Showing posts with label Network and LAN Hacking. Show all posts

Wednesday, April 30, 2014

Fool the Network Hunters (Hackers)

Portspoof is meant to be a lightweight, fast, portable, and secure addition to any firewall system or security system. The general goal of the program is to make the information-gathering phase slow and bothersome for your attackers as much as possible. This is quite a change to the standard 5s nmap scan that will give a full view of your system’s running services.

Click Here To Read Full Article

Wednesday, July 3, 2013

Zarp - Network Attack Framework: Local Network Attack Tool

Zarp is a network attack tool centered around the exploitation of local networks. This does not include system exploitation, but rather abusing networking protocols and stacks to take over, infiltrate, and knock out. Sessions can be managed to quickly poison and sniff multiple systems at once, dumping sensitive information automatically or to the attacker directly. Various sniffers are included to automatically parse usernames and passwords from various protocols, as well as view HTTP traffic and more. DoS attacks are included to knock out various systems and applications. These tools open up the possibility for very complex attack scenarios on live networks quickly, cleanly, and quietly.

Functionality:

- Poisoners
- Parameter
- Services
- Sessions
- Scanners
- DoS Attacks
- Sniffers

Download: https://github.com/hatRiot/zarp

https://defense.ballastsecurity.net/wiki/index.php/Zarp

Sunday, June 30, 2013

SpiderFoot: Free open-source footprinting tool

"Footprinting" is the process of understanding as much as possible about a given target in order to perform a more complete security penetration test. Particularly for large networks, this can be a daunting task.

The main objective of SpiderFoot is to automate this process to the greatest extent possible, freeing up a penetration tester's time to focus their efforts on the security testing itself.

SpiderFoot is a free, open-source footprinting tool, enabling you to perform various scans against a given domain name in order to obtain information such as sub-domains, e-mail addresses, owned netblocks, web server versions and so on. The main objective of SpiderFoot is to automate the footprinting process to the greatest extent possible, freeing up a penetration tester's time to focus their efforts on the security testing itself.

Grab it from: http://www.spiderfoot.net/

New in this release, which is actually a complete re-write of the version from 2005(!): - Now runs on Windows as well as Linux, Solaris, *BSD (basically anything with Python should be fine)

Scans are even more configurable than before
All scan data stored locally in an SQLite database for querying, reporting and analysis - Many more scans/tests included (GeoIP, URL linkage, web technology, port scans...) - You can now easily extend functionality by writing your own modules in Python
Completely new user interface, which is now entirely web-based
Configuration state is stored between runs
Scanning can be remotely controlled

I hope you find it useful, and if you have any suggestions/complaints, feel free to contact me.

Monday, April 1, 2013

Cisco Type 4 Passwords cracked–Coding mistake endangers devices

Cisco has issued a security advisory intimating that its new password hashing algorithm TYPE 4 is vulnerable,which allows Cisco TYPE 4 encoded hashes to be cracked easily. TYPE 4 is an update of TYPE 5 , and was supposed to salt passwords and apply 1000 iterations of SHA-256 . Well, engineers at Cisco actually miscoded the algorithm by forgetting to salt passwords and setting the number of iterations to 1 which makes it even weaker than TYPE 5 algorithm .

“This approach causes a Type 4 password to be less resilient to brute-force attacks than a Type 5 password of equivalent complexity.”

Also, the code base (CISCO IOS 15) also disables TYPE 5 encryption on devices. Well..talk about rubbing salt on wounds.

Cisco Type 4 Passwords cracked–Coding misfire endangers hardware - - TheProhack.com

As per advisory -

"A device running a Cisco IOS or IOS XE release with support for Type 4 passwords lost the capability to create a Type 5 password from a user-provided plaintext password.Backward compatibility problems may arise when downgrading from a device running a Cisco IOS or IOS XE release with Type 4 password support and Type 4 passwords configured to a Cisco IOS or Cisco IOS XE release that does not support Type 4 passwords. Depending on the specific device configuration, the administrator may not be able to log in to the device or to change into privileged EXEC mode, requiring a password recovery process to be performed."

It was meant to be discovered inevitably. Folks at Hashcat - Philipp Schmidt and Jens Steube found it and were able to decode a hash posted at inetpro.org . Since hashes were weak, the information was more than enough to crack millions of hashes in hours if anyone gets their hands on hashes.

