Notas estudo JNCIS-ENT parte 15

by

Nota: Este Post faz parte do guide de Routing.

VRRP Defined

RFC 2338

Terms and Concepts

VRRP Router
Master Router
Backup Routers
Virtual Router

VRRP Communications

VRRP version 2
Usa Multicast 224.0.0.18
Default advertisement 1 segundo
E possível usar subsecond usando o comando fast-interval (o valor pode variar entre 100-999 milisegundos)
O MAC-ADDRESS do VIP tem o formato 00-00-5E-00-01-VRID
O Master state e elegido através da priority mais alta (entre 1 -255), by default e 100
Caso o router tenha o próprio VIP configurado como IP da interface deve ser configurado a priority 255 e ativado automaticamente o preempt.
Em ambientes onde o router não tem o próprio VIP como IP é possível desativar o preempt

VRRP States

Initialize
Master
Backup
Transition – Estado apenas transitório entre Backup e Master. Neste estado não existe forwarding

VRRP Configuration

set interfaces ge-0/0/4.0 family inet addres 172.25.100.2/24 vrrp-group 10 virtual-address 172.25.100.1 priority 200

outras opções:

track
accept-data – Permite que o master responda a ICMP com destino ao VIP. Caso o master tenha o proprio VIP responde by default a ICMP
authenticatioon-type – 3 types:none,simple,MD5
authenticatioon-key
no-preempt

É possível usar o inherit da config quando existem múltiplos grupos VRRP na mesma interface física usando assim algumas das mesmas características.
Com a opcao vrrp-inheret-from as características usadas são:advertise-interval, authentication-key, authentication-type, fast-interval, no-preempt, preempt, track interface, e track route

Unified ISSU

Apenas suportado em chassis com 2 REs e com os serviços GRES e NSR activos. Ambos os REs devem executar a mesma versão de software

Para iniciar o processo deve ser executado o comando request system software-in-service-upgrade no master RE

Para verificar o estados dos FPCs após o ultimo Unified ISSU:

user@host>  show chassis in-service-upgrade
Item           Status                  Reason
FPC 0          Online
FPC 1          Online
FPC 2          Online
PIC 0        Online
PIC 1        Online
FPC 3          Offline                 Offlined by CLI command
FPC 4          Online
PIC 1        Online
FPC 5          Online
PIC 0        Online
FPC 6          Online
PIC 3        Online
FPC 7          Online

!Cancelar o processo de upgrade (unified ISSU)
user@host>  request system abort software-in-service-upgrade

 
Appendix A IPv6

Alguns dos benefícios do IPv6
More efficient routing
Quality of service (QoS)
Elimination of the NAT requirement
Network Layer security with end-to-end IPsec
Ease of management using stateless address autoconfiguration
Improved header format to reduce header overhead

O header IPv6 tem 40 bytes (fixos) e inclui os seguintes campos:

Version: 4-bit field containing the number 6, indicating IPv6
Traffic class: 8-bit field that determines the traffic priority
Flow label: 20-bit field used for QoS management
Payload length: 16-bit field indicates the size of the payload in octets
Next header: 8-bit field indicating the next encapsulated protocol
Hop limit : 8-bit field replaces the time-to-live (TTL) field in IPv4
Source address : 128 bits
Destination address: 128 bits

IPv6 Defines Six Extension Headers

As extensões possíveis no header:

Hop-by-hop options: Signifies that the options need to be examined by each node along the path of a packet
Routing: Provides a list of intermediate nodes that should be visited on the path to the packet’s destination
Fragment: Signals when a packet has been fragmented by the source
Destination options: Options examined only by the destination node , and capable of appearing twice in a packet
Authentication header: Used with IPsec to verify  authenticity of a packet
Encrypted security payload: Used with IPsec and carries encrypted data for secure communication

IPv6 Address Types

3 Tipos de endereços IPv6:
• Unicast
• Multicast
• Anycast

Prefix Notation

O RFC4291 define as ultimas regras sobre prefix notation

::/128 : unspecified;
::1/128: This prefix notation should be used for the loopback;
FF00::/8 : Multicast
FE80::/10: Local-Link

Special Addresses
Link-Local Unicast Addresses – Prefix (10bits) + SubnetID (54bits) + Interface ID (64bits)
Site-Local Unicast Addresses – Enderecos Privatos a semelhanca do RFC1918 em IPv4. Prefix (10bits) + SubnetID (54bits) + Interface ID (64bits)
Global Unicast Addresses – Enderecos roteados na Internet. FP (3bits) + GlobalRouting Prefix (45bits) + SID (16bits) + Interface ID (64bits)

Stateless Autoconfiguration

Permitir atribuir IP automaticamente sem a necessidade de DHCP.

