Pick it up Spanning Tree at part II for MSTP at http://blog.internetworkexpert.com/2008/09/24/mstp-tutorial-part-ii-outside-a-region/ .

Table of Contents



Community example

router bgp 10
  neighbor remote-as 20
  neighbor send-community
  neighbor route-map dacomunity out
route-map dacommunity permit 10
  match ip address prefix-list dontannounce
  set community no-export
ip prefix-list dontannounce permit

Route Filter Lists examples

router bgp 20
  neighbor remote-as 21
  neighbor prefix-list INCOMING in
  neighbor prefix-list OUTGOING out
ip prefix-list INCOMING deny
ip prefix-list INCOMING permit le 32
ip prefix-list OUTGOING permit
router bgp 10
  neighbor remote-as 21
  neighbor filter-list 5 out
  neighbor filter-list 6 in
ip as-path access-list 5 permit ^20$  (match up with AS list that only has 20)
ip as-path access-list 6 permit _15_  (match up with AS list that has 15 in it)

Route Map examples

router bgp 10
  neighbor route-map infilter in
route-map INBOUND permit 11
  match ip address prefix-list pref1
  set local-pref 90
route-map INBOUND permit 22
  match ip address prefix-list pref2
  set local-pref 80
ip prefix-list pref1 permit
ip prefix-list pref2 permit

Additional Capabilities


Route Refresh

Router sends or requests send of all routes without tearing down neighbor relationship
clear ip bgp a.b.c.d in/out

Soft Reconfiguration

Question - Why would I do this?  Pg 117 Stores prefixes received from peer prior to policy application.
router bgp 10
  neighbor remote-as 20
  neighbor route-map dafilter in
  neighbor soft-reconfiguration inbound

clear ip bgp soft in/out

Peer Groups

Group of BGP neighbor with similar items to be sent to it from this router.
router bgp 10
  neighbor dapeergrp peer-group
  neighbor dapeergrp remote-as 10
  neighbor dapeergrp update-source loopback 0 (force the source to be the loopback)
  neighbor dapeergrp send-community (group destinations with common attr)
  neighbor dapeergrp route-map outfilter out (use outfilter - not shown)
  neighbor peer-group dapeergrp (put in peer-group)
  neighbor peer-group dapeergrp (put in peer-group)
  neighbor route-map infilter in (apply infilter to msgs fr
  neighbor peer-group dapeergrp

go to http://www.ittc.ku.edu/EECS/EECS_800.ira/bgp_tutorial/14.html - search for

BGP Nexthop (NBMA)

When route is advertised in NBMA (like frame relay) as if it were broadcast media, but one of the routes does not exist (e.g. no PVC), sometimes you have to do a
neighbor a.b.c.d next-hop-self
in order to make route go through the router that has the PVC(s) set up.

go to http://www.ittc.ku.edu/EECS/EECS_800.ira/bgp_tutorial/14.html - search for BGP Nexthop (NBMA).

Route Flap Dampening

Minimize route down/up (WITHDRAW/UPDATE) and corresponding routing propagation/CPU waste
router bgp <as-number>
  bgp dampening <half-life-time> <reuse-value> <suppress-limit> <max-suppress-time>
After flap, penalty goes up by (default) 1000.  
- When it get's to suppress-limit route propagation is suppressed.  
- Falls (exponentially) based on half-life and reuse-value.
- route propagation restarts when penalty reaches reuse-value.
- When penalty < 1/2 reuse-value, penalty set to 0 (?)

recommendations for ISPs http://www.ripe.net/docs/ripe-229.html

max-penalty = reuse-limit x 2 ^ (max-suppress-time/half-life)

bgp dampening 30 750 3000 60 is bad because
    max-penalty = 750 x 2 ^ 60/30 = 750 x 4 = 3000
    penalty will never pass 3000, thus will never suppress routes

make sure suppress-limit is less than max-penalty otherwise no flap dampening

Selective/variable dampening
bgp dampening [route-map <name>]
  route-map <name> permit 10
    match ip address prefix-list DALIST
    set dampening [<half-life-time> <reuse-value> <suppress-limit> <max-suppress-time>]
ip prefix-list DALIST permit le 24  
        (accept prefix with mask lengths up to 24 bits)



recommendations for ISPs - http://www.ripe.net/docs/ripe-210.html

show ip bgp neighbor <a.b.c.d> [dampened-route | flap-statistics]

