VOQ: Virtual Ouput Queues
HOL: Head-Of-Line
http://en.wikipedia.org/wiki/Head-of-line_blocking
Enjoy !
Enjoy !
18 mars 2010
10 mars 2010
PPPoE Part 1/2 - Theory
PPPoE
- Header PPPoE Format:
- Discovery Stage:
Discovery Ethernet frames have the ETHER_TYPE field set to the value 0x8863
Step 1 - PPPoE Active Discovery Initiation (PADI):
- DESTINATION_ADDR set to the broadcast
- CODE field is set to 0x09
- SESSION_ID MUST be set to 0x0000
Step 2 - PPPoE Active Discovery Offer (PADO):
When the Access Concentrator receives a PADI that it can serve, it replies by sending a PADO packet.
- DESTINATION_ADDR is the unicast address of the Host that sent the PADI
- CODE field is 0x07
- SESSION_ID MUST be set to 0x0000
A PADO packet MUST contain:
One AC-Name TAG containing the Access Concentrator's name,
A Service-Name TAG identical to the one in the PADI,
Any number of other Service-Name TAGs indicating other services that the Access Concentrator offers.
Step 3 - PPPoE Active Discovery Request (PADR):
A host can receive more than one PADI (it uses the broadcast address).
So, the host looks through the PADO packet it receives and chooses one.
The Host then sends one PADR packet to the Access Concentrator that it has chosen.
DESTINATION_ADDR field is set to the unicast Ethernet address of the Access Concentrator that sent the PADO.
Step 4 - PPPoE Active Discovery Session-confirmation (PADS):
When the Access Concentrator receives a PADR packet, it prepares to begin a PPP session. It generates a unique SESSION_ID for the PPPoE session and replies to the Host with a PADS packet.
- DESTINATION_ADDR field is the unicast Ethernet address of the Host that sent the PADR.
- CODE field is set to 0x65
- SESSION_ID MUST be set to the unique value generated for this PPPoE session.
PPPoE Active Discovery Terminate (PADT) packet:
This packet may be sent anytime after a session is established to indicate that a PPPoE session has been terminated.
- DESTINATION_ADDR is a unicast Ethernet address, the CODE field is set to 0xa7 and the SESSION_ID MUST be set to indicate which session is to be terminated.
PPP Session Stage:
Once the PPPoE session begins, PPP data is sent as in any other PPP encapsulation.
All Ethernet packets are unicast.
- ETHER_TYPE is 0x8864.
- CODE MUST be set to 0x00.
- SESSION_ID MUST NOT change for that PPPoE session and MUST be the value assigned in the Discovery stage.
The PPPoE payload contains a PPP frame.
PPP
The PPPoE frame begins with the PPP Protocol-ID.
http://tools.ietf.org/html/rfc1548
http://tools.ietf.org/html/rfc1332
- Header PPPoE Format:
Protocol Field:
Establishment:
1 - Test the data-link: LCP
2 - Authenticate (optional)
3 - Choose Network Layer Protocol (NCP)
LCP:
Used to control PPP links:
- Link Configuration
- Link Maintenance
- Link Termination
Link Configuration Stage:
Common options:
Link Maintenance Stage:
Link Termination Stage:
http://blog.ine.com/2008/01/20/example-configurations-for-ppp-over-ethernet-pppoe/
- Header PPPoE Format:
- Discovery Stage:
Discovery Ethernet frames have the ETHER_TYPE field set to the value 0x8863
Step 1 - PPPoE Active Discovery Initiation (PADI):
- DESTINATION_ADDR set to the broadcast
- CODE field is set to 0x09
- SESSION_ID MUST be set to 0x0000
Step 2 - PPPoE Active Discovery Offer (PADO):
When the Access Concentrator receives a PADI that it can serve, it replies by sending a PADO packet.
- DESTINATION_ADDR is the unicast address of the Host that sent the PADI
- CODE field is 0x07
- SESSION_ID MUST be set to 0x0000
A PADO packet MUST contain:
One AC-Name TAG containing the Access Concentrator's name,
A Service-Name TAG identical to the one in the PADI,
Any number of other Service-Name TAGs indicating other services that the Access Concentrator offers.
