Trong quá trình đồng bộ database khi router nhận các DD packet, router sẽ kiểm tra xem LSA header trong DD packet nếu không có trong database của nó thì những LSA này ghi lại vào Link State Request list. Router sẽ gửi một hay một vài Link State Request packet hỏi neighbor về LSA đó. Định dạng của Link State Request packet như sau: Error! Link State Type: xác định loại LSA (router LSA, network LSA ). Link State ID: xác định ra LSA header.\ Advertising Router: là router ID của router mà gửi LSA. d/ The Link State Update Packet Nó được sử dụng khi flood LSA và gửi LSA trả lời cho Link State Request packet. Error! Number of LSAs: xác định số LSA trong packet này. LSAs: là full LSA (header + data). Mỗi update có thể mang nhiều LSA tới maximum kích thước của packet cho phép trên link. f/ The Link State Acknowledgment Packet Được sử dụng để tạo quá trình flood các LSA môt cách tin cậy (reliable). Định dạng như sau: Error! (nguồn chuyenviet.com 100 CÂU HỎI KỸ THUẬT VỀ MẠNG CISCO THUỜNG GẶP ****************************************************************** ******** From: Question 1 Subject: What does ``cisco'' stand for? cisco folklore time: At one point in time, the first letter in cisco Systems was a lowercase ``c''. At present, various factions within the company have adopted a capital ``C'', while fierce traditionalists (as well as some others) continue to use the lowercase variant, as does the cisco Systems logo. This FAQ has chosen to use the lowercase variant throughout. cisco is not C.I.S.C.O. but is short for San Francisco, so the story goes. Back in the early days when the founders Len Bosack and Sandy Lerner and appropriate legal entities were trying to come up with a name they did many searches for non similar names, and always came up with a name which was denied. Eventually someone suggested ``cisco'' and the name wasn't taken (although SYSCO may be confusingly similar sounding). There was an East Coast compa ny which later was using the ``CISCO'' name (I think they sold in the IBM marketplace) they ended up having to not use the CISCO abberviation. Today many people spell cisco with a capital ``C'', citing problems in getting the lowercase ``c'' right in publications, etc. This lead to at least one amusing article headlined ``Cisco grows up''. This winter we will celebrate our 10th year. [This text was written in July of 1994 -jhawk] ****************************************************************** ******** From: Question 2 Subject: How do I save the configuration of a cisco? If you have a tftp server available, you can create a file on the server for your router to write to, and then use the write network command. From a typical unix system: mytftpserver$ touch /var/spool/tftpboot/myconfig mytftpserver$ chmod a+w /var/spool/tftpboot/myconfig myrouter#copy running-config tftp Remote host [10.7.0.63]? 10.7.0.2 Name of configuration file to write [myrouter -confg]? myconfig Write file foobar on host 10.7.0.2? [confirm] y ****************************************************************** ******** From: Question 3 Subject: How can I get my cisco to talk to a third party router over a serial link? You need to tell your cisco to use the same link-level protocol as the other router; by default, ciscos use a rather bare variant of HDLC (High-level Data Link Control) all link-level protocols use at some level/layer or another. To make your cisco operate with most other routers, you need to change the encapsulation from HDLC to PPP on the relevant interfaces. For instance: sewer-cgs#conf t Enter configuration commands, one per line. Edit with DELETE, CTRL/W, and CTRL/U; end with CTRL/Z interface serial 1 encapsulation ppp ^Z sewer-cgs#sh int s 1 Serial 1 is administratively down, line protocol is down Hardware is MCI Serial MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255 Encapsulation PPP, loopback not set, keepalive set (10 sec) ^^^^^^^^^^^^^^^^^^^^^^^^^^ [ ] If you're still having trouble, you might wish to turn on serial interface debugging: sewer-cgs#ter mon sewer-cgs#debug serial-interface ****************************************************************** ******** From: Question 4 Subject: How can I get my cisco to talk to a 3rd-party router over Frame Relay? You should tell your cisco to use ``encapsulation frame-relay ietf'' (instead of ``encapsulation frame-relay'') on your serial interface that's running frame relay if your frame relay network contains a diverse set of manufacturers' routers. The keyword ``ietf'' specifies that your cisco will use RFC1294-compliant encapsulation, rather than the default, RFC1490-compliant encapsulation (other products, notably Novell MPR 2.11, use a practice sanctioned by 1294 but deemed verbotten by 1490, namely padding of the nlpid). If only a few routers in your frame relay cloud require this, then you can use the default encapsulation on everything and specify the exceptions with the frame-relay map command: frame-relay map ip 10.1.2.3 56 broadcast ietf ^^^^ (ietf stands for Internet Engineering Task