The range for RTP/VOIP traffic packet could take is:
permit udp any any range 16384 32767
Also tcp port 1720 is used for voice control connetions similiar like port 21 with ftp
27. September 2006
25. September 2006
EIGRP metrics calculation
EIGRP is calculating metrics out of a summary of variables. Here is the formular for EIGRP metric calculation:
(K1*bandwidth+K2*bandwidth/256-load + K3*delay)
only if K4 and K5 are not zero the following operand is is also multiplied:
[k5/(reliability + k4)]
With the default setting on cisco routers the values K1=1 K2=0 K3=1 K4=0 K5=0. so metric is normaly calcuated out of K1*Bandwidth + K3*delay.
To calculate the metric use the following formular:
(10^7/bandwidth(Kbps) + delay(ms)/10)*256=metric
Use the sh ip eigrp topology [ROUTE-ENTRY] to see the setting for the route.
Source:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cr/hirp_r/rte_eih.htm#wp1097416
http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cr/hirp_r/rte_eih.htm#wp1099338
24. September 2006
Recursive routing problem
This can happen, when the tunnel learns the destination of the tunnel through the tunnel itself.
You can save yourself by adding a static route or filter the route with a distribute-list for example.
*Mar 4 23:58:18.091: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up
*Mar 4 23:58:18.163: %PIM-5-NBRCHG: neighbor 148.1.13.1 UP on interface Tunnel0 (vrf default)
Rack1R3#
*Mar 4 23:58:27.091: %TUN-5-RECURDOWN: Tunnel0 temporarily disabled due to recursive routing
*Mar 4 23:58:28.091: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to down
*Mar 4 23:58:28.111: %PIM-5-NBRCHG: neighbor 148.1.13.1 DOWN on interface Tunnel0 (vrf default) non DR
Here is the setup of the scenario producing the error:
R1:
interface Tunnel0
ip address 148.1.13.1 255.255.255.0
tunnel source Loopback0
tunnel destination 150.1.3.3
R3:
interface Tunnel0
ip address 148.1.13.3 255.255.255.0
tunnel source Loopback0
tunnel destination 150.1.1.1
Both routers have learned through rip about the other destination interface. When the tunnel comes up, the also learn about the destination of the tunnel interface through rip.
To stop this, i have added on both sides the destination of the tunnel interface into a distribute list.
R1:
router rip
distribute-list 3 in Tunnel0
access-list 3 deny 150.1.3.0 0.0.0.255
access-list 3 permit any
R3:
router rip
distribute-list 1 in Tunnel0
access-list 1 deny 150.1.1.0 0.0.0.255
access-list 1 permit any
Source:
18. September 2006
different kinds of frame-relay connections, dynamic, static, broadcast
There can be differnet kinds of frame-relay connections. You can lookup the status with „show frame-relay map“ to see what kind of conenction you have.
- dynamic mapping – if frame-relay uses inverse arp to dynamically map the dlci with the ip address, it’s a dynamic mapping
- static mapping – if you use a map statement to statically map the given dlci to an ip address, this is called a static connection.
- broadcast – pon point-to-point links there a „frame-relay interface-dlci“ statement can „setup“ mapping. So this would show up as neither dynamic or static, than broadcast.
simple redistribution
Redistribution is the technique to distribute one routing protocol into another. If you have two routing protocols, you can mutually distribute them into another to garanty reachability.
There are many possible scenarios for redistributiong one protocol into another one.
You could simple remember that there should be given a metric for the redistributed protocol. So if you want to redistribute rip into ospf for example, you must give a metric value when redistributing.
Redistributing from rip into ospf means, that on an ARB (area boarder router), where two routing protocols are running, you make the routes from each protocol usable to the other routing domain and vica versa.
router rip
redistribute ospf 1 metric 1
Here it means that you send all routes that are running under ospf process 1 to rip with a metric of 1.
So now the rip routing domain has all routes from the ospf domain also available.
To redistribute the other way:
router ospf 1
redistribute rip subnets metric 1
This will send all routes from the rip domain into the ospf domain under ospf process 1. It will also redistribute all routes with a metric of 1 and all subnets.
It’s very important to set the metric. If you don’t, you will not see any routes on the other side.
What are floating routes?
Floating routes are somtetime static routes with another administrativ distance. These routes disapear, when dynamic routes are no longer valid. This could be a technique to prove certain rechability for networks. Floating means, that they are there but you can’t see them until they get valid.
If there is for example a dynamic default route is learned from EIGRP with Administrativ distance 90 or for external EIGRP routes with AD 170, then you could place a static route with „ip route 0.0.0.0 0.0.0.0 s0/0 171“, so that it will apear in the routing table, when the AD 90 or 170 default route does not longer exists.
That’s called a floating route.
What’s a BGP community?
A community in the BGP world is for sending attributes to neighbors that are members of the community. All community members will be send the attribute provided for the community.
Source:
http://www.cisco.com/warp/public/459/bgp-community.html
13. September 2006
IPv6 generals
A device can have multiple adressess
- Unspecified/llpback/compatible-IPv4 address, ::0/96
- Mapped IPv4 addresses, ::ffff:0.0.0.0/96
- Reserved for NSAP Allocation (RFC 18888), 200::/7
- Reserved for IPS Allocation, 400::/7
- Link Local Address, fe80::/10
- Site Local Address, fec0::/10
- Global Unicast Address, 2000::/3
- similar to IPv$ address space.
- Local IPv& Unicast addresses (proposed), fc00::/7
- Multicast, ff00::/8
And can send one of these Packet Types
- Unicast
- Multicast
- Anycast
Header is 128 bits in comparision to 32 bit in IPv4.
Source:
traffic generators for testing purposes
Use telnet to debug certain policies and look if traffic is matching. There is the /source-interface option for that.
To controll which source interface telnet is using, you can set it up with /source-interface.
It’s also possbile to generate certain traffic with the rtr command:
R1(config)#rtr 2
R1(config-rtr)#type ?
dhcp DHCP Operation
dlsw DLSW Operation
dns DNS Query Operation
echo Echo Operation
frame-relay Perform frame relay operation
ftp FTP Operation
http HTTP Operation
jitter Jitter Operation
pathEcho Path Discovered Echo Operation
pathJitter Path Discovered Jitter Operation
slm SLM Operation
tcpConnect TCP Connect Operation
udpEcho UDP Echo Operation
R1(config-rtr)#type tcpConnect dest-ipaddr 10.10.10.10 ?
dest-port Destination Port
R1(config-rtr)#type tcpConnect dest-ipaddr 10.10.10.10 dest-port 80 ?
control Enable or Disable Control packets
source-ipaddr Source Address
source-port Source Port
R1(config-rtr)#rtr schedule 2 life 600 start-time now
Or „ip sla monitor“ is available to generate traffic also.
Source:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cr/hsla_r/sla_01h.htm#wp1077817
What’s ip precedence?
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Version| IHL |Type of Service| Total Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Identification |Flags| Fragment Offset | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Time to Live | Protocol | Header Checksum | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Source Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Destination Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Options | Padding | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The precedence value is presented in Type of service field in the tcp header. It can take up to 1 byte.
0 1 2 3 4 5 6 7 +-----+-----+-----+-----+-----+-----+-----+-----+ | | | | | | | PRECEDENCE | STRM|RELIABILITY| S/R |SPEED| | | | | | | +-----+-----+-----+-----+-----+-----+-----+-----+
The ip precedence value is set and carried over network boarders. It does not have to be set by each router on the path again.
Source:
http://certcities.com/editorial/columns/story.asp?EditorialsID=33