Step 3 - PPPoE Active Discovery Request (PADR):
A host can receive more than one PADI (it uses the broadcast address).
So, the host looks through the PADO packet it receives and chooses one.
The Host then sends one PADR packet to the Access Concentrator that it has chosen.
DESTINATION_ADDR field is set to the unicast Ethernet address of the Access Concentrator that sent the PADO.
Step 4 - PPPoE Active Discovery Session-confirmation (PADS):
When the Access Concentrator receives a PADR packet, it prepares to begin a PPP session. It generates a unique SESSION_ID for the PPPoE session and replies to the Host with a PADS packet.
- DESTINATION_ADDR field is the unicast Ethernet address of the Host that sent the PADR.
- CODE field is set to 0x65
- SESSION_ID MUST be set to the unique value generated for this PPPoE session.
PPPoE Active Discovery Terminate (PADT) packet:
This packet may be sent anytime after a session is established to indicate that a PPPoE session has been terminated.
- DESTINATION_ADDR is a unicast Ethernet address, the CODE field is set to 0xa7 and the SESSION_ID MUST be set to indicate which session is to be terminated.
PPP Session Stage:
Once the PPPoE session begins, PPP data is sent as in any other PPP encapsulation.
All Ethernet packets are unicast.
- ETHER_TYPE is 0x8864.
- CODE MUST be set to 0x00.
- SESSION_ID MUST NOT change for that PPPoE session and MUST be the value assigned in the Discovery stage.
The PPPoE payload contains a PPP frame.
PPP
The PPPoE frame begins with the PPP Protocol-ID.
http://tools.ietf.org/html/rfc1548
http://tools.ietf.org/html/rfc1332
- Header PPPoE Format:
Protocol Field:
c021 Link Control Protocol
0021 Internet Protocol
Establishment:
1 - Test the data-link: LCP
2 - Authenticate (optional)
3 - Choose Network Layer Protocol (NCP)
LCP:
Used to control PPP links:
- Link Configuration
- Link Maintenance
- Link Termination
LCP Messages:
- Configure-Request
- Configure-Ack (all of the options have acceptable values)
- Configure-Nack (one or more options have unacceptable values)
- Configure-Reject (one or more of the options are unknown or not negotiable)
- Configure-Reject (one or more of the options are unknown or not negotiable)
- Echo-Request
- Echo-Reply
- Terminate-Request
- Terminate-Ack
Common options:
- Maximum Receive Unit (MRU)
- Authentication Protocol (EAP, MS-CHAP, PAP...)
- Magic Number (used to distinguish a peer a detect loopback lines)
- Protocol Compression
- Address and Control Field Compression
- Callback
Link Maintenance Stage:
Code-Reject, Protocol-Reject, Echo-Request, Echo-Reply, and Discard-RequestEcho-Request and Echo-Reply message act as keepalive.
Link Termination Stage:
Terminate-Request and Terminate-Ack are a mechanism for closing a connection.
http://blog.ine.com/2008/01/20/example-configurations-for-ppp-over-ethernet-pppoe/
3 mars 2010
2 mars 2010
BGP Dampening - Part 3/3
Le dampening s'applique également lorsqu'un attribut bgp change sur un préfixe donné.
Dans ce cas, la pénalité n'est que de 500 (contre 1000 pour un flap classique).
Sur la même maquette que précédemment, on modifie l'attribut MED du préfixe 4.3.2.0/24:
R1:
!
ip prefix-list ModifyMED seq 5 permit 4.3.2.0/24 le 32
!
route-map RM_ModifyMED permit 10
match ip address prefix-list ModifyMED
set metric 12345
!
route-map RM_ModifyMED permit 20
!
Sur R2:
Avant :
R2#show ip bgp 4.3.2.0/24
BGP routing table entry for 4.3.2.0/24, version 8
Paths: (1 available, best #1, table default)
Flag: 0x10800
Not advertised to any peer
1
192.168.1.1 from 192.168.1.1 (10.1.1.254)
Origin IGP, metric 0, localpref 100, valid, external, best
!
