency EIGRP AS no should be same between neihbours. * EIGRP Multicast adress - 224.0.0.10 * EIGRP is like bgp will only advertize the route which is going to install in routing table. * EIGRP classes protocol does automatic summary by default, so we need to disable the automatic summarisation (no auto summary) * EIGRP does spilt horizon, in case of DMVPN we need to disable the split horizon so that routes learned on tunnel interface through one spoke need to advertize to other spoke through same tunnel interface. * Passive interface command works silghtly different in EIGRP, it stops sending multicast/unicast hello to nei thus prevent forming adjancies. * Issuing a neighbour statment in eigrp on a link means it stops listen to mutlicast address so we need to specify the neighbour mannuly to other side to form adjancies. * Timers in EIGRP is not nessescary to match to form adjancey. * EIGRP - Metric calculation by bandwidth, delay, relibilty, load MTU. * Bandwidth is scaled as minimum bandwidth and total delay, highest load, lowest reliablilty while calculating composite metric. * Feasible distance is best metric along the path and its successor metric . * EIGRP - FD-is best metric along the path to desination router including metric to reach the neibor * Advertised distance -total metric along the path advertized by up stream router. * A router is feasible successor if AD<FD of successor * FD is used for loop avoidance. spilt horizonrule -never advertized the route on the interface on which it is learned. * Feasible succesors are only candidates for unequal path load balancing. * Load balancing is done in EIGRP though unequal cost paths through variance multiplier. * EIGRP is only routing protocol that supports load balancing across unequal path unlike like rip, ospf, Isis. * FD <= FSx variance (FD) then the path is choosen for unequal cost load balancing. * EIGRP traffic eng. could be easily achieved by modify the delay value instead of bandwidth. * EIGRP command ~~sh ip eigrp nei~~ ~~sh ip eigrp nei de~~ ~~sh ip eigrp topology~~ ~~sh ip eigrp route~~ * Equal cost load balancing the traffic is distributed based on CEF. To turn off cef on interface do (no ip route-cache) * SIA -Stuck in active, If router receive a queries for destination network it taking too much time to respond be because of network flap or some network condition occur route is considered in SIA state. * We can tune the amount of time router should wait before putting route in SIA state by timers acive-time command * To check which routers have not replied with queries issue sh ip eigrp topolgy, router denoted by R meaning waiting for replies. * EIGRP perpforms auto summarization for a n/w when crossing a major n/w boundary * Split horizon should only be disabled on a hub site in a hub-and-spoke network: ~~no ip split-horizon eigrp x~~ * EIGRP router id helps in loop prevention for external routes which says if I gets the routes with orignator that is equal to my router id then I will discard the routes. * EIGRP provides faster convergnece as it doesnot need to run dual algo in case if there is feasible successor for the path, else if router do not have route it will send the query to its neibour router which will further progates the query to there neibours if the router does not recive the reply from the neibour before the timer expires it will mark this route in Stuck in active state and reset its neibour relationship if all its query are not answered with time time period. * While in OSPF if the primary path goes down, it need to send the LSA and SPF algo is run again. * dcesor in mind. * There is ways to bound the query domain You can do in either of 2 ways or both ~~1) Using Summary routes -ip summary-address eigrp 'as' [network] [mask] [ad]~~ If RouterA sends a query message to RouterB and summarization is in use, RouterB will only have a summary router in its EIGRP topology table not the exact prefix match of the query and will therefore send a network unknown response back to routerA. This stops the query process immediately at RouterB, only one hop away. ~~2) Using Stub -~~ ~~router eigrp 1~~ ~~eigrp stub 'arguments'~~ ~~The default arguments are connected and summary this means it will advertised connected and summary routes only.~~ ~~A router will inform it neighbor of it stub status during the neighbor adjacency forming~~ Stub routers tell their neighbors - do not send me any queries. Since no queries will be sent, it is extremely effective. However, it is limited in where you can use it. It is only used in non-transit paths and star topologies. ~~3. filtering the prefix~~ please note Eigrp neighbor router will propagate query received from neighbor router only if it has the extact match for the route ints topology table, if router doesnot have exact route in toplogy table it will send the reply with route unknow to its neighbor and further query will not be propagated . ~~4.Different AS domains~~ Different EIGRP AS numbers. EIGRP processes run independently from each other, and queries from one system don\92t leak into another. However, if redistribution is configured between two processes a behavior similar to query leaking is observed. * Both IGRP and EIGRP use an Autonomous System (AS) number and only routers using the same AS number can exchange routing information using that protocol. When routing information is propagated between IGRP and EIGRP, redistribution has to be manually configured because IGRP and EIGRP use different AS numbers. However, redistribution occurs automatically when both IGRP and EIGRP use the same AS number = MPLS = Line 930 ⟶ 851: switch(config-vsan-db)# vsan <number> interface vfc <number> switch(config-vsan-db)# exit ~~= F5 Trainging =~~ ~~LTM How BIG IP process Traffic~~ ~~Node -represent the Ip address~~ ~~Pool member -combination of Ip address and port number ,in other words pool member is application server on which F5 will redirect the traffic~~ ~~Pool-combitnation of pool memeber.