Wednesday 31 August 2016

EIGRP - Part 5

EIGRP Security

Routing protocol use to forward our internal traffic towards of external areas, which all are going through public network. If we don't use any authentication on routing protocol than someone try to form an routing protocol adjacency with one of your router and try to mess your network.

EIGRP support MD 5 authentication, there is no plain text authentication.

What does authentication offer us?

1.) Ignore unwanted/unauthorized routing update.
2.) Your router will authenticate the source of each routing update packet that it will receive.

 In order of configure MD 5 authentication, we need to do following:

1.) Configure a Key-chain
       A.) Configure a Key ID under the Key-chain
              a.) Specify the Password for Key ID
             
Let's start to configure EIGRP authentication:

 

Configure IP address as per scenario.
Configure EIGRP routing on both router.

First Verify authentication of both router's serial interface using this command:

Router# show ip eigrp interface detail

 "Authentication mode is not set"

Now...!! Configure authentication

First create key-chain

Router(config)# key-chain india
Router(config-keychain)# key 2
Router(config-keychain-key)# key-string rajasthan
Router(config-keychain-key)# exit

Apply this key-chain on interface:

Router(config)# interface serial 1/0
Router(config-if)# ip authentication mode eigrp 2 md5  (2 is AS number)
Router(config-if)# ip authentication key-chain eigrp 2 india
Router(config-if)# exit

Now...!! again check authentication.

And verify  key-chain:

Router# show key chain | india

 

EIGRP - Part 4

EIGRP Frame Relay

         If you are not familiar with frame relay technology than read  frame relay post. We are very clearly know that frame relay is NBMA network means it unable to send multicast traffic.
    
         NBMA network do not support broadcast and multicast traffic, so a single packet cannot reach all destinations. This require you to replicate the packet manually to all destinations. Using the Broadcast keyword is simplified way to forward routing updates. The Broadcast allows IPv4 broadcast and multicast to be propagated to all nodes. It also allows IPv6 multicast over a PVC.
When the keyword is enabled, the router converts broadcast and multicast packet into unicast traffic so that other nodes receive the routing update.

  Now...lookup the scenario..

 


Also in this scenario, we are use EIGRP means advanced distance vector protocol, Split-horizon
 rule is enable on customer HQ, it prevent to send information back on its interface.

So avoid this issue,  use two way:
     1. Manually disable split-horizon
     2. Using Sub-interface method
             A. Point-to-point
             B. Point-to-Multipoint

EIGRP Point-to-Multipoint topology:

   In point-to-multipoint topology is sub-interface method means we can enable sub-interface on center router's serial interface and we can use single IP subnet for all PVC and But you have Split-Horizon problem.
  Configuration of Frame Relay Switch :

   Router(config)# Frame-relay switching 
   Router(config)# interface serial 0/0/0
   Router(config-if)#encapsulation frame-relay
   Router(config-if)#frame-relay lmi-type cisco
   Router(config-if)#frame-relay intf-type dce
   Router(config-if)#clock rate 128000
   Router(config-if)#no shutdown
   Router(config-if)#frame-relay route 102 interface serial 0/0/1 201
   Router(config-if)#frame-relay route 103 interface serial 0/1/0 301
   Router(config-if)#exit
   
   Router(config)# interface serial 0/0/1
   Router(config-if)#encapsulation frame-relay
   Router(config-if)#frame-relay lmi-type cisco
   Router(config-if)#frame-relay intf-type dce
   Router(config-if)#clock rate 64000
   Router(config-if)#no shutdown
   Router(config-if)#frame-relay route 201 interface serial 0/0/0 102
   Router(config-if)#exit

   Router(config)# interface serial 0/1/0
   Router(config-if)#encapsulation frame-relay
   Router(config-if)#frame-relay lmi-type cisco
   Router(config-if)#frame-relay intf-type dce
   Router(config-if)#clock rate 64000
   Router(config-if)#no shutdown
   Router(config-if)#frame-relay route 301 interface serial 0/0/0 103
   Router(config-if)#exit

Configure the Frame relay Endpoint:

   On Center Router:
  
   Router(config)# interface serial 0/0/0
   Router(config-if)# encapsulation frame-relay 
   Router(config-if)#no shutdown
   Router(config-if)#exit

