CCIE R&S Written , My Notes

cciie111

I Passed CCIE R&S written today and¬†i want to share you my notes which is “hard” & “important” to remember , of course this isn’t enough to study and pass the exam , you need to read CCIE RS certification guide and read several RFCs at minimum.

Here we go ūüôā

Multicast

  • Pim protocol ID = 103
  • IGMP Protocol id = 2
  • IGMPv3 report messages is sent to 224.0.0.22
  • IGMPv2 reports messages is sent to group address
  • IGMPv3 in ISM mode supports include and exclude , in SSM mode only include
  • MSDP Peers is connected Via TCP
  • If MSDP neighbors is in meshgroup RPF isn’t performed
  • FF00::/8 IPV6 Reserved multicast address range
  • Only sparse mode is supported on IPV6 Multicast
  • MLD2 supports SSM Like IGMPv3
  • Last 23 bit of ip address is used while multicast IP To mac Address mappoing , covert ip to binary and binary to hex then.
  • Only BSR is supported on IPV6 , no Auto-rp
  • PIM type field messages , 0 is hello
  1. Register
  2. Register-stop
  3. Join/Prune
  4. Bootstrap
  5. assert
  6. graft
  7. graft-ack
  8. Candidate-RP Advertisement
  9. state-refresh

QOS

  • DSCP = First 6 bit
  • IPP = First 3 bit
  • FRR DE = 1 bit
  • MPLS EXP = 3 bit
  • COS = 3 bit
  • Best effort = DSCP 0
  • EF = DSCP 46
  • LLQ Policing is working during congestion
  • Bandiwdth remaining X command = interface bandwitdth – LLQ BW
  • CBWFQ/LLQ supports 64 queues
  • CBWFQ isn’t supported on sub interfaces
  • WRED Prevents TCP Syn problem
  • WRED can’t be applied to the voice Queue.
  • ON WRED packet drop probabillity is based on , minimum threshold , maximum threshold and mark probability denominator , if the average queue depth is above the minimum threshold , RED starts packet dropping , if denominator is 100 , every 100 packet is being dropped , when the average queue will be at maximum threshold. When the average queue will be above of max threshold all packet is being dropped
  • Shaping Formula – Tc=Bc/CIR -> Bc=Tc x CIR
  • Tc in Shaping = Interval per second
  • Bc in shaping = amount of bits that could be send during Tc
  • Be in shaping = Amount of bits over Bc that could be send during Tc during idle period
  • AIR in shaping = interface port speed
  • CIR in shaping = Bc/Tc Average speed ( shaping rate )
  • Shaping on egress
  • Policing on ingress
  • IN Policing when packet is dropped , no tokens are removed from bucket
  • CAR Policing isn’t supported on , Fast etherchannel , Tunnel , PRI and CEF unsupported interfaces
  • Single tocken bucket is used when no violate-action is configured on policing , two bucket system used when violate-action is specified
  • GTS and class-based shaping using WFQ by default
  • GTS isn’t supported on PPP Multilink inteface
  • Adaptive traffic-shaping isn’t supported on class-based shaping
  • DCEF must be enabled before DTS
  • FRTS At pvc Level
  • On 3560 QOS , 2 ingres queue , Q2 is priority Queue by default
  • on 3560 QOS , 4 egress Queue , Q1 is priority Queue by default
  • on 3560 QOS , Shaped round robin ovverides sharing RR
  • Shared round robin formula of calculating allocated bandiwth ,

srr-queue bandiwt share 30 (Q1)  20 (Q2) 25 (Q3) 25 ( Q4)

on 100 Mbp/s interfaces , ( 30/100×100 = 30 mbps for Q1 )

on 10 Mbp/s interfaces , ( 30/100×10 = 3 mbps for Q1 )