Route Reflectors

reduce number of required mesh links between iBGP peers.
router bgp 10
  neighbor remote-as 10
  neighbor remote-as 10
  neighbor route-reflector-client
  neighbor remote-as 10
  neighbor route-reflector-client


Smaller Private ASes, with entire group assigned confederation ID.  
QUESTION - WHAT is 1 in first network list on pg 152
router bgp 20
  bgp confederation identifier 100 (external AS seen for whole group)
  bgp confederation peers 10 (in subgroup 10)
  neighbor remote-as 10
  neighbor remote-as 20 (peering with rtr in subgruop 20)
  neighbor remote-as 20



  1. Multihomed to 2 ISPs needs AS number to be applied for.
  2. Decide on and deploy IGP (OSPF or ISIS).  QUESTION - Deployed between ISP and Customer?
  3. Configure iBGP to run on routers in local network which will be transit path to external connections.
    1. full or partial iBGP route mix?
    2. scaling technique (peer-groups, RRs, communities)
    3. Deploy iBGP with distance greater than IGP distance)
    4. install customer prefixes into iBGP
    5. Make iBGP dist < IGP...does network work.
    6. withdraw cust prefixes from IGP

Plan/Implement to same ISP

QUESTION - What does null0 do?  pg63 apricot01

Plan/Implement to Different ISPs

NOTE: typical RIR min alloc is /20.  announced subprefixes may not be reachable.
QUESTION - is there any way to loadbalance longer subprefixes across multiple ISPs?

Service Provider Multihoming

Internet Data Center (IDC) Multihoming

QUESTION - pg 165 Apricot01, What?

Communities - loadsharing/backup on mult inter-AS links

RFC1998 - describes using BGP communities to determine local-preference in upstream's network
Community values with particular meanings (from an ISP perspective(?)) (taken from APRICOT2004-BGP00.pdf presentation):
ASx:100 set local pref 100 preferred route
ASx:90 set local pref 90 backup route if dualhomed on ASx
ASx:80 set local pref 80 main link is to another ISP with same AS path length
ASx:70 set local pref 70 main link is to another ISP
QUESTION - pg 179 APRICOT01 - Why is there a (2nd) route-map routerD-out permit 20 in addition to the 10

2 links to same ISP - primary, backup

Move somewhere else

ISP use of communities - examples

Start at slide 192 in APRICOT01

General Switching

Hierarchical Network Model

Principals to stay aware of

Switch Types


Spanning Tree

Taken from


  1. Select a root bridge
  2. Determine least cost paths to root bridge
  3. port states - draw picture/graph calculating states
    Root Portport on non-root bridge closest to root bridge in terms of cost
    Designated Portport on net segment closest to root bridge in terms of cost
    Non-designated portorts that block traffic in order to preserve loop free l2 topology
    Disabled Portport that is administratively shutdown
  4. Any port that is not a root or designated port can be blocked.
  5. tie breakers
    1. If multiple paths from bridge are least-cost, bridge uses neighbor bridge with lower bridge ID.  This becomes root port.
    2. If multiple paths from segment leads to least-cost path, lower bridge ID is used to forward msgs to root.  Port attaching that brige becomes designated port.
    3. finally lowest port priority is used.
Data rate STP Cost (802.1D-1998) STP Cost (802.1t-2001)
4 Mbit/s 250 5,000,000
10 Mbit/s 100 2,000,000
16 Mbit/s 62 1,250,000
100 Mbit/s 19 200,000
1 Gbit/s 4 20,000
2 Gbit/s 3 10,000
10 Gbit/s 2 2,000


