CCNA Data Center 640-911 DCICN – Note 18, IPv6 Introduction

This is my first blog in 2016, I have been on holiday mode as I have been on one the longest annual leave in my life. Hope you understand the family commitment when you and your kids are on summer holiday (here in Sydney, Dec/Jan/Feb is blazing summer).

 

IPv6, the history and does it really matter to you or anyone?

The simple answer is YES, then why? The single biggest driver behind the development and introduction of IPv6 is  a long prediction of lack of usable IPv4 IP addresses since the explosion of World Wide Web (www) in 1995. The www development goes back to 1991 and then the introduction of grandfather web browser, Mosaic was first introduced in 1993. By year 1995, one third of IPv4 addresses were consumed, by year 2000, half of all IPv4 addresses were use.

As reviewed in previous notes, IPv4 consists of 32 bit address structure and theoretically that should give us 2 to the power of 32 IP addresses, that is 4294967296 IP addresses or roughly, 4.3 billion IP addresses . But not all IP addresses are usable such as the reserved IP addresses for private network use as well as the Class E addresses reserved for development and testing purposes. In other words, only around 2.5 billion IP addresses are true usable addresses. If you just check out our world’s population today ( http://www.worldometers.info/world-population/, China = 1.407 billion and India = 1.2912 billion people,), just looking at top two countries’ population figures, you can feel the IPv4 address shortage on your skin. The trend is that the world’s network has been doubling in size every year for the past 15 years. (https://en.wikipedia.org/wiki/IPv4_address_exhaustion)

With the advancement of new technologies comes the rapid deletion of available IPv4 IP addresses. Anything that’s related to mobile communications and entertainment as well as all other areas seems to be needing more and more IP addresses for everyday use. In the past, it was expected that all the IPv4 addresses would be depleted by 2011 but it is 2016 and we are still using IPv4 address without much thought, all thanks to the counter measures put into place to slow down the IPv4 IP address deletion. e.g.) The fine art of sub-netting, a practical use of DHCP and IP Natting.

 

 Quick note on history of IPv6:

1990 – IETF had predicted that all class B IPv4 IP addresses will be deleted by 1994
1991 Nov – IETF formed  ROAD (ROuting and ADress) Group in Santa Fe, US.
1995 – IPNG (IP Next Generation) Workgroup had written and submitted ‘RFC 1883’, this RFC has become the foundation of current IPv6.
1996 – 6Bone was introduced. 6Bone was a test-bed for IPv6 vulnerabilities connecting 57 countries across 1100 sites.
1999 – IPv6 Forum was launched to standardize the use of IPv6
2006 Jul 06 – 6Bone was decommissioned after 10 years of testing.
Current – Majority of IP products are manufactured with IPv6 capabilities and compatibility. IPv6 is slowly phasing out IPv4 around the world.

Source: https://en.wikipedia.org/wiki/IPv6

 

Quick note on 10 Advantages (Characteristics) of IPv6:
1. Larger IP address space than IPv4, 32 bits based IPv4 vs 128 bits based IPv6
2. Better end-to-end connectivity than IPv4
– peer-to-peer application connections such as games, video conferencing, file sharing and VoIP
– No need to use NAT as the shortage of addresses is thing of IPv4
3. Plug-n-Play feature of IPv6
– plug-and-play auto-configuration, e.g.) DHCPv6
4. Simplified Header structures leading to faster routing
5. Better security features
– use of IPSec (a built-in feature)
6. Improved QoS features
7. Improved Multicast and Anycast abilities
8. Better mobility features
9. Ease of administration over IPv4
10. IPv6 follows the key design principles of IPv4

Source: http://www.ipv6.com/articles/general/Top-10-Features-that-make-IPv6-greater-than-IPv4.htm

In the next section, we will look at some characteristics of IPv6 and then in the final section of IPv6, I will demonstrate IPv6 in a simple lab. Happy blogging, reading and all the best with your learning and career in 2016.

