Wednesday, August 20, 2008

IPV6 configuration in cisco using OSPF v3








R1

R1#sh config
Using 1198 out of 129016 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!

ip subnet-zero
!
ip cef
ip audit notify log
ip audit po max-events 100
ipv6 unicast-routing
ipv6 cef
mpls ldp logging neighbor-changes
no ftp-server write-enable
!
interface Ethernet0/0
no ip address
shutdown
half-duplex
ipv6 address AAAA:5::1/64
ipv6 ospf 100 area 0
ipv6 ospf priority 5

ipv6 router ospf 100
router-id 1.1.1.1
log-adjacency-changes
area 0 range AAAA:5::/64

R2#sh config
Using 1198 out of 129016 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
ip subnet-zero
!
ip cef
ip audit notify log
ip audit po max-events 100
ipv6 unicast-routing
ipv6 cef
mpls ldp logging neighbor-changes
no ftp-server write-enable
!
interface Ethernet0/0
no ip address
shutdown
half-duplex
ipv6 address AAAA:5::2/64
ipv6 ospf 100 area 0
ipv6 ospf priority 3
!
ipv6 router ospf 100
router-id 2.2.2.2
log-adjacency-changes
area 0 range AAAA:5::/64

show command:
#sh ipv6 ospf nei
#sh ipv6 ospf nei detail
#sh ipv6 ospf database
#sh ipv6 ospf interface e0/0

IPV6 through my knowledge

IPV6

A few years ago, cisco some other vendor began the push toward ip version 6.the main reason for the push was the limited number of ipv4.some work around to this problem have become so popular, NAT among them, that the move to ipv6 addresses slowed greatly.
One reason is that cisco feels network security is tighter when there are no “middlemen” such as dhcp and nat between two end points. This is possible because ipv6 uses 128-bit addresses rather than ipv4 32-bit addresses. Ipv6 addresses consist of eight 16-bit hex fields. And also has other important uses. Mobile ip, which allows end systems such as global positioning system (GPS). Ip phone to move without losing connectivity is built into ipv6, as is ip security (ipsec). (ipsec is compatible with ipv4 but is built in to ipv6).

There are 8 header fields in ipv6.
•Version – this is set to “6” in ipv6
•Traffic class-in ipv4, this was the type of services(tost)
•Flow label – no equivalent in ipv4, this allow packet to be labelled as part of particular flow.
•Payload length – ipv4 equivalent is the total length field.
•Hop limit – roughly equivalent to ipv4 protocol field.
•Source add , destination add – they’re now 128 bit.

There are some ipv4 fields that are not represented in ipv6:
•Header length
•Identification
•Flags
•Fragments offset
•Header checksum

IPV6 ADDRESSES FORMAT

Typically ipv4 add : 129.14.12.200
Typically ipv6 add: 1029:9183:81AE:0000:0000:OAC1:2143:091B

As you can see ipv6 isn’t exactly just taking two more octet ipv4 add.



Rules:

ZERO COMPRESSION AND LEADING ZERO COMPRESSION

If you have consecutive fields of zeroes, they can be expressed with two colons,. It doesn’t matter if you have two fields or eight, you can simply type two colons and that will represent all of them the key here is that you can only do this once in an ipv6 address. This referred to as zero compression,

EXAMPLE:
ORIGINAL FORMAT: 1234:1234:0000:0000: 0000:0000:3456:3423
USING ZERO COMPRESSION: 1234:1234::3456:3423

Rules is that leading zeroes in any 16bit fields can be dropped, but each block you do this must have at least one number remaining. That is if the block is all zeroes, you have to leave one zero this is leading zero compression.

LEADING ZERO COMPRESSION

We have four different fields that have leading zeroes. The address could be written out ads it is or drop the leading zero.

EXAMPLE:
ORIGINAL FORMAT: 1234:0000:1234:0000:1234:0000:1234:1234
LEADING ZERO COMPRESSION: 1234:0:1234:0:1234:0:1234:1234

There is no problem with using zero compression and leading zero compression in the same address.

ORIGINAL FORMAT: 1111:0000:0000:1234:0011:0022:0033:0044
With ZERO AND LEADING ZERO COMPRESSION: 1111:: 1234:11:22:33:44

Zero compression uses the double-colon to replace the second and third block of numbers which were all zero leading zero compression replace “00” at the beginning of each of the last four block. Just care full my friend....

Ipv6 offer two kinds of local addresses link-local, and site local. Site local addresses allow devices in the same organization or site exchange data. Site local are ipv6 equivalent to ipv4 private private address classes since hosts using them are able to communicate with each other throughout the organization, but these add cannot be used to reach internet host or hosts on a remote site. Link-local add have a smaller scope than site-local they’re local to be a physical.


