CCIE SEC General Networking

Basics
1. Have you tried switching it off & on again?
OSI Layers
1. Application
  1. Layer 7
  2. SMTP
  3. HTTP
2. Presenetation
  1. Layer 6
  2. XML / HTML
  3. GIF / JPEG
3. Session
  1. Layer 5
  2. Controls Connections... i.e. source port to destination port.. and source port tied to applications
4. Transport
  1. Layer 4
  2. TCP
  3. UDP
  4. ICMP
5. Network
  1. Layer 3
  2. Logical Addressing
  3. IP
  4. Routing
6. Data-Link
  1. Layer 2
  2. MAC Addresses
  3. ARP
  4. Switching
7. Physical
  1. Layer 1
  2. Physical Connections, plugs
  3. Fibre / Copper
Routing Protocols
1. RIP
  1. Distance Vector
  2. UDP 520
  3. Admin Distance 120
  4. Load Balance upto 16 paths
  5. Version 1
    1. Broadcast Updates
    2. Classfull
    3. No Authentication
  6. Version 2
    1. Classless, VLSM = ok!
    2. Auto Summary on Class
    3. MULTICAST - 224.0.0.8
    4. Authentication
2. EIGRP
  1. Enhanced Interior Gateway Routing Protocol
  2. Routing protocol designed and developed by Cisco
  3. EIGRP is an advanced distance-vector routing protocol, with optimizations to minimize both the routing instability incurred after topology changes, as well as the use of bandwidth and processing power in the router.
  4. Mixture of Distance Vector & Link state
  5. Fast Convergence via DUAL (Diffusing Update Algorithm)
  6. VLSM Support
  7. Triggered partial routing updates
  8. Multiple network layer supports
    1. Supports IP, AppleTalk, IPX, Novell NetWare
  9. Route States
    1. Passive
    2. Active
    3. A route is considered "active" when route recomputation is taking place, i.e. a routing decision has not yet been made.
    4. Passive is the operational "normal" state
  10. Terminology
    1. Neighbour Table
      1. Router uses "hello packets" to discover neighbors
      2. The Neighbour Tables stores a list of directly connected neighbours
    2. Topology Table
      1. When a new neighbour is discovered they update each other with details on all the routes they know about.
      2. The topology table contains all the destination networks learned by other routers.
    3. Advertised Distance
      1. Advertised Distance (AD) is the total metric along a path to a destination network as advertised by an upstream neighbor
    4. Feasible Distance
      1. A Feasible Distance (FD) is the lowest known distance from a router to a particular destination
      2. This is the Advertised Distance (AD) + the cost to reach the neighboring router from which the AD was sent
    5. Sucessor
      1. Also known as Current Sucessor
      2. Is a neighbour that has least-coset path to a destination (and not part of a routing loop)
    6. Feasible Sucessor
      1. is the backup "next hop" if a sucessor fails
      2. (also not part of a routing loop)
    7. Routing table
      1. Stores the best routes to all destinations
  11. multi data-link protocol / topology support
    1. Multicast Neighbours on Ethernet
      1. 224.0.0.10
      2. Support for Unicast Multi-Cast comminucation
    2. Support for point to point & non-broadcast multi-access (NBMA)
  12. EIGRP Packets are IP Protocol Number 88
  13. Admin Distance 90
  14. EIGRP Message Authentication Configuration Example
    1. Routing authentication relies on a key on a keychain to function
    2. ip authentication mode eigrp 10 md5
    3. ip authentication key-chain eigrp 10 MYCHAIN
3. IGRP
  1. Interior Gateway Routing Protocol
  2. Distance Vector
  3. Cisco Proprietary
  4. IGRP was created in part to overcome the limitations of RIP (maximum hop count of only 15, and a single routing metric) when used within large networks
  5. CLASS_FULL_
  6. Periodically each gateway broadcasts its entire routing table (with some censoring because of the split horizon rule) to all adjacent gateways.