Après application de la route-map:
R2#
*Mar 2 17:05:15.130: EvD: charge penalty 500, new accum. penalty 500, flap count 1
*Mar 2 17:05:15.134: EvD: unsuppress item left in reuse timer array with penalty 500
*Mar 2 17:05:15.138: BGP(0): charge penalty for 4.3.2.0/24 path 1 with halflife-time 15 reuse/suppress 750/2000
*Mar 2 17:05:15.138: BGP(0): flapped 1 times since 00:00:00. New penalty is 500
*Mar 2 17:05:15.142: EvD: accum. penalty 500, not suppressed
R2#show ip bgp 4.3.2.0/24
BGP routing table entry for 4.3.2.0/24, version 10
Paths: (1 available, best #1, table default)
Flag: 0x10800
Not advertised to any peer
1
192.168.1.1 from 192.168.1.1 (10.1.1.254)
Origin IGP, metric 12345, localpref 100, valid, external, best
Dampinfo: penalty 500, flapped 1 times in 00:00:04
!
Dans ce cas, la pénalité n'est que de 500 (contre 1000 pour un flap classique).
Sur la même maquette que précédemment, on modifie l'attribut MED du préfixe 4.3.2.0/24:
R1:
!
ip prefix-list ModifyMED seq 5 permit 4.3.2.0/24 le 32
!
route-map RM_ModifyMED permit 10
match ip address prefix-list ModifyMED
set metric 12345
!
route-map RM_ModifyMED permit 20
!
Sur R2:
Avant :
R2#show ip bgp 4.3.2.0/24
BGP routing table entry for 4.3.2.0/24, version 8
Paths: (1 available, best #1, table default)
Flag: 0x10800
Not advertised to any peer
1
192.168.1.1 from 192.168.1.1 (10.1.1.254)
Origin IGP, metric 0, localpref 100, valid, external, best
!
Après application de la route-map:
R2#
*Mar 2 17:05:15.130: EvD: charge penalty 500, new accum. penalty 500, flap count 1
*Mar 2 17:05:15.134: EvD: unsuppress item left in reuse timer array with penalty 500
*Mar 2 17:05:15.138: BGP(0): charge penalty for 4.3.2.0/24 path 1 with halflife-time 15 reuse/suppress 750/2000
*Mar 2 17:05:15.138: BGP(0): flapped 1 times since 00:00:00. New penalty is 500
*Mar 2 17:05:15.142: EvD: accum. penalty 500, not suppressed
R2#show ip bgp 4.3.2.0/24
BGP routing table entry for 4.3.2.0/24, version 10
Paths: (1 available, best #1, table default)
Flag: 0x10800
Not advertised to any peer
1
192.168.1.1 from 192.168.1.1 (10.1.1.254)
Origin IGP, metric 12345, localpref 100, valid, external, best
Dampinfo: penalty 500, flapped 1 times in 00:00:04
!
BGP Dampening - Part 2/3
Lab Dampening:
Configuration de R1:
hostname R1
!
interface Loopback1
ip address 172.16.1.1 255.240.0.0
!
interface Loopback2
ip address 4.3.2.1 255.255.255.0
!
router bgp 1
no synchronization
bgp log-neighbor-changes
network 4.3.2.0 mask 255.255.255.0
network 10.0.0.0
network 172.16.0.0 mask 255.240.0.0
neighbor 192.168.1.2 remote-as 2
no auto-summary
!