Advertisements

CCNA Data Center 640-911 DCICN – Note 17, IPv4 Revisited (A primer to IPv6 introduction)

A little history on IPv4:
1981 – started using IPv4
1985 – 1/16 of all available IPv4 addresses used
1991 – introduction of WWW
1995 – 1/3 of all available IPv4 addresses used
2000 – 1/2 of all available IPv4 addresses used
Some facts about IPv4:
* IPv4 uses 32bit addressing
* There are 2^32 number of IP addresses, this is approximately 4 Billion three hundred million usable addresses.
(please read one of the previous notes on the reserved IP addresses).
* In reality, there are only approximately 2 billion five hundred million usable IPv4 addresses.

Known issues with IPv4:
* Limited number compared to current and future usage
* Unnecessarily large IP Header, routers are not able to cope with processing packets with large headers
* Cumbersome IP address allocation method
* Requirement for DHCP services, introducing another server and maintenance
* Use of aggregation to bind a number of routing tables, making routing table complex and slow
* Inefficient level of security and mobile IP support
Methods to counter the known IPv4 issues?
* Network Address Translation (NAT)
– Use private IP addresses on the internal network, use public address only when going out to the internet
– Requires time for IP address translation
– Possible End-to-End user application compatibilities
* Subnetting
– a method of being thrifty in IPv4 address usage, originally subnetting was not in wide spread use, but these days this is a must with precision
* Use of DHCP services
– better management of unused IP addresses, increases better utilization of dynamic IP allocations, no wasting as in static IP allocation
* Use of CIDR (Classless Inter Domain Routing)
– CIDR makes Supernetting (opposite of Subnetting) to make more efficient use of routers’ memory, hence routing speed. CIDR reduces the number of routing table by crunching smaller networks into one routing table (Supernetting)
* Overall, these IPv4 issue counter methods made our network more complex and difficult to maintain

======================================================================

The birth and history of IPv6:

1990 – Internet Engineering Task Force (IETF) predicted class B shortage by 1994
1991 Sept – To counter IPv4 shortage, ROuting and ADdress (ROAD) workgroup was formed by IETF
1995 – IP Next Generation (IPNG) workgroup was formed and made a recommendation for ‘RFC 1883‘, which served as the foundation of IPv6
1996 – Testbed ‘6Bone‘is introuduced for IPv6 operating system testing. over 1100 sites from 57 different countries participated in this testing. At the end of testing, this testing IPv6 network was decomissioned on the 6th of June, 2006.
1999 – Conception of IPv6 standadization forum
Current – All network product vendors produce IPv6 ready devices for current and future use.

==========================================================================
What happened to IPv5?
IPv5 is used to provide QoS (Quality of Service) in trial Resource reservation protocols such as Internet Stream Protocol (ST). In other words, it is used for effective transmission of sound and multimedia data over the internet. IPv5 has a similar IP addressing scheme as IPv4, the only difference is the version number in the first 4 bit of a packet. Its use has diminished due to introduction of Resource Reservation Protocol (RSVP). To delve into IPv5/ST Protocol, search for RFC1190 and RFC1819.

==================================================================================

I have already taken and completed CCNA 640-911 DCICN exam on Thursday with a flying colors, however, I slacked off and avoided making and sharing my notes on the last few topic. This morning I woke up and thought to myself, I need to keep promise to myself and complete the notes in full, so I can become a better Engineer and also, by sharing this with others, positively adding some value to others like me. The above note was my revisit to IPv4, which will serve as a primer to IPv6.

