Skip to main content

CCIE OSPF Behaviors

There are five main behaviors when working with OSPF, some people get confused between them and I my self had a painful time understanding at the beginning what the hell we need them and what difference dose it make using one or the other. Broadcast - for shared network environment like Ethernet as you can see bellow by tweaking the interface behavior you can adjust also the timers and make it send multicats instead of unicast: Router1(config-if)#ip address 1.1.1.2 255.255.255.0 Router1(config-if)#ip ospf network broadcast Router1(config-if)#end Router1# show ip ospf interface s0 Serial2 is up, line protocol is up Internet Address 1.1.1.2/24, Area 0 Process ID 1, Router ID 3.3.3.3, Network Type BROADCAST, Cost: 64 Transmit Delay is 1 sec, State DR, Priority 1 Designated Router (ID) 3.3.3.3, Interface address 1.1.1.2 Backup Designated router (ID) 2.2.2.2, Interface address 1.1.1.1 Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 Hello due in 00:00:19 Index 1/1, flood queue length 0 Next 0x0(0)/0x0(0) Last flood scan length is 2, maximum is 2 Last flood scan time is 0 msec, maximum is 0 msec Neighbor Count is 1, Adjacent neighbor count is 1 Adjacent with neighbor 2.2.2.2 (Backup Designated Router) Suppress hello for 0 neighbor(s) non-broadcast - for Frame-relay or ATM here in the bellow example you can see the default behavior or the serial interface Router1# show ip ospf interface s2 Serial2 is up, line protocol is up Internet Address 1.1.1.2/24, Area 0 Process ID 1, Router ID 3.3.3.3, Network Type NON_BROADCAST, Cost: 64 Transmit Delay is 1 sec, State DR, Priority 1 Designated Router (ID) 3.3.3.3, Interface address 1.1.1.2 Backup Designated router (ID) 2.2.2.2, Interface address 1.1.1.1 Timer intervals configured, Hello 30, Dead 120, Wait 120, Retransmit 5 Hello due in 00:00:19 Index 1/1, flood queue length 0 Next 0x0(0)/0x0(0) Last flood scan length is 2, maximum is 2 Last flood scan time is 0 msec, maximum is 0 msec Neighbor Count is 1, Adjacent neighbor count is 1 Adjacent with neighbor 2.2.2.2 (Backup Designated Router) Suppress hello for 0 neighbor(s) point to point - for point to point interface like ppp or hdlc encap point to multipoint - special behavior that the hub interface act as point to point to every spoke in its hub and spoke topology Point-to-Multipoint Nonbroadcast Broadcast use DR / BDR elecation and use multicats 224.0.0.6 for DR / BDR and 224.0.0.5 for all spf routers non-Broadcast use DR / BDR election but it use unicast for neighbor relations this is why you need to make sure that you enable this on the hub of the topology and not on one of the spokes and also you must remember to specify each neighbor manually (only on the hub). point-to-point is the easiest as there is no DR / BDR and the relation is formed very quickly using multicast point to multipoint is also very easy and nice as it also do not use DR / BDR and is forming relation using multicats. Point-to-Multipoint Nonbroadcast like point to multipoint but with the requirement of the neighbor statement in the config now that we understand the modes, some time we are required "mainly in the lab exam" to manipulate the default interface behavior and setting a different one and this is done with the command ip ospf network like i showed in the initial sample when I used a serial interface and tweaked it to use Broadcast behavior and like so I can do the other way meaning using Ethernet and tweaking it to use non-broadcast behavior, now you probably ask your self why would you want to do that??? well the answer is simple: 1) they asked you :-) 2) the more serious answer is that you need more security as you know non-broadcast use unicast meaning that client that should be updated wont be! and you can add to this also encryption and authentication and even if your address been spoofed you will have protection against evil I hope this has been some help!
Post a Comment

Popular posts from this blog

Step By Step MPLS – Basic MPLS Setup

Initial configuration , very basic with no MPLS, connectivity only to directly connected interfaces.R1R2R3R4!
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
ip address 10.0.31.1 255.255.255.0
duplex auto
speed auto
!
!
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet0/0
ip address 10.0.42.2 255.255.255.0
duplex auto
speed auto
!
!
!
interface Loopback0
ip address 3.3.3.3 255.255.255.255
no clns route-cache
!
interface FastEthernet0/0
ip address 10.0.31.3 255.255.255.0
duplex auto
speed auto
  no clns route-cache
!
interface Serial1/0
ip address 10.0.43.3 255.255.255.0
  serial restart-delay 0
no clns route-cache
!
!
!
interface Loopback0
ip address 4.4.4.4 255.255.255.255
no clns route-cache
!
interface FastEthernet0/0
ip address 10.0.42.4 255.255.255.0
duplex auto
speed auto
!
interface Serial1/0
ip address 10.0.43.4 255.255.255.0
  serial restart-delay 0
no clns route-cache
!
adding to the following configuration MPLS labels we will start wi…

What is about to change in CISSP from Apr 2018

Change have arrived and like with other professional certification there is almost a standard time before certification gets its update, with most anywhere it is between 3 - 4 years, CISSP is no different and since last update was on 2015 the change is arriving here as well.

For the people that wish to see the official existing and new outline

I have decided to write this post as the new out line is more of a list of Domain and Sections within the domain without hint or indication to what was modified actually and I could not find anyone else that done that comparison, I had to take the task and do the comparison, please be advised that I have done it for my own "pleasure" so apologies if I missed something :-)
Lets start with the obvious change:
CISSP - Before Apr 2018CISSP - from Apr 20181. Security and Risk Management16%15%2. Asset Security10%10%3. Security Engineering12%13%4. Communications and Network Security12%14%5. Identity and Access Management13%13%6. …

VRF Maximum Routes

Maximum routes under customer vrf, if the service provider had unlimited resources he would not have needed that!
however normally resources are limited and expensive, and Service provider would like to make money from his available resources. maximum routes configured under VRF provide a mean of controlling PE local resource and abuse avoidance from the CE side.I have vrf called DC_EXTRANET, you can see that I have 16 routes, I have configured 10 maximum routes under that vrf however I did not want to be aggressive so I have set the warning only option. See that immediately I get a notice that I have more routes then the maximum, however no action is taken other then alerting and sending a syslog. ! PE_ashdod_otherisp.n(config-vrf)# maximum routes 10 warning-only % The current number of routes in the routing table is equal to, or exceeds the configured warning limit PE_ashdod_otherisp.n(config-vrf)# *Nov 26 20:39:41.175: %IPRT-3-ROUTELIMITWARNING: IP routing table limit warning - DC_…