Stateless autoconfiguration consiste em varios elementos:

• Extended unique identifier (EUI)
• Router advertisement message
• Router solicitation message
• Prefix list

Neighbor Discovery (ND)

É o processo de tracking dos neighbors no mesmo local link.
O ND é opcional nos devices IPv6.
Após o host enviar um Router Solicitation (RS) o router confirma enviando um Router Advertisement (RA) com a prefix list. O host o endereçamento no prefix-list para efectuar a autoconfiguracao

Stateful Autoconfiguration

O DHCPv6 e conhecido como stateful, definido no RFC3315

set interfaces ge1/1/0.110 family inet6 address fec0:0:0:2003::1/64

lab@mxA-1# run show interfaces terse ge-1/1/0
Interface               Admin Link Proto    Local                 Remote
ge-1/1/0                up    up
ge-1/1/0.110            up    up   inet     172.16.110.1/24
inet6    fe80::8271:1f00:6ec1:a278/64
fec0:0:0:2003::1/64

lab@mxA-1# run show route table inet6.0

inet6.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)
Restart Complete
+ = Active Route, – = Last Active, * = Both

fe80::/64          *[Direct/0] 00:02:24
> via ge-1/1/0.110
fe80::8271:1f00:6ec1:a278/128
*[Local/0] 00:02:24
Local via ge-1/1/0.110
fec0:0:0:2003::/64 *[Direct/0] 00:02:24
> via ge-1/1/0.110
fec0:0:0:2003::1/128
*[Local/0] 00:02:24
Local via ge-1/1/0.110

lab@mxA-1# run show ipv6 neighbors
IPv6 Address                 Linklayer Address  State       Exp Rtr Secure Interface
fec0:0:0:2003::2             80:71:1f:c1:c3:78  reachable   34  yes no      ge-1/1/0.110

IPv6 Multicast Address

No IPv6 o ICMPv6 é usado no multicast group management  para optimizar o tráfego multicast. Este processo é referido como Multicast Listener Discovery (MLD)

Os enderecos multicast segundo o RFC 4291:

• Solicited-node multicast addresses are for Neighbor Solicitation (NS) messages;
• All-nodes multicast addresses are for Router Advertisement (RA) messages; and
• All-routers multicast addresses are for Router Solicitation (RS) messages.

IPv6 Anycast Address

Definido no RFC 2526
Permite que o mesmo IP esteja distribuído, mas apenas um Host irá receber o tráfego

set routing-options rib inet6.0 static route 0::/0 next-hop FEc0:0:0:2003::2 preference 250

OSPFv3 Configuration Example

O processo de selecao do RID no OSPFv3 e identico ao da v2, o RID continua a ser IPv4

Monitoring OSPFv3 Operations

show ospf3 neighbor
show ospf3 interface
show ospf3 database
show ospf3 route

IS-IS Configuration

set interfaces ge1/1/0.110 family iso
set interfaces ge1/1/0.110 family inet6 address fec0:0:0:2003::1/64

set interfaces lo0 unit 0 family iso address 49.0002.1111.1111.1111.00
set interfaces lo0 unit 0 family inet6 address fec0:0:0:1001::1/128

Monitoring IS-IS Operations

lab@mxA-1# run show isis interface
IS-IS interface database:
Interface             L CirID Level 1 DR        Level 2 DR        L1/L2 Metric
ge-1/1/0.110          3   0x1 mxA-1.00          mxA-1.00               10/10
lo0.0                 0   0x1 Passive           Passive                 0/0

[edit]
lab@mxA-1# run show isis adjacency

BGP Configuration

!eBGP Peering
set protocols bgp group ext-65501 type external
set protocols bgp group ext-65501 peer-AS 65501
set protocols bgp group ext-65501 neighbor fec0:0:0:2003::2

Monitoring BGP Operations

show bgp summary

Tunneling IPv6 Traffic

Por vezes e necessário encapsular trafego IPv6 em IPv4.

Alguns dos mecanismos de transicao
•IPv4-compatible addressing
•Configured tunnels
•6to4
•6over4

!Site A
set interface gr-0/0/0.0 tunnel source 172.16.110.1 destination 172.16.110.2
set interface gr-0/0/0.0 family inet6 address fec0:0:0:1000::1/126
set routing-options rib inet6.0 static route fec0:0:0:2000::/64 next-hop gr-0/0/0.0
set routing-options rib inet6.0 static route fec0:0:0:1001::/64 next-hop gr-0/0/0.0

!Site B
set interface gr-0/0/0.0 tunnel source 172.16.110.2 destination 172.16.110.1
set interface gr-0/0/0.0 family inet6 address fec0:0:0:1000::2/126
set routing-options rib inet6.0 static route fec0:0:0:2000::/64 next-hop gr-0/0/0.0
set routing-options rib inet6.0 static route fec0:0:0:1001::/64 next-hop gr-0/0/0.0

Referências:

Notas estudo JNCIS-ENT parte 1

Notas estudo JNCIS-ENT parte 2

Notas estudo JNCIS-ENT parte 3

Notas estudo JNCIS-ENT parte 4

Notas estudo JNCIS-ENT parte 5

Notas estudo JNCIS-ENT parte 6

Notas estudo JNCIS-ENT parte 7

Notas estudo JNCIS-ENT parte 8

Notas estudo JNCIS-ENT parte 9

Notas estudo JNCIS-ENT parte 10

Notas estudo JNCIS-ENT parte 11

Notas estudo JNCIS-ENT parte 12

Notas estudo JNCIS-ENT parte 13

Notas estudo JNCIS-ENT parte 14

Leave a Comment

Translate »
Google no longer supports Google Images API and this plugin can't work.

You can try to use other plugins with the same feature:
WP Picasa Box - http://codecanyon.net/item/wp-picasa-box/16099962
WP Pixabay Search And Insert - http://wpclever.net/downloads/wordpress-pixabay-search-and-insert