  7. Admin Distance 100
4. OSPF
  1. Open Shortest Path First
  2. Terminology
    1. Router Types
      1. Internal
        All routers have identical LSDBs
      2. Backbone
        A router with at least one connection to Area 0
      3. ABR
        A router with a connection to 2 or more areas
      4. ASBR
        A router with a connectio to an external area
        External Area would be re-distributing routes from another protocol
    2. LSDB
      1. Link State DB
      2. A Database of routes within a given area
      3. Routers may have many LSDBs
  3. Admin Distance 110
  4. Multicast
    1. 224.0.0.5 (all SPF/link state routers, also known as AllSPFRouters)
    2. 224.0.0.6 (all Designated Routers, AllDRouters)
  5. OSPF does not use TCP or UDP but uses IP directly, via IP protocol 89
  6. Classless, VLSM = ok!
  7. Link-State Routing Protocol
  8. LSA
    1. Link State Announcement
    2. Types
      1. LSA 1
        Router LSA
        Describe the state of the routers links to the area
        Only Flooded within a particular Area
      2. LSA 2
        Network LSA
        Generated by DR in multi-acess networks (ethernet)
        Describe the routers connected to the multi-access area
      3. LSA3
        Summary LSA
        Describe routes to the Area's Networks
        Flooded thru Backbone (Area 0)
        Not flodded thru Totally Stubby or NSSAs
      4. LSA4
        Summary LSA
        Describe routes to the ASBRs
        Flooded thru Backbone (Area 0)
        Not flodded thru Totally Stubby or NSSAs
      5. LSA 5
        AS External LSA
        Generated by ASBRs
        Describe routes to external Areas
        Not Flooded to Stub, totally stubby or NSSAs
      6. LSA 6
        Multicase OSPF LSA
        Used in multicase applications
      7. LSA 7
        NSSA LSA
      8. LSA 8
        External LSA for BGP
        Used to OSPF <-> BGP internetworking
      9. LSA 9, 10 or 11
        Opaque LSA
        Designed for future upgrades
  9. IGP (Interior gateway protocol)
  10. Areas
    1. Backbone
      1. Area 0 is the backbone area
      2. Virtual Link can create a temp link to area 0
      3. All Areas must connect to Area 0
    2. Stub Area
      1. A stub area is an area which does not receive external routes except the default route
      2. Does recieve internal routes
      3. Cannot contain an ASBR
    3. Totally Stubby Area
      1. Does not receive internal or external routes
    4. No So Stubby Area
      1. NSSA
      2. Can send external routes to back bone
      3. Does not accept external routes from other areas
      4. _CAN_ contain an ASBR
  11. Configuring OSPF Authentication on a Virtual Link
    r3.3.3.3# debug ip ospf adj 23:48:06: OSPF: Interface OSPF_VL1 going Up 23:48:06: OSPF: Send with youngest Key 0 23:48:07: OSPF: Build router LSA for area 0, router ID 3.3.3.3, seq 0x80000001 23:48:07: OSPF: Build router LSA for area 2, router ID 3.3.3.3, seq 0x80000033 23:48:07: OSPF: Build router LSA for area 1, router ID 3.3.3.3, seq 0x80000030 23:48:14: OSPF: 2 Way Communication to 1.1.1.1 on OSPF_VL1, state 2WAY 23:48:14: OSPF: Send DBD to 1.1.1.1 on OSPF_VL1 seq 0x1EA opt 0x62 flag 0x7 len32 23:48:14: OSPF: Send with youngest Key 1 23:48:14: OSPF: Rcv DBD from 1.1.1.1 on OSPF_VL1 seq 0x3FB opt 0x62 flag 0x7 len 32 mtu 0 state EXSTART 23:48:14: OSPF: First DBD and we are not SLAVE 23:48:16: OSPF: Send with youngest Key 1 23:48:19: OSPF: Send DBD to 1.1.1.1 on OSPF_VL1 seq 0x1EA opt 0x62 flag 0x7 len 32 23:48:19: OSPF: Send with youngest Key 1 23:48:19: OSPF: