Jeff Doyle -Vol 1: Chapter 2 Notes, IPV6 basics

IPV6 Rules: Leading 0’s can be omitted.

1 or more contiguous all-0’s can be replaced by ::

::/0 – Default route ; ::/128 – unspecified (used by NDP)

Global unicast address : (001 – first 3 bits => all addresses begin 2xxx::/4 or 3xxx::/4)

Starting addresses: 6bone – 3ffe, RIRs – 2001

Global routing Prefix (48)

Subnet ID (16)

Interface ID (64)

ð 65535 subnets

::1/128 – Loopback address; FF00::/8 – Multicast; FE80::/10 – Link-local unicast; FEC0::/10 – Site-local unicast

Anycast address: can be any global unicast address – represents a service (the override bit is always set to 0 in the NA)

Multicast

Multicast prefix 0xFF (8)

Flags (4)

Scope (4)

Group ID (112) Only last 32 used

Flags: First 3 bits unused; 0 = permanent, well known, 1 = temporary, admin assigned

Scope: 0×0 reserved, 0×1 node-local, 0×2 link-local, 0×5 site-local, 0×8 org-local, 0xE global

 

IPV6 Header: Always 40 octets.

Ver(4)	Traffic Class (8)	Flow Label (20)
Length (20)	Next Header (8)	Hop limit (8)
Source address
Destination Address

 

Extension Headers (Next Header) : Hop-by-hop (0), Routing (43), Fragment (44), ESP (50), AH (51), Destination Options (60), No Next Headers (59)

* Hard rule: If hop-hop is used, it should directly follow IPV6 header.

- NDP’s PnP Features: Router discovery, prefix discovery, parameter discover, address auto-config, address resolution (L2->L3), next-hop discovery (router or local n/w), Neighbor unreachability detection, Duplicate address discovery, Redirects.

ICMPv6 (protocol val = 58) is used for NDP. NDP messages are always link-local in scope and hop-limit is set to 255

RA: type 0, code 134, Source = Originator, Dest = unicast/ FF02::1 (all nodes m/c)

M – Managed address – stateful (DHCPv6) /stateless

O – Other stateful options

Router Lifetime: set to 0 if the router is not a default gateway

Reachable time: Instructs the host of neighbor reachability duration

Retransmit time: Instructs host of NS messages retransmit interval

Options: Link-layer i/f address, MTU, prefix info

—-

RS: type 0 , code 133, Source = Originator/ ::/128(no ip yet), Dest = FF02::2 (all routers )

——–

NS: type 0, code 135, Source = originator/ ::/128 (DaD), Dest = unicast/ Solicited-node m/c

—-

NA: type0, code 136, Source = originator, Dest = unicast/ FF02::1(announce new IP)

R- Router, S-solicited, O- override
—-
Redirect: type 0. code 137, source= router sending the redirect, Dest = unicast

Target = Better next hop, Dest = dest n/w for which target is the better next-hop

Options: set using TLVs ; Values = src-link address, target-link address, prefix-info, redirected header, MTU etc.

NDP Cisco configurable options:

ipv6 unicast-routing : automatically send RA on b/c media

ipv6 nd ra interval etc to influence the default settings

Address Auto-configuration: Prefix + mac-to-eui64 0xFFFE is inserted in the middle of the 48 bit mac and the 7^th bit U/L is flipped to 1 (Universal)

Duplicate Address Detection:

1. New address is classified “tentative”
2. NS -> Dest = Solicited-node m/c address : FF02:0:0:0:0:1:FF::/104

Src = ::/128, target = new address

1. Conflict => NA to NS requestor

Neighbor address resolution: DNS query -> <- response with /128 bit address, identifies if it is a link-local address or not (in which case it sends it to the router – known from RA).

1. looks up neighbor cache, if absent
2. enters the address, marks it INCOMPLETE
3. sends a NS to the solicited node m/c of the target
4. If there is no NA for 3 NS queries, resolution fails. Else the neighbor cache is updated, status : REACHABLE

Privacy addresses: RFC 3401 – to prevent users from being tracked, pseudo random i/f ID

Neighbor cache states: INCOMPLETE, REACHABLE, STALE (reachability time expired), PROBE (to re-establish reachability) sent after a DELAY

Neighbor Unreachability Detection: Two way confirmation – Either upper layer hints or NS in response to a NA or RA (with “s” set)

Jeff Doyle -Vol 1: Chapter 1 Notes, TCP/IP basics

TCP/IP:

5 Layers in contrast to 7 Layer OSI: Physical, Data-link, Internet, Host-to-Host, & Application

Physical+Datalink = N/w i/f layer: Defines the Electrical/Optical Protocols, Mechanical Protocols,

Functional protocols, Procedural Protocols

IP Flags: 010 – DF, 001 – More fragments, 000 – End of fragments

Options: Strict source routing, Loose source routing, Record route, Timestamp route
ToS: 3 bit Precedence, 5 bit ToS. Now mostly used as 6 bit DSCP , 2 bit ECN (11)

