Incase You Want To Verify That Some Website Is Really Down Or It's Unreachable From You Network - Cool Tool To Verify This

http://downforeveryoneorjustme.com/

Frame Relay Traffic Shapping Terms

I was reading about traffic shaping & policing and the acronyms in the book they were as clear as mud, but now Ive written them down and understand them they are really really simple. I put a few formulas on for them aswell, but havnt checked them so please correct me if im wrong, oh and I have presumed that you are attempting to traffic shape to the CIR.

Tc – This is a time interval in milliseconds when a Committed Burst (Bc) can get sent. Usually Tc = Bc / CIR

Bc – Committed Burst this is the amount of data in bits which can bet sent every Tc. Usually Bc = CIR / Tc

Be – Excess Burst is the number of bits the Bc can be exceed by if no data has been sent if no data has been sent in previous Tcs. EDIT: As commented by Jeriel Atienza the formula is Be = (Ar – CIR) * Tc/1000

CIR – Committed Information Rate this is the bandwidth of a link or VC in bps which the Service Provider guarantees to provide. Quite often the CIR is lower than the full capabilities of a link which is the main reason why traffic should be shaped & policed. CIR = Bc * Tc

Shaped Rate – This is the rate of the traffic which is being shaped in bps, it normally matches the CIR. Usually CIR = Shaped Rate!

Frame Relay LMI - In General

Frame Relay Local Management Interface (LMI) is a set of enchantments to frame relay, originally agreed upon in 1990 by a consortium consisting of Cisco, Digital Equipment Corporation (DEC), Northern Telecom, and StrataCom. Eventually ANSI and CCITT came along created standard versions but most vendors support both standard version alongside the one defined by the consortium.
There are very few differences between them, mainly Cisco LMI type use the DLCI of 1023 and also DLCI number between 16 and 1007 for usable DLCI number and the ANSI & ITU(q933a) standard use a DLCI of 0 and usable DLCI numbers between 16 and 976. The LMI type can be changed on the frame relay enabled interface with the command;

Router(config-if)#frame-relay lmi-type ?
  cisco
  ansi
  q933a

The LMI messages messages sent between Routers and Frame Relay switches provide the the following additional features;
- Inverse ARP – to find out the layer 3 address of device on the other end of the DLCI so you dont need to static map it or similar
- Signalling of Virtual Circuit status messages, therefore if a PVC becomes unreachable all nodes along its path can be aware of this failure so data can be prevented from being sent to indirect failures.
- Multicasting – This extension allows multicast groups to be used over frame relay networks, the higher DLCI numbers reserved by the LMI type are used for this
- Globally signficiant DLCIs – Brilliant!
- Retro flow control with XON/XOFF if the applications using the Frame Relay network know understand FECNs and BECNs
By default LMI messages are sent every 10 seconds, and every sixth message a full status message will be sent which contains more detailed information about each VC, the interface will fail if the interfaces does not receive an LMI message 3 times the hello time, so 30 seconds. You cant actually turn off LMI but you can disable the keepalives with the highly ambiguous command;

Router(config-if)#frame-relay lmi-n391dte ?
  <1-255>  event

Finally you can check the status of LMI with the command;

Router#sh frame lmi

LMI Statistics for interface Serial1/0 (Frame Relay DTE) LMI TYPE = CISCO
  Invalid Unnumbered info 0             Invalid Prot Disc 0
  Invalid dummy Call Ref 0              Invalid Msg Type 0
  Invalid Status Message 0              Invalid Lock Shift 0
  Invalid Information ID 0              Invalid Report IE Len 0
  Invalid Report Request 0              Invalid Keep IE Len 0
  Num Status Enq. Sent 18               Num Status msgs Rcvd 0
  Num Update Status Rcvd 0              Num Status Timeouts 18
  Last Full Status Req 00:00:03         Last Full Status Rcvd never

Finally pretty much every command on the interface beings with frame-relay;