L2

  • On RSTP , Tc , switch starts timer to equal value to twice the hello timer
  • On RSTP , During Tc switch flushed all mac addressed associated to ports except TCN Recieving interface
  • STP BID = 8 byte
  • 12 bits are reserved for extended-system ID in 802.1D
  • ON Mst , Configuration name = 32 byte
  • On Mst , Revision number ¬†= 2 byte
  • On STP , If cost tie in root path ¬†election , switch prefers lowest upstream BID , if BID tie then Lowest PID ( Port id )
  • On STP BPDUs are send every 2 sec by default
  • RSTP Sync Proccess occurs only on P2P non edge ports
  • Inter region path selection using CST on MSTP
  • With flex link , once primary ink fails every mac addresses moved to backup link , any dummy multicast packet is sent to backup link wit all mac addresses as source
  • Protected ports prevents communication on same vlan at Layer 3
  • VTP Pruning supported only on server and client mode
  • 2 – 1001 vlans are prune eligible
  • VTPv1 in transparent inspects messages and then forwards if Domain name matchs , Not same in V2
  • ISL Frame encapsulation is 30 byte!
  • Dot.1q tag is 4 byte
  • minimal size of frame with dot.1q is 68 byte

IPV6

  • FC00::/7 – Unique Local Addresses
  • 2001:/3 – Global unicast
  • FF00::/8 – Multicast
  • FE80::/10 – Link-Local
  • Router advertisements is disabled by default on ISATAP Tunnels , can be enabled with command no ipv6 nd suppress-ra
  • OSPF Multicast address = FF02::5 , FF02::6
  • EIGRPv6 Multicast address = FF02::A
  • IPv6IP Tunneling protocol id = 41

SNMP

  • SNMPv3 supports DES Encryption , in “Fututure” AES will be supported¬†
  • SNMP Using UDP 161/162 ports

Security

  • On ZBF , self zone by defaut in/out traffic is allowed
  • ON ZBF , Self zone doesn’t supports Application inspection
  • CBAC Session logging can be enabled via audit trails
  • Reflexive ACL Doesn’t supports protocol inspection , only TCP/UDP apps
  • Port security default violation is shutdown
  • ACL log-input keyword gives us src and dst mac & ip address logging opportunity

IOS Services

  • RMON’s has two components , Alarm and Event
  • HSRP Uses multicast on UDP 224.0.0.1 at port 1985
  • Netflow common versions , 5,9
  • On Outside to inside NAT , Routing and then inspection occurs after translation
  • VRF definition command enables multiprotocol VRF
  • GRE Protocol ID = 47
  • IPinIP protoco ID = 4
  • IPv6IP protocol id = 41
  • Tacacs using TCP port 49
  • Radius Using UDP port 1645/1812 for auth , UDP 1646 / 1813 for accounting
  • On BVI , in CRP mode Routers can bridge or route , not both at same time , But IRB allows you to Route and bridge same protocol stack on same interface.
  • On PBR , set ip next-hop verify-availability command checks if neighbor is in cdp peer and then forwards if match in table
  • Cron Timers , ” ***** ” , When zero 0 Value is issued , next timer is proccesed insead of zero 0 value place
  1. Min 0 – 59
  2. Hour 0 – 23
  3. Day of month 1 – 31
  4. Month of year 1 – 12
  5. Day of week 0 – 6 ( 0 is sunday )

