Meh! Nothing to CCIE here...
Comments
-
down77 Member Posts: 1,009Good luck on the DCNID!
CCIE is still secretly calling
Done with the partner requirements for now. I had to finish the Architecture Systems Engineer requirements (4 exams) for the Data Center Architecture Specialization. Two classes, lots of time in PEC, and 4 exams later I am done! Taking the rest of the day off and then back to the INE books/videos tomorrow. I'm actually going to go back through sections 2.1 - 4.11 and review since I took a month off. Focus on rock solid core foundation review and move on to Vol2/3 labs.
In the meantime, DCSNS/DCNID/DCUCD/ and the sales exam are done!CCIE Sec: Starting Nov 11 -
down77 Member Posts: 1,009So I have to take two more partner exams (one down, one to go). I told work to send me to a class for the last one because while I could keep using the PEC material, its taking me away from my CCIE studies. Unfortunately for the last exam, there is no class... just 10 more hours of partner education connection videos. Not in a hurry to finish this!
Updated CCIE R&S Study plan:
I'm going back through Advanced Technology videos 3-90 and going to start updating my notes, as well as refresh on topics that I know I am weaker on. While I know many will say keep pushing through, the idea is to be as strong on CORE topics as possible and I have no problem pushing back the test date if I don't feel ready. With that said, I still have 8mos until my proposed first attempt.
Finishing videos 3-5 tonight, and through #10 tomorrow. Then back over 1.0 and 2.0 vol 1 labs and maybe vol 2 lab 1CCIE Sec: Starting Nov 11 -
down77 Member Posts: 1,009Just so everyone doesn't think I've been neglecting the CCIE studies... I've just been neglecting the posting! As I stated above I'm going back through the videos and taking notes as well as going through the labs to reinforce many of the topics... here is a cut/paste from one section of the notes I've taken:
1.0 Core Ethernet Switching
1.1.1 Access/Trunking
switchport mode access (sets access, disables DTP)
switchport access vlan <vlan>
show interface <interface> switchport
switchport mode dynamic desirable (initiates trunking)
switchport mode dynamic auto (listens for trunk negotiation)
switchport nonegotiate (disable DTP)
switchport mode trunk
switchport trunk encapsulation dot1q/isl
vlan dot1q tag native (tag native vlan)
1.1.2 VTP
vtp mode <mode> (client, server, transparent)
vtp domain <name> (case sensitive)
vtp version <version>
vtp password <password>
show vtp status
vtp pruning
switchport trunk pruning vlan <add/except/none/remove/word> (prune eligible list)
show interface trunk (shows vlans allowed on trunk)
show interface pruning (shows which interfaces are pruning and vlans allowed)
1.1.3 Vlans
vlan <number>
name <name>
show vlan <brief/number>
1.1.4 Router on a Stick/Switched Virtual Interfaces (SVI)
interface vlan <1-4094> (vlan must exist in database)
switchport autostate exclude (exclude a port from SVI up or down calculation)
interface <interface>/<sub-interface> (example int fa0/1.10)
encapsulation dot1q <vlan> <native> (native vlan must match)
1.1.5 Etherchannel
channel-group <number> mode <active/auto/desirable/on/passive>
-Active/Passive is LACP
-Dynamic/Auto is PaGP
-On is for No Negotiation
channel-protocol <type>
show etherchannel <number or sub command>
port-channel load-balance <type> (sets load balancing)
-Source mac address
-Destination mac address
-Source IP address
-Destination IP Address
-Combination
Layer 3 Port Channel
-watch order of operations!!!