STP switch port states

STP Port Roles

Timer Comparison

RIP30180 (6x)240 (8x)180
90 (3x)120 (4x)5 second delay +
10 seconds Hold
60 WAN < 1.544Mbps
15 (3x)
STP220 blocking
15 listening
15 learning


IEEE 802.1w (1998)
Cisco proprietary - Rapid PVST+


Per-VLAN Spanning Tree (PVST and PVST+)
show spanning-tree vlan 100


Multiple Spanning Tree Protocol
802.1s merged with 802.1Q-2003


Rapid Per-VLAN Spanning Tree

PortFast and BPDU Guard


BPDU Guard

if you see bpdu, put it into err disable (shut/no shut to clear)
spanning-tree bpduguard enable (port mode)
(global mode)
spanning-tree portfast bpduguard default
spanning-tree portfast default (again global)


VLAN setting in ethernet packet - See 802.1p/Q section in QOS Notes to see packet/header details.

Cisco VLAN Commands

Taken from http://itknowledgeexchange.techtarget.com/cisco/setting-up-a-vlan-with-the-cisco-ios/
Show vlan brief
Show interfaces switchport
Show ip interface brief
Show int trunk

And here is how you would configure a VLAN routing on your router with some show commands:

Router commands
Interface fastethernet 0/4.1
Encapsulation dot1q 10
ip address x.x.x.x y.y.y.y

Interface fastethernet 0/4.2
Encapsulation dot1q 20
ip address z.z.z.z a.a.a.a

Interface fastethernet 4
No shutdown

Show ip interface brief
Show vlans

And here is how you would configure a VLAN on your switch:

Switch commands
Interface fastethernet 0/1
switchport mode trunk

Interface fastethernet 0/2
Switchport access vlan 10
No shutdown

Interface fastethernet 0/5
Switchport access vlan 20
No shutdown

Interface vlan 10
Ip address x.x.x.x y.y.y.y
No shutdown

Interface vlan 20
Ip address x.x.x.x y.y.y.y
No shutdown

Cisco STP and VLAN Commands

sh interfaces switchport
sh spanning tree
Switch0#sh spanning-tree
Spanning tree enabled protocol ieee
Root ID Priority 24577
Address 0003.E475.0A66
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 24577 (priority 24576 sys-id-ext 1)
Address 0003.E475.0A66
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 20

Interface Role Sts Cost Prio.Nbr Type
Fa0/1 Desg FWD 19 128.1 P2p
Fa0/10 Desg FWD 19 128.10 P2p
Fa0/22 Desg FWD 19 128.22 P2p
Fa0/24 Desg FWD 19 128.24 P2p
sh interface trunk
Port Mode Encapsulation Status Native vlan
Fa0/10 on 802.1q trunking 1
Fa0/24 on 802.1q trunking 1

Port Vlans allowed on trunk
Fa0/10 1-1005
Fa0/24 1-1005

Port Vlans allowed and active in management domain
Fa0/10 1,10,20
Fa0/24 1,10,20

Port Vlans in spanning tree forwarding state and not pruned
Fa0/10 1,10,20
Fa0/24 1,10,20
sh vlan brief
sh vtp status
int fa0/24
switchport mode trunk (trunk port passes tags, access port strips)
vlan 10
name <name>
(VLANS stored vlan.dot stored in FLASH)
int vlan 10
ip addr
int <interface>
switchport mode access
switchport access vlan 10
(set spanning tree root)---
spanning-tree vlan <x> priority
spanning-tree vlan <x> root primary
spanning-tree vlan <x> root secondary (wrks in reg STP also)

DTP (Cisco proprietary)

Dynamic Trunking Protocol (DTP)


Dynamic Auto Dynamic Desirable Trunk Access
Dynamic Auto Access Trunk Trunk Access
Dynamic Desirable Trunk Trunk Trunk Access
Trunk Trunk Trunk Trunk Not Recommended
Access Access Access Not Recommended Access
sh dtp interface

VTP (Cisco proprietary)