Routing

  • EIGRPv6 process is disabled by default , must be enabled with no shutdown command
  • RIPng using UDP 521 port , Multicast FF02::9
  • On RIP , UDP Port 520 for transport
  • RIPv1 updates sent as broadcast
  • RIPv2 updates sent as multicast ( 224.0.0.9)
  • On RIP , Update time = 30 Sec
  • On RIP , Invalid time = 180 Sec
  • On RIP , holdown time = 180
  • On RIP , Flush time = 280
  • On RIP , metric 16 is infinite
  • On RIP , offset-list filtering ACL 0 means all routes
  • On RIP , ip rip triggered¬†sends updates only if changes occurs in databes
  • On RIP , rip source validation accepts updates only from same subnet , can be disabled by no validate-update-source command
  • EIGRP Protocol id ¬†= 88
  • EIGRP Multicast addr = 224.0.0.10
  • EIGRP Hello interval on NBMA – 60
  • EIGRP Hello inverval on broadcast = 5
  • EIGRP Holdtime on NBMA = 180
  • EIGRP Holdtime on broadcast = 15
  • On EIGRP , By default eigrp using 50% of interface bandiwth.
  • On EIGRP , If feasible distance * varience > FS , load balancing occurs ¬†( Only FS are load balancing candidates
  • On EIGRP , if no fs is in neighbor table , Query mesage is sent when router lost route
  • On EIGRP , Query messages is suppresed by stub and summarization.
  • On EIGRP , Summared routes default AD is 5
  • On OSPF , IF ¬†Forwarding address is suppressed while translation from type 7 to type 5 lsa , traffic s forwarded through ABR!
  • On OSPF , Point-to-multipoint , hub changes next hop itself when advertising one route from spoke to another spoke , and installs /32 spoke routes on each router.
  • On OSPF , DR / BDR is elected only on BROADCAST & non-broadcast network type links
  • On OSPF , if p2p or p2m familly intetface is connected to non p2p or p2m famllly networks , neighborship comes up and LSA’s wil be exchanged but routes not installed into RIB
  • On OSPF , Hello interval on P2P & Broadcast = 10
  • On OSPF , Dead interval on P2P & Broadcast = 40
  • On OSPF , hello interval on P2M , P2M-NB , & Non-broadcast = 30
  • On OSPF , Dead interval on P2M , P2M-NB , & Non-broadcast = 120
  • On OSPF , Point-to-multipoint Non-broadcast is same as P2M but sends ellos as unicast and allows per VC Cost configuration on FRR
  • On OSPF , Loopback network-type is advertised as /32 , can be disabled with ip ospf network point-to-point command
  • On OSPF , IF Multiple ABR’s exist , ABR with higher RID will be elected as LSA type 7 to 5 translator
  • On OSPF , Default redistribute sed metric is 20
  • On OSPF with MPLS , If router runs VRF – Lite router thinks it’s PE router and checks DN-bit in ospf which is set to T3 LSA by default , we can solve it with command capability vrf-lite or set different domain-id on each PE’s which advertise T5 LSA , or simply we can configure sham-links which gives us intra-area routes on CE’s.
  • BGP Denies ospf external routes by default
  • EBGP Routes is allowed to redistribute into IGP , IBGP routes is denied by default
  • On BGP , 4 byte ASN’s on old BGP Speakers are send AS dot numbers encoded as ASN (23456)
  • On BGP , Private ASes is 64512-65535
  • On BGP , Localy originated routes have weight 32,768
  • On BGP , TTL-Security can’tbe configured with peer when already had configured ebgp-multihop
  • On BGP , in RR’s non-clients learned routes isn’t advertised to non-clients
  • On BGP , OSPF External routes osn’t redistributed into BGP by defaylt , special keyword is requried “internal , external” under redistribute statement
  • On BGP , When redistributing from IGP to BGP , metric is automaticaly copied to MED
  • BGP Community – NO-EXPORT = Don’t advertise route to EBGP Peers
  • BGP Community – NO-ADVERTISE = Don’t advertise route to any peers.
  • BGP Community – LOCAL-AS = Don’t Advertise route outside of AS
  • On MPLS , 4 byte header used in MPLS
  • LDP Neighbor discovery to UDP port 646 to 224.0.0.2

Frame Relay

  • inverse-arp Request can be disabled with no frame-relay inverse-arp command , Reply can’t be ¬†disabled
  • InARP Is disabled when static mapping is configured , and dynamic maping is overided by static entrys
  • If 0.0.0.0 is in frame relay mapping table , it means auto-install is failed and can’t get configuration from tftp
  • auto-install happens when routers doesn’t have configuration in NVRAM
  • Frame relay gets address and TFTP information Via BootP
  • Ansi and Q933a LMI Types listens for messages on DLCI 0 , CISCO LMI Type listens on DLCI 1023

PPP

  • Once neighbors negotiate IPCP , Router adds each others /32 routes into RIB , Can be disabled this behaviour with no peer neighbor-route command
  • PAP Auth – Clear text usr , clear text pass
  • CHAP Auth – Clear text usr , MD5 hashed pass
  • PPP Adds 8 bit on PPPoFR
  • in PPP , Dialer persisten means that circuit is always up

Hope this helps.

Aaand my long time journey is starting here , moving to lab ūüôā

Advertisements