-configure no switchport on member interfaces first
-join member interfaces to port-channel
-if needed, configure no switchport on port-channel and rejoin member interfaces
1.1.6 802.1q Tunneling (Transparent L2 VPN)
Configuration
switchport mode dot1q-tunnel (does NOT support dynamic negotiation)
switchport access vlan <vlan>
-disabled cdp by default (no cdp enable)
-may require larger MTU (system mtu <mtu>)
-drops cdp, vtp, stp, etc by default (fix is below)
l2protocol-tunnel <cdp/vtp/stp>
l2protocol-tunnel point-to-point <lacp/pagp/udld>
Verification
show dot1q-tunnel
show l2protocol-tunnel
show l2protocol-tunnel summary
1.2.0 Peripheral Ethernet Switching
1.2.1 Spanning Tree Protocol
1.2.1.1 Root Bridge Election (Lowest Bridge ID becomes Root)
-BID contains
Bridge Priority (0 - 61440 in increments of 4096)
System ID Extension (0-4095, aka VLAN ID)
MAC Address
Configuration
spanning-tree vlan <vlan> priority
spanning-tree vlan <vlan> root <primary/secondary>
Verification
show spanning-tree vlan <vlan>
show spanning-tree root
1.2.1.2 Root Port Election / Designated Port Election
-RP is upstream facing Root Bridge
-Elected based on lowest Root Path Cost (Cumulative)
-Cost based on inverse bandwidth
-If tie in cost, lowest upstream BID then lowest Port ID
Configuration
spanning-tree <vlan> cost (Interface, Modify port cost)
bandwidth <bps> (Interface)
spanning-tree vlan <vlan> priorty (Modify Bridge ID)
spanning-tree vlan <vlan> port-priorty (Modify Port ID)
Verification
show spanning-tree interface <interface> detail
show spanning-tree vlan <vlan> detail
1.2.2 Spanning Tree Timers
-Set by Root Bridge
-Hello (2sec), Max Age (20sec), Forward Delay (15sec)
Configuration
spanning-tree vlan <vlan> hello-time
spanning-tree vlan <vlan> forward-time
spanning-tree vlan <vlan> max-age
Verification
show spanning-tree vlan <vlan>
1.2.3 Advanced STP Features
-Portfast - Edge ports bypass listening/learning
-Uplinkfast - Direct root port failure re-converges immediateness if Alternate port is available
-Backbonefast - Indirect failures should start recalculating immediately
Configuration
spanning-tree portfast default (enable global process)
spanning-tree portfast (interface level)
spanning-tree portfast trunk (force portfast on trunk, ie. vmware)
spanning-tree uplinkfast (global process)
spanning-tree backbonefast (global process)
Verification
show spanning-tree
show spanning-tree <interface> portfast
I'm still going back to add information, clean up sections etc. Hopefully in the next month or so all the notes will be complete and I will start posting.CCIE Sec: Starting Nov 11 -
jamesp1983 Member Posts: 2,475 ■■■■□□□□□□Very organized. Keep up the good work."Check both the destination and return path when a route fails." "Switches create a network. Routers connect networks."
-
down77 Member Posts: 1,009Another quick weekend update... I was able to talk a coworker into studying for the R&S with me and got work to pay for his base materials. I'm about to add more tokens to the account to keep doing remote labs while traveling! Progress is going slow, but steady. Working through BGP regular expressions and will be starting on MPLS very soon. I know QoS will be coming up again in the next few weeks so I'm trying to mentally prepare for that.
I'm still going back through the videos and updating notes. This part takes a long time but its great for refreshing/validation.CCIE Sec: Starting Nov 11 -
down77 Member Posts: 1,009Almost forgot, picked up a new Seagate Momentus XT 750 hard drive (Hybrid Solid State) and will be rebuilding the laptop ASAP. Unfortunately this means a little down time for the GNS3 lab... thank gosh I have the iPad to keep up with videos/notes while working on the rebuild. Now to get a list of all the software I'll need... *sigh*CCIE Sec: Starting Nov 11
-
down77 Member Posts: 1,009Yes I am. I haven't been posting due to the travel schedule. I am 5mos out from my INE class and I'm pushing the exam date back until after the start of 2013. I have a little one on the way (August 2012) and I'll need a little extra study time. The CCIE is important, but family is the most important thing to me!
