BGP

• http://www.academ.com/nanog/feb1997/BGPTutorial/index.htm

• http://www.apricot.net/apricot2004/doc/cd_content/23rd%20February%202004/05%20-%20MTF%20-%20BGP%20Introduction%20and%20Deployment%20for%20Services%20-%20Philip%20Smith/APRICOT2004-BGP00.pdf

• http://www.apricot.net/apricot2004/doc/cd_content/23rd%20February%202004/05%20-%20MTF%20-%20BGP%20Introduction%20and%20Deployment%20for%20Services%20-%20Philip%20Smith/APRICOT2004-BGP01.pdf
• http://www.cisco.com/en/US/docs/ios/12_2/ip/configuration/guide/1cfbgp.html

• AS - Autonomous System
• ASN - 16 bit num, 1-64511 public assigned by RIRs, 64512-65534 private use (not on Internet).  Private ASes should be removed so they don't get to public Internet.  For example:
neighbor x.x.x.x remove-private-AS
• 'Originate - insert routing info into external announcements usually as a result of the IGP' - from apricot 2004 part 1 preso listed above
• Traffic flow is always in the opposite direction of flow of Routing info
• Apricot2004-BGP00 pg 44 - IXP - Internet Exchange Point (MAE East, MAE West??)
• Distributed by Regional Internet Registries (RIRs), and upstream ISPs who are members of the RIRs.  
• Originating Prefixes - typical RIR min alloc is /20.  announced subprefixes may not be reachable.  min allocation sizes
• APNIC: www.apnic.net/db/min-alloc.html
• ARIN: https://www.arin.net/knowledge/ip_blocks.html
• LACNIC: unknown
• RIPE NCC: https://www.ripe.net/ripe/docs/ripe-ncc-managed-address-space.html#4
• IANA published addr space assigned to end sites and allocated to RIRs: www.iana.org/assignments/ipv4-address-space

• TCP Port 179 
• Learns multi paths via intern and extern BGP speakers.  Picks best path.
• Best Path sent to external BGP neighbors.
• iBGP works across internal backbone (e.g. between edge eBGP routers?).  Need to be fully meshed (do not pass on iBGP info from other speakers).
• Peer with loop back address (addr never goes down)...
• eBGP used to exchange prefixes with other ASes
• Filter (prefix-list) prefixes sent/received...
• Question - Apricot2004-BGP00 pg 57&58 - why is network same for both AS 100 and AS 101?
• Router ID - usually highest IP addr on router or loopback IP addr.  Can be manually set.
• Some IOS basics
• prefix-lists to filter prefixes
• filter-lists to filter ASNs
• route-maps to apply policy (can be used for filtering...)

Attributes

• Next Hop - well-known mandatory - eBGP addr of external neighbor, iBGP - Next Hop from eBGP, for ibgp use self addr (e.g. loopback addr - neighbor <ipaddr> next-hop-self) - recursive route look-up using IGP
• Origin - well-known mandatory - where prefix comes from - IGP (generated by network statement), EGP (route learned by eBGP), incomplete (redistribution of another routing protocol)
• AS-Path - well-known mandatory - sequence of ASes a route has traversed
• 180.10.0.0/16 300 200 100 - to get to 180.10/16 go throught AS 300, than 200, than 100.
• Aggregator - ip addr of rtr generated aggregated addrs
• Local preference - used between iBGP peers to determine path to use to exit AS.  highest local preference wins for outbound traffic
• MED (Multi-Exit Discriminator) - optional nontransitive - used between eBGP peers.  tells external BGP peers preferred path into AS, when there are multiple paths into AS.  lowest value is preferred.  def val is 0.
• Weight - assigned locally on router to specify preferred path if multi paths exist out of rtr to dest.  Not really an attribute.  

• neighbor <ipaddr> weight 100 to apply weight to all routes from a neighbor
• neighbor <ipaddr> filter-list 3 weight 100 to apply weight filter-list routes from a neighbor

• RPF - Reverse Path Forwarding - Check to make sure packets are arriving via a route that I would send route to...check for spoofing...Multicast RPF, uRPF (unicast RPF)
• Community - group of destinations that share some common attribute.  Common format is <local-ASN>:xx.  Well known communities include:
• internet - default all rtrs belong
• no-export - don't advert route to eBGP peers
• no-advertise - don't advert route to any peer.
• local-as - don't advert to peers outside of local AS

Community example

• Route Selection Criteria - http://jungar.net/network/BGPnotes.htm#BGPRouteSelectCrit
• prepending your AS into AS path increases number of ASes in list...

