Monday, March 16, 2009

IPv6 From the Ground Up : Part - I Contd.......

From RFC2460, the following information jumps out at you immediately:

- IPv6 is supposedly a succesor to IPv4 (RFC 791). It's uptake (at least in kenya) is a bit discouraging though I get the feeling this will be forced on networks when V4 resources run out.
-Expands the address size from 32 to 128 bits supporting more levels of addressing, more addressable nodes and autoconfiguration. Multicast routing is scaled by using 'scope' and a new address called anycast is defined.
-Header format is simplified to make the packet handling better and limit bandwidth costs.
-Improved support for extensions and other improvements. IPv6 has less stringent limits on length of options.
-another key thing is extension support for authentication and other privacy measures eg confidentiality and integrity can be extended on the header.
-flow labelling capability takes qos to a whole /nother level. eg you can label a flow for which the sender requests special handling eg real time traffic.

IPv6 Header Format as seen on the rfc - modified by my notes:

 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 |Version-4bits|Traffic Class|           Flow Label              |
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 |         Payload Length        |  Next Header  |   Hop Limit   |
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 |                                                               |
 +                                                               +
 |                                                               |
 +                         Source Address                        +
 |                                                               |
 +                                                               +
 |                                                               |
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 |                                                               |
 +                                                               +
 |                                                               |
 +                      Destination Address                      +
 |                                                               |
 +                                                               +
 |                                                               |
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Extension headers:
Optional information is encoded in separate headers placed between the IPv6 header and the upper layer header. this have to be identified by a distinct header value.
  • Headers are not processed until they reach the destination/s. As such a node has to process extension headers strictly in the order they appear in the packet.
  • if the hop-by-hop header , which must be immeadeately following the IPv6 header is present, then it will be processed by all nodes. its presence is indicated by a value zero (0) in the next field header.
  • ICMP code 1 is sent to a sender if a parameter is not understood ie unrecognized. the same is apparently sent to a packet originator if a value zero is found on any header other than the IPv6 header.
  • If more than one extension header is used, there's a specific order they should appear in. (please read the rfc) i definately don't expect this on an exam. However, IPv6 header, hop by hop options, Destination options, routing and fragmentation followed by authentication, encapsulation and security and a destinations headed then an upper layer header is what's listed.
  • Note the two destinations, one is the final destination and the other is the destination listed in the routing header. ie (once before a Routing header and once before the upper-layer header) That still does confuse me.
  • IPv6 will accept extension headers in any order apart from the hop-by-hop optiones one that has to follow the IPv6 header.
  • A destination header is not examined or processed until it reaches the node identified in the Destination Address field of the IPv6 header.
  • Note, the frgment header is just like in IPv4 used to send a packet larger than the path mtu. However this is only done by the source nodes not routers along the path. the value identifying it is 44.
  • each fragment will have an unfragmentable part, a fragment header and the fragment itself. The unfragmentable part has the payload length of the original v6 header changed to contain the fragmented packet length only, the fragment header id's the first header of the fragmentable header of the original packet. Then obviously the fragment lengths must have a resulting MTU of the path being taken to the destination.
  • For reassembly, the packets must have the same source & destination address and fragment identification
  • note, the fragment header doesn't show up in the final reassembled packet.
  • IPv6 requires that the MTU on each link be either equal to or more than 1280 octets. and fragmentation and or reassembly must be procided by a layer below the IPv6.
  • its recommended that IPv6 nodes implement PMTU.
  • IPv4 ttl is renamed to hop-limit . this is because IPv6 nodes are not required to enforce a packets lifetime. applications curently relyin gon the internet layer for ttl purposes have to be upgraded to have a mechanism to detect and discard obsolete packets
Im not generally a fan of RFC's but for topics I don't understand, I'd rather start from there and work out towards the actual configuration with some sound theories behind me...(there's the added fact that Im out of books budget and RFC's are pretty much the source of most info)

further reading:
Authentication 
Encapsulating Security Payload

Posted by JGitau at Monday, March 16, 2009 0 comments

Tuesday, March 10, 2009

IPv6 From the Ground Up : Part - I

The Basics

**Please go through rfc2373 in its entirety. Life will be much easier after that.

Our learning topology is a simple: two routers just to show neighbor discovery: This will mainly be used on PartII and any others that follow.