Configuration de R2:
hostname R2
!
interface FastEthernet0/0.100
encapsulation dot1Q 100
ip address 192.168.1.2 255.255.255.0
!
router bgp 2
bgp log-neighbor-changes
neighbor 192.168.1.1 remote-as 1
!
address-family ipv4
no synchronization
bgp dampening route-map RM_Dampening
neighbor 192.168.1.1 activate
no auto-summary
exit-address-family
!
ip prefix-list RFC1918_Dampening seq 5 permit 10.0.0.0/8 le 32
ip prefix-list RFC1918_Dampening seq 10 permit 172.16.0.0/12 le 32
ip prefix-list RFC1918_Dampening seq 15 permit 192.168.0.0/16 le 32
route-map RM_Dampening permit 10
match ip address prefix-list RFC1918_Dampening
set dampening 15 100 1000 60
!
route-map RM_Dampening permit 20
set dampening 15 750 2000 60
!
Ici, les prefixes RFC1918 ont des valeurs de dampening différentes des valeurs par défaut.
Si les valeurs choisies pour une route-map ne sont pas cohérente, un msg d'erreur apparait:
%BGP-5-DAMPENING_LOW_MAX_PENALTY Maximum penalty (12800) is less than allowed maximum (20000). Dampening is OFF
%BGP-5-DAMPENING_HIGH_MAX_PENALTY: Maximum penalty (128000) is more than allowed maximum (20000). Dampening is OFF
Validations:
On fait flapper la loopback 172.16.0.0/12. Le préfixe est annoncé puis retiré plusieurs fois de R2.
Ce network entre dans la première itération de la route-map:
* reuse-limit: 100
* suppress-penalty: 1000
* half-life: 15
* max-suppress-time: 60 (4x15)
On vérifie:
R2#show ip bgp 172.16.0.0/12
BGP routing table entry for 172.16.0.0/12, version 6
Paths: (1 available, no best path)
Not advertised to any peer
1, (suppressed due to dampening)
192.168.1.1 from 192.168.1.1 (10.1.1.254)
Origin IGP, metric 0, localpref 100, valid, external
Dampinfo: penalty 1024, flapped 2 times in 00:11:49, reuse in 00:06:08
R2#show ip bgp
BGP table version is 6, local router ID is 10.0.0.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 4.3.2.0/24 192.168.1.1 0 0 1 i
*d 172.16.0.0/12 192.168.1.1 0 0 1 i
R2#show ip bgp dampening flap-statistics
BGP table version is 6, local router ID is 10.0.0.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network From Flaps Duration Reuse Path
*d 172.16.0.0/12 192.168.1.1 2 00:22:43 00:06:03 1
R2#show ip bgp dampening dampened-paths
BGP table version is 6, local router ID is 10.0.0.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network From Reuse Path
*d 172.16.0.0/12 192.168.1.1 00:06:43 1 i
Configuration de R1:
hostname R1
!
interface Loopback1
ip address 172.16.1.1 255.240.0.0
!
interface Loopback2
ip address 4.3.2.1 255.255.255.0
!
router bgp 1
no synchronization
bgp log-neighbor-changes
network 4.3.2.0 mask 255.255.255.0
network 10.0.0.0
network 172.16.0.0 mask 255.240.0.0
neighbor 192.168.1.2 remote-as 2
no auto-summary
!
Configuration de R2:
hostname R2
!
interface FastEthernet0/0.100
encapsulation dot1Q 100
ip address 192.168.1.2 255.255.255.0
!
router bgp 2
bgp log-neighbor-changes
neighbor 192.168.1.1 remote-as 1
!
address-family ipv4
no synchronization
bgp dampening route-map RM_Dampening
neighbor 192.168.1.1 activate
no auto-summary
exit-address-family
!
ip prefix-list RFC1918_Dampening seq 5 permit 10.0.0.0/8 le 32
ip prefix-list RFC1918_Dampening seq 10 permit 172.16.0.0/12 le 32
ip prefix-list RFC1918_Dampening seq 15 permit 192.168.0.0/16 le 32
route-map RM_Dampening permit 10
match ip address prefix-list RFC1918_Dampening
set dampening 15 100 1000 60
!
route-map RM_Dampening permit 20
set dampening 15 750 2000 60
!
Ici, les prefixes RFC1918 ont des valeurs de dampening différentes des valeurs par défaut.