FWIW I'm on the BGP and MPLS sections right now. Also completed the RCSA (Riverbed) and taking the RCSP in the next few weeks.CCIE Sec: Starting Nov 11 -
down77 Member Posts: 1,009I will begin updating this thread very soon. The downside of working for a Networking Partner is the number of certifications you must maintain to stay in good standing with the various vendors. I had to take a digression from the R&S path to complete some of these requirements but I haven't stopped the progress.
Riverbed certification exam tomorrow morning followed by a 3hr remote lab session on Eigrp, OSPF, BGP, and their corresponding IPv6 counterparts. This will include some PBR, prefix-list creation, redistribution, and most importantly... authentication (very often overlooked).
More to come!CCIE Sec: Starting Nov 11 -
down77 Member Posts: 1,009August Update: My daughter was born a week ago which means I havent done much studying in the last 7 days. Spending a few hours tonight on more labs and getting back into it after a week hiatus. INE bootcamp has been confirmed for October and I am heavily looking forward to it!
Again, updates will be infrequent but still making progress. I may post some more "quick notes" shortly. Hope everyone else is pushing forward!CCIE Sec: Starting Nov 11 -
jamesp1983 Member Posts: 2,475 ■■■■□□□□□□Congratulations! How is being a dad?"Check both the destination and return path when a route fails." "Switches create a network. Routers connect networks."
-
PsychoFin Member Posts: 280Congratulations! It's a great feeling, isn't it? First kid?
I can imagine those partner requirements are killing, but at least they force you to stay on top of things - And you get access to the PEC unlike lowly select partners... -
down77 Member Posts: 1,009jamesp1983 wrote: »Congratulations! How is being a dad?
It's our second little one, so double the cuteness and infinite amounts of fun. Our oldest loves being a big helper!CCIE Sec: Starting Nov 11 -
down77 Member Posts: 1,009Congratulations! It's a great feeling, isn't it? First kid?
I can imagine those partner requirements are killing, but at least they force you to stay on top of things - And you get access to the PEC unlike lowly select partners...
Lots of requirements for sure and the PEC materials at times are "better than nothing." Most times I end up reading the online documentation rather than use the PEC material. The exclusive partner product updates can make things a a bit more fun. You always love finding out about technologies in advance of the annoucement!CCIE Sec: Starting Nov 11 -
down77 Member Posts: 1,009cyberguypr wrote: »Congrats man!
Thanks! Now if only I could catch up on some sleep...CCIE Sec: Starting Nov 11 -
down77 Member Posts: 1,009As promised some updated notes... I'm leaking them slowly on purpose! I'm also entertaining a position change but for now that is the only comment I'll make:
Here's to the notes!
2.0 Implement IPv4 Cisco IOS Software Releases 12.4 T Configuration Guides - Cisco Systems
2.1 The Routing Process
-Find the longest match
-Same Protocol: Choose lowest metric
-Different Protocols: Choose lowest Admin Distance
-Recurse to the outgoing interface
2.1.1 The "Switching" Process
-Moves Packets between interfaces
-Process, FAST, CEF
Configuration
ip cef
ip route-cache
Verification
show ip interface
show ip cef <address> <detail>
show ip cef exact-route <source> <destination>
2.1.2 Static Routing
Configuration
ip route <destination> <mask> <next hop/exit interface> <metric>
-Metric with higher admin distance can be used for floating static routes
Verification
show ip route
traceroute
2.1.3 IP Default Gateway / IP Default Network
-Default Gateway is Only When IP Routing is Off
-Default Network flags network as default for routing advertisements
Configuration
ip default-gateway <gateway>
ip default-network <network>
Vertification
show ip route
2.1.4 On Demand Routing
-Hub router advertises default route to stub spoke router via CDP, no other routing protocol allowed on stub
Configuration
cdp enable
<no> cdp run (enable/disable at the interface level)
router odr
Verification
show cdp interface
show cdp neighbors
show ip route
2.1.5 Backup Interface
-Configure on Primary interface to tell it which is the passive backup interface
Configuration
backup interface <interface>
Verification
show ip int brief
2.1.6 Enhanced Object Tracking - IP SLA
Configuration
ip sla <number> <action>
ip sla schedule <number> <start> <stop>
Track <number> <eem/ip sla #/object>
Verification
debug ip sla
debug track
show ip sla <number/statistics>
show track <number>
2.1.7 Policy Routing
-Normal Routing is destination based
-Policy routing can decide based on source, destination, protocol, incoming interface, etc.