Understanding IPv6 without using it is might not be easy, however playing around with it while planning a CCIE should set you on the right path.

To get a proper grasp of IPv6, you need to understand:
- A link-local address, site-local and global IPv6 address.
- The loopback address (::1) for the loopback interface
- The multicast addresses of joined groups
- Number of bits on an IPv6 address (128 - bits, 16 bytes)

Also very important, what is a modified EUI-address, its purpose and how its generated. I found it also very important to know and understand IEEE 802 addresses.

Basics on MAC addressing:
The IEEE 802 address consist of 24 bit company identifier and a 24 bit extension ID. this is uniquely assigned and gives you a 48-bit address. This 48-bit address is also called the physical, hardware, or media access control (MAC) address.

EUI-64 Addresses
This addressing extends the '24-bit' extension ID on a MAC address to 40 bits. The company/manufacturer ID is still left at 24-bits. This 64 bits are then used to identify the host/node. This is what is called a link local address. Routers do not forward this addresses.

To convert a MAC address to an EUI address, I use the following method. Note this only gives us the link local address, in part 2 or 3 we'll discuss how the rest of the address is completed/generated....lets use an example:

Host X has a MAC address of 12-34-56-78-90-12
on a router, this would be the burnt in address (bia) or the mac address.

First we insert FFFE between the 3rd and 4th bytes ie between the vendor ID and extension ID which results to 12-34-5F-FF-E6-78-90-12/1234-5678-9012. You can easilly do this by slicing the address into two halves.

Next take the first byte (two characters=1 byte) so in our case the first byte is 12 (note this is in hex) and convert it to binary - 0001 0010.. Take the 7th most significant bit and flip it/or invert it, this gives 0001 0000. Convert this back to hex and you get :
10-34-5F-FF-E6-78-90-12
put this in proper notation for IPv6 and get:
1034:56FF:FE78:9012

In case you get hang up on wording

The IEEE now considers the label MAC-48 to be an obsolete term which was previously used to refer to a specific type of EUI-48 identifier used to address hardware interfaces within existing 802-based networking applications and should not be used in the future. Instead, the term EUI-48 should be used for this purpose.

references:
RFC2373 - IP Version 6 Addressing Architecture
My friend tells me most of what he learnt on IPv6 was solidified at an internetwork experts boot camp so go over to their site and grab some work book, have no idea which one in particular.

Part II
IPv6 Neighbor Discovery:
Posted by JGitau at Tuesday, March 10, 2009 0 comments
Labels: ,

Sunday, March 8, 2009

CCIE motivation

today is a dark dark day, last week was a bit of an anti climax for me, trying to sort things out so I can afford the LAB, figure out the best place to take it (down to brussels, India and or Dubai)... Im thinking some place I havent been and a sibling might be visiting India soon....so hmm why not India for the ccie?

anyway''''my morale is pretty low today, I think its just the thought of getting up to go to work tomorrow, I'm actually starting to look at the CCIE as a means to just switch employers, and do something more intense, challenging...anyway.. cant concentrate much so re-running lord of the rings...hah I also went to an asian fruit market and bought a bunch of froots...., ahh yes also confirmed the order and hopeful delivery of a triathlon kit .

Im done rumbling....oh yes also made payment for the written in April:-)
Posted by JGitau at Sunday, March 08, 2009 1 comments

Tuesday, March 3, 2009

CSM module and a 7613 woes...or fun it depends

So i tried to bring a csm/csg module up on another chassis. All modules, including the Supervisor Engine (if you have redundant Supervisor Engines),
support online insertion and removal (OIR). You can add, replace, or remove modules without interrupting the system power or causing other software
or interfaces to shut down. So no worries there. the colors changed as expected on the LED....then went off........