Si les valeurs choisies pour une route-map ne sont pas cohérente, un msg d'erreur apparait:
%BGP-5-DAMPENING_LOW_MAX_PENALTY Maximum penalty (12800) is less than allowed maximum (20000). Dampening is OFF
%BGP-5-DAMPENING_HIGH_MAX_PENALTY: Maximum penalty (128000) is more than allowed maximum (20000). Dampening is OFF
Validations:
On fait flapper la loopback 172.16.0.0/12. Le préfixe est annoncé puis retiré plusieurs fois de R2.
Ce network entre dans la première itération de la route-map:
* reuse-limit: 100
* suppress-penalty: 1000
* half-life: 15
* max-suppress-time: 60 (4x15)
On vérifie:
R2#show ip bgp 172.16.0.0/12
BGP routing table entry for 172.16.0.0/12, version 6
Paths: (1 available, no best path)
Not advertised to any peer
1, (suppressed due to dampening)
192.168.1.1 from 192.168.1.1 (10.1.1.254)
Origin IGP, metric 0, localpref 100, valid, external
Dampinfo: penalty 1024, flapped 2 times in 00:11:49, reuse in 00:06:08
R2#show ip bgp
BGP table version is 6, local router ID is 10.0.0.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 4.3.2.0/24 192.168.1.1 0 0 1 i
*d 172.16.0.0/12 192.168.1.1 0 0 1 i
R2#show ip bgp dampening flap-statistics
BGP table version is 6, local router ID is 10.0.0.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network From Flaps Duration Reuse Path
*d 172.16.0.0/12 192.168.1.1 2 00:22:43 00:06:03 1
R2#show ip bgp dampening dampened-paths
BGP table version is 6, local router ID is 10.0.0.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network From Reuse Path
*d 172.16.0.0/12 192.168.1.1 00:06:43 1 i
1 mars 2010
BGP Dampening - Part 1/3
BGP Route dampening:
Lorsque la pénalité dépasse la valeur ''suppress limit", la route est "dampened" : plus utilisée, plus propagée.
Lorsque pénalité d'un path passe en dessous de la reuse limit, la route est de nouveau valide. L'historique est annulé lorsque la pénalité du préfixe passe sous 50% de la reuse limit. Une route n'est jamais dampened plus longtemps que la durée maximum suppress limit.
Une pénalité est appliquée sur le path d'un préfixe et pas sur un préfixe.
R1(config-router)#bgp dampening [half-life reuse suppress max-suppress-time] [route-map map-name]
- Diminue la charge du routeur.
- Définition : RFC2439
- Ne supprime pas une route qui flappe occasionnellement
- Supprime une route qui à tendance à flapper.
Lorsque la pénalité dépasse la valeur ''suppress limit", la route est "dampened" : plus utilisée, plus propagée.
Lorsque pénalité d'un path passe en dessous de la reuse limit, la route est de nouveau valide. L'historique est annulé lorsque la pénalité du préfixe passe sous 50% de la reuse limit. Une route n'est jamais dampened plus longtemps que la durée maximum suppress limit.
Une pénalité est appliquée sur le path d'un préfixe et pas sur un préfixe.
R1(config-router)#bgp dampening [half-life reuse suppress max-suppress-time] [route-map map-name]
- Half-Life: 15 minutes
- Suppress: 2000
- Reuse: 750
- Max-suppress-time: 60 minutes
- Per-flap penalty : 1000
Il est possible de spécifier des valeurs différentes pour certains préfixes (mais il n'est pas possible de désactiver le dampening pour ces préfixes).
Attention, les valeurs ne sont pas aléatoires et dépendent d'une formule:
Inscription à :
Articles (Atom)
-
Unicast Reverse Path Forwarding (uRPF) uRPF est une feature permettant d'éviter l'IP Spoofing. Lorsque urpf est activé sur une in...
-
Le but est de monter un tunnel IPSec entre deux routeurs en utilisant des VTI. La clé partagée est: 1234. hostname R1 ! crypto isakm... -
NTP - Network Time Protocol Packet types: - Control messages : don't bother with this. - NTP request/update messages: used for time sy...