-For Frame Relay, Remember L2 to L3 lookup... Make sure you have DLCI map if using set interface
Configuration
route-map <name> <permit/deny> <sequence #>
match <acl/interface/ip address/etc>
set <action>
ip policy route-map <route map> (apply to interface)
ip local policy route-map <map> (*Affects only locally originated traffic)
Verification
debug ip policy
show route-map
show ip policy
show interface
2.2 GRE Tunneling
-IP Protocol 47
-Used to transport payloads over IPv4 (6to4 tunneling for example)
-Tunnel destination must not recurse to the tunnel interface, recursive routing will take it down
-Bandwidth low and delay high by default. May impact EIGRP and OSPF calculations
Configuration
int tun <num> (create tunnel interface)
tunnel mode <mode> (define tunnel payload)
tunnel source <ip/interface> (define tunnel source)
tunnel destination <ip> (define tunnel destination)
ip address <address> (define type payload protocol)
ipv6 address <address> (define the payload protocol)
keepalive <time> <retries> (optional)
Verification
show interface <int>
2.3 RIP Routing
IP Routing: RIP Configuration Guide, Cisco IOS Release 12.4T* [Cisco IOS Software Releases 12.4 T] - Cisco Systems
-Two versions, 1 - classful (broadcast), 2-classless (multicast 224.0.0.9)
-Uses split horizon, count to infinity, and poison reverse
-UDP 520 for transport
-30sec update timer, 180sec holddown timer, 240sec flush timer
Configuration
Router Rip (enable process)
version <version>
network <address> <mask>
no auto-summary (disables classful summarization, process level)
timers basic <update> <invalid> <holddown> <flush>
neighbor <address> (unicast update to neighbor)
passive-interface <interface> (suppress normal updates)
ip rip v2-broadcast (enable v2 broadcast updates)
offset-list <acl#, 0 for all> <in/out> <metric offset> <interface> (modify metric, traffic engineering)
distance <distance> <subnet> <wildcard> <acl>
default-information originate <route-map>(redistribute default route)
no validate-update-source (allows updates from routers not on same subnet, Dial/PPP for example)
key chain <name>
key <num>
key-string <string> (*note: ntp critical for time based keys)
show key chain (verify key, password, timers)
ip rip receive version <version> (interface level)
ip rip send version <version> (interface level)
ip rip advertise <interval> (interface level, update RIP timer)
ip rip authentication mode <text/md5> (interface level)
ip rip authentication key-chain <name> (interface level)
ip rip triggered (interface level, RIP updates only sent if changes occur)
ip summary-address rip <address> <mask> (interface level, summarize address space)
no ip split-horizon (interface level, allow split-horizon on interface ex. NBMA/frame links)
Verification
debug ip rip
show ip protocols
show ip rip database
show ip route
2.4 EIGRP Routing
IP Routing: EIGRP Configuration Guide, Cisco IOS Release 12.4T* [Cisco IOS Software Releases 12.4 T] - Cisco Systems
-Hybrid IGP, uses DUAL
-Uses IP Protocol 88
-Multicast to 224.0.0.10 for adjacencies
-Unicast and multicast to synch topologies
-K values, must match!: Bandwidth (Inverse lowest), Delay (Cumulative, in microseconds), Load (Highest), Reliability (lowest)
-Metric = [k1*bw + (k2*bw)/(256-load) + k3*delay], if k5 !=0, metric=metric * [k5/(reliability + k4]