~~ ~~Virtual server -combination of virtual IP and port ,is also know as listner and we associate virtual server to pool members.~~ ~~= load balacing mehtods =~~ ~~static -Round robin ,ratio~~ ~~Dyanamic -LFOPD (least connection ,fastest ,observed,predective,dyanmic ratio )~~ ~~Least connection -load balacing is based on no of connection counts ,if the connection counts are equal it will use round robin~~ ~~Fastest -No of layer 7 request pending on each member.~~ ~~Observed -ration load balacing method but ratio assigned by BIG IP,No off least connections counts BIG IP assign the request and check dyanamically and assign the ratio's of the request.~~ ~~Predective -similar to oberved but assigns the ratio agressivley based on average connection counts .~~ ~~load balacing by poolmember or node .~~ ~~Priorty activation -helps to configure back sets for exsiting pool members .BIG Ip will use high priorty pool member first .~~ ~~Fallback host is only used for HTTP request ,if all the pool memebers are not availiable BIG will redirect the cilent request~~ ~~--------------------------------------------------------------------------------------~~ ~~Monitors :check the status of nodes and pool memembers ,if any pool meember resposnse time is not good or is not responding big ip will not send the request to that node.~~ ~~monitor type :~~ ~~adress check -BIG IP send ICMP request and wait for reply if there is no reply it considers nei down does not send the trafic further to that node.~~ ~~service check -will check TCP port number on which server is lisenting ,if no responce it considers down ----~~ ~~contect check -we can check if the server is resondping with right contest ,like for http requset get/http .... request is send .~~ ~~interactive check -TEST for FTP connection .once connection is open username and password is send then request is send get /file once file is recieved connection is closed .~~ ~~F5 recommends time out = 3n+1 (frquency) for setting the monitor for http~~ ~~Customization of monitor~~ ~~Assign nodes to monitor~~ ~~-------------------------------~~ ~~Profiles -defining traffic behaviour for virtual server.~~ ~~Profiles contains setting how to process traffic though virtual servers.if for certain application BIG IP load balace the traffic then it will break the client connection~~ ~~to avoid this we use perstiance profile so that return request for the cilent is send to same server.~~ persisteance profile - isconfigured for clients and group of cilents how BIG IP knows the returning client request need to send to same server ,persistance profile is confiured taking source ip address of http cookie ~~SSL termination -~~ ~~FTP profile~~ ~~All virtual servers have layer four profile includes tCP,UDP,fastl4~~ ~~Profile types -service profile ,persistance profile ,protocol profile ,ssl profile ,authentication profile ,other profiles.~~ ~~persistence types-~~ ~~----------------------------------------------------------------~~ ~~source address persistance :keeps the track of source ip address ,adminstrator can set the net mask in persitance record so that all lients in same mask will assigned to same pool member.~~ ~~Limitation -if the client address being NAted .~~ ~~Cookie persistance -only uses http protocol~~ ~~Three modes : (insert ,rewrite ,passive ) mode.~~ ~~Insert mode -BIG ip create special cookie in HTTP resonse to client .~~ ~~rewrite -pool member created blanl cookie and big ip inserts special cookie~~ ~~passive -pool memeber created special cookie and BIG IP let it pass through~~ ~~-------------------------------------------------------------------------------~~ ~~SSL Profile~~ ~~SSL is secured socket layer .~~ ~~website which uses HTTPS we need to us SSL profile as traffic is being Nated for source clients and web app is using https protocol.~~ ~~Using SSL termination BIG can decrypt the traffic and assigned to pool member.~~ ~~BIG IP contains SSL encryption hardware so all the encruption and key exchange are done in hardware .centralized certifiacte management.~~ ~~----------------------------------------------------------------------------------------~~ ~~I rule :~~ ~~is a script that direct traffic though BIG IP , based on TCl command language .I rule give controll of inbound and outbound traffic from BIg IP.~~ ~~I rule contains follwing events ( I rule name ,events ,condtion ,action )~~ ~~= Multicasting =~~ ~~Ranges~~ ~~224.0.0.0/4 - 224.0.0.0 -239.255.255.255~~ ~~Link local address - 224.0.0.0/24~~ ~~Source specifc multicast -232.0.0.0/24~~ ~~Administrativley scoped -239.0.0.0/8~~ ~~Multicast control plane work differntly than unicast routing ,it needs to know who is sender of mutlicast and to which group ,also the reciever of multicast.~~ ~~Multicast Data plane -do RPF check ( was traffic received on correct interface and bulid multicast routing table ).~~ ~~Multicast is source based routing .~~ ~~IGMP -Host on LAN singanl the router to join the mutlicast group .~~ ~~Two kind of request - (,G)-Any source who is genrating the mutlicast stream for that group -Supported by IGMP V1 and V2~~ ~~(S,G)-want to join particular source sending the mutlicast group .-IGMP version 3 support both (s,g and (,G)~~ ~~IGMP get enabled when the IP PIM [ Dense mode,sparse mode,SParse-DENSE-mode) is enabled .