Posted in CCIE R&S, IP Services on Jul 22nd, 2009
The DHCP Information option (Option 82) is commonly used in metro or large enterprise deployments to provide additional information on “physical attachment” of the client. Option 82 is supposed to be used in distributed DHCP server/relay environment, where relays insert additional information to identify the client’s point of attachment.... [Read the rest of this entry -->]
Posted in CCIE R&S, IP Services on May 3rd, 2009
A question on GroupStudy gave me an idea for the short post dedicated to explaining the use of DHCP “import all” command. The command first appeared in IOS 12.2T. It allows importing certain DHCP information learned from some external source, such as another DHCP server. This is helpful in reducing the amount of configuration needed in large hub-and-spoke networks, where spokes use centralized servers (e.g. WINS, DNS, TFTP). Instead of configuring the repetitive settings in every spoke router, you may import them by requesting an IP address for the router via DHCP. More than that, any change in central configuration could be easily imported in the remote routers, using DHCP address refresh. Here is how it works:... [Read the rest of this entry -->]
Posted in CCIE R&S, IP Services on Nov 26th, 2008
Here is a small task that illustrates how combining a few technologies may result in interesting solution. ... [Read the rest of this entry -->]
Posted in Advanced Security, CCIE R&S, CCIE Security, IP Services, Security on Nov 5th, 2008
Fragmented IPv4 traffic may cause you a lot of problems in real life. Not only it increases the load on router CPUs, but also impacts applications performance (e.g. TCP needs to re-send the whole packet on a single fragment loss). In addition to that, traffic fragmentation is used in numerous network attacks, allowing an attacker to bypass firewalls or IDSes in some situations. Due to all these reasons, you may want to avoid fragmentation at all and/or ensure your network is insulated from fragmented packets. Unfortunately, there are cases when using IPv4 fragmentation is unavoidable. ... [Read the rest of this entry -->]
Posted in CCIE R&S, CCIE Workbooks, IP Services on Oct 19th, 2008
More updates have been posted to the IP Services section of the CCIE Routing & Switching Lab Workbook Volume 1 Version 5.0. The following topics are now available:... [Read the rest of this entry -->]
Posted in CCIE R&S, CCIE Workbooks, IP Services on Oct 4th, 2008
For those of you eagerly awaiting updates to the new IEWB-RS Volume 1 Version 5.0 labs you’ll be happy to know that a partial release of the IP Services section is now posted. The following topics in IP Services are now available for download on the members site:... [Read the rest of this entry -->]
Posted in CCIE R&S, IP Services on Jul 15th, 2008
Look at the following NAT scenario (thanks to Huan Pham on Groupstudy for the example). R2 is configured to translate R1 Loopback0 IP address to one of it’s own Loopback0 IP addresses:... [Read the rest of this entry -->]
Posted in CCIE R&S, IP Services on Apr 24th, 2008
GLBP, an acronym for Gateway Load Balancing Protocol, is a virtual gateway protocol similar to HSRP and VRRP. However, unlike its little brothers, GLBP is capable of using multiple physical gateways at the same time. As we know, a single HSRP or VRRP group represents one virtual gateway, with single virtual IP and MAC addresses. Only one physical gateway in a standby/redundancy group is responsible for packet forwarding, others remain inactive in standby/backup state. If you have R1, R2, R3 sharing the segment 174.X.123.0/24 with the physical IP addresses 174.X.123.1, 174.X.123.2 and 174.X.123.3 you may configure them to represent one single virtual gateway with an IP address 174.X.123.254. The physical gateway priority settings will determine which physical gateway takes the role of the active packet forwarder. The hosts on the segment will set their default gateway to 174.X.123.254, staying isolated of the physical gateway failures.... [Read the rest of this entry -->]
Posted in CCIE R&S, IP Services on Feb 15th, 2008
Quite many people don’t pay attention to the difference in handling packets on interfaces configured for NAT inside and outside. Here is an example to demonstrate how NAT “domains” interact with routing. Consider three routers connected in the following manner:... [Read the rest of this entry -->]
Posted in Advanced Security, CCIE R&S, CCIE Security, IP Services, Security on Feb 13th, 2008
Cisco IOS has a special feature called local policy routing, which permits to apply a route-map to local (router-generated) traffic. The first way we can use this feature is to re-circulate local traffic (and force it re-enter the router). Here’s an example. By default, locally-generated packets are not inspected by outgoing access-lists. This may cause issues when local traffic is not being reflected under relfexive access-list entries. Say with configuration like that:... [Read the rest of this entry -->]