-K1=1, K2=0, K3=1, K4=1, K5=0 leaving effective values as Bandwidth and Delay
Configuration
router eigrp <as> (AS number must match to be adjacent)
eigrp router-id <address>
network <address> <wildcard>
neighbor <address> <interface> (disables mutlticast and uses unicast to neighbor, both sides must agree)
passive-interface <interface/default> (stops unicast and multicast hellos)
metric weights <k values>
variance <variance> (allow unequal load balancing/distribution, # x Feasible Distance)
no auto-summary
eigrp stub <connected/summary/etc>
key chain <name>
key <num>
send-lifetime <time to start> <duration/time to stop>
accept-lifetime <time to start> <duration/time to stop>
key-string <string> (*note: ntp critical for time based keys)
show key chain (verify key, password, timers)
no ip split-horizon eigrp <as> (interface level, disable split horizon)
ip hello-interval eigrp <as> <seconds> (interface level)
ip hold-time eigrp <as> <seconds> (interface level, how long to declare ME down)
ip authentication mode eigrp <as> md5 (interface level, MD5 only)
ip authentication key-chain eigrp <as> <key-chain> (interface level)
delay <delay in tens of microseconds> (interface level)
ip summary-address eigrp <as> <network> <mask> <AD> leak-map <map> (interface level)
ip default-network <network> (config mode, redistribute default-network)
Verification
debug eigrp packet <hello/ack/update/query/reply>
show ip eigrp interfaces <detail>
show ip eigrp neighbors <detail> (queue count should be 0 if converged)
show ip eigrp topology <all-links> <prefix/len>
show ip protocols
show ip route
2.5 OSPF Routing
IP Routing: OSPF Configuration Guide, Cisco IOS Release 12.4T* [Cisco IOS Software Releases 12.4 T] - Cisco Systems
-Classless Link-State Protocol
-Transported through IP Protocol 89
-Maintains active adjacencies
-Sent as multicast 224.0.0.5 (All Routers), 224.0.0.6 (DR/BDR), or unicast
-Open Standards based, RFC 2328 "OSPF Version 2"
-Neighbor States: DR, BDR, DROther, - (doesn't use DR/BDR.. NBMA)
-LSA Types:
Intra Area - Type 1 (Router) contains router links and state is flooded into area of origin
Intra Area - Type 2 (Network) generated by DR, lists all attached routers. Flooded into area of origin.
Inter Area - Type 3 (Network Summary) generated by ABR sent into an area to advertise prefixes to other areas, flooded through the AS
Inter Area - Type 4 (ASBR Summary) generated by ABR. Advertises the ASBR, flooded through the AS.
External - Type 5 (AS External) generated by ASBR. Advertises external destination. Flooded through the AS.
NSSA - Type 7 (NSSA External) generated by the ASBR in a NSSA. Advertises external destination.
-DR/BDR Election:
Priority: 0 - 255, higher better 0=never participate
Router-ID: Highest Loopback / Interface IP, higher better. Best to statically set
-Route Types:
Intra Area Routes (O) - LSA 1 & 2
Inter Area Routes (O IA) - LSA 3 & 4
External Type 1 (E1) - LSA 5
External Type 2 (E2) - LSA 5
NSSA Type 1 (N1) - LSA 7
NSSA Type 2 (N2) - LSA 7
Configuration
router ospf <process-id>
network <address> <wildcard> area <area>
neighbor <address> <cost>
auto-cost reference-bandwidth <bw> (changes reference bandwidth, cost=reference_bw/interface_bw, best to modify on all routers!)