SUP1234#sh module 13
Mod Ports Card Type                              Model              Serial No.
--- ----- -------------------------------------- ------------------ -----------
13    4  Content Services Gateway               WS-SVC-CSG-1       SAD094906MP

Mod MAC addresses                       Hw    Fw           Sw           Status
--- ---------------------------------- ------ ------------ ------------ -------
13  0013.c39f.1270 to 0013.c39f.1277   1.5   Unknown      Unknown      PwrDown

Mod  Online Diag Status
---- -------------------
13  Not Applicable


so from the above we can tell there's a problem. Hopefully not too serious.

SUP1234#hw-module module 13 reset
Proceed with reload of module?[confirm]
% module 13 is operationally off (Module  Failed SCP dnld)

I only ever had this SCP dnld issue with MWAMS never a CSG/CSM module. I cant even trace back to a bug showing this as a problem...YET.
I tried to power it up manually:

SUP1234#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
SUP1234(config)#power enable module 13

still not shows up as failed SCP dnld....
so resetting the module with hw-module module 13 reset and power enable module 13 both fail to power up my module.
If this were an MWAM i'd assume something buggy, but this is a new module, granted the hardware is a bit newer than the other csg's..

Mod MAC addresses                       Hw    Fw           Sw           Status
--- ---------------------------------- ------ ------------ ------------ -------
1  000f.342c.5318 to 000f.342c.531f   1.4                3.1(3)C7(7)  Ok
2  0011.93b4.5698 to 0011.93b4.569f   1.4                3.1(3)C7(7)  Ok
3  0011.5c81.1e6c to 0011.5c81.1e9b   6.1   6.3(1)       8.5(0.46)RFW Ok
4  0011.5c81.157c to 0011.5c81.15ab   6.1   6.3(1)       8.5(0.46)RFW Ok
5  0001.c9dd.0f5e to 0001.c9dd.0f65   1.4                3.1(3)C7(7)  Ok
6  0002.fcc1.f844 to 0002.fcc1.f84b   1.4                3.1(3)C7(7)  Ok
7  0016.46f9.0c58 to 0016.46f9.0c5b   5.3   8.4(2)       12.2(18)SXF7 Ok
8  0016.c85e.a958 to 0016.c85e.a95b   5.3   8.4(2)       12.2(18)SXF7 Ok
9  0001.c9de.32a0 to 0001.c9de.32a7   1.7                3.1(8)       Ok
10  001b.53bc.b038 to 001b.53bc.b03f   6.1   7.2(1)       2.1(3.0)     Ok
11  0011.92b7.c748 to 0011.92b7.c74f   4.0   7.2(1)       2.1(3.0)     Ok
12  001d.70c4.fc14 to 001d.70c4.fc43   3.0   12.2(18r)S1  12.2(18)SXF7 Ok
13  0013.c39f.1270 to 0013.c39f.1277   1.5   Unknown      Unknown      PwrDown

so check power:
I have enough power....and its the only one not working....Im out of slots on the chassis so I can't move it around....grrrr.....
I'll move it to a different chassis and see....maybe the module got 'corrupt' while being moved from one chassis to another ( i had it somewhere else before) and wanted to spice up my afternoon.

anyone have a clue on this one? id be interested.
Posted by JGitau at Tuesday, March 03, 2009 11 comments

RS blueprint

looking at the Expanded blueprint by IE , I think I understand why multicast is such a pain, I missed out on key areas.....Im re-doing/ re-reading most of th ematerial again.

I could sit for the written any time now but until Im pretty sure of the lab payments there's no need to rush it for now, it how ever means I start preparing for the lab and ensuring nothing gets forgotten.

I have recently renewed two professional certs and while that doesn;t guarantee my written pass all the reading i did after that should get me one...or very very close (its still an exam so I'll keep my fingers crossed:)
Posted by JGitau at Tuesday, March 03, 2009 0 comments
Subscribe to: Posts (Atom)