Retransmitting DBD to 1.1.1.1 on OSPF_VL1 [1] 23:48:19: OSPF: Rcv DBD from 1.1.1.1 on OSPF_VL1 seq 0x3FB opt 0x62 flag 0x7 len 32 mtu 0 state EXSTART 23:48:19: OSPF: First DBD and we are not SLAVE 23:48:19: OSPF: Rcv DBD from 1.1.1.1 on OSPF_VL1 seq 0x1EA opt 0x62 flag 0x2 len 172 mtu 0 state EXSTART 23:48:19: OSPF: NBR Negotiation Done. We are the MASTER 23:48:19: OSPF: Send DBD to 1.1.1.1 on OSPF_VL1 seq 0x1EB opt 0x62 flag 0x3 len 112 23:48:19: OSPF: Send with youngest Key 1 23:48:19: OSPF: Send with youngest Key 1 23:48:19: OSPF: Database request to 1.1.1.1 23:48:19: OSPF: sent LS REQ packet to 5.0.0.1, length 48 23:48:19: OSPF: Rcv DBD from 1.1.1.1 on OSPF_VL1 seq 0x1EB opt 0x62 flag 0x0 len 32 mtu 0 state EXCHANGE 23:48:19: OSPF: Send DBD to 1.1.1.1 on OSPF_VL1 seq 0x1EC opt 0x62 flag 0x1 len 32 23:48:19: OSPF: Send with youngest Key 1 23:48:19: OSPF: Build router LSA for area 0, router ID 3.3.3.3, seq 0x80000030 23:48:19: OSPF: Rcv DBD from 1.1.1.1 on OSPF_VL1 seq 0x1EC opt 0x62 flag 0x0 len 32 mtu 0 state EXCHANGE 23:48:19: OSPF: Exchange Done with 1.1.1.1 on OSPF_VL1 23:48:19: OSPF: Synchronized with 1.1.1.1 on OSPF_VL1, state FULL !--- This indicates the establishment of neighbor adjacency. 23:48:19: %OSPF-5-ADJCHG: Process 2, Nbr 1.1.1.1 on OSPF_VL1 from LOADING to FULL, Loading Done
    1. ip ospf authentication-key cisco
    2. area 1 virtual-link 3.3.3.3 authentication-key cisco
  12. Sample Configuration for Authentication in OSPF
    1. Types
      1. Null Authentication
      2. Plain Text Authentication
      3. MD5 Authentication
    2. show ip ospf interface serial0
      R1-2503# show ip ospf interface serial0 Serial0 is up, line protocol is up Internet Address 192.16.64.1/24, Area 0 Process ID 10, Router ID 172.16.10.36 , Network Type POINT_TO_POINT, Cost: 64 Transmit Delay is 1 sec, State POINT_TO_POINT, Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 Hello due in 00:00:05 Index 2/2, flood queue length 0 Next 0x0(0)/0x0(0) Last flood scan length is 1, maximum is 1 Last flood scan time is 0 msec, maximum is 4 msec Neighbor Count is 1, Adjacent neighbor count is 1 Adjacent with neighbor 70.70.70.70 Suppress hello for 0 neighbor(s) Message digest authentication enabled Youngest key id is 1
5. BGP
  1. TCP 179
  2. Border Gateway Protocol
  3. Exterior Gateway Protocol
    1. A routing protocol which exchanges routes _between_ AS's
    2. Also known as: Interdomain routing protocol (IDRP)
  4. AS = Autonomous System
    1. Private AS Numbers = 64512 -> 65535
    2. Transit AS
      1. An AS that routes traffic from one external AS to another External AS
    3. Non-Transit AS
      1. An AS which has an ISP multihoming connection, but does not transfer routes between them
  5. iBGP
    1. Internal BGP
    2. BGP runs within an AS
  6. eBGP
    1. External BGP
    2. BGP is exchanging routes _between_ AS's
  7. Attributes
    1. Well-Known Mandatory
      1. Next hop
      2. Origin
      3. AS_path
    2. Well-Known discretionary
      1. Local Preference
        Influences _OUTBOUND_ Traffic
        Higher value preferred
      2. Atomic Aggregate
    3. Optional transitive
      1. Community
      2. Aggregator
    4. Optional nontransitive
      1. MED
        Multi-Exit Discriminator
        Influences _INBOUND_ traffic
        Lower value preferred
    5. Cisco Defined
      1. Weight
  8. Path Vector Protocol
  9. BGP is the core routing protocol of the Internet. It maintains a table of IP networks or 'prefixes' which designate network reachability among autonomous systems (AS).