IPV6 ADDRESSES BY THEIR INITIAL BITS.

•001 – global address
•1111 1111 – multicast (FF)
•1111 1110 11 – site local (FEC0)
•1111 1110 10 – link local (FE80)

::x.x.x or 0:0:0:0:x.x.x.x – ipv4 compatible address. Any ipv6 add with the first 96bit set to zero is an ipv4-compatible add. I used zero compression in the first representation of that range, and leading zero compression for the second.

IPV4 – IPV6 COMPATIBLE ADDRESSES
If you see an address with a great many zeroes at the beginning , it may well be an ipv4-compatible ipv6 address. Such as address is going to have zeroes for the first bits 96bits. Which make zero compression even better the rest of the bits will be hexadecimal expression on ipv4 add.

IPV6 ADD TO CONVERT: ::D190:4E71

Note:The double-colon is zero compression in action, so now we need to convert the lower 32-bit into decimal

D1 = 13 UNIT 16, 1 UNIT 1 = 209
90 = 9 UNIT 16, 0 UNIT 1 = 144
4E = 4 UNIT 16, E UNIT 1 = 78
71 = 7 UNIT 16, 1 UNIT 1 = 113
Answer: 209.144.78.113
How it happen like: D1 = 13x16= 208, 1x1= 1 (208+1=209)

You know what a multicast is , and that ipv4 multicast addresses are class D addresses. With a first octet value of 224-239. The ipv6 multicast range is much larger my friend, but just easy to remember. Any address that begin with “1111 1111” or “FF” in hex, is multicast address full prefix being FF00::/8 .


WHAT THE HOST SOLICITATING?

It needs additional configuration information from a router, which will be sent in the form of a router advertisement (RA). (router will also transmit RA without an express solicitation.) the router attaches the network prefix to the host link local address, which result in the host full ipV6 address complete with network prefix.



IPV6 ROUTING ON CISCO ROUTERS

•Rip for ipv6 – actual name is RIPNG (new generation)
•EIGRP FOR IPV6
•OSPF V3 (version 3, defined in RFC2740)
•STATIC ROUTERS ARE STILL BGP V4 (MPBGPVERSION 4 OR simply MPBGP)
One protocol you learned in your CCNA level of course me. Studies didn’t quite make the cut there’s no such thing as IGRP for ipV6.
To enable a cisco ipV6 routing capabilities

Run:
Ip cef
Ipv6 cef
ipv6 unicast-routing

if you want to learn more just search it.. or else you want me to teach you one on one... :p

IPV4 Subnetting






class A 1st octet 0-127: 16m
class B 2nd octet 127-191: 65thou
class C 3rd octet 192-223: 254
class D 4th octet 224-239: Multicast
class E 240 -255 reserve for experiment


Decimal to Hexadecimal
9 - 9
10 - A
11 - B
12 - C
13 - D
14 - E
15 - F

How to get BINARY: using our formula
let say 10.125.4.1

10. 125 4. 1
0000 1010. 0111 1101. 0000 0100. 0000 0001

if you are using our formula in second level you can get the binary.
Using the fingering method in your two hands in one hands you have a for
finger exept the tumbnail. in for finger in left side you have first finger
128, second is 64, third is 32 fourth is 16. and in right finger you have
8,4,2,1 in first, second, third, and last. and look at your finger right now
its look like Binary righ!using this method.

example:
in the last given IP address in first octet is 10 so we are going to used
finger method. look at your finger two hands.in 10 in binary is 0000 1010.
so in finger is:

128 64 32 16 8 4 2 1 second level using finger method
0 0 0 0 1 0 1 0 in binary its look like this. because 8+2= 10

in your finger you need to close 0 in binary and 1 who is raise so
the answer is 10 GET IT!

more example: using 125

128 64 32 16 8 4 2 1
0 1 1 1 1 1 0 1 64+32+16+8+4+1 = 125

look at your finger again do the same thing 0 is close
in your finger and 1 is raise Got IT!

note: you better practice this finger method make it easy to you the subnetting
etc..always remember your finger....:) NO need to have a paper to calculate what
binary of this, awts how can you solve it if you dont have a finger just imagine
hehe. remember no need to have a paper in your exam or interview of solving problem
like this all you need to do is finger and your mind............ :p


Private IP address
A. 10.0.0.0 - 10.x.x.x
B. 172.16.0.0 - 172.31.x.x
C. 192.168.0.0 - 192.168.x.x

HOW TO GET A SUBNET

Using this formula you can subnet all ip that you need to subnet.
Or anything to get subnet and host. And specially route aggregation.