Route Filter Lists examples

Route Map examples

Additional Capabilities

Route Refresh

Soft Reconfiguration

Peer Groups

• Less configuring and processing from this router out...

BGP Nexthop (NBMA)

Route Flap Dampening

• half-life-time - amount of time for penalty to get back to reuse-value.  default 15 min.
• reuse-value - value which penalty needs to fall to in order to have route re-advertised.  Default is 750.
• suppress-limit - value of penalty when route will be suppressed.  default is 2000.
• maximum-suppress-time - max duration to suppress a stable route.  default is 4 times half-life or 60 min.

Route Reflectors

• route-reflector sends/receives routes to client routers and any other routers.
• route-reflector (RR) and clients form cluster.  All client routers in cluster peer with RRs within cluster.
• RRs also peer with all other RRs in internetwork
• cluster can have more than one RR, but not totally recommended...
• cluster-id added to update (usually router-id (addr or loopback))
• a router may be client of RRs in different clusters for redundancy purposes
• suggested placing RRs with phys topology (e.g. core routers for a PoP)

Confederations

• Another method to reduce iBGP mesh.
• rtrs within private AS in ful iBGP mesh.
• eBGP between private ASes.
• only main AS number seen by external ASes.
• AS-Sequence may show up with parens for private (e.g. (65004 65001) 100)
• LOCAL_PREF, MED and NEXT_HOP preserved with external peers (outside private AS)

Multihoming

• Can be an issue due to typical RIR min alloc is /20.  Things may not be published.
• 'Don't do it unless consequences understood and you are prepared to keep list current' - from APRICOT2004-BGP01.pdf pg23.  ???

• For reg stub network - no BGP, ISP advertises stub network
• For multi-homed stub network (one ISP) - use BGP to loadshare, private AS, ISP advertises stub net
• For multi-homed network with 2+ ISPs - 

Preparing

1. Multihomed to 2 ISPs needs AS number to be applied for.
2. Decide on and deploy IGP (OSPF or ISIS).  QUESTION - Deployed between ISP and Customer?
3. Configure iBGP to run on routers in local network which will be transit path to external connections.
1. full or partial iBGP route mix?
2. scaling technique (peer-groups, RRs, communities)
3. Deploy iBGP with distance greater than IGP distance)
4. install customer prefixes into iBGP
5. Make iBGP dist < IGP...does network work.
6. withdraw cust prefixes from IGP

Plan/Implement to same ISP

• Use BGP with private AS, upstream ISP proxy removes private AS and customer subprefixes.
• 1 link primary, 2nd link backup 
• announce aggregate prefixes on each link, secondary with increased metric
• with loadsharing 
• announce aggregate (e.g. /19) on each link.
• split and announce one split on each link (e.g. /20).
router bgp 65534 (customer rtr)
  network 223.10.0.0 mask 255.255.224.0
  network 223.10.0.0 mask 255.255.240.0
  neighbor 222.222.10.2 remote-as 100
  neighbor 222.222.10.2 prefix-list routerC out
  neighbor 222.222.10.2 prefix-list default in
!
ip prefix-list default permit 0.0.0.0/0
ip prefix-list routerC permit 223.10.0.0/20 (other /20 on other rtr)
ip prefix-list routerC permit 223.10.0.0/19
!
ip route 223.10.0.0 255.255.240.0 null0
ip route 223.10.0.0 255.255.224.0 null0

Plan/Implement to Different ISPs

• Use Public AS or private AS agreed to with other ISP
• Addr space comes from both upstreams or Regional Internet Registry (RIR)
• AS will appear to come through ISPs public ASes.  Acceptable.  Show inconsistent-as with show ip bgp inconsistent-as 
• 1 link primary, 2nd link backup 
• announce agreggate prefix (e.g. /19) on each link, one with longer AS PATH (prepend)
• with loadsharing 
• announce aggregate (e.g. /19) on each link.
• split and announce one split on each link (e.g. /20).
• similar config to 'same ISP - with loadsharing above'
• with more controlled loadsharing 
• link 1 - announce aggregated prefix
• link 2 - announce aggregated prefix with longer AS PATH, announce 1 sub prefix.
• vary sub-prefixsize and AS PATH length.
• this example if more commonplace 