  10. BGP is an interautonomous system routing protocol.
  11. ISP Multihoming Options
    1. Each ISP passes only a default route to the AS
    2. Each ISP passes only a default route and provider-owned specific routes to AS
    3. Each ISP passes all routes to the AS
  12. BGP Authentication
    router bgp 109 neighbor 145.2.2.2 password v61ne0qkel33&
Switching
1. Spanning Tree
  1. BPDU
    1. Notication Frames
      1. Note Generated by spanning-tree portfast
    2. Config Frames
    3. Set with Source Mac & root bridge MAC
  2. Security
    1. Root Gurad
      1. Stops new root Bridge BPDUs, allows switches to connect
    2. BPDU Guard
      1. Rejects ANY BPDU
    3. Loop Gurad
      1. Stops Loops forming if no BPDU recieved
    4. UDLC
      1. UNI-Directional Loop Detection
      2. used to detect if tx or rx breaks
        Normal Mode = Log
        Aggressive Mode = Err_Disable Port
    5. BPDU Filter
      1. Filters Outbound BPDU
2. VLANS
  1. VLAN Trunking
    1. Trunk Link carries many VLANS over a single switch port
    2. Switch Frames are "tagged" with a VLAN ID, so receiving device can determine where Frames were destine
    3. ISL
      1. Inter-Switch Link Protocol
      2. Cisco-proprietary protocol that maintains VLAN information as traffic flows between switches and routers
      3. Performs frame identification in Layer2 by encapsulating each frame between a header and trailer.
      4. Referred to as FRAME double tagging
        Not the same as Security Layer2 attach "double tagging"
    4. 802.1q
      1. IEEE 802.1Q Protocol
      2. EEE 802.1Q (also known as VLAN Tagging) was a project in the IEEE 802 standards process to develop a mechanism to allow multiple bridged networks to transparently share the same physical network link without leakage of information between networks
      3. Each Frame is tagged within the layer2 frame.... not encapsulated
        Single Tagging
        Internal Tagging
      4. Native VLAN
        VLAN where "untagged" frames should reside.
    5. VTP
      1. VLAN Trunking Protocol
      2. Modes
        Server
        DEFAULT!
        Client
        Transparent
        All VLANS are local
      3. Layer 2 Frames
      4. Domains
        Revision Number
        To re-Set to 0
        Change Domain Name
        Change Switch Mode
        VLANS in domain
        Paramaters
        Mode
        Version 2
        Version 2
        Pruning
    6. DTP
      1. Dynamic Trunking Protocol
      2. The Dynamic Trunking Protocol (DTP) is a proprietary networking protocol developed by Cisco Systems for the purpose of negotiating trunking on a link between two VLAN-aware switches, and for negotiating the type of trunking encapsulation to be used
  2. Virtual LAN
    1. LAN = Local Area Network
  3. A group of hosts with a common set of requirements that communicate as if they were attached to the Broadcast domain, regardless of their physical location.
  4. Static VLAN Assignment
    1. Port Based Membership
    2. This is the "normal"
    3. Steps
      1. Step 1
        Create VLAN
        vlan
        name
      2. Step 2
        Assign Port to VLAN
        switchport mode access
        switchport access vlan
  5. Dynamic VLAN Assignment
    1. VLANs are assigned based on the MAC address of the end-user device
    2. Switch must query VLAM Membership Policy Server (VMPS)
  6. End to End VLANS
    1. A vlan switch spans a large geographical area
    2. examples would be a single vlan across a whole building or campus
  7. Local VLANS
    1. A vlan restricted by "something"
    2. Example, local to switch or local to room or local to floor
TCP/IP Protocols
1. ICMP
  1. Protocol 1
  2. Types
    1. 0 Echo Reply
    2. 3 Destination Unreachable
    3. 4 Source Quench
    4. 5 Redirect
    5. 8 Echo Request
    6. 11 TTL Expired
2. TCP
  1. Protocol 6
  2. Connection-Orientated
3. UDP
  1. Protocol 17
  2. Connection LESS
4. IP v6
  1. Internet Protocol version 6 (IPv6) is the next-generation Internet Layer protocol for packet-switched internetworks and the Internet.