Misc:
ARP – cisco default timeout = 4hrs,
PROXY-ARP – default enabled per interface
GRATUITOUS ARP- default disabled per interface – used for duplicate address detection
IP redirect enabled by default.
Max size of IP packet: 65535 octets

Jeff Doyle -Vol 1: Chapter 6 Notes, RIPv2/RIPng

 

Concepts:

RIPv2: Extensions to RIP: subnet masks, hop-count, external route-tags
authentication, uses multicast (224.0.0.9)

Compatibility: RIPv2 accepts v1 messages. RIPv1 discards the update if ver = 1 & unused fields are set. If ver > 1, then the unused field bits are ignored and the rest of the update is processed. Compatibility is set both in the RIP process and at the interface level

router rip –> Send and receive only V1 updates

version 1

router rip –> Send and receive only V2 updates

version 2

router rip –> Default Send only V1 but recieve V1 and V2

at the interface: ip rip send version 1 2

ip rip receive version 1 2

Authentication: The first route entry in the message is replaced with Authentication parameters. ID’ed by setting : Family address 0xffff; route-tag 2 (clear-text)/3 (md5 -purely Cisco, non-rfc)

 

———–xxx———-

RIPng: m/c address ff02::9, UDP 521, uses IPV6 Auth headers (AH/ESP)

RIPng uses a special message for the next-hop. All routes following which, uses it, until a new next-hop message is seen.

Configuration:

RIPv2

Enabling rip version 2 causes updates to be multicast. If the v2 update needs to be sent to a V1 router, other than by using the interface send/receive command (for eg if split horizon prevents a V1 send/receive enabled router to update a V1 only router). solution:

router rip

neighbor <ip of V1 only Rtr>

or

interface <broadcast segment>

no ip split-horizon

 

Summarization: Default behaviour – summarize networks to the interface subnet. In RIPv2, this can be disabled to send the subnnet mask with the update by:

router rip

no auto-summary

 

Authentication:

simple

(config)#key chain MyKeyChain

(config-keychain)#key 1

(config-keychain-key)#key-string test1

(config-if)#ip rip authentication mode md5

(config-if)#ip rip authentication key-chain MyKeyChain

 

Key Management (Used to roll-over the password)

(config)#key chain MyKeyChain

(config-keychain)#key 1

(config-keychain-key)#key-string test1

(config-keychain-key)#accept-lifetime <hh:mm:ss> <date> <Month> duration/infinite

(config-keychain-key)#send-lifetime <hh:mm:ss> <date> <Month> duration/infinite

RIPng:

Configured with a single interface command:

interface fa0/0

ipv6 enable Multiple such processes can be enabled per interface.

ipv6 address <>

ipv6 rip MyProc1 enable Inserts a “ipv6 router rip MyProc1″ into the global running config.

ipv6 rip MyProc2 enable

No 2 processes should use the same UDP ports on the same i/f

ipv6 router rip MyProc1

port 527 multicast ff02::9

Parameter Customization:

ipv6 router rip MyProc1

timers <update> <invalidate> <holddown> <flush>

maximum-paths <1-64> ; default 16 equal-cost paths

distance <AD> ; changes the value of the AD for this process locally.

 

Metrics: Unlike v1/v2, where the hop-count to an update (inbound or out) could be changed by using an offset-list, in ‘ng’ the hop-count can only be changed for all updates on an incoming interface. By default, the process increments the metric by 1.

At an interface: ipv6 rip MyProc1 metric-offset 3

 

Summarization: IPv6 => subnetting happens in the network bits

at an interface: ipv6 rip MyProc1 summary-address 2001:db8:0:10::/62

 

Study Strategy

My strategy towards the CCIE is as follows:
- Complete Jeff Doyle’s TCP/IP Vol-1 by end of Feb 2008
- Complete TCP/IP Vol-2 by end of April 08
- Complete Cisco Lan Switching by June 08
- Complete Wendell Odom’s Official CCIE guide by mid August 08
- Take the CCIE written by August 25th
- Enroll in an online CCIE course for the Lab

For now, I am slogging through the first book. Thus far,I have used dyangen/dynamips to work through each case study/configuration and troubleshooting

exercise in the book. Dynamips is the best thing that happened to anyone interested in simulating Cisco topologies.

I normally summarize each chapter to not more than 2-3 sheets to serve me as a quick cheat-sheet. I plan to record this cheat-sheet info online, through this

blog. The purpose is so that, I can look up my notes from work during lunch as a quick revision. If it helps you as well that’s great.

If this violates any legal stuff, please let me know and I will revert to paper.

Jeff Doyle – Volume 1

I couldn’t have asked for a less auspicious start for my ccie preps. I had planned to visit India and start preps in February. Certain situations at work forced my hand to give up the vacation and save my job. I am just emerging out of the stress.

That being said, I have begun the preparation with Doyle’s TCP/IP Routing Vol – I. I am slightly over 2 weeks into it and have been able to put approximately an hour a day to study. I have completed the TCP/IP review and IPV6 Intro chapters so far.

The pace needs to be picked up. I will have to come up with a more evolved work/life balance to accommodate study time.