   Router(config)# interface serial 0/0/0.123 multipoint
   Router(config-subif)#ip address 192.168.10.1 255.255.255.0
   Router(config-subif)#frame-relay map ip 192.168.10.2 102 broadcast
   Router(config-subif)#frame-relay map ip 192.168.10.3 103 broadcast
   Router(config-subif)#no shutdown
   Router(config-subif)#exit

   
On Branch office 1

   Router(config)# interface serial 0/0/0
   Router(config-if)#encapsulation frame-relay
   Router(config-if)#no shutdown
   Router(config-if)#exit

   Router(config)# interface serial 0/0/0.201 multipoint
   Router(config-subif)#ip address 192.168.10.2 255.255.255.0
   Router(config-subif)#frame-relay map ip 192.168.10.1 201 broadcast
   Router(config-subif)#no shutdown
   Router(config-subif)#exit
   
On Branch Office 2

 
  Router(config)# interface serial 0/0/0
   Router(config-if)#encapsulation frame-relay
   Router(config-if)#no shutdown
   Router(config-if)#exit

   Router(config)# interface serial 0/0/0.301 multipoint
   Router(config-subif)#ip address 192.168.10.3 255.255.255.0
   Router(config-subif)#frame-relay map ip 192.168.10.1 301 broadcast
   Router(config-subif)#no shutdown
   Router(config-subif)#exit

Verify Frame Relay Configuration:
  Router# show frame-relay lmi (show VC status)
  Router# show frame-relay map (show mapping address and vc status)
  Router# show frame-relay pvc (show all pvc )

Now......!! Configure EIGRP 

   On Center router

      Router(config)#interface loopback 1
      Router(config-if)# ip address 1.1.1.1 255.255.255.0
      Router(config-if)#exit

       Router(config)# router eigrp 1
       Router(config-router)# no auto-summary
       Router(config-router)# network 192.168.10.0 0.0.0.255
       Router(config-router)#network 1.1.1.0 0.0.0.255
       Router(config-router#exit

On Branch Office 1
   
       Router(config)# interface loopback 1
       Router(config-if)# ip address 2.2.2.2 255.255.255.0
       Router(config-if)# exit

       Router(config)# router eigrp 1
       Router(config-router)# no auto-summary
       Router(config-router)# network 192.168.10.0 0.0.0.255
       Router(config-router)#network 2.2.2.0 0.0.0.255
       Router(config-router#exit

On Branch Office2
   
       Router(config)# interface loopback 1
       Router(config-if)# ip address 3.3.3.3 255.255.255.0
       Router(config-if)# exit

       Router(config)# router eigrp 1
       Router(config-router)# no auto-summary
       Router(config-router)# network 192.168.10.0 0.0.0.255
       Router(config-router)#network 3.3.3.0 0.0.0.255
       Router(config-router#exit

Now If we can see on BO1 and BO2 router's routing table using "show ip route eigrp" command, than it donn't show vice-versa network. Because of Split horizon rule is enabled.

Let's solve it:

On center router:
       Router(config)# interface serial 0/0/0.123
       Router(config-subif)# no ip split-horizon eigrp 1
       Router(config-subif)# exit

Let's create two additional mapping so that BO1 and BO2 can reach each other:

On BO 1
  
        Router(config)#interface serial 0/0/0.201
        Router(config-subif)#frame-relay map ip 192.168.10.3 201 broadcast
        Router(config-subif)#exit

On BO 2
       
        Router(config)# interface serial 0/0/0.301
        Router(config-subif)# frame-relay map ip 192.168.10.2 301 broadcast
        Router(config-subif)# exit

Congrates....!! Now you can make connectivity successful between BO 1 and BO 2.


EIGRP Point-to-point :

     In EIGRP Point-to-point topology, Split-horizon rule is By default disabled But each PVC require unique IP subnet.

 Now.....Scenario..