CCNA Data Center 640-911 DCICN – Note 16, VTP in the Data Center

VLAN Trunking Protocol Fundamentals:

– Not an intuitive name, as VTP is actually used for VLAN Management, so should have been named ‘VLAN Management Protocol” instead
– VTP is only carried over Trunk links, so this is the number one condition for VTP proliferation between switches
– If VTP is in use and new Switch (Server) is introduced with higher configuration revision number, the effect could be devastating, so extra care must be taken.
– In IOS, there was only three modes, Server, Client and Transparent mode. Default is Server out of box, transparent can still participate in VTP domain but ignores the comm and have its own VLANS, significant to local.
– In NX-OS, there are four modes of operation, Server, Client, Transparent and OFF. Also, VTP is a feature on NX-OS, so you have to enable VTP using ‘feature vtp’ command. Also, not all Cisco devices support VTP such as UCS B-series blade servers.
– Whether to use VTP or not use VTP is totally up to an organizational decision.

VTP in Action 1:
– VTP works on the concept of VTP Configuration Revision number.

– VTP Revision Number starts off at 0, a higher revision number  VLAN tables gets propagated to all participating switches in the same domain.

VTP in Action 2:
– When two switches are connected with a trunk link, and if two Servers are connected. (if no VTP domain password is set). If you configure a VTP domain name, it propagates to any Servers in Null domain and updates the domain name automatically.

– To stop propagation, do not connect switches on a trunk link OR set the VTP password, this will stop another switch joining the VTP domain.

VTP Pruning:
– Prevents any traffic destined for unused network. If a switch is configured with VLAN 10, then VLAN 20 information will not be sent to that switched network.
– Runs dynamically, pruning and unpruning is an autonomous process.
– Administrators can prune VLANs by using ‘switchport allowed vlan’ command

Commands:
show vtp status – checks everything about vtp

IN nexus environment, you have to enable the feature by using ‘feature vtp’

feature vtp
show vtp status
show int trunk <<<no trunk link = no vtp propagation)
vtp domain DCICN
vtp password cisco123
vtp version 2 <<<enables vtp v2
vtp pruning
vtp mode ?
vtp mode server <<<even though, the Nexus switch is already in Server mode, it does not throws error as in IOS

show vtp status <<<ensure commands worked

How to reset the configuration revision number on a switch?
vlan 10
end
show vtp status
CR updates

Hot tip:
When you introduce a new switch, make sure that the new switch has Configuration Revision number of 0.
Easiest ways to default the Configuration Revision number to 0 is to rename VTP domain name and then give the correct name. You should be doing this off the network first.

vtp domain DummyName
show vtp status
vtp domain DCICN <<<Configuration Revision is now back to 0.

Practice exam question:

Q What three consideration must be given when configuring VTP on the Cisco Nexus switching platform? (Choose three.)
A VLAN 1 must be disabled on the trunk port in order for VTP to work properly.
B Per device, VTP configuration is stored in a file named vtp.conf
C VTP is enabled on all trunk ports by default.
D It does not matter which VDC you are working in when you configure VTP on the Cisco Nexus 7000.
E For a device operating in VTP client mode, the password and domain name must be properly set.
F The VDC administrator or network administrator must enable VTP on the device.
G In VTP server mode, the device will store VLAN information in bootflash.
H VTP pruning can be used on Cisco NX-OS devices.

Answer: B, F, G

CCNA Data Center 640-911 DCICN – Note 15, 802.1Q Trunk in DC switched Network

Fundamentals of 802.1Q Tagging on a Trunk Link:

15 Trunk carring different vlans

What happens to the original frame during VLAN tagging?

15 Vlan tag injection 802.1Q Frame

Note: For more detailed explanation, click here for additional reading.

Analysis of a 802.1Q tagged Frame on Wireshark:

15 Wireshark Frame capture analysis

Note: For more packet type Hex values, click here for additional reading.

Fundamentals of the Native VLAN:
* VLAN 1 is “The untagged VLAN”
* VLAN 1 is not recommended to be used in the production due to security concerns
* Use an ad-hoc native VLAN to increase security

On Nexus switches, Cisco recommends to tag even the native vlans, use the following command to tag the native vlan on a Nexus switch.