area <transit across-area> virtual-link <ip address of endpoint router> <authentication-key/message-digest>
area <area> authentication <message-digest> (specifies between type 0-null,1-clear txt,2-md5 authentication)
area <area> range <address> <mask> (On ABR, Summarization between areas)
summary-address <address> <mask> (On ASBR, during redistribution)
no discard route <internal/external> (tells OSPF to include specific routes with summarization between areas)
area <area> stub (stub area)
area <area> stub no-summary (totally stub area)
area <area> nssa <default-information-originate> (NSSA, LSA 1/2/7)
area <area> nssa no-summary (totally NSSA, LSA 1/2/3/7 only)
area <area> default-cost <cost> (modify cost for stub/nssa/etc areas, traffic engineering)
area <area> nssa no-redistribution (Send type 5 but not type 7 LSA, used for traffic engineering)
area <area> filter-list prefix <prefix-list> <in/out> (ABR LSA type 3 filter)
ip ospf <process-id> area <area> (interface level)
ip ospf cost <cost> (interface level)
ip ospf network broadcast (interface level, default on ethernet, token ring & FDDI)
ip ospf network non-broadcast (interface level, sends hello as unicast. Used for Frame/NBMA)
ip ospf network point-to-point (interface level, no longer advertises network as transit, HDLC/PPP)
ip ospf network point-to-multipoint (interface level, frame relay multipoint)
ip ospf network point-to-multipoint non-broadcast (interface level, unicast hello, neighbor command req)
ip ospf network loopback (interface level, automatic, use point-to-point to disable /32 behavior)
ip ospf hello-interval <seconds> (interace level, changes hello interval on that link… must match)
ip ospf dead-interval <seconds/minimal> hello-multiplier <number> (interface level)
ip ospf authentication <message-digest/null> (interface level, can also over-write process authentication)
ip ospf authentication-key <key> (interface level, specify authentication password)
ip ospf message-digest <key> md5 <pass> (interface level, allows for key rotation)
Verification
debug ip ospf <adj/etc> (Help to verify mismatched parameters that prevent neighbors from forming)
show ip ospf
show ip ospf database <router/network/summary/etc>
show ip ospf interface <brief>
show ip ospf neighbor
Going to go back and clean up a few of these sections and add additional content!CCIE Sec: Starting Nov 11 -
down77 Member Posts: 1,009Late night thought: So I sat down and realized that I am now just over $10k invested into the CCIE (books, materials, labs, bootcamp, airfare, hotel, etc) and just over 7 months into my study approach. I have hit the halfway progress mark IMO and starting to get deeper into the material, drills, etc.
So What to change from start to here? I'm re-evaluating the notes I've taken and correcting/cleaning them up. I'm spending the majority of my time in Vol 2 labs and refreshing back in Vol 1/ATC videos for sections that I still don't feel comfortable. I'm doing some work in Vol 3 and preparing for a wonderful but mind numbing experience in Raleigh next month @ the Cisco Campus (10 day camp). I'm back to spending multiple hours per night studying while the rest of the family sleeps. Most importantly, the motivation and determination is back and I am doing what I can to stay on track for the 2013 attempt. There already has been some challenges/changes to the plan but like everything I just had to work through them and push forward. I've learned I can't study by osmosis... falling asleep with Routing TCP/IP Vol1&2, ROUTE FLG (still use it as a reference), "IRA", Developing IP Multicast Networks, etc. on my head does little to help with memorization but it does give my wife many reasons to chuckle... and my son loves using the books as a pseudo stepping stool to reach items he wants that are just out of grasp!
