NAT PRECEDENCE
==============
1. Existing XLate
2. NAT 0
3. Satic NAT
3. Dynamic NAT, nat (inside)
Sunday, May 16, 2010
Tuesday, May 11, 2010
Sometimes Answers will be a Question !!!! Route Precedence
Recently I got a call from one of my followers, asking if we have three routes
10.10.10.0/24 via bgp
10.10.10.0/24 via ospf
10.10.0.0/16 via eigrp
which route will take for 10.10.10.1??
Now the basic funda is,
Route selection precedence is as follows
1. Most Specific route
2. AD value
3. Metric
Now here most specific routes are
10.10.10.0/24 via bgp
10.10.10.0/24 via ospf
Now AD value will come in the picture as tie breaker....
Take a look at the following Table for AD values
Default Administrative Distances
Connected 0
Static 1
eBGP 20
EIGRP (internal) 90
IGRP 100
OSPF 110
IS-IS 115
RIP 120
EIGRP (external) 170
iBGP 200
EIGRP summary route 5
Now the Answer is a question, Which BGP route was that, EBGP or IBGP??
If it is IBGP (AD value: 200), OSPF routes will get precedence…. Else it gonna take BGP routes (AD Value: 20)
10.10.10.0/24 via bgp
10.10.10.0/24 via ospf
10.10.0.0/16 via eigrp
which route will take for 10.10.10.1??
Now the basic funda is,
Route selection precedence is as follows
1. Most Specific route
2. AD value
3. Metric
Now here most specific routes are
10.10.10.0/24 via bgp
10.10.10.0/24 via ospf
Now AD value will come in the picture as tie breaker....
Take a look at the following Table for AD values
Default Administrative Distances
Connected 0
Static 1
eBGP 20
EIGRP (internal) 90
IGRP 100
OSPF 110
IS-IS 115
RIP 120
EIGRP (external) 170
iBGP 200
EIGRP summary route 5
Now the Answer is a question, Which BGP route was that, EBGP or IBGP??
If it is IBGP (AD value: 200), OSPF routes will get precedence…. Else it gonna take BGP routes (AD Value: 20)
Thursday, May 6, 2010
Checkpoint : How to Find the the Management Interface
It will be gud if you know the one who controls you.. So I was thinking how to get it in SPLAT and I was sure that they are storing it somewhere as they ask during configuration...
Finally I found the file:
more /etc/sysconfig/external.if
Finally I found the file:
more /etc/sysconfig/external.if
Sunday, May 2, 2010
GRE is like Girls!!! - GRE Tunnel in IPSEC - there will be twists in the Story...
Atleast I could not sleep for two dayz thinking, why GRE (Generic Routing Encapsulation) is required in IPSec when we run Dynamic Routing Protocols...
I talked to techies which I ever trust... all said "its required" but their answers were not enuf for me to sleep... eventually I reached office very early.. Started with my friend Google... My biggest confusion was IPSec works in Layer 3 , why they cant accommodate the dynamic routing protocol which runs on the same layer... Why it is not compatible... ??
Finally I found the answer... Its nothing but IPSec doesnt support Multicast Traffic.. I recalled my routing KB, yeas,,, most of the routing updates are done with Multicast.. So they needed a work around, and hence GRE into the scene... Now what is GRE....??
GRE is nothing but, type of a VPN, which create a virtual tunnel towards the destination from a particular source..
It hides the Multicast Packets, generated by your D. Routing Protocol and fools IPSEC, pretending that its a normal IP Packet.. I felt GRE is just like girls, hiding so many things in them and pretends everything normal...
Now, is GRE is only meant for IPSEC?? Answer is simplee.. NO.. whenever you want to hide something from your transit path, can do the same..
It seems nothing wrong in hiding something and fooling someone .... here is the twist, there will be overheads for these type of packets.. Did you forget the MSS value... ?? So beware those who fools someone.. there will be twists in the Story...
I talked to techies which I ever trust... all said "its required" but their answers were not enuf for me to sleep... eventually I reached office very early.. Started with my friend Google... My biggest confusion was IPSec works in Layer 3 , why they cant accommodate the dynamic routing protocol which runs on the same layer... Why it is not compatible... ??
Finally I found the answer... Its nothing but IPSec doesnt support Multicast Traffic.. I recalled my routing KB, yeas,,, most of the routing updates are done with Multicast.. So they needed a work around, and hence GRE into the scene... Now what is GRE....??
GRE is nothing but, type of a VPN, which create a virtual tunnel towards the destination from a particular source..
It hides the Multicast Packets, generated by your D. Routing Protocol and fools IPSEC, pretending that its a normal IP Packet.. I felt GRE is just like girls, hiding so many things in them and pretends everything normal...
Now, is GRE is only meant for IPSEC?? Answer is simplee.. NO.. whenever you want to hide something from your transit path, can do the same..
It seems nothing wrong in hiding something and fooling someone .... here is the twist, there will be overheads for these type of packets.. Did you forget the MSS value... ?? So beware those who fools someone.. there will be twists in the Story...