   


  Configuration of Frame Relay Switch :

   Router(config)# Frame-relay switching 
   Router(config)# interface serial 0/0/0
   Router(config-if)#encapsulation frame-relay
   Router(config-if)#frame-relay lmi-type cisco
   Router(config-if)#frame-relay intf-type dce
   Router(config-if)#clock rate 128000
   Router(config-if)#no shutdown
   Router(config-if)#frame-relay route 102 interface serial 0/0/1 201
   Router(config-if)#frame-relay route 103 interface serial 0/1/0 301
   Router(config-if)#exit
   
   Router(config)# interface serial 0/0/1
   Router(config-if)#encapsulation frame-relay
   Router(config-if)#frame-relay lmi-type cisco
   Router(config-if)#frame-relay intf-type dce
   Router(config-if)#clock rate 64000
   Router(config-if)#no shutdown
   Router(config-if)#frame-relay route 201 interface serial 0/0/0 102
   Router(config-if)#exit

   Router(config)# interface serial 0/1/0
   Router(config-if)#encapsulation frame-relay
   Router(config-if)#frame-relay lmi-type cisco
   Router(config-if)#frame-relay intf-type dce
   Router(config-if)#clock rate 64000
   Router(config-if)#no shutdown
   Router(config-if)#frame-relay route 301 interface serial 0/0/0 103
   Router(config-if)#exit

Configure the Frame relay Endpoint:

   On Center Router:
  
   Router(config)# interface serial 0/0/0
   Router(config-if)# encapsulation frame-relay 
   Router(config-if)#no shutdown
   Router(config-if)#exit

   Router(config)# interface serial 0/0/0.102 point-to-point
   Router(config-subif)#ip address 192.168.10.1 255.255.255.0
   Router(config-subif)#frame-relay interface-dlci 102
   Router(config-subif)#no shutdown
   Router(config-subif)#exit

   Router(config)# interface serial 0/0/0.103 point-to-point
   Router(config-subif)#ip address 192.168.20.1 255.255.255.0
   Router(config-subif)#frame-relay interface-dlci 103
   Router(config-subif)#no shutdown
   Router(config-subif)#exit


   On Branch Office 1:
  
   Router(config)# interface serial 0/0/0
   Router(config-if)# encapsulation frame-relay 
   Router(config-if)#no shutdown
   Router(config-if)#exit

   Router(config)# interface serial 0/0/0.201 point-to-point
   Router(config-subif)#ip address 192.168.10.2 255.255.255.0
   Router(config-subif)#frame-relay interface-dlci 201
   Router(config-subif)#no shutdown
   Router(config-subif)#exit

On Branch Office 1:
  
   Router(config)# interface serial 0/0/0
   Router(config-if)# encapsulation frame-relay 
   Router(config-if)#no shutdown
   Router(config-if)#exit

   Router(config)# interface serial 0/0/0.301 point-to-point
   Router(config-subif)#ip address 192.168.20.2 255.255.255.0
   Router(config-subif)#frame-relay interface-dlci 301
   Router(config-subif)#no shutdown
   Router(config-subif)#exit


Now Configure EIGRP

  On Center Router:

       Router(config)# router eigrp 1
       Router(config-router)# no auto-summary
       Router(config-router)# network 192.168.10.0 0.0.0.255
       Router(config-router)# network 192.168.20.0 0.0.0.255
       Router(config-router)# exit

On Branch Office 1

       Router(config)# router eigrp 1
       Router(config-router)# no auto-summary
       Router(config-router)# network 192.168.10.0 0.0.0.255
       Router(config-router)# exit

On Branch Office2

       Router(config)# router eigrp 1
       Router(config-router)# no auto-summary
       Router(config-router)# network 192.168.20.0 0.0.0.255
       Router(config-router)# exit

Wow....!! There is no split-horizon issue. 

 





   
   



















fdljldfjlasjdfljalsdjfljsadlf

















































 





   

   
  


     

 

      

Monday 29 August 2016

Frame Relay - Part 2

Frame Relay NBMA (Non Broadcast Multiple access )

       Non Broadcast multiple access refer of a network type where several hosts are connected. However, The data are transmitted only directly from one host to single host across the network or virtual circuit. NBMA network support broadcast and multicast traffic manually.

  NBMA is mainly employed on networks that do not have broadcast or multicast capabilities. Frame Relay, Asynchronous Transfer Mode (ATM), home power line networking, and X.25 are some common examples of NBMA network technologies.

Frame Relay is multi-access since all routers can  access the network but you are unable to send  broadcasts over the frame relay network. No broadcast also means you are unable to send multiple traffic. No multiple means you'll be in trouble with routing protocols. RIPv2, EIGRP and OSPF use multicast. Does this mean you can't use routing protocols with frame relay?

