Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
IP Header Options;
The outgoing interface is not on supported media;
Cache Adjacency Correct outbound interface and correct MAC for FIB entry the
MAC is either the next hop, or the end host if on the same subnet;
Receive Adjacency Packets destined for the router (including broadcasts and
multicasts);
Null Adjacency Packets to be sent to Null0 and dropped;
Punt Adjacency Packets which cannot be CEF switched and must be punted to
a higher process;
Glean Adjacency Like a cache, but before the ARP the router knows the next
hop or knows it is not directly connected, but does not have a MAC address. Glean
Adjacencies will trigger an ARP.
Discard Adjacency No layer 2 mapping exists so the packet is dropped. No ICMP
Unreachable response is sent.
Drop Adjacency No layer 2 mapping exists so the packet is dropped. ICMP
Unreachable IS sent.
The Load Share Table contains 16 hash buckets which point to the paths. For equal cost paths, the
buckets are split evenly (for 2 paths, 8 buckets each; for 3 paths, 5 buckets each + 1 disabled bucket).
For unequal cost each path gets a different number of buckets according to the load sharing ratio.
Types
Per-destination (or per-session) Original Mode creates a 4 bit hash of source and
destination IP which controls bucket assignment. Universal (default) mode adds an ID
hash to this which is local to the router this randomises the bucket assignments
between routers across the path. Tunnel mode is for use in environments where
tunnels are used which means there are very few source/destination pairs.
Per-packet Round robin each packet through the buckets. Not recommended as
it causes out of sync data, which means more overhead for TCP and data loss for UDP.
ip load-sharing per-packet
Per-port Adds the layer 4 source and/or destination ports in the 4 bit hashing
function to create more even distribution.
Use different load balancing algorithms across different routers in the network so
that each router makes an independent decision.
Alternate between an even and off number of links between each network layer
if every layer is linked by two paths then distribution could be polarised if the
number of paths differs then the CEF bucket allocation will change.
Use the universal algorithm This adds a unique local ID into the hash algorithm
meaning each router will make an independent decision.
The primary impact of this is that all hosts connected in that VLAN receive the traffic. Suppose two
10gig servers are communicating, and asymmetric routing is taking place; If there is a 100mbps host
on the same switch, it is going to receive ALL traffic from the server, effectively saturating the link.
STP TCNs (topology change notifications) causes forwarding tables to age out quicker than their
normal timers. If there is a flapping link causing STP reconvergence, this can cause excessive unicast
flooding. Configuring port-fast on all edge interfaces limits TCNs.
CAM Overflow is another cause. It is unlikely to naturally occur in modern switches, as there is
usually sufficient memory to facilitate the needs of most networks. However, CAM overflow attacks
can be caused maliciously. When the MAC address table grows so large that it exceeds the size of the
Content Addressable Memory, then no new MAC addresses can be learned, which causes unicast
flooding. This can be protected against using port-security.
Selected ports can be blocked from unicast flooding using switchport block unicast. This may be
desirable in highly secured networks and where PVLANs are used.
Asymmetric routing is when the return traffic takes a different path through the network than the
forward path. This can cause issues with NAT and firewalls among other things. If one link is highly
saturated, or higher delay (one Ethernet, one sat link for example), then asymmetric routing can cause
major problems with delay and jitter. It also causes unicast flooding, as described above.
Code
Value Message Subtype
Description
The datagram could not be delivered
to the network specified in the network ID
portion of the IP address. Usually means a
problem with routing but could also be
Network Unreachable
Host Unreachable
Protocol Unreachable
Port Unreachable
Set
address.
Communication with
Destination Network is
Administratively Prohibited
is located.
Communication with
Destination Host is
Administratively Prohibited
10
11
Service
12
13
Communication
Administratively Prohibited
on its contents.
Sent by a first-hop router (the first router to
handle a sent datagram) when
the Precedence value in the Type Of
14
15
ICMP Redirect
Used to notify a host that a better next hop is available for exit from that network. If two
routers are on a network sharing routing information, and one is connected to an external
network, it makes little sense for a host to have two hops to exit the network, so the
router will send an ICMP redirect back to the host to tell it to use the other router.
Cisco routers send ICMP redirects when all of these conditions are met:
The interface on which the packet comes into the router is the same interface on
which the packet gets routed out.
The subnet or network of the source IP address is on the same subnet or network
of the next-hop IP address of the routed packet.
The kernel is configured to send redirects. (By default, Cisco routers send ICMP
redirects. The interface subcommand no ip redirects can be used to disable ICMP
redirects.)
Record Route Each router on the route records its address in the header. The
destination then returns this information to the originator. It is limited to 9 hops,
because that is all the header can hold.