The aftermath ? Cisco says it will be creating new password type to counter it with new as of now unknown commands to implement it. In the meantime, Cisco says you “may” want to replace Type 4 password with Type 5 , as quoted -

There are two options to generate a Type 5 password:
Using another device running a Cisco IOS or Cisco IOS XE release without Type 4 support
Using the openssl command-line tool (part of the OpenSSL Project)

You can read the advisory here

You might also want to read -

Wednesday, March 20, 2013

Is MPLS Network Really Secure? MPLS truth revealed against security.

Is MPLS Network Really Secure? MPLS truth revealed against security.

There is a common misconception that MPLS provides some level of security.

The truth is that MPLS offers-

• No protection against misconfiguration - Human and machine errors as well as OS bugs can result in MPLS traffic being misrouted.

• No protection from attacks within the core - MPLS is vulnerable to all the traditional WAN attack vectors.

• No protection or detection of sniffing/snooping - It is impossible to detect if someone is siphoning or replicating data - there is no “alarm” that goes off if data is being stolen.

• No Data Security - The data is left in the clear and can be accessed, replicated, or used by anyone who gains access to it.

The illustration above shows the components of an MPLS header. Note the absence of any security measures within the header itself.

• The Label Value provides forwarding information used by the routers.
• Traffic Class (TC) bits are used to provide services such traffic prioritization.
• The Stacking bit (S) allows multiple labels to be used.
• TTL is a “time to live” marker to allow packets to expire.

None of these mechanisms provide security.

Also note that the original IP packet is unchanged, which means with MPLS- your data traverses a shared network in the clear.

Hackers and Data Thieves know better!

There are papers and video tutorials readily available on the Internet that provide a “cook book” approach to sniffing and redirecting MPLS traffic. Here’s what Black Hat had to say about MPLS security claims:

Providers say: Traffic streams are kept separate.
Hackers know: The mechanism used to separate traffic can also be used to identify targets of interest!

Providers say: There are controls around provisioning and management.
Hackers know: Provisioning and management are to data security what traffic lights are to bank robbers - they do not prevent data theft!

Providers say: There are gateways between the Internet and the MPLS network.
Hackers know: Traffic is not accidentally leaking out to the Internet, it is being stolen right off the MPLS backbone!

Providers say: They use Netflow/J-Flow to identify ”malicious activity”.
Hackers know: Post-event notification is not a substitute for prevention!

Why You Need to Measure Delay, Jitter and Packet Loss on Data Networks

Why You Need to Measure Delay, Jitter and Packet Loss on Data Networks

With the emergence of new applications such as voice and video on data networks, it is becoming increasingly important for network managers to accurately predict the impact of these new applications on the network. Not long ago, you could allocate bandwidth to applications and allow them to adapt to the bursty nature of traffic flows. Unfortunately, that’s no longer true because today applications such as voice and video are more susceptible to changes in the transmission characteristics of data networks. Therefore, network managers must be completely aware of network characteristics such as delay, jitter, and packet loss, and how these characteristics affect applications.

Why You Need to Measure Delay, Jitter and Packet Loss

To meet today’s business priorities and ensure user satisfaction and usage, IT groups and service providers are moving toward availability and performance commitments by IP application service levels or IP service-level agreements (SLAs).

Prior to deploying an IP service, network managers must first determine how well the network is working, second, deploy the service, such as voice over IP (VoIP), and finally, verify that the service levels are working correctly—which is required to optimize the service deployment. IP SLAs can help meet life-cycle requirements for managing IP services. To ensure the successful implementation of VoIP applications, you first need to understand current traffic characteristics of the network. Measuring jitter, delay, and packet loss and verifying classes of
service (CoS) before deployment of new applications can aid in the correct redesign and configuration of traffic prioritization and buffering parameters in data network equipment.

This article discusses methods for measuring delay, jitter, and packet loss on data networks using features in the Cisco IOS® Software and Cisco routers.

Delay is the time it takes voice to travel from one point to another in the network. You can measure delay in one direction or round trip. One-way delay calculations require added infrastructure such as Network Time Protocol (NTP) and clock synchronization and reference clocks. NTP is deployed to synchronize router clocks and also when global positioning system (GPS) or another trusted reference time is needed in the network. Accuracy of clocks and clock drift affect the accuracy of one-way delay measurements. VoIP can typically tolerate delays of up to approximately 150 ms one way before the quality of a call is unacceptable to most users.

Jitter is the variation in delay over time from point to point. If the delay of transmissions varies too widely in a VoIP call, the call quality is greatly degraded. The
amount of jitter that is tolerable on the network is affected by the depth of jitter buffer on the network equipment in the voice path. When more jitter buffer is available, the network is more able to reduce the effects of the jitter for the benefit of users, but a buffer that is too big increases the overall gap between two packets. One-way jitter measurement is possible and does not require clock synchronization between the measurement routers.