More Updates to come in the next few daysCCIE Sec: Starting Nov 11 -
down77 Member Posts: 1,009Four hours of studying yesterday. I have a meeting with Cisco today and then back to the labs for a few more hours. My travel schedule starts back up wednesday so I'll be hitting up the GNS3 lab on the road!CCIE Sec: Starting Nov 11
-
down77 Member Posts: 1,009Tip of the night... make sure you are up on your regular expressions (regexp found under Term Services Appendix):
Cisco IOS Terminal Services Configuration Guide, Release 12.4T - Regular Expressions [Cisco IOS Software Releases 12.4 T] - Cisco Systems
sh ip bgp regexp <regexp>CCIE Sec: Starting Nov 11 -
down77 Member Posts: 1,009Headed to Tampa tomorrow and Orlando thurs night to meet with clients... hoping I get some study time on the road! In the meantime, BGP/IPv6/Multicast work tonight and continuing on with the speed drills. Loading up some PfR material for the drive down there so I can get some quality study (listening) time in the carCCIE Sec: Starting Nov 11
-
down77 Member Posts: 1,009Another few hours completed on BGP traffic engineering. This included IGPs (EIGRP, RIP, OSPF, redistribution, authentication), Traffic Engineering, and some light MPLS work as well. Two more weeks until the bootcamp! I should refresh up on QoS, IOS Security and PfRCCIE Sec: Starting Nov 11
-
down77 Member Posts: 1,009Tonight's fun... Controlling VPNv4 Routes and troubleshooting drills for MPLS scenarios. I ended up going back to some of the INE Adv Technology videos on MPLS since I only do MPLS every so often. The bright side, more fun with IGPs, BGP, protocol authentication, etc. The down side, my brain hurts after a long day! Cutting it a little short tonight to prepare for a drive to Atlanta tomorrow!
Still, 3hrs of study time done
Edit: Make sure you pay attention to which VRF instances you are redistributing into/out of! I had to go back and redraw some of the info because I started confusing some of the instances!!!CCIE Sec: Starting Nov 11 -
down77 Member Posts: 1,009One week left until my 10 day INE bootcamp. I'm reviewing some of my weakest areas right now.... Multicast, Platform specific QoS, and selected IP Services.
After the bootcamp I'll post my "countdown to lab" plans, but it entails ~4mos of hard core final review, 4-5 Mock labs, much less sleep, and 4-8hrs per day of Vol 2-4!!!CCIE Sec: Starting Nov 11 -
down77 Member Posts: 1,009Since I am continuing on with some Multicast labs tonight I thought it was only appropriate to paste some of the notes I had taken. Again I will be going back to clean them up as I move forward with some other topics:
5.0 Implementing IP Multicast
-IPv4 multicast uses Class "D" Addresses: 224.0.0.0 - 239.255.255.255
Link-Local Addresses: 224.0.0.0/24
Source Specific Multicast (SSM): 232.0.0.0/8 (No *,G messages)
Administratively Scoped: 239.0.0.0/8 (Private Multicast Range)
-Multicast uses control plane to determine:
Who is sending traffic and to what group(s)
Who is receiving traffic and for what group(s)
How traffic should be forwarded when received
Host to Router communication (IGMP)
Router to Router communication (PIM and MSDP)
5.1 IGMP
-Used for receiver to signal routers on LAN that it wants traffic for a specific group
-Enabled when PIM is enabled
-IGMPv1/v2 supports only group specific joins (*,G)
-IGMP v3 supports group and source specific joins (S,G)
Configuration
ip pim <dense-mode/sparse-mode/sparse-densemode/passive>
ip igmp version <version> (IOS runs IGMPv2 by default)
ip igmp join-group <address> source <source address> (interface level, initiate join)
ip igmp static-group <*/group-address> source <source-address/ssm-map>
ip igmp query-interval (interface level, how often to check for active membership)
ip igmp query-max-response-time (interface level, how long to wait for query before leave is assumed>
ip igmp querier-timeout (interface level, how long before detecting that querier is gone)
ip igmp last-member-query-count (how many queries after leave is heard before quit)