Force, the body which evaluates Standards-track RFCs; this keyword is a misnomer as both RFC1294 and RFC1490 are ietf-approved, however 1490 is most recent and is a Draft Standard (DS), whereas 1294 is a Proposed Standard (one step beneath a DS), and is effectively obsolete). ****************************************************************** ******** From: Question 5 Subject: How can I use debugging? The ``terminal monitor'' command directs your cisco to send debugging output to the current session. It's necessary to turn this on each time you telnet to your router to view debugging information. After that, you must specify the specific types of debugging you wish to turn on; please note that these stay on or off until changed, or until the router reboots, so remember to turn them off when you're done. Debugging messages are also logged to a host if you have trap logging enabled on your cisco. You can check this like so: sl-panix-1>sh logging Syslog logging: enabled (0 messages dropped, 0 flushes, 0 overruns) Console logging: level debugging, 66 messages logged Monitor logging: level debugging, 0 messages logged Trap logging: level debugging, 69 message lines logged Logging to 198.7.0.2, 69 message lines logged sl-panix-1> If you have syslog going to a host somewhere and you then set about a nice long debug session from a term your box is doing double work and sending every debug message to your syslog server. Additionally, if you turn on some thing that provides copious debugging output, be careful that you don't overflow your disk (``debug ip-rip'' is notorious for this). One solution to this is to only log severity ``info'' and higher: sl-panix-1#conf t Enter configuration commands, one per line. End with CNTL/Z. logging trap info The other solution is to just be careful and remember to turn off debugging. This is easy enough with: sl-panix-1#undebug all If you have a heavily loaded box, you should be aware that debugging can load your router. The console has a higher priority than a vty so don't debug from the console; instead, disable console logging: cix-west.cix.net#conf t Enter configuration commands, one per line. End with CNTL/Z. no logging console Then always debug from a vty. If the box is busy and you are a little too vigorous with debugging and the box is starting to sink, quickly run, don't walk to your console and kill the session on the vty. If you are on the console your debugging has top prioority and then the only way out is the power switch. This of course makes remote debugging a real sweaty palms adventure especially on a crowded box. ****************************************************************** ******** From: Question 6 Subject: How do I avoid the annoying DNS lookup if I have misspelled a command? Use the command No ip domain -lookup ****************************************************************** ******** From: Question 7 Subject: How to use access lists Where in the router are access lists applied? In general, Basic access lists are executed as filters on outgoing interfaces. Newer releases of the cisco code, such as 9.21 and 10, do have increased ability to filter on incoming ports. Certain special cases, such as broadcasts and bridged traffic, can be filtered on incoming interfaces in earlier releases. There are also special cases involving console access. Rules, written as ACCESS-LIST statements, are global for the entire cisco box; they are activated on individual outgoing interfaces by ACCESS-GROUP sub commands of the INTERFACE major command. Filters are applied after traffic has entered on an incoming interface and gone through a routing process; traffic that originates in a router (e.g., telnets from the console port) is not subject to filtering. + + | GLOBAL | | | | Routing | | ^ v Access | | ^ v Lists | +-^ v ^ v-+ | ^ v ^ v | | ^ v ^ v | A >|-| |>>>>Access >> >B |1 Group 2 | < | |< | | | | + + Some types of ``filter,'' using ``filter'' as a broader class than ACCESS-LIST, can operate on incoming traffic. For example, the INPUT- SAP-FILTER used for Novell networks is applied to Service Advertisement Packets (SAP) seen at incoming interfaces. In general, incoming filtering can only be done for ``system'' : >from the first entry >"4.24.7.77 (metric 345601) from 165.117.1.127" > it looks like Genuity 4.24.x.x is learning this from Digex >165.117.1.127 >Why would Genuity learn their own address from Digex. No, it means that *this* router (Digex's router at MAE -EAST) learned the route from 165.117.1.127. Since Digex doesn't connect to Genuity at MAE-EAST (tier 1 ISPs use private peering amongst each other, we only use the public exchanges to connect with smaller ISPs), it has to learn Genuity routes via the Digex backbone. >Also could I assume that just because there is no path with AOL in it >that AOL doesn't have a path to them? No. The looking glass is just showing the routes from Digex to the destination. Why would traffic from Digex to Genuity go through AOL? ****************************************************************** ******** From: Question 96 Subject: When using Tunnel with an interface that has an ACL, what happens? >I'm doing an IP tunnel between 2 routers with the command >interface tunnel which has the ethernet0 source. >Is the access-list applied on the ethernet0 inbound although filter the >tunnel traffic ? Yes. When traffic arrives, it will first be processed by the ethernet interface's inbound access list. If it is permitted in, the router will then de-encapsulate the tunnel traffic, and it will be processed by the tunnel interface's inbound access list. ****************************************************************** ******** From: Question 97 Subject: Do I need a Xover cable when using 1000Base-T? Answer by: rich@richseifert.com (Rich Seifert) > It guess it depends on the 1000baseT NICs. On mine, I've used both a > crossover cable and a stright thru cable just fine to connect two NICs. > They autonegotiate Correct. First of all, 1000BASE-T *requires* Auto- Negotiation; it isn't designed to work without it. Second, most 1000BASE- T equipment implements a function that detects whether the cable is straight-through or crossover, and automatically configures itself to work either way. (During the startup training, it can tell how the pairs are connected, and connect each pair to the appropriate decoder module.) ****************************************************************** ******** From: Question 98 Subject: How dow I break the "Rule of Ten" for BGP Load balancing? Answer by: "Cajun" <cajun@cyberspace.org> That's not true. BGP WILL join two lines AND load balance across them. The trick is, you have to make every single one of the "Rule of Ten" rules equal; which is not a difficult thing to do. Weights, MED's, Local Prefence, AS-Path, etc, will all most likely be identical, provided both T1' s come from the same provider (yes, I know he said they're different providers.) You can load-balance with BGP across two links, provided the links terminate on the same router on both end. With everything else being equal, BGP will snag on the last rule, using the IP address of the interfaces to decide which path to take. All you have to do is break that last rule and you're home free. Here's how you do it: 1) Place static routes on each router pointing across each link to get to the other's loopback address. 2) Set up your neighbor statements with each other's loopback address. 3) Put in a neighbor statement with an update-source of your loopback address. 4) Enter another neighbor statement with ebgp-multihop. BAM You're done. You've just now broken the "Rule of Ten." BGP will have no choice but to enter two routes into the routing table, which will load balance. ****************************************************************** ******** From: Question 99 Subject: How do I only accept a 0/0 Route but advertise my 30 addresses via BGP? router bgp ##### no sync advertise your address block network 1.2.3.a mask 255.255.255.224 neighbor x.x.x.x remote-as x neighbor x.x.x.x filter-list 1 out neighbor x.x.x.x distribute-list 1 in neighbor y.y.y.y remote-as y neighbor y.y.y.y filter-list 1 out neighbor y.y.y.y distribute-list 1 in IBGP between the two routers neighbor 1.2.3.b remote-as ##### Only advertise locally-originated routes, not transit routes ip as-path access-list 1 permit ^$ Only accept a default route access-list 1 permit 0.0.0.0 ****************************************************************** ******** From: Question 100 Subject: Should I turn off console loggin?? Crashinfo reads from the log buffer, not the console itself. If you want to have console messages included in crashinfo, you may turn on logging console BUT you also want to be sure logging buffered is on. Once logging buffered is on, console messages do not go to the physical console port and the interrupt problem is circumvented. > My question is if it is good default practice to turn off console > logging or not? You should turn it off unless you are using logging buffered. It is off by default in modern IOS versions. >And on router (e.g. 7200 and 2600) that have console > logging disable, would it reduce the useful info on crashinfo file when > the router crashed? Yes. But again, it will only save information from 'logging buffered.' So if you want the information, you can turn on logging console, but only if you also use logging buffered . ``system'' : >from the first entry >"4 .24. 7.77 (metric 345601) from 165.117.1.127" > it looks like Genuity 4 .24. x.x is learning this from Digex >165.117.1.127 >Why. ****************************************************************** ******** From: Question 4 Subject: How can I get my cisco to talk to a 3rd-party router over Frame Relay? You should tell your cisco to use ``encapsulation frame-relay ietf''. ****************************************************************** ******** From: Question 3 Subject: How can I get my cisco to talk to a third party router over a serial link? You need to tell your cisco to use the same link-level protocol