Packet loss severely degrades voice applications and occurs when packets along the data path are lost. Measuring Network Performance Key capabilities in the Cisco IOS Software can help
you determine baseline values for VoIP application performance on the data network. The ability to gather data in real time and on demand makes it feasible for IT groups and service providers to create or verify SLAs for IP applications; baseline values can then be used to substantiate an IP SLA for VoIP.

Cisco IOS Service Assurance Agent (SAA) technology is a component of an IP SLA solution and the Round Trip Time Monitor (RTTMON) MIB, which enable the testing and collection of delay, jitter, and packet loss measurement statistics. Active monitoring with traffic generation is used for edge-to-edge measurements in the network to monitor the network
performance. You can use the CiscoWorks Internetwork Performance Monitor (IPM) network management

Is Your Network Ready for Voice?

Measuring Delay, Jitter, and Packet Loss for Voice-Enabled Data Networks Your success or failure in deploying new voice technologies will depend greatly on your ability to understand the traffic characteristics of the network and then applying your knowledge to engineer the appropriate network configurations to control those characteristics.

TECH TIPS & TRAINING

Application or the IOS command-line interface (CLI) to configure and retrieve data from the RTTMON MIB, or choose from a wide selection of Cisco ecosystem partners and public domain software to configure and retrieve the data. In addition, the CiscoWorks IPM features are now also available in the WAN Performance Utility (WPU) module of CiscoWorks IP Telephony Environment Monitor (ITEM) network management software.

Deploying Delay/Jitter Agent Routers

You can measure delay, jitter, and packet loss by deploying almost any Cisco IOS device, from a
Cisco 800 Series Router on up. Two deployment scenarios are possible: You can either purchase dedicated routers for SLA measurements or use current routers within the network. Place the routers in a campus network along with hosts to provide statistics for end-to-end connections.
It is not practical to measure every possible voice path in the network, so place the dedicated routers in typical host locations to provide a statistical sampling of typical voice paths.
In the case of VoIP deployments using traditional phones connected to Cisco routers using FXS station ports, the router to which the phones are connected also serves as the delay/jitter measurement device. Once deployed, the operation collects statistics and populates Simple Network Management Protocol (SNMP) MIB tables in the probe router. You can then access the data either through the CiscoWorks IPM, or through simple SNMP polling tools and other third-party applications. Additionally, after baseline values have been established, you can configure operations to send alerts to a network management system (NMS) station if thresholds
for delay, jitter, and packet loss are exceeded.

Simulating a Voice Call

One of the strengths of using Cisco IOS SAA as the testing mechanism is that you can simulate a voice call. In Cisco IOS Software Release 12.3(4)T and later, you can configure the VoIP codec directly in the CLI and simulate a voice call. This release also includes voice quality estimates, Mean Opinion Scores (MOS), and Planning Impairment Factor (PIF) scores. Earlier versions of the Cisco IOS Software enable you to estimate a VoIP codec using the correct packet size, spacing, and interval for the measurement data and enter the appropriate parameters.

The CoS can be set on data or VoIP tests, which allows you to verify how well QoS is working in the network. Examples of how to simulate a voice call are shown below.

With Cisco IOS Software Release 12.3(4)T or later, you can use the VoIP jitter operation to simulate a test call:

rtr 1
type jitter dest-ipaddr 10.1.1.2 dest-port 14384 codec g711alaw
rtr schedule 1 start-time now

With earlier IOS releases before 12.3(4)T you can use the rtp/udp even port numbers in the range of 16384 to 32766. The user then approximates 64 kbit/s, and the packet size is 200 bytes {(160 bytes of payload + 40 bytes for IP/UDP/RTP (uncompressed) }. You can simulate that type of traffic by setting up the jitter operation as shown below.

The jitter operation accomplishes the following:

Send the request to rtp/udp port number 14384
Send 172 byte packets (160 payload + 12 byte RTP header size) + 28 bytes (IP + UDP)
Send 3000 packets for each frequency cycle
Send every packet 20 milliseconds apart for a duration of 60 seconds and sleep 10 seconds before starting the next frequency cycle

The parameters in the example above give you 64 kbit/s for the 60-second test period.

((3000 datagrams * 160 bytes per datagram)/ 60 seconds))* 8 bits per byte = 64 kbit/s

The configuration on the router would look like this:

rtr 1
type jitter dest-ipaddr 10.1.1.2 dest-port 14384 numpackets 3000 request-data-size 172**
frequency 70
rtr schedule 1 start-time now

Note that IP+UDP is not considered in the requestdata-size, because the router internally adds them to the size automatically.