ip igmp last-member-query-interval (how often query is sent after leave)
ip igmp immediate-leave (If explicit leave, prune without sending leave)
ip igmp explicit-tracking (Track each SSM receiver, not just (S,G))
**Filtering**
ip igmp access-group (Control what groups can be joined)
ip igmp limit (Control how many groups can be joined)
ip igmp helper-address (send all reports and leaves upstream)
Verification
show ip igmp interface <int>
show ip igmp membership
5.2 Protocol Independent Multicast (PIM)
-Used for routers to signal each other how to build Multicast Tree
-IOS runs PIMv2 by default
-Various Modes:
Dense Mode: Considered implicit join, all traffic unless you don't want it, uses flood & prune behavior
Sparse Mode: Considered explicit join, no traffic unless asked, uses Rendezvous Point (RP) to process join requests (Most common mode)
Sparse Dense Mode: Sparse for groups with an RP assigned, Dense for others
-Multicast Source Discovery Protocol (MSDP): Used for RPs to signal each other about Multicast senders
-Uses Reverse Path Forwarding (RPF) for loop prevention
Check source IP and incoming interface, if incoming interface == outgoing unicast back to source, RPF check passes
-If RPF check passes:
Prefer (S,G) over (*,G) in routing table
Switch packets from incoming interface to all interfaces in the outgoing interface list (OIL)
Configuration
ip pim version <version>
5.3 PIM Dense Mode
-RFC 3973 "Protocol Independent Multicase - Dense Mode"
-Uses "push" model or "implicit join"
All traffic flooded throughout entire network
Routers that have no receivers prune (unjoin) unused links
-Only suitable for small multicast implementations
Doesn't scale because of flooding and (S,G) state creation
-Discover PIM neighbors: 224.0.0.13 (PIM)
Configuration
ip multicast-routing (enable multicast routing)
ip multicast-routing distributed (for IOS switches)
ip pim dense-mode (interface level, configure PIM to use dense-mode)
Verification
debug ip pim
show ip pim interfaces
show ip igmp membership
show ip mroute
5.4 PIM Sparse Mode
-RFC 4601 "Protocol Independent Multicast Sparse Mode (PIM-SM)"
-Uses "pull" mode or "explicit join": traffic is not flooded unless you ask for it
-Uses both Shared Trees (RPT) and Source Based Trees (SPT)
Dense mode only uses source trees
More scalable than dense mode and usually better design choice
-Multicast Trees determine how traffic is Routed from Sender to Receiver:
Source Trees: Uses shortest path from sender to receiver, dense or sparse
Shared Trees: Uses shortest path from RP, then shortest path from RP to receiver, sparse mode only, used to eliminate flooding and pruning and make routing table more scalable
Configuration
ip pim sparse-mode (interface level, configure PIM to use sparse-mode)
ip pim spt-threshold <kbps> (interface level, define when leaf joins spt)
**PIM DR (Rendezvous Point)**
ip pim rp-address <address> (define RP)
ip pim dr-priority <value> (higher the better)
**RPF Modification**
ip mroute <mroute> (static multicast route)
Verification
no ip mroute-cache (interface level, disable cef switching to see debug)
debug ip mpacket
debug ip packet detail (use acl to filter output)
debug ip pim
show ip route
show ip rpf
show ip mroute count
show ip pim neighbors (verify pim adjacencies)
show ip pim rp mapping (show PIM group to RP mapping)CCIE Sec: Starting Nov 11 -
down77 Member Posts: 1,009Almost forgot... I called the Vitamin Shoppe near South Point (Durham, NC) and asked them to have a case of Spike! (link below) and a few boxes of Quest Nutrition bars for me to pick up when I get there this sunday. At a minimum I'll be grabbing those, a case of water, and a few other healthy snacks to help fuel me through the bootcamp!
Spike Shooter - Wikipedia, the free encyclopediaCCIE Sec: Starting Nov 11 -
down77 Member Posts: 1,009QoS labs tonight and then to work on "Implement Network Security" sections. I figured the combination works well since I'll get to play with MQC for a number of hours tonightCCIE Sec: Starting Nov 11