Some Rules:

1.Using those valid mask
2.The next level 128i, 64i, 32i etc. this formula is used to get the
first valid IP address and the last valid IP address.
3.In slash /1 - / 32 this is used to know which mask are you going to
use and which First valid IP. Take a look at the formula

Example: 192.168.4.0/22

If you look at the formula in /22 is class C right, and in line of /22
and its valid mask is 252 and the first valid IP is 4 and the last is 7
like this (192.168.7.254/22) next subnet is 192.168.8.0/22 it because
of this 4, 8, 12, 16, 22 etc. So the next valid IP after using 4-7 is 8
so that’s why the next valid IP for the next subnet is 192.168.8.0/22 to
192.168.11.254/255 got it’?

2nd Formula: how to get subnet and host
/class a,b, or c + /Bits = SUBNET
/32 - /Bits = HOST

172.198.0.0/16 = let say the boss ask you. give me 8 subnet for that IP address.

first using 2nd Formula in SUBNET in a first slash we are going
to use /16 because boss gives us class B.
Second we are going to use /BITS formula of this is:

.................|------------->>> answer: /BITS is 4 so /4
128i 64i 32i 16i 8i 4i 2i 1i

explaination : why we are using 8i to calculate how many bits that are
we going to use it because boss ask for 8 subnet count backward
8,7,6,5,4,3,2,1 so in valid ip the answer is 4BITS.

NOTE: if the given subnet is 7, 15, 31, 63, 127 you are goin
to add 1 Bits like this

let say 7 so 7 is...|-------------->> /4bits again
128i 64i 32i 16i 8i 4i 2i 1i
because i said you need to add 1 Bits in 7,15 etc.


let say 15 is |-------------->> /5bits
128i 64i 32i 16i 8i 4i 2i 1i
because i said you need to add 1 Bits in 7,15 etc.

But if look like this 62,30,29, 126 you do not need to add.
if you follow the rules you can make it..

let say 65 is |-------------------------->> /7bits
________128i 64i 32i 16i 8i 4i 2i 1i
because it is in the range of 64 remember 64 - 126, 32 - 62 and if its 63 you need to add 1 bits.



SECOND: now that we no which Bits we are going to use lets start it.

/16 + /4bits = /20 the in line of /20 again think..... the valid mask
is 240, and the valid IP is 16i right.you can make it, i know you are not an idiot....

what now..

answer:
Network: Subnet & mask Network # Valid Hosts Broadcast
Network A 172.198.16.0 /20 172.198.16.0 172.198.16-31.1-254 172.198.31.255
NETWORK B 172.198.32.0 /20 172.198.32.0 172.198.32-47.1-254 172.198.47.255
NETWORK C 172.198.48.0 /20 172.198.48.0 172.198.48-63.1-254 172.198.63.255
NETWORK D 172.198.64.0 /20 172.198.64.0 172.198.64-79.1-254 172.198.79.255
NETWORK E 172.198.80.0 /20 172.198.80.0 172.198.80-95.1-254 172.198.95.255
NETWORK F 172.198.96.0 /20 172.198.96.0 172.198.32-96.111-254 172.198.111.255
NETWROK G 172.198.112.0 /20 172.198.112.0 172.198.112-127.1-254 172.198.127.255



Using host it is almost the same the procedure the difference between the two is host are
using /32 - /bits unlike subnet /classes + /bits.... the bits that you are going to use is
like in subnet in 8 subnet 8i,4i,2i,1i answer for bits is /4 remember in subnet example..

Example of host..

192.168.21.0/24 for 62 host remember in previous example...


...........|----------------------->>> /6 so answer: /32 - /6 = /26
128i 64i 32i 16i 8i 4i 2i 1i
remember in host always use /32 to minus /bits..


answer: 192.168.21.64 /26 first valid ip mask 255.255.255.192
to
192.168.21.127 /26 last valid ip



how to know route aggregation: aggregation is the whole or total....

letsay you have 16.0.0.0 to 19.0.0.0/8 if you count it 4,8,12,16,20 it
is in the range of 16 right first valid ip so we are using 4i to aggregate
the ip answer is: 252.0.0.0 in mask...

more sample : 172.168.24.0 to 172.168.32.0/24 in 8,16,24,32 in the range of 24 right
answer is 8i for 255.255.248.0

Thursday, August 14, 2008

ISIS Design and Configuration

This is using ISIS..