Delay/Jitter Probe Deployment Example

The two routers below would simulate voice calls of 64 kbit/s every 60 seconds and record delay, jitter, and packet loss in both directions. Note that the delay calculations are round-trip times and must be divided by two to arrive at the amount of one-way delay unless NTP is implemented for one-way delay measurements.

router1# rtr responder rtr 1 type jitter dest-ipaddr 10.1.2.1 dest-port 14384 codec g711alaw
tos 160 frequency 60 rtr schedule 1 start-time now

router2# rtr responder rtr 1 type jitter dest-ipaddr 10.1.1.1 dest-port 14385 codec g711alaw
tos 160 frequency 60 rtr schedule 1 start-time now

Command-Line Data Examples

To view the results you can use the IOS show command at the command line for the jitter operation. Additionally, you can use the command-line data for real-time monitoring and troubleshooting of delay, jitter, and packet loss. For an example of the CLI output, refer to cisco.com/packet/163_4b1.

Monitoring Thresholds

You can use the CLI, CiscoWorks IPM, or the WPU in CiscoWorks ITEM to configure features and monitor data. You can use this data to manage IP SLAs that have been created for VoIP. After you have determined baseline values, you can reconfigure the jitter operations to monitor the network. When predetermined delay and jitter service-level thresholds are reached or exceeded, NMS stations will be alerted.

After you have established baseline values through the initial data collection, you can monitor the delay, jitter, and packet loss levels in the network with the embedded alarm features of Cisco IOS SAA.

The Cisco IOS SAA threshold command sets the rising threshold (hysteresis) that generates a reaction event and stores history information for the operation. Cisco IOS SAA can measure and create thresholds for round-trip time delay, average jitter, connectivity loss, one-way packet loss, jitter, and delay.

Sample Service Assurance Threshold Configuration

router1# rtr 100 rtr reaction-configuration 100 threshold-falling 50 threshold-type immediate action trapOnly

Understanding the traffic characteristics of the network before you deploy new advanced applications is the key to successful implementations. Delay, jitter, and packet loss greatly affect VoIP applications. Your success or failure in deploying new voice technologies will depend greatly on your ability to understand the traffic characteristics of the network and then applying your knowledge to engineer the appropriate network configurations to control
those characteristics.

---Do you want to share you views?? Just leave a comment here. you can also drop an email on mail@amarjit.info

Tuesday, March 19, 2013

Interview questions for fresher network engineer: Tips and Tricks for CCNA, CCNP, OSPF, BGP, MPLS-VPN | Ask all your queries online absolutely free

This is guest post from Mr.Shivlu Jain. He is running a blog related to MPLS VPN

If you have any concerns or any question related with any protocol or networking technology, you can visit his blog and just leave a comment. All you questions will be answered by professionals absolutely free.

Market is on boom and almost every company has opened its door for new positions and everyone is looking for change to grab new positions with new challenges. So make sure that you have prepared the answers for the below questions before your interview. The questions are generic and will make very good impression on interviewer if you answer them in organised and structured manner. The depicted IGP interview questions are for CCNA and CCNP engineers.

1. Difference between RIPv1 and RIPv2?

2. How many number of routes carried by RIP packet?

3. Is OSPF link state or distance vector or path vector protocol?

4. What is the difference between OSPF and IS-IS and which one is preferred?

5. Can we use BGP instead of any IGP?

6. How many network types available in OSPF?

7. Different type of Link State Advertisements aka LSA?

8. LSA 3 and LSA 4 are generated by which router?

9. When to use Stub and Not So Stubby Area?

10. How to get the external routes without making area Not So Stubby?

11. What is the different type of route summarization available in OSPF?

12. What is the requirement of doing summarization?

13. A major network is advertised as summary in one area and few of the routes from that network is configured in another area. What will happen in that case?

14. If any of the OSPF area is not stabilized, does it impact another area?

15. What is the use of forwarding address in LSA 5 and LSA 7?

16. External routes are available in OSPF database but not installing in routing table?

17. If loopback is not configured, what will be the router-id selected by OSPF process?

18. Can we run multiple OSPF process in single router and what is the advantage of using it?

19. What are timers of OSPF?

20. Multicast address of used by OSPF.

21. OSPF works on which layer?

22. What is backbone area in OSPF?

23. Can we use OSPF without backbone area?

24. Is it required that OSPF router-id must reachable in IGP cloud?

25. After configuring new router-id, automatically it will be used or do we need to use some type of command to get it operational.