Router(config-if)#frame-relay ?
  accounting             Special accounting instruction
  address-reg            ELMI address registration
  broadcast-queue        Define a broadcast queue and transmit rate
  class                  Define a map class on the interface
  congestion-management  Enable Frame Relay congestion management
  de-group               Associate a DE group with a DLCI
  fragment               Enable end-to-end fragmentation for all PVCs
  fragmentation          Adaptive fragmentation

PROXY ARP - In General

The command no ip proxy-arp was one of those things which I saw in IOS configs and wasn’t to sure what proxy arp is used for or why it exists. Proxy ARP is where a router will respond on behalf of another device, it was used heavily in networks before the days of DHCP & default gateways where a host would ARP for an address that wasn’t on its subnet (modern networks just send the packets to the default gateway instead of arping for the address), the router on the local network would then act as a “proxy” and respond on behalf of the device outside of the subnet.

Proxy ARP isn’t used if hosts are set with default gateways or have routing intelligence, setting a default gateway instead of using proxy ARP is a much better option. Using Proxy ARP instead of a default gateway results in higher ARP traffic & the ARP tables of the hosts get very large as they maintain an IP/MAC binding for every single address the communicate with.

CCIE R&S 4.0 Troubleshooting Section Details

Recently there was video prodcast happened on CCIE R&S 4.0 Troubleshooting Section. So below are the little details announced by Maurilio who is the content designer for CCIE R&S Lab:

    * we may have 9 -12 tickets on troubleshooting
    * each ticket will be independent in configuration prospects. i.e. it will not  
       effect any other trouble tickets configuration or working
    * one can expect from 6, 15 upto 30 routers in troubleshooting section.
    * No layer 2 switching tickets will be presented in troubleshooting section.
    * Troubleshooting section may end up with 20 to 25 points.
    * 2 nos. of layer 2 switching troubleshooting will be there in configuration 

       section.

 It is mandatory to pass each section.....

OEQ == 4 Ques... answer 3 to pass

Troubleshooting == 80 %

Configuration == 80%

Thanks!

Deepak Arora

One more tool for practising Subnetting :)

http://faculty.valleycollege.net/rpowell/jscript/subnet2.htm

Find MAC Tool

So here is an another interesting free tool - Find MAC. Now you can just put MAC address in it and it will tell you the vendor name who built it.

http://www.coffer.com/mac_find/

Best Regards,
Deepak Arora

Cisco Releases IOS 15.0 - Finally A New Release After 4 Years

http://www.cisco.com/en/US/partner/products/ps10/tsd_products_support_series_home.html

Filtering ALL Even Subnets With Single ACL....Solution

So finally...the moment has arrived when I am gonna reveal this gotcha of my ACL filtering post. Today I am just gonna post the solution of my previous post...although you can see the solution but I am still giving you some more time to figure out why it's the correct solution. So many CCNPs, CCNAs went though this post and were not able to figure out the correct solution. So for them I'll soon reveal the dilemma of calculating ACL Wildcard Masks...

So Stay tuned and Enjoy the solution...happy studying :)

Best Regards,
Deepak Arora
CCIE#XXXXX...Oops that number is still missing :)

---------------------------
R1#sh run
Building configuration...

Current configuration : 943 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback1
 ip address 10.0.0.1 255.255.255.0
!
interface Serial0/0
 ip address 1.1.1.1 255.255.255.252
 ip access-group 101 in
 no ip unreachables
 serial restart-delay 0
!
interface Serial0/1
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial0/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial0/3
 no ip address
 shutdown
 serial restart-delay 0
!
router eigrp 100
 network 0.0.0.0
 no auto-summary
!
ip http server
ip forward-protocol nd
!
!
!
access-list 101 deny   ip 192.168.0.0 0.0.6.255 any log-input
access-list 101 permit ip any any log-input
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
!
!
end