Switch#conf t
Switch(config)# vlan dot1Q tag native
Review – Creating an access port:

Switch#conf t
Switch(config)# vlan 10
Switch(config)# exit
Switch(config)# interface e1/1
Switch(config-if)# switchport <<<tell switch that we are dealing with L2 port
Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan 10
Review – Creating a trunk port:

Switch(config)# interface e1/0
Switch(config-if)# switchport
Switch(config-if)# switchport mode trunk

Switch(config-if)#
Switch(config-if)# show interface trunk

Switch(config-if)#do show interface trunk

—————————————————————–
Port Native Vlan Status Port Channel
Eth1/0 1 trunking —

Port Vlans allowed on Trunk
Eth1/0 1-3967,4048-4093

Port Vlans Err-disabled on Trunk
Eth1/0 none

Port STP Forwarding
Eth1/0 none

Practice Exam Questions:

Q Which command displays the Trunking Native Mode VLAN on port Ethernet 1/0?
A show running-config e1/0 switchport
B show interface e1/0
C show running-config switchport e1/0
D show interface e1/0 native
E show interface e1/0 switchport

Answer: E

Q What are two advantages of using an external router for inter-VLAN routing over an IEEE 802.1Q trunk link? (Choose two.)
A Equal-Cost Multipath is supported.
B The single traffic path is optimized.
C The router facilitates communication between VLANs.
D Latency is reduced as packets leave the switch.
E Layer 3 functionality is not required on the switch.

Answer: C, E

Last week,  I’ve been extremely busy at work and could not find the time for note taking, Hopefully, I will complete the rest of the note taking before end of this week and schedule for CCNA 640-911 exam next week. This will only complete a half of CCNA DC exams. After 640-911, I plan to do the same for CCNA 640-916 exam, take note of everything and take note taking very seriously. During my previous study attempts, I could not careless about the note taking, but then, that really did not give me a reference point where I can turn to when I had to go back to the basics and re-consolidate my knowledge in practice. So take care when note taking, make sure you digest all relevant concepts when you study and only take notes of what was understood.

CCNA Data Center 640-911 DCICN – Note 14, Switch VLAN concept review

Switch VLAN Concept review:

Flat Network:

By default, Cisco switches come with all ports in VLAN 1.
It has a single broadcast domain.
If too much broadcast traffic is generated, it will impact all devices on the same domain.

14 flat network

Segmented network:

Define vlans to solve issues with flat network.
Creates multiple broadcast domains
Has different subnets
Requires Route Processor services
A good example is Data/Voice connecting to a single switch.

14 segmented network

Access port(s) vs Trunk port(s):

14 Access vs Trunk ports

VLAN Creation Guidelines:

VLAN 1 is there by default and cannot be deleted. We can cahnge default vlan.
VLAN 2 – 3967 = Vlans can be created within this range
VLAN 3968 – 4094 = reserved in Nexus switches

VLAN creation and port allocation exercise:

Nexus-7K#
Nexus-7K(config)#
Nexus-7K(config-vlan)#

Nexus-7K#conf
Nexus-7K(config)#vlan 10
Nexus-7K(config-vlan)#name LEVEL1_EAST

Nexus-7K(config)#vlan 20,30,40,50-55
Nexus-7K(config-vlan)#end
Nexus-7K#show vlan brief

Nexus-7K(config)# interface e2/1
Nexus-7K(config-if)#switchport
Nexus-7K(config-if)#switchport mode access
Nexus-7K(config-if)#switchport access vlan 10
Nexus-7K(config-if)#show vlan brief

1 default active
10 LEVEL1_EAST active e2/1
.
.
.
Nexus-7K(config-if)# show interface e2/1 switchport
Nexus-7K(config)#int e2/2, e2/4, e2/6-10
Nexus-7K(config-if-range)#switchport mode access vlan 20
Nexus-7K(config-if-range)#end

Nexus-7K#show vlan brief
1 default active
10 LEVEL1_EAST active Eth2/1
20 VLAN0020 active Eth2/2, Eth2/4, Eth2/6, Eth2/7, Eth2/8, Eth2/8, Eth2/9, Eth2/10
.
.
.