26. Why the secondary ip address of interface is not advertising in IGP cloud?

27. OSPF neighbourship is not coming up. Please tell the various steps to troubleshoot it.

28. One side MTU is 1500 and another side MTU is 1600. Does it affect neighbourship?

29. Provide process of DR and BDR election.

30. If DR is down and no BDR is configured what will happen?

31. What is the difference between a neighbor and adjacent neighbor?

32. My OSPF neighbourship is showing 2-way, what does it mean?

33. Define different type of OSPF neighbor states?

34. OSPF external routes are not redistributing?

For more CLICK HERE

Wednesday, January 2, 2013

OSPF Vs EIGRP : Which Routing Protocol To Select?

Most of the times, network administrators and planning guys look forward to understand which routing protocol are best to deploy for their network. The selection criteria between OSPF and EIGRP based on the below points:-

1. Between OSPF and EIGRP which one is the best to deploy and why?
2. Which protocol converges faster and highly available?
3. Which protocol uses fewer resources?
4. Which protocol is easier to deploy and operate?
5. Which protocol is easier to understand and configure?
6. Which protocol is easier to scale in large network?
7. Which protocol is more scalable and easy to adopt changes?

Every protocol has its own merits and de-merits. Between OSPF which is a link state routing protocol in its own area and becomes a distance vector routing protocol from one area to another and EIGRP is a distance vector routing protocol, In fact, its not a pure DV routing protocol.

Convergence speed depends on the number of routers and routes involved in the network. The more the number, less the convergence time. Convergence speed depends on various attributes defined in Fast Convergence Tools.

At broader level below are few points which can be used as high level to understand the protocol at its best:-

1. EIGRP uses metric based on bandwidth, delay, reliability, load and MTU whereas OSPF uses interface cost which is inversely proportional to bandwidth. EIGRP is considered as best in terms of selecting the path on different attributes.
2. EIGRP is proprietary to CISCO whereas OSPF is based on OPEN Standard.
3. EIGRP sends hop by hop query when feasible successor is not found whereas OSPF syncs its LSA(LSA1, LSA2, LSA3, LSA4 and LSA5) database whenever there is change in network topology. EIGRP is considered as best as it minimizes the routing information.
4. EIGRP is simpler to understand whereas OSPF has lot of things to understand. It depends how comfort you are to select out of these.
5. EIGRP does automatic summarization whereas OSPF doesn’t.
6. EIGRP does support both equal and unequal cost load sharing whereas OSPF doesn’t.
7. EIGRP limits the usage by 50% of the link bandwidth whereas OSPF does 100%.
8. EIGRP is faster to converge when it has feasible successor but OSPF doesn’t. Still there are lot of tools available to make OSPF better in terms of convergence.

Even after so many years, we can’t say which protocol is best over another. All it depends on your business requirement, understanding, behavior of deployed applications and network design. So decision is absolutely yours.

Wednesday, December 19, 2012

Route Redistribution Basics: Golden Rules about Route Redistribution

1. Routes can be redistributed from one routing protocol to another. This is the assumption which we are working. But this is not true, routes are not redistributed from one protocol to another. Routes are always taken from RIB not from a routing protocol.

2. The redistributing protocol knows which routes to take from the RIB based on the “known via” information present in "show ip route" details.

3. A route must be installed in the RIB for it to be redistributed in another protocol.

4. Routes redistributed from the routing table are not re-installed again into the RIB.

5. Only the attributes of a route present in the RIB can be used for filtering.

Redistribution Filters:-
1. Redistribution filters can control what information is injected into a routing protocol through redistribution.

2. Filters can also be used to stop routing loops(Read more about layer 3 routing loops) when mutual redistribution between two routing protocols is configured.

Redistribution Filter Tools:-
1. Match metric:- Filtering is possible between all protocols based on metric used.

2. Match Tag:- While mutual redistribution, TAGs can be assigned to routes to stop the routing loop too.

3. Match IP Address:- Matches the prefix, possibly the network mask, depending on the access list type used.

4. Match IP Next Hop Address:- Matches on the next hop listed in the routing table.

5. Match route-type

6. Match Interface

Tuesday, December 18, 2012

Basics of Static Routing: Secret Facts about Static Routing

Static routing is one of the easiest way to define reachability among the different networks but is only helpful if you are in stub network (A network which is having a single exit point) or is usefully for small networks. Static routing can be defined with different types of exit interface. Below is the various types of defining static routing.