R1#
R1#
R1#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     1.0.0.0/30 is subnetted, 1 subnets
C       1.1.1.0 is directly connected, Serial0/0
D    192.168.4.0/24 [90/2297856] via 1.1.1.2, 00:22:38, Serial0/0
D    192.168.5.0/24 [90/2297856] via 1.1.1.2, 00:22:21, Serial0/0
     10.0.0.0/24 is subnetted, 1 subnets
C       10.0.0.0 is directly connected, Loopback1
D    192.168.6.0/24 [90/2297856] via 1.1.1.2, 00:22:08, Serial0/0
D    192.168.7.0/24 [90/2297856] via 1.1.1.2, 00:19:10, Serial0/0
D    192.168.0.0/24 [90/2297856] via 1.1.1.2, 00:23:26, Serial0/0
D    192.168.1.0/24 [90/2297856] via 1.1.1.2, 00:23:13, Serial0/0
D    192.168.2.0/24 [90/2297856] via 1.1.1.2, 00:23:00, Serial0/0
D    192.168.3.0/24 [90/2297856] via 1.1.1.2, 00:22:48, Serial0/0
R1#
------------------------------------------------------------------
R2#sh run
Building configuration...

Current configuration : 1216 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
 ip address 192.168.0.1 255.255.255.0
!
interface Loopback1
 ip address 192.168.1.1 255.255.255.0
!
interface Loopback2
 ip address 192.168.2.1 255.255.255.0
!
interface Loopback3
 ip address 192.168.3.1 255.255.255.0
!
interface Loopback4
 ip address 192.168.4.1 255.255.255.0
!
interface Loopback5
 ip address 192.168.5.1 255.255.255.0
!
interface Loopback6
 ip address 192.168.6.1 255.255.255.0
!
interface Serial0/0
 ip address 1.1.1.2 255.255.255.252
 serial restart-delay 0
!
interface Serial0/1
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial0/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial0/3
 no ip address
 shutdown
 serial restart-delay 0
!
router eigrp 100
 network 0.0.0.0
 no auto-summary
!
ip http server
ip forward-protocol nd
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
!
!
end

R2#
R2#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     1.0.0.0/30 is subnetted, 1 subnets
C       1.1.1.0 is directly connected, Serial0/0
C    192.168.4.0/24 is directly connected, Loopback4
C    192.168.5.0/24 is directly connected, Loopback5
     10.0.0.0/24 is subnetted, 1 subnets
D       10.0.0.0 [90/2297856] via 1.1.1.1, 00:26:49, Serial0/0
C    192.168.6.0/24 is directly connected, Loopback6
C    192.168.7.0/24 is directly connected, Loopback7
C    192.168.0.0/24 is directly connected, Loopback0
C    192.168.1.0/24 is directly connected, Loopback1
C    192.168.2.0/24 is directly connected, Loopback2
C    192.168.3.0/24 is directly connected, Loopback3
R2#
R2#ping 10.0.0.1 sou loop0

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.0.1
.....
Success rate is 0 percent (0/5)
R2#
R2#ping 10.0.0.1 sou loop1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/36/80 ms
R2#
-------------------------------------------------------------------
R3# Hmmm ...I used loopback 1 on R1 to emulate it's Ethernet Segment :), Also on R2 I configured Loopback 8 to make sure rest of Even subnets can reach to R1

One more thing...I disabled IP Unreachable on S0/0 of R1 so that even if ping fails sent by R2, you won't see Unreachable message which normally appears as U.U.U.... and so on. Because this feature allows evil minds to find out that ACL is blocking the traffic. But what if they don't see U messages...hmmm ....they don't know than what's blocking the ping on the other side :)



R2(config)#do sh run int lo8
Building configuration...

Current configuration : 65 bytes
!
interface Loopback8
 ip address 192.168.8.1 255.255.255.0
end

R2(config)#do ping 10.0.0.1 sou lo8

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.8.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/28/64 ms








-------------------------------------------------------------------

How NAT Works - A nice flash tutorial for CCNA guys

http://www.cisco.com/image/gif/paws/6450/nat.swf

Best Regards,
Deepak Arora