  •  OSPF and EIGRP can also use unicast instead of multicast.
  • There is a method to emulate broadcasts over your frame relay network.
In another way which type of problems we faced in frame relay and routing ? Do you remember the characteristics of distance vector routing protocols?
 
 

In this scenario I have configured EIGRP on all the routers. Router branch office 1 is sending routing information towards router customer HQ router who will store the prefix in its routing table.

 Now.. Remember ! split-horizon rule? whatever you learn from your neighbor you don't advertise back to the same interface.

We are using two PVC's but on router HQ there is still only one physical interface. Split-horizon will prevent the advertisement of routing information towards router branch office 2.

   How can we solve this problem?
  1. You can disable split-horizon (the default on physical interface)
  2. you can use sub-interface.
             In sub-interface have two method:
                 1. Point-to-point method
                 2. Point-to-multiple method
   If you use point-to-point method, it will solve your split-horizon problem but you'll need to use different IP subnet per PVC.
  
   If you use point-to-multipoint means you have the split-horizon problem but you can use a single IP subnet for all PVC.
       





 

Sunday 28 August 2016

Frame Relay

Frame Relay
         Frame relay is packet - switching telecommunication service designed for cost efficient data transmission for internet traffic between local area network and between endpoints in wide area network. This service is widely available and implemented, is in the process of being discontinued by major internet service providers.
        In frame relay environment data is travel source to destination in a virtual link safety, If multiple endpoint (destination) is available than we are assign DLCI (data link connection Identifier) number on each virtual link for identification. This circuit is also known as permanent virtual circuit(PVC).

  There are two endpoint BO1 and BO2 and each of them has same HQ.



If we are arrange all of them in Frame relay cloud than scenario is :



There, Red virtual circuit is between HQ and BO1 and blue is between HQ and BO2.

      There is no virtual circuit between BO1 and BO2, so we can not forward traffic between them.
      Each and every VC is payable, that know CIR (committed Information Rate). The main benefit  of frame relay is that when no other customers are using the frame relay network it's possible we get a higher speed than what we paid for the CIR however is a speed that is guaranteed.

  How to know  if PVC is working or not?

  Frame relay is use something called LMI stand for Local management Interface.

   

LMI has two function:
    1. keepalive
    2. PVC status (active or not)
    3. DLCI

LMI has 3 types:
    1. Cisco
    2. ANSI T1.617 Annex D
    3. ITU-T Q.933 Annex A

  WAN protocol describe the physical layer and data link layer. Frame relay use on the data link layer. it's donn't use MAC address since that's Ethernet but we do have something else called a DLCI number and its use iarp (inverse address resolution protocol) for conversation.

  Frame-relay supports multiple topologies:
    1. Full - mesh
    2. partial - mesh
    3. Hub and Spoke

 Continue read Frame relay - part 2 post....

  
     

Friday 26 August 2016

EIGRP - Part 3


EIGRP Metric value :

EIGRP select best path from source to destination base on its metric value and it is advanced distance vector protocol so is use highest bandwidth, minimum hope count and lowest cost as a metric value.


EIGRP calculate the metric value based on its least – bandwidth and its cumulative – delay. It use formulae: 


                 

                   Least – bandwidth:  a lowest-bandwidth unit –kilobits per second.
                   Cumulative- delay:  a sum of all delay values with unit: - tens of microsecond

 
   It is by default formulae, we can manually calculate metric value based on five constants, called   K-value, which are represented in metric calculation formulae as constants k1, k2, k3, k4 and k5.

   k1 = Bandwidth (10000)
   k2 = Delay (10)
   k3 = Reliability (255)
   k4 = Load (1)
   k5 = MTU (1500)

We can check router's EIGRP metric value for using this command:

   router# show ip protocols
  
Also we can change manually metric value:
    router(config)# router eigrp 1
                under this prompt set its parameters.



EIGRP Router - ID

   1. EIGRP Router ID  32-bit, which represent in dotted decimal format.
   2. Each EIGRP  router determine its RID when EIGRP process starts using the some general rule:
              A. First use highest IPv4 address on loopback interface.
              B. Second it use highest IPv4  address on physical interface.

     we can set manually router ID:
           router(config-router)# eigrp router-id 1.1.1.1