1.Static routes can have next hop address of an IP Address:-
ip route 10.2.2.0 255.255.255.0 10.1.2.1. Defining this type of route causes the RIB and CEF to recursively lookup the correct layer 2 header to rewrite onto the packet. As long as the next hop is reachable, the router assumes the destination through that next hop is reachable.

2.Static routes can have next hop address as point to point interface address:- ip route 10.2.2.0 255.255.255.0 serial0. The RIB and CEF point the route directly at the point-to-point interface. For each packet destined to 10.2.2.0/24, the layer 2 rewrite header is set up to reach the other end of the point-to-point link. As long as the interface is up, the router assumes the destination is reachable through that interface.

3.Static routes can have next hop address as broadcast interface:- ip route 10.2.2.0 255.255.255.0 fa0/0. If you point a static route to a broadcast interface, the route is inserted into the routing table only when the broadcast interface is up. This configuration is not recommended because when the next hop of a static route points to an interface, the router considers each of the hosts within the range of the route to be directly connected through that interface. With this configuration, router assumes all the interfaces are directly connected and performs the ARP request for every destination. This configuration increases the IP Input and consumes lot of memory to store the arp entries. This configuration requires enabling proxy ARP on routers, if it is not enabled will lead to drop the packets.

For default routes with outgoing interface as broadcast interface could lead to 2 raise to power 32 entries in the ARP table.

ABOUT AUTHOR: Shivlu jain

System Engineer at Cisco Systems

Thursday, December 13, 2012

Basics of EIGRP Routing Protocol: EIGRP Cheatsheet – Learn EIGRP in 15 min

Long time folks, was busy with a lot of projects. Hope coming year gets less busier and I get to get my hands more dirty on networks and network security. In the meantime, here is an EIGRP cheat sheet which I thought will be helpful to folks who just want a quick theory review of Cisco’s EIGRP. Though I wanted to cover a lot more in cheat sheet like EIGRP technologies, planning but it would have defeated the purpose of cheatsheet. Never mind, I am preparing a more comprehensive EIGRP guide which I might publish soon depending on the feedback received. In the meantime, You can find the cheatsheet at Slideshare and Scribd.

Eigrp Cheatsheet - EIGRP in 15 min - Rishabh Dangwal - www.theprohack.com from Rishabh Dangwal

Source: PROHACK

About the author : Rishabh Dangwal

Rishabh Dangwal is a no-nonsense network geek who has got a thing for guitars, retro games and emulators. When he is not tinkering with devices and gadgets, he can be found reading novels by Fredrick Forsyth. Follow him on Twitter

Friday, October 5, 2012

CBT Nuggets - Juniper Networks Junos Associate JN0-101-PLATO | ISO | 1.06 GB

CBT Nuggets - Juniper Networks Junos Associate JN0-101-PLATO | ISO | 1.06 GB
Genre: Video Training

If you're a network professional interested in Junos, the Juniper JNO-101 series will give you the foundation of skills needed to support Juniper Route, Switch and Firewall operations.

Trainer Bobby Meador will guide you through the process of configuring Junos devices and teach you the skill you'll need to support Juniper deployments in enterprise environments. When you're finished watching this nugget series, you'll be able to immediately apply your knowledge to implementing and supporting Juniper Junos devices, and you'll have the knowledge you need to pass the JN0-101 Juniper Networks Certified Internet Associate exam.

:..........

I - Unwrap the book.

II - Mount the book to access it's contents.

III - Watch, learn and expand your mind.

Download:

EXTABIT.COM

http://extabit.com/file/2cr29q58a3a66/CBT.Nuggets.Juniper.Networks.Junos.Associate.JN0-101-PLATO.rar

LUMFILE.COM

http://lumfile.com/jq8qmijv46a1/CBT.Nuggets.Juniper.Networks.Junos.Associate.JN0-101-PLATO.rar.html

RAPIDGATOR.NET

http://rapidgator.net/file/43451074/CBT.Nuggets.Juniper.Networks.Junos.Associate.JN0-101-PLATO.rar.html

Extabit:
http://extabit.com/file/2aj2mdcmw0djs/CBT.Nuggets.Juniper.Networks.Junos.Associate.JN0101PLATO.rar

Lumfile:
http://lumfile.com/ly0v1x2lcefs/CBT.Nuggets.Juniper.Networks.Junos.Associate.JN0101PLATO.rar.html

Uploaded:
http://uploaded.net/file/qpgc02f2/CBT.Nuggets.Juniper.Networks.Junos.Associate.JN0101PLATO.rar