Service Provider Multihoming

• 1 upstream, 1 local peer - connect to upstream transit provider, and local competion to keep local traffic local
• announce aggregate prefix on each link, accept default route only from upstream, accept all routes from local peer
• 1 upstream, local exchange point - connect to upstream transit provider, and local exchange point to keep local traffic local
• announce aggregate prefix on each link, accept default route only from upstream, accept all routes from IXP (Internet Exchange Point)
• 2 upstreams, 1 local peer - connect to both upstream transit providers for external redundancy and diversity (multihoming), connect to local peer to keep local traffic local
• anounce aggregate on each link, accept default route only from upstreams, accept all routes from local peer - not useful in practice especialy for international links - loadsharing is weak
• better configuration - accept default from one upstream and partial routes from the other upstream
• partial routes - carry only routes necessry for loadsharing, filter on AS paths.
• if upstreams do not announce defualt route, use IGP to propagate default from edge/peering rtrs
• 2 tier1 upstreams, 2 regional upstreams, local peers 
• announce aggregate on each link, accept partial/default routes from upstreams, accept all routes from local peer, accept all partial routes (things via their AS, and default at higher (backup) value) from regional upstreams

Internet Data Center (IDC) Multihoming

• For local peers - Accept all routes in, anounce all address space out
• For upstream ISP - 
• IN - Accept partial route from ISP with default set to lower local-preference.  Accept higher local-pref default route from other.
• OUT - Send subprefix, and reg prefix with AS-PATH prepend of 1 AS.  From other, send reg prefix, and send subprefix with AS-PATH prepend of 1 AS.

Communities - loadsharing/backup on mult inter-AS links

2 links to same ISP - primary, backup

• Announce aggregate prefix on each link
• primary - standard
• backup - community
• customer sets community, ISP sets local preference based on community match (coming from customer)
• more complicated that local preference and MEDs, but scales better

• default-originate - send this router as the default route (move this somewhere else)
• IRR (Internet Routing Registry) - large distributed repository storing info on subnets, AS#s, BGP routing policies, etc.  Maintained on voluntary basis; inconsistent and/or out of date...(?)

ISP use of communities - examples

• suggested state public policy in IRR
• use communities to give policy control to customers; reduce tech support burden, and misconfig likelihood

General Switching

Hierarchical Network Model

• Core
• Distribution - routing to local vlans hapens here
• Access

• Scalability
• Redundancy
• Performance
• Security
• Manageability
• Maintainabilty

• Network Diameter - (e.g. ethernet L2 limit is 8 or timers start getting out of sync)
• Bandwidth Aggregation
• Redundancy

Switch Types

• Fixed config
• Stackable
• Modular (like a 6500 w/ cards)

Spanning Tree

STP

• IEEE 802.1d/802.1t
• all vlans use same STP (common spanning tree) CST
• spanning-tree multicast MAC address 01-80-C2-00-00-00
• BPDU happens every 2 seconds
  
• 802.1D States
• Algorithm:

1. Select a root bridge
• bridge with lowest bridge ID
• bridge ID contains unique ID (e.g. mac addr), and configurable prio #
• prio is compaired first.  lowest wins. range 0-61440, default 32768
• If prios are equal, MAC addrs compaired....(lowest wins)
2. Determine least cost paths to root bridge

port states - draw picture/graph calculating states
Root Port	port on non-root bridge closest to root bridge in terms of cost
Designated Port	port on net segment closest to root bridge in terms of cost
Non-designated port	orts that block traffic in order to preserve loop free l2 topology
Disabled Port	port that is administratively shutdown

• each bridge determines cost of each possible path from itself to root.  picks one with smallest cost.  Port connecting to that path becomes root port 
• bridges on a net segment figure out which bridge has least cost path from segment to root.  The port in question becomes the designated port for the segment
3. Any port that is not a root or designated port can be blocked.
4. tie breakers
1. If multiple paths from bridge are least-cost, bridge uses neighbor bridge with lower bridge ID.  This becomes root port.
2. If multiple paths from segment leads to least-cost path, lower bridge ID is used to forward msgs to root.  Port attaching that brige becomes designated port.
3. finally lowest port priority is used.

• STP path cost (based on table in http://en.wikipedia.org/wiki/Spanning_tree_protocol).  Gets added everytime througha switch.