ISIS- was originally designed for the OSI protocol suite. The connectionless network services (CLNS) is used by the OSI protocols, and layer3 routing protocols used in connectionless network protocol (CLNP). ISIS is one of two protocols defined by the OSI at the network layer. Form of running ISIS on cisco router is integrated ISIS which support both CLNP and IP.
ISIS uses a two-level hierarchy, allowing a large domain to be subdivided into areas.
Like OSPF a central router will be elected to flood changes to the rest of the segment which greatly cuts down on database maintenance traffic. This central router is the designated intermediate system (DIS).

ISIS has three types of routers; level1 (L1), level2 (L2), and L1/L2.

• L1: can form adjacency with any layer1 in the same area and any L1/L2 in the same area.
• L2: can form adjacency with any L2 in any area and with an L1/L2 in any area.
• L1/L2: can form adjacency with any L1 in the same area L1/L2 in any area, and L2 in any area if two L1/L2 routers are forming adjacency they’ll actually form two of them an L1 adjacency and an L2 adjacency.
ISIS 4 types of protocol data unit (PDU’s)

• HELLOS
• LINK STATE PACKETS
• PARTIAL SEQUENCES NUMBER PDU (PSNP)
• COMPLETE SEQUENCE NUMBER PDU (CSNP)
FOR more information about these 4 types of PDU search in the GOOGLE it will help you!

Complete list of ISIS Network Types

• BROADCAST ( intended for LAN : default setting for multipoint WAN)
• Point-to-Point (everything else) :p
WARNING about configuring ISIS over frame-relay a separate frame map statement for clns broadcast and multicast must be written.


IF YOU WANT MORE INFO SEARCH IT! THIS IS MY SAMPLE CONFIGURATION by REDHOT





Configuration using the Diagram

int s1/0
no ip add
encap frame
no dce-terminal-timing-enable
no shut
int s1/0.1 multipoint
ip add 172.12.123.1 255.255.255.0
frame map clns 102 broad
frame map ip 172.12.123.2 102 broad
no frame inverse-arp

note: both R1,R2,R3 are the same configuration like this in frame, don't use frame-relay int-dlci etc, it because ISIS is using clns.if im mistake just tell me. and ofcourse different ip add, and dlci in R2 and R3.!


configuring ISIS using R1,R2,R3

R1#int s1/0.1 multipoint
ip router isis
int s1/0.2 multipoint
ip router isis
router isis
net 49.0001.1111.1111.1111.00
Note: all is the same in R1 configuration in R2,R3.the difference is the isis area.using ip router isis is to enable the interfaces. and to make an agreement between R2,R3 devices as to how going to transmit data.LOOK AT THE DIAGRAM.


Configuration of R2 and R4 using interface e0/0. specially the same in R3,and R5 but the difference is ip add ofcourse you know that. and R3,R5 im not configuring level-1 im using the default only reason im so tired ~)

R4#int e0/0
ip add 37.1.1.2 255.255.255.0
no shut
ip router isis
router isis
net 49.0004.4444.4444.4444.00
is-type level-1
R2#int e0/0
ip add 37.1.1.1 255.255.255.0
ip router isis
isis circuit-type level-1

Command to show using clns in ISIS:

#sh clns --- it show the enable interfaces, and the isis area etc..
#sh clns int e0/0 --- it show circuit type if its level 1 or level 1-2, and PDU etc...
#sh clns nei -- it show interfaces, SNPA the Mac add, or DLCI number, states if up, the TYPE if level-1 and etc...
#sh clns nei detail --it show the neighbor details ofcourse (detalye ng kapitbahay) the SNPA, state, type, area address,
ip add, etc
#sh ip route isis or sh ip route -- ofcourse you know that, look at my image ISIS4 you will see the summary add..

#######################ISIS AND OSPF they have a similarities just search it if you want to know###############
############and ofcourse they hace Differences search it again :p##################

Using ssh just look at the image see what happen.this is the command: This is just a bonus knowledge.

aaa new-model
aaa authen login default local
aaa authori exec default local
user redhot priv 15 pass password

ip ssh domain-name rehdot.com
crypto key generate rsa
ip ssh timeout 5---- seconds
ip ssh authentication-retries
line vty 0 4
transport input ssh ---telnet is splicy deny ~(

and in the right side that is nmap. nmap is using almost in hacking part. ill just type nmap -sV ip add -- this is to show the version.

and if you want to know about nmap.moto: search it....

##########if you want more about ssh etc.... search iT! :~p ###################################
############################just look at my upload image configuration in my lab############################
###################if i have mistake just inform me thanks have a nice day!!!!###########################################
##########################################BY REDHOT######################################################################