Extabit

http://extabit.com/file/27swyai3lp392/CBT.Nuggets.Juniper.Networks.Junos.Associate.JN0-101-PLATO.rar

Lumfile

http://lumfile.com/c9dup44hnogp/CBT.Nuggets.Juniper.Networks.Junos.Associate.JN0-101-PLATO.rar.html

Thursday, March 15, 2012

How LSA Works with/without OSPF AREA 0 | Running OSPF without AREA 0 By Anuj Tyagi: Case Study

Hi Friends, I have received a complete case study done by Mr.Anuj Tyagi on OSPF routing protocol. After reading our article Configure OSPF without AREA 0: CCNP OSPF Case Study, he also tested the similar scenario in his testing LAB. I am publishing his case study as it is without any editing so that guys who are learning networking & OSPF, will get some benefit from this.

Running OSPF without AREA 0

Topology 1: Connecting OSPF Area 2 and area 3 without using ABR.

Interface configurations are mentioned above in the topology.

Remember,

· ABR: ABR is a area border router that contain interfaces in atleast two separate area out of which one should always be in AREA 0.

So, surely above topology don’t have any ABR and we will be going to test how routers behavior in absence of backbone area.

After configuring OSPF routes on R1, R2, R3 as in above topology, we analysis all Routers neighbor table .

That shows Full Neighborship Status for neighbors . Take a look again at the neighbor table,

Neighborship is being maintained with it’s directly connected interfaces.

Now, if we will try to PING

· R2 S0/1 , surely we will get successful reply .

· R2 S0/0, we will get successful reply (as it is directly connected)

· R3 S0/0, obviously we R1 can’t reach 2.2.2.1 of R2 we will be unable to get reply from R3 s0/0.

Why? Just take a look at the neighborship table of R1 again .

So, what is happening behind the scenes when R1 trying to communicate with 2.2.2.0/24 network .

R1 can’t even find the path or from which interface R1 should send the packets .

Now lets take a look at the Router OSPF LSA’s,

· R1 having LSA1 (router-id) updates of only those routers in same area.

Reason : There is no ABR to send LSA3 (summary LSA) updates . ( remember ABR? )

After looking at LSA and neighbor-table, you can guess about the routes will be there in Routing Table.

Again, they are also from directly connected interfaces with Routers.

Now make it a bit interesting, we will going to add interfaces on R2 in Area 0 .

Now, compare neighborship table of Router R1,R2,R2 with and without AREA 0 (backbone area) .

R1 topology table with AREA 0

We can now clearly see LSA3 in the table, apart from networks of Area 0 R1 got one more network advertisement in LSA for 192.168.2.0/24 and 2.2.2.0/24 in summary LSA updates from R2(ABR router).

While in

R2 topology table without AREA 0

In the same way, AREA 0 will also make Router R2 as ABR now and that will add a lot to topology table of Router R2 .

Now, it is behaving like ABR as it is acting as both in AREA-2 and AREA-3 completely.

Router R3 also getting LSA1 and LSA3 updates from R2(ABR).

Note: LSA2 updates (network LSA) are only advertised in Non-broadcast where DR & BDR exist.

Now , also PING will be successful from any Router to any network in topology.

Conclusion:

OSPF will not form neighborship with inter-area(IA) routes if there is no backbone area exist or we do not use ABR . In other words, Each area share it’s link state database only through AREA0 to any other AREA. It will make neighborship only with directly connected networks

LSA 1,2 do not need Area0 to share it’s Acknowledgement but LSA2 will form only in non-broacast network (like frame-relay) where DR will be having responsibility to send updates but we must need to have AREA0 to send LSA 3, 4, 5 & 7 updates.

----------------------------------------------------------------------------

R1 Config

Using 1024 out of 57336 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
multilink bundle-name authenticated
!
!
archive
log config
hidekeys
!
!
!
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
!
interface Serial0/0
ip address 1.1.1.1 255.255.255.0
clock rate 2000000
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/1
no ip address
shutdown
clock rate 2000000
!
router ospf 100
router-id 1.1.1.1
log-adjacency-changes
network 1.1.1.0 0.0.0.255 area 2
network 192.168.1.0 0.0.0.255 area 2
!
ip forward-protocol nd
!
!
ip http server
no ip http secure-server
!
!
line con 0
line aux 0
line vty 0 4
!
!
end