BPDU

• frame contains MAC addr of source addr, STP multicast addr as dest (01:08:C2:00:00:00), and prio.
• Happens every 2 seconds
• Types of BPDUs:
• Config BPDUs, used for STP computation
• Topology Change Notification BPDU announces changes in net topology.  Sent to root.  Root switch sets Top Change flag in normal BPDU.
• Topology Change Notification Ack
• BPDU fields 
• bridge ID - 8 bytes, 2 bytes brige prio, 6 bytes mac addr.
• if mac addr reduction is used - 1st 2 bytes - 4bytes config prio, 12 bits vlan id or MSTP instance #

STP switch port states

• blocking - incoming BPDU can take out of Blocking - 20 second wait for BPDU
• listening - processes BPDUs - 15 seconds - transitions when doesn't rec valid BPDU
• learning - learning source addrs, no fwd, add addrs to switching db. - 15 seconds
• forwarding
• total time - 30-50 seconds
• disabled

STP Port Roles

• Root - fastest interface/path to root bridge
• Designated - fast path to Root
• Non-Designated - Blocking
  

Timer Comparison

RSTP

• 802.1D-2004 incorporates RSTP and obsoletes STP
• STP can take 30-50 seconds to respond to topology change
• RSTP typically takes 3*hello (default is 6 seconds total)
• Edge ports - ports connecting to lan with no other bridges.  Transition directly to forwarding.  Monitor for BPDUs, in case bridge is added.
• port roles
• root - best port to get out of router towards root
• designated - best port to get out of segment (sort of into bridge) to get towards root
• alternate - alt path to root bridge
• backup - redundant path to seg where another bridge port connects
• disabled
• New BPDUs with new spanning tree info can be sent from upstream/new bridges.  If receiving bridges agree that new info provides better paths, than first bridge can rapidly transition to forwarding, bypassing listening/learning
• TC bit gets set in BPDU for topology change

PVST

• Cisco Proprietary - Extreme supports PVST+ except for untagged or VLAN ID 1
• PVST uses ISL (Cisco Propr VLAN encaps)
• PVST+ uses 802.1Q encaps.
• in PVST+, bridge id field has to carry vlan info - add vlan num to priority

show spanning-tree vlan 100

MSTP

• per VLAN.  blocks all but one of possible alt paths wihin each spanning tree
• encodes additional region info after standard RSTP BPDU, and a number of MSTI (Multiple Span Tree Instance) config msgs.  
• Each MSTI config msg conveys span tree info for each instance.  
• Each instance can be assigned number of config'ed VLANs.
• bridges encode MD5 digest of VLAN in MSTP BPDU.
• compatible with RSTP.  RSTP bridge sees MSTP region as single RSTP bridge.
• msg age time incr only once when span tree info enters MST region.
• Ports at edge of MST region known as boundary ports.  Can be configured as edge ports. 
• IST - 802.1s Internal Spanning Tree - MSTI0 (see below) - default/special STP instance 0.  Carries RTSP info for IST, and files like config name, rev #, hash value of VLAN to STP instance mapping table (easy to detect misconfig on neighboring switches).
• MSTI - mult span tree instances - each MSTI may assign diff prios/costs to switches, links, ports.  MSTIs info piggybacked in IST BPDUs in MRecord fields (carries root prio, desig bridge prio, port prio, root path, etc).
• MSTP (without RSTP, STP,(R)PVST+) uses MaxHops (root is MaxHops, every bridge decrements, when zero, BPDU is ignored, this bridge is not the IST root(?)).
• DO NOT USE "VLAN pruning" static method of distr VLANs with MSTP enabled.  You get bad blocks.
• Do USE separate TP for each logical topology (MSTI).

R-PVST

• Cisco proprietary
• combines RSTP and PVST
  

PortFast and BPDU Guard

PortFast

• promise end station only non bpdu
• tells port to bypass STP Listening and Learning states

spanning-tree portfast

BPDU Guard

spanning-tree bpduguard enable (port mode)
OR
(global mode)
spanning-tree portfast bpduguard default
spanning-tree portfast default (again global)

VLANs

Cisco VLAN Commands

• native vlan is mgmt - untagged - reccomended you dont use vlan 1

Show vlan brief
Show interfaces switchport
Show ip interface brief
Show int trunk

And here is how you would configure a VLAN routing on your router with some show commands:

