Random Networking Stuff
Classfull Network IP address
- 128 bit
- Link local. Prefix fe80::/10
When setup IPSec, you need to define IKE. In Palo Alto, device to setup VPN called IKE gateway.
Version of IKE:
1. IKEv1 (phase 1, phase 2 process)
2. IKEv2 (less bandwidth, because less message during exchange)
IKEv2 has benefit can do NAT-Traversal.
IKE phase-1 (IKE crypto profile) parameters:
IKE phase-2 (IPSec crypto profile) parameters:
When VPN IPSec Traffic passed NAT device in the middle, it make sure port doesn’t change. So it will use source and port address 4500 (ESP). The hash will check if source and port address remain same. If change, then traffic will be dropped.
ESP encrypt IP payload (layer 4–7).
VPN device changes port 500 to 4500 ?
Injecting default-route to BGP neighbor
1. default-information originate + redistribute static (or any dynamic routing protocol having the default route — you may filter only the default route)
2. network command but must make sure the default route is present in the routing table
3. Another way of advertising a default route to a specific BGP neighbor is by issuing the neighbor default-originate command. This method does not require the presence of the 0.0.0.0/0 network in the routing table of the advertising router.
The configuration of the default-information originate command in BGP is similar to the configuration of the network (BGP) command. The default-information originate command, however, requires explicit redistribution of the route 0.0.0.0. The network command requires only that the route 0.0.0.0 is present in the Interior Gateway Protocol (IGP) routing table. For this reason, the network command is preferred. https://community.cisco.com/t5/routing/bgp-default-information-originate/td-p/772779
BGP Path Selection
- > Weight (Cisco proprietary). Default 0. Own route 32768.
- > Local Preference. Default 100.
- Network/Redistribute > Aggregate
- < AS Path (route-map out)
- < Origin (IGP<EGP <Incomplete)
- < MED/metric (route-map out)
- eBGP > iBGP
- Oldest (if both eBGP)
- < RouterID
BGP AS Number
- Everytime route flapped, it got penalty 1000. Until it exceeded the limit of penalty, router would mark that route to not advertised to any neighbor.
- Once stable, the cumulative number reduced. Once reach reuse value (750), the route would be advertised again
- only for routes learned from eBGP
Solution of flapping routes: summarization of route, or BGP dampening
BFD (Bidirectional Forwarding Detection)
- For any routing protocol
OSPF Network Types
Spanning Tree Protocol (STP)
The reaction of switches are :
When a switch does not get expected Hello within Hello time, it continues to work as normal and wait until MaxAge time.
Switch waits for MaxAge time if Hello BPDU is received within MaxAge time, switch consider it as some delay in network and continues as before. If not then switch start changing their topology.
Now the status of different ports may change according to new topology adopted by STP. Ports may change their status from forwarding to blocking and vice-versa. But this port status process changing does not do immediately, it goes through two intermediate states i.e, Listening and Learning states.
The change of state from blocking to forwarding along with intermediate listening and learning state is bounded by the time of Forward Delay.