Exam questions:

Q. What are two characteristics of a VLAN? (Choose two)

A A VLAN defines a collision domain.
B A VLAN defines a broadcast domain.
C Broadcasts are flooded to all VLANs.
D Collisions are flooded to all VLANs.
E A Layer 3 device is required to route packets between VLANs.

Answer: B, E

Q. Choose four unique properties of VLAN 1 on Cisco Nexus switches.

A VLAN 1 is used to flood multicast traffic.
B VLAN 1 cannot be deleted.
C VLAN 1 is used for Cisco Discovery Protocol.
D VLAN 1 is used for VTP advertisements.
E VLAN 1 defines a broadcast domain.

Answer: B, C, D, E

CCNA Data Center 640-911 DCICN – Note 13, using NX-OS CLI

Using NX-OS CLI is very similar to IOS. If you are coming from Cisco background, it should only take few days to master the differences. However, at CCNA level, we are not expected to know more advanced commands, rather the requirement is around the basics. If you are coming from Linux, probably even better, if you are coming from Microsoft background, you may need to go back to CCNA R&S and get re-acquainted with the IOS CLI commands first. Just one note, on NX-OS, you are actually working with a strip-down version of Linux, imitating to be a close cousin of IOS.

Some CLI short-cuts: about 80 – 90% of the commands are same, so easy peasy.

The following shortcuts are used in both IOS/NX-OS :
Ctrl+A        takes to the beginning of the line
Ctrl+E        takes to the end of the line
Ctrl+B        Move one character to the left
Ctrl+F        Move one character to the right
Esc+B        One word left
Esc+F        One word right
Ctrl+D        Delete line
Ctrl+P        Previous command
Tab            Auto-complete a command
Up/down arrow    move up & down recently entered list commands

‘show history’ in IOS is ‘shows cli history’ in NX-OS.
Some show commands:
show users = see who’s logged in
show user account = see the details of a user’s account
show version = shows what software and hardware is installed in Nexus
show running-config = active configuration in RAM
show startup-config = starting configuration in NVRAM
show module = shows what modules are inserted and which slot
show inventory = shows installed hardware details, model, version etc.
show interface (status) = heath information of ports
show mac-address-table = shows MAC addresses

Saving configuration (same as IOS):
copy running-config startup-config
copy run start

Erasing configuration on NVRAM (Same as IOS):
write erase

Checkpoint feature (New!!!): allows you to restore old configuration to running configuration without reloading the device.
checkpoint [name/description/file]

E.G. 1)
checkpoint Test01
show checkpoint summary (shows checkpoints)
rollback running-config checkpoint Test01

——————————————————————————————————-
*Note 1: We can be in any privilege mode to run ‘show’ commands in NX-OS.

*Note 2: The minimum letters you have to enter to get into configuration mode from the global mode is ‘con’

CCNA Data Center 640-911 DCICN – Note 12, NX-OS Features

Initial setup and ways to access Nexus

– Like IOS, NX-OS goes into ‘Basic System Configuration Dialog’ when first boot up a Nexus.
– use ‘setup’ command if you need to get to basic system config dialog
– use Console port or
– use AUX to dial into the device remotely
– use SSH to remotely access the devices, avoid Telnet if you can
– Management port, SSH and Out of Band access (dedicated)
– Supervisor Engine 1 has a CMP (Connectivity Management Processor), allows you to connect even the device is off or rebooting, Lights out connectivity
– Cisco Data Center Network Management (CDCNM), GUI software for making configuration changes
– Download configuration from a TFTP server

Role-based Access
– Network-operator – basic monitoring commands only, limited privileges
– Network-Admin – God-like account, can change all settings

Configure a username and give Network-operator role
Nexus-7K(config)#username Hugh pass cisco role network-operator

Command Modes
configure takes you to global config mode
for features, you have to enable feature command first

Help!
– Context sensitive help with question mark ? or use the tab key
– Error messages (tells us where we are wrong in configuration)