Interface fastethernet 0/4.1
 Encapsulation dot1q 10
 ip address x.x.x.x y.y.y.y 

Interface fastethernet 0/4.2
 Encapsulation dot1q 20
 ip address z.z.z.z a.a.a.a

And here is how you would configure a VLAN on your switch:

Interface fastethernet 0/1
 switchport mode trunk

Interface fastethernet 0/2
 Switchport access vlan 10
 No shutdown

Interface fastethernet 0/5
 Switchport access vlan 20
 No shutdown

Interface vlan 10
 Ip address x.x.x.x y.y.y.y
 No shutdown

Interface vlan 20
 Ip address x.x.x.x y.y.y.y
 No shutdown

Cisco STP and VLAN Commands

sh interfaces switchport
sh spanning tree
Switch0#sh spanning-tree 
 VLAN0001
 Spanning tree enabled protocol ieee
 Root ID Priority 24577
 Address 0003.E475.0A66
 This bridge is the root
 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

 Bridge ID Priority 24577 (priority 24576 sys-id-ext 1)
 Address 0003.E475.0A66
 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
 Aging Time 20

 Interface Role Sts Cost Prio.Nbr Type
 -------------------------------------
 Fa0/1 Desg FWD 19 128.1 P2p
 Fa0/10 Desg FWD 19 128.10 P2p
 Fa0/22 Desg FWD 19 128.22 P2p
 Fa0/24 Desg FWD 19 128.24 P2p
 sh interface trunk
 Port Mode Encapsulation Status Native vlan
 Fa0/10 on 802.1q trunking 1
 Fa0/24 on 802.1q trunking 1

 Port Vlans allowed on trunk
 Fa0/10 1-1005
 Fa0/24 1-1005

 Port Vlans allowed and active in management domain
 Fa0/10 1,10,20
 Fa0/24 1,10,20

 Port Vlans in spanning tree forwarding state and not pruned
 Fa0/10 1,10,20
 Fa0/24 1,10,20
sh vlan brief
sh vtp status
---
int fa0/24
 switchport mode trunk (trunk port passes tags, access port strips)
---
vlan 10
 name <name>
(VLANS stored vlan.dot stored in FLASH)
---
int vlan 10
 ip addr 10.10.10.1 255.255.255.0
---
int <interface> 
 switchport mode access
 switchport access vlan 10
---(set spanning tree root)---
spanning-tree vlan <x> priority
spanning-tree vlan <x> root primary
spanning-tree vlan <x> root secondary (wrks in reg STP also)

DTP (Cisco proprietary)

• Tries to force adjacent port to become a trunk
• VLANs Only
  

Modes

• on - forces switch to become a trunk (switchport mode trunk)
• auto - will not establish trunking with on 
• desirable - by default all ports in this state (try to trunk)
• off

VTP (Cisco proprietary)

1. Server - create & delete vlans - default - can save VLAN info…can have multiple servers
2. Client
3. Transparent - can create or delete vlans, but only local to transparent switch

• Creation/deletion propagates vlans to all servers and clients.
• revision number triggers propagation of VLAN.
• configuration rev # (0 - 2million?)
• auto incremented
• VTP refreshes DB every 5 minutes?
• Make sure vtp domain & password hash match
• UP to 4096 VLANs

---
vtp mode server|client|transparent
vtp domain <domainname>
vtp password <pw>
sh vtp status

Switch0#sh vtp status 
VTP Version : 2
Configuration Revision : 6
Maximum VLANs supported locally : 255
Number of existing VLANs : 7
VTP Operating Mode : Server
VTP Domain Name : davtpdoman
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0x48 0x89 0x20 0xF8 0x87 0x40 0x84 0xE5 
Configuration last modified by 0.0.0.0 at 3-1-93 00:44:45
Local updater ID is 0.0.0.0 (no valid interface found)

ICMP

• Echo/Echo Reply
• Destination Unreachable - codes include
• 0 - net unreachable
• 1 - host unreachable
• 2 - protocol unreachable
• 3 - port unreachable
• Time Exceeded (TTL decremented to 0)
• Redirect - better route is available - used when gw and source host are on same physical net
• Source Quench - tells source to temp stop sending packets (e.g. rtr buffer space low)

UDP

TCP

Session setup and teardown

----SYN--->
<-SYN/ACK--
----ACK--->
..session..
----FIN--->
<---ACK----
<---FIN----
----ACK--->

Ports

• 0-1023 Well Known
• 1024-49151 User Defined
• 49152-66335 Dynamically assigned

Some common tcp ports

• 20 - ftp data
• 21 - ftp control
• 22 - ssh
• 23 - telnet
• 24 - smtp
• 53 - dns
• 110 - pop

HTTP

SMTP

• rfc821, rfc2821
• TCP port 25
• MUA - Mail User Agent
• MTA - Mail Transfer Agent - mail is for user on another server
• MDA - Mail Delivery Agent - mail is for user on local server.