-------------------------------------------------------------

R2-ABR Config

R2-ABR#show configuration
Using 1114 out of 57336 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
multilink bundle-name authenticated
!
!
archive
log config
hidekeys
!
!
interface FastEthernet0/0
ip address 172.16.1.1 255.255.0.0
duplex auto
speed auto
!
interface Serial0/0
ip address 1.1.1.2 255.255.255.0
clock rate 2000000
!
interface FastEthernet0/1
ip address 172.17.1.1 255.255.0.0
duplex auto
speed auto
!
interface Serial0/1
ip address 2.2.2.1 255.255.255.0
clock rate 2000000
!
router ospf 100
router-id 2.2.2.2
log-adjacency-changes
network 1.1.1.0 0.0.0.255 area 2
network 2.2.2.0 0.0.0.255 area 3
network 172.16.0.0 0.0.255.255 area 0
network 172.17.0.0 0.0.255.255 area 0
!
ip forward-protocol nd
!
!
ip http server
no ip http secure-server
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
!
!
end

-------------------------------------------------------------------------

R3 Config

Using 1024 out of 57336 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R3
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
multilink bundle-name authenticated
!
!
!
!
archive
log config
hidekeys
!
!
!
interface FastEthernet0/0
ip address 192.168.2.1 255.255.255.0
duplex auto
speed auto
!
interface Serial0/0
ip address 2.2.2.2 255.255.255.0
clock rate 2000000
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/1
no ip address
shutdown
clock rate 2000000
!
router ospf 100
router-id 3.3.3.3
log-adjacency-changes
network 2.2.2.0 0.0.0.255 area 3
network 192.168.2.0 0.0.0.255 area 3
!
ip forward-protocol nd
!
!
ip http server
no ip http secure-server
!
control-plane
!
!
!
line con 0
line aux 0
line vty 0 4
!
!
end

Wednesday, March 14, 2012

What is CEF- Cisco Express Forwarding: Load-Balancing with Static Routing

What is CEF- Cisco Express Forwarding: Load-Balancing with Static Routing

The topology is given below we will be using here :

We made loopbacks each on R1& R2 and configure default static-routing with next hop interfaces on R2.

Configuration is like this :

On R1:

Configuring Default-routes on R1:

On R2:

Now we did trace route from R1 to Loopback 2.2.2.2 on R2 :

Take a look … it is sending one packet from 12.12.12.0/24 network and other from

And this is what R1 shows but what’s happening behind the scenes on R2 ?

Enabling Debug ip packet on R2 will help to know the sources of packets.

So, this is interesting ….

It shows,

For one packet source is 12.12.12.1 (interface S0/0)

And for another 30.15.20.1 (interface S0/1) and the process take place like this and packets has been sent from each serial interface of R1 alternatively.

But here’s the catch ….

With trace route load-balancing is working fine but when I tried with PING to 2.2.2.2

And as usual #debug ip packets was enabled on R2 . Things are not in favor now L

They are only using same route to send and receive packets.

And at the same time on R1

Note: Routed packets via FIB …

I saw it is following only 30.15.20.0/24 network to send packets. No load balancing.

Look at the above picture carefully,

When R1 is sending packet s=30.15.20.1 , d=2.2.2.2, routed through RIB.

And When R2 is sending Acknowledgement reply for this packet when s=2.2.2.2 and d=30.15.20.1, routed via FIB.

Mummble …. Now whats that CEF, FIB, RIB ??

RIB - routing information base

FIB - forwarding information base

CEF- Cisco Express Forwarding

Once CEF is enabled, it will form the FIB table with the help of Routing table. Now router no longer looks on RIB and FIB acts as replacement for RIB.

CEF also generates adjacency table which pre-maps all of the next hop ip as well as MAC address so as we configure Static routing, CEF add routes to FIB (forwarding information base) and send the packets through the interface which is added first into the table and the static route we have configured first will be added first and will be used to send packets .

Since, here 30.15.20.0/24 is stored first as well as configured first for static route so it will be using 30.15.20.0/24

At the same moment and it will not check the routing table when sending packets to another router/network from then on unless there is change in the routing table and will forward all the packets based on CEF table only.

CEF is ON by default on the routers.

Now, try to debug after Disabling CEF on R1

We are successful to load-balance equally from R1-R2 by disabling CEF. J

NOTE: Routed via RIB not FIB i.e. No longer using FIB table created by CEF.

Now, why?? Why ?? traceroute is able to do load-balancing without disabling CEF ?

Better to find out through practical approach

CEF is enable (by default)

Enable #debug ip packet and

Traceroute to 2.2.2.2

Note : sending broad/multicast .

Now, why it was choosing 30.15.20.0/24 not 12.12.12.10/24 network when we are sending packets through PING??

Hope this is informative for you .

Thank you for reading.

knox::Geeks