Comes in 3 modes
  1. Server - create & delete vlans - default - can save VLAN info…can have multiple servers
  2. Client
  3. Transparent - can create or delete vlans, but only local to transparent switch

vtp mode server|client|transparent
vtp domain <domainname>
vtp password <pw>
sh vtp status
Switch0#sh vtp status 
VTP Version : 2
Configuration Revision : 6
Maximum VLANs supported locally : 255
Number of existing VLANs : 7
VTP Operating Mode : Server
VTP Domain Name : davtpdoman
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0x48 0x89 0x20 0xF8 0x87 0x40 0x84 0xE5
Configuration last modified by at 3-1-93 00:44:45
Local updater ID is (no valid interface found)


Some types of msgs:


See IPv4 notes for the IPv4 stuff.
0 1 2 3
1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
Source Port Destination Port
UDP Length UDP Checksumoptional


See IPv4 notes for the IPv4 stuff.

0 1 2 3
1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
Source Port Destination Port
Sequence Number allows packets to be put back in correct order if they get misordered on transport
Acknowledgment Number lists next seq number receiver expects to receive
Offset number of 32-bit words in TCP header
Reserved Ctrl bits
  • URGent field significant
  • ACK
  • PSH - don't buffer
  • RST - Reset connection
  • SYN
  • FIN - no more data from sender
Window Sizenum of bytes sender can accept. TCP Slow Start - TCP reduces window size if segm gets dropped
Checksum Urgent Pointer
Upper Layer Data

Session setup and teardown



General rules:

Some common tcp ports




Typical Command Sequence

Taken from rfc2821.
 S: 220 foo.com Simple Mail Transfer Service Ready
C: EHLO bar.com
S: 250-foo.com greets bar.com
S: 250-SIZE
S: 250-DSN
S: 250 HELP
C: MAIL FROM:<Smith@bar.com>
S: 250 OK
C: RCPT TO:<Jones@foo.com>
S: 250 OK
C: RCPT TO:<Green@foo.com>
S: 550 No such user here
C: RCPT TO:<Brown@foo.com>
S: 250 OK
S: 354 Start mail input; end with <CRLF>.<CRLF>
C: Blah blah blah...
C: ...etc. etc. etc.
C: .
S: 250 OK
S: 221 foo.com Service closing transmission channel


rfc2131 others


Server Message Block - MS file share, Samba


- BASE - front end

Load Balancers (F5 BigIP)


hp openview

OSI and TCP/IP Network Model

7 Application Application - DNS, HTTP, SMTP, FTP, etc....
6 Presentation
  • coding/conversion data
  • compression
  • encryption
5 Session
  • creates and maintains dialogs between src/dest apps
4 Transport Transport
3 Network Internet
2 Data Link Network Access
1 Physical Network Access

Application Layer software

- Applications and Services (e.g. computer services)

Functions specified by App Layer Protocols

WAN Protocols

Leased Line or Circuit Switched



does not impose any restrictions re: trans rate other than DTE/DCE restrictions
LCP (Link Control Protocol)
L2 encapsulation
NCP (Network Control Protocol)
Flag | Address | Control | Protocol | Data | FCS
  1. Link Establishment  LCP opens and negotiations
  2. Link quality determination (optional)  LC tests link to determin link qual is sufficient to bring upNetwork layer.  LCP can delay trans.
  3. Network layer protocol config negotiation. - NCP
---LCP Config Req-->
<--LCP Config Ack---
<----NCP Config---->
PPP Options
     ppp quality <percentage> (cisco interface level)      compress predictor|stack (cisco interface level)      ppp multilink (cisco interface level)
int s0/0
 encaps ppp

sh interface serial 0/0 (look for encapsulation type and 'open')
sh interfaces serial
debug ppp {packet | negotiation | error | authentication |
        compression | cbcp (errors and stats))
PAP Authentication
---username <username>, password-->
username R1 password cisco (global config - other side's
                            username, pws have to match)
ppp authenticatio pap
CHAP Authentication
---username <username>, password-->





Frame Relay





GRE tunnels

interface tunnel1
 ip address
 tunnel source
 tunnel destination