~~ ~~BY default IGMP version 2 is enabled .~~ ~~IP IGMP join group address can be used for testing on routers to see weather muticast traffic is recieved on router for particular group.~~ ~~ip igmp static group command can be used to mannually put the request for particular mutlicast group insteaed of reling on IGMP queriy messsage for particular group.~~ ~~PIM- used to siganl routers to bulid muticast tree ,tree could be sender to receiver or sender to rendevpoint--- receiver.~~ ~~PIM version 1 or 2 ,By default its PIM version 2 , RP information is already encoded in PIM packet in version 2. PIM version 2 has field for BSR.~~ ~~DENSE mode - Implicit join ,mutilcast traffic is send across entire network unless if some one report for not joing the particular stream.Flood and prune behiviour.~~ ~~Nighbor discovery on multiicast address 224.0.0.13 same for sparse mode as well .~~ ~~Note if we have (,G) entery then we know about reciver and if we have (S,G) entry then we know about sender as well .~~ ~~Two ways to genrate mutlicast traffic either through pinging mutlicast address or through IP SLA.~~ IN PIM dense -through RPF nei information is used to send unicast packet back to source ,message could pim prune or graft message .when the multicast source flood the traffic for particular multicast groups each multicast enable router will install (S,G entry) and (,G) entries even if they are not intersted . So in dense every router needle to install (,G ) and (S,G) entry as we canot have (S,G) untill we have (,G) entries.so if the source is active every router need to maintain the state table for mutlicasting . ~~Graft message for (S,G) entry is to unprune the mutlicast traffic as earlier it was set to prune .~~ ~~State refresh to keep the link prune as its original state .~~ SParse mode -uses explict join unless it is asked by someone to join mutlicast traffic uses RP as reference point.In case we are using source specific mutlicast we don't need RP.for Group specfic joins we need RP.Traffic is not send anywhere unless it is requested .Sparse mode uses both source based trees and shortest path trees RP needs to know the recievers and senders . DR on lan segment send (S,G) register mess age to and RP in turns reply regiester stop process and recievers on lan sengment send IGMP join and which will be converted to pim join(,G) message to RP to form RPT tree.So pim join will traverse from receiver till RP every device will have (,G) entry and from source till RP every device will have (S,G) entry.once RP knows about sender and reciver it will send (S,G) join request back to source and source would start sending the mutlicast traffic to RP then to receiver.then its up to the last hop reouter on reciever side for the optimation process weather it want to join directly to source using SPT bypassing RP. Note -When we do debug only process switchd traffic is debug if we want to debug the data plane traffic then we need to disable cef (no ip route cache),if we change the unicast routing it will also change the mutlicasting routing,To change the unicast routing we can also use Ip mroute command . ~~Source based tree- tree is bulid based on shortest path from reciver till sender.~~ ~~shared tree -tree from sender to RP and then RP till receiver.~~ ~~To check RP configured on each transient router -sh ip pim rp mapping~~ ~~RP can be assigned staticaly (ip pim rp address ) or dynamically ( auto RP and BSR)~~ ~~Auto RP -uses two data plane mutlicast address (224.0.1.39) advertised by routers willing to become RP to mapping agents ,~~ ~~224.0.1.40- chooses the RP and advertised to rest of routers for RP information.~~ ~~To stay on shared tree rather than SPT ( ip pm spt-threshold infinity)~~ ~~SParse-dense-mode -ANY group for which we have RP assigned used sparse mode for other uses dense mode.~~ RPF check is used for loop free path in mutlicast data plane ,AS per RPF check if the mutlicast packet is received on incoming interface router will check the unicast routing for source and that matches the incoming interface RPF check Passes else fail . Once the mutlicast routing table is populated router always prefer (S,G) over (*,G) and in muticast routing table we have incoming interfaces and OIL for outgoing intefrcae list if the RPF check passes mutilcast traffic is send across all interfaces in OIL. ~~On multicast router -sh ip igmp group -- shows which multicast group is active on ethernet and which receiver has joined the group~~ ~~To determine which router is IGMP querier router - sh ip igmp interface EO~~ ~~We can manauly tune the query interval and query max response time -~~ ~~query interval - ip igmp query interval 120 (default 60 sec)~~ ~~respose time - ip igmp query-max-response-time 20 (default 10 sec)~~ ~~IOS command to support which version of IGMP is - Ip igmp version 1/2~~ ~~Test commands for IGMP~~ ~~ip igmp join group~~ ~~ip igmp static group~~ ~~for sparse mode we need to assgn RP - ip pim rp address x.x.x.x~~ ~~inorder to check if there are any rp mapping - sh ip pim rp mappings~~ ~~Inoder to check for mutlicating packet conuters- sh ip mroute counters~~ ~~In sparse mode there is SPT switch over shorted path tree~~ ~~for the SPT threshold we can set the threshold on DR muticast router that is receiving the IGMP join request in gloabl config mode ip pim spt threshold (vlaue)- Value is volume of multicast feed~~ ~~if the Rpf check is failing we can still have interface to forward multicase by static mrouter ( ip mroute server mask next hop address )~~ = Security =