Source Route The sender specifies the route through the network. Uses the
same format as record route, only the sender pre-populates the IPs in the header.
Can be Strict the path has to be exactly as specified, hop by hop, or Loose Allows
multiple hops between addresses in the list.
Timestamp Same as record route, but each router also adds a timestamp.
Hop-by-Hop EH is used for the support of Jumbo-grams or, with the Router Alert
option, it is an integral part in the operation of MLD. Router Alert [3] is an integral
part in the operations of IPv6 Multicast through Multicast Listener Discovery (MLD)
and RSVP for IPv6.
Encapsulating Security Payload EH is similar in format and use to the IPv4 ESP
header defined in RFC2406 [5]. All information following the Encapsulating Security
Header (ESH) is encrypted and for that reason, it is inaccessible to intermediary
network devices. The ESH can be followed by an additional Destination Options EH
and the upper layer datagram.
IPv4
When a router receives a packet, and the MTU of the output interface is smaller than the
size of the packet, the router will fragment the packet if the DF bit is not set. The MF
(more fragments) bit is set on all packets except the last one, and the fragment offset
field is set to facilitate reassembly. If the DF bit is set and the packet requires
fragmentation, and ICMP destination unreachable (fragmentation required but DF set) is
sent back to the originator and the packet is dropped. Reassembly is performed by the
end receiver.
IPv6
IPv6 routers do not perform fragmentation. Any packets which are too large for the MTU
of the outgoing interface are dropped, and a ICMPv6 type 2 (Packet too big) message is
sent to the originator. All headers up to and including the routing EH are included in
every packet. The offset and more fragments bits are used the same way as IPv4. All
fragments must be received by the receiver within 60 seconds.
Optimum MTU depends on the network traffic; a large MTU causes a longer serialization
delay which may be unacceptable for voice traffic. However, a smaller MTU can be less
efficient when large volumes of data are being moved.
TCP I thought Id glance over this section. Turns out there was some stuff Id never heard of, such as
the bandwidth delay product.
During congestion, TCP senders will reduce their window sizes, backing off the amount of bandwidth
they are using. All TCP streams will behave the same way, so eventually they will become
synchronised, increasing to cause congestion and backing off at roughly the same rates. This causes
the familiar saw tooth bandwidth utilisation graphs. RED and WRED can help alleviate this.
Maximum Segment Size only used in the SYN and SYN/ACK phases to
negotiate the MSS for the session.
Window Scaling an addition to the window size flag in the header to facilitate
larger than 64kb windows.
Selective Acknowledgements SACKs can acknowledge specific parts of the
stream, so that only specific bytes are retransmitted in the event of errors. Traditional
ACKs acknowledge only the latest packet received, so if packets are received out of
order and an earlier bit was missing, a SACK can request only that bit.
Timestamps Used so that TCP can measure delay. The original reference
timestamp is negotiated during the SYN and SYN/ACK phase.
Nop No Option. Used to separate the different options.
This topic made me think about the starvation stuff. I suppose it is pretty obvious that UDP wouldnt
back off if WRED was employed, but its something I never really thought about.
I found a few good videos on YouTube which gave some good RTP/RTCP overviews.
Real-time Transport Control Protocol. Provides feedback on the quality of the RTP stream. QoS,
packet counts, Jitter, RTT, etc.
As the blueprint goes, this is, in my opinion, the most vague topic to write about. It is dependent on the
understanding of the topics, and how the changes will impact the existing network. I have skimmed
through this really, with the intention of covering the topics in their actual topic sections. I am pretty
used to evaluating impact I seem to spend my entire life writing change orders and determining
disruptiveness.
Traceroute
Field
Description
Prompts for a supported protocol. Enter appletalk, clns, ip, novell,
Protocol [ip]:
Target IP addres
Source address:
Numeric display
[n]:
Timeout in
seconds [3]:
Port Number
[33434]:
default is 33434.
IP header options. You can specify any combination.
Loose, Strict,
Record,
Timestamp,
Verbose[none]:
Set a buffer: monitor capture buffer MYCAPTURE size 256 max-size 100. Size is
the size of the buffer, and max-size is the maximum size per element. Access-lists,
packet limits etc can be included in this command.
2.
Set a capture point: monitor capture point ip cef MYPOINT fa0/1 both.
3.
Associate the capture point and buffer: monitor capture point associate
MYPOINT MYCAPTURE
4.
Start the capture: monitor capture point start MYPOINT
Read the information in the support ticket very carefully, and take into consideration all of the
symptoms. Take particular note of anything that may have changed around the time the symptoms
start. This should give you a vague area to begin L2, L3, specific routing protocol, etc. Verify that the
fault is as described. Either start hop by hop, or use split half, to try and isolate the problem.