Commands

• HELO - IDs SMTP client to svr
• EHLO - newer version of HELO, includes svc extensions
• MAIL FROM - IDs sender
• RCPT TO - IDs recipient
• DATA - IDs body of msg

Typical Command Sequence

 S: 220 foo.com Simple Mail Transfer Service Ready
 C: EHLO bar.com
 S: 250-foo.com greets bar.com
 S: 250-8BITMIME
 S: 250-SIZE
 S: 250-DSN
 S: 250 HELP
 C: MAIL FROM:<Smith@bar.com>
 S: 250 OK
 C: RCPT TO:<Jones@foo.com>
 S: 250 OK
 C: RCPT TO:<Green@foo.com>
 S: 550 No such user here
 C: RCPT TO:<Brown@foo.com>
 S: 250 OK
 C: DATA
 S: 354 Start mail input; end with <CRLF>.<CRLF>
 C: Blah blah blah...
 C: ...etc. etc. etc.
 C: .
 S: 250 OK
 C: QUIT
 S: 221 foo.com Service closing transmission channel

DHCP

• Discover - (broadcast) Are there DHCP (bootp) svrs out there?
• Offer - (unicast?) Server response
• Request - (broadcast) - client IDs svr and leas that client is accepting
• Ack - (unicast) - Svr acks client that lease is finalized (NAK otherwise)

• Inform (Broadcast) - client asking for local config params; already had externally configured net addr
• Release (Unicast) - client releases net addr and cancels remaining lease
• Decline (broadcast) - client declines use of IP addr supplied by svr
• NAK - Server indicating client's notion of network addr is incorrect (e.g. client moved to new subnet) or client's lease expired

SMB

IDS/IPS

Load Balancers (F5 BigIP)

Monitoring

OSI and TCP/IP Network Model

Application Layer software

Functions specified by App Layer Protocols

• processes at either end
• types of msgs - reqs acks, data, status, error
• syntax - field order, size, etc.
• meaning of fields
• msg dialogs - msg and responses acceptable

WAN Protocols

Leased Line or Circuit Switched

HDLC

• Flag - 01111110
• Header
• Address - usually broadcast in point-to-point
• Control (1 or 2 bytes)
• Info frame - carries upper layer info and some control - Rec Seq #, Poll final, Send Seq #, 0
• Supervisory frame - provide control info - Rec Seq #, Poll final, Function code, 0, 1
• Unnumbered frame - unsequenced control - Function code, Poll final, Functoin code, 1, 1
• Protocol - IPX, IP, etc. - Cisco custom - field stolen from data portion of frame
• Data
• FCS
• Flag - 01111110

PPP

LCP (Link Control Protocol)

• sets up PPP conn adn params
• LCP terms PPP conn
  
• handles varying limits on packet size
  
• detect common misconfig edrrors
  
• determine link functioning properly
  
• LCP negotates encaps formats (authent, compress, error detection)
  

NCP (Network Control Protocol)

• PPP IPCP works with IP, IPXCP works with IPX, etc…
• handles higher layer protocol
• NCP enables ISO L3 protocol
  

Frame

Phases

1. Link Establishment  LCP opens and negotiations
2. Link quality determination (optional)  LC tests link to determin link qual is sufficient to bring upNetwork layer.  LCP can delay trans.
3. Network layer protocol config negotiation. - NCP

---LCP Config Req-->
<--LCP Config Ack---
<----NCP Config---->
<----Echo-Request---
-----Echo-Reply----->

PPP Options

• PAP or CHAP

• Compression - Stacker (more CPU), predictor (more memory)

• Multi-link

• PPP Callback
• MRU (Max Rec Unit)
• Async Contro Map (escape char)
• Magic Number

PAP Authentication

• Basic unencrypted username pw
• 2 way handshake

CHAP Authentication

• 3 way handshake
• periodic challenges

SLIP

Packet-Switched

Frame Relay

ATM

X.25

WiFi

GRE tunnels