  2. IPv6 is a new IP protocol designed to replace IPv4, the Internet protocol that is predominantly deployed and extensively used throughout the world. IPv6 quadruples the number of network address bits from 32 bits (in IPv4) to 128 bits or approximately 3.4 x 1038 addressable nodes, which provides more than enough globally unique IP addresses for every network device on the planet.
  3. Key Features
    1. Lager Address Space
    2. Simplified Protocol Header
    3. Built-in Support for Security & Mobility
    4. Transition Richness
      1. Dual Stack
      2. Tunneling
        6 in 4
        6 to 4
        Intra-Site Automatic Tunnel Addressing Protocol (ISATAP)
        Teredo
  4. Address representation
    1. 2001:0002:2CB5:0000:0000:077A:0000:0000:0007
    2. Addresses can be shortened with :: which replace sucessive 0s
    3. 2001:2:2CB5::77A:0:0:7
    4. Only _ONE_ pair of colons can be used
    5. Leading 0s can be removed
  5. Address Types
    1. Unicast
      1. similar to V4 unicast
      2. Glocal Unicast
        = Global Routing Prefix + Subnet ID + Interface ID
      3. Link-Local Unicast
        Stateless Auto Config
    2. Anycast
      1. is the "closest" ip address
    3. Mulicast
      1. Similar to v4 mulicast
  6. Routing Protocols
    1. OSPF v3
    2. IS-IS for IPv6
    3. RIPng
    4. EIGRP for IPv6
    5. BGP4
5. IP v4
  1. Class A
  2. Class B
  3. Class C
  4. Class D
    1. MultiCast
  5. Class E
    1. Experimental
  6. RFC 1918
  7. RFC 2827
IP Multicast
1. IP multicast is a method of forwarding IP datagrams to a group of interested receivers
  1. Multicast Groups are identified by Class D IP addresses
  2. 224.0.0.0 -> 239.255.255.255
    1. 224.0.0.1 = All Hosts
    2. 224.0.0.2 = All Multicast Routers
    3. 224.0.0.4 = All DVMRP Routers
    4. 224.0.0.5 = All OSPF Routers
    5. 224.0.0.6 = All OSPF DR's
    6. 224.0.0.9 = All RIP v2 Routers
    7. 224.0.0.10 = All EIGRP Routers
    8. 239.0.0.0 -> 239.255.255.255 = PRIVATE Internal
2. Cisco's Securing Multicast
3. IGMP
  1. Internet Group Management Protocol
  2. Hosts use IGMP to register with a router to Join & Leave multicast groups; the router then "knows" that it needs to forward multicast datastreams to that host
4. CGMP
  1. Cisco Group Management Protocol
  2. Cisco propiarty protocol which runs between a router & a switch
  3. The router informs directly connected switches about which hosts have joined multi-cast groups to help limit flooding on the switch
5. PIM
  1. Protocol Independent Multicast
  2. Used by Routers that are forwarding Multicast Traffic
  3. Modes
    1. Sparse Mode
      1. PIM-SM
      2. Hosts/Sources register with the RP
      3. Routers along the path, explicitly Join the group so data can be passed from the RP to the Host
    2. Dense Mode
      1. PIM-DM
      2. All routers are initially "joined" to the multicast group
      3. Routers then request pruning, if no hosts wish to join.
    3. PIM Sparse-dense mode
      1. Hybrid of PIM-SM & PIM-DM
      2. Allows routers to run both PIM-SM & PIM-DM for different multicast groups
      3. Supports automatic RP discovery
  4. RP
    1. Rendezvous Point
    2. Source of the Multicase Tree, i.e. data source.
6. DVMRP
  1. Distance Vector Multicast Routing Protocol