Costi

Author Archives: Costi

QUIZ #24 &#8211 OSPF Default-Information Originate Always

Company ABC has multiple buildings and two internet connections via 2 different ISPs. Both BR-B and BR-C receive a default route via eBGP from the ISPs and they inject it in OSPF. For some reason, when ISP-1 link goes down, entire Building-A looses the internet access ! Something must be wrong...

How do ACLs handle fragments ?

This post represents the solution and explanation for made a test connection -> client learned the PMTUD = 1476 (1500-24/GRE) then I configured lower MTU 1440 on the GRE tunnels also I disabled PMTUD with command sysctl -w net.inet.tcp.path_mtu_discovery=”0″ so the server cannot learn the new PMTUD value You will say that it was not nice of me to hack it this way, but I’ll say: it worth demonstrate this... [read more]

How do ACLs handle fragments ?

This post represents the solution and explanation for quiz-22. It presents how fragmented traffic is handled differently by a simple access list. It is a long read about fragmentation, Path MTU Discovery, MSS and other stuff...

Quiz #23 – QoS on IPsec Tunnels

Type: Lab Difficulty: Advanced Company ABC runs a static VTI-based VPN tunnel between Site-1, hosting 192.168.1.1, and Site-2, hosting 192.168.5.5. BGP is configured between the two sites, over the VTI Tunnel, making all traffic between the sites to be encrypted/protected by IPsec. A new requirement is received from the customer, asking that all traffic from 192.168.1.1 (in Site-1) to 192.168.2.2 (in Site-2) must be prioritized. The network engineer creates the... [read more]

Quiz #23 &#8211 QoS on IPsec Tunnels

Company ABC runs a static VTI-based VPN tunnel between Site-1, hosting 192.168.1.1, and Site-2, hosting 192.168.5.5. BGP is configured between the two sites, over the VTI Tunnel, making all traffic between the sites to be encrypted/protected by IPsec. The network engineer tries to configure QoS but something does not work !...

Quiz #22 – Policy Based Routing (PBR) Problem or Not ?

Your company has 3 sites, each with a dedicated border router, R1, R2 and R3.
Site-1 (R1) and Site-2 (R2) have their own internet uplinks, but Site-3 (R3) connects to internet via R2. A GRE tunnel is built between R2 and R3 and applied an MTU of 1440, due to some constraints in the transit network between them. You notice that traffic between same pair of devices works for TCP 1001 but fails for TCP 1002. What's wrong ?

Quiz #21 &#8211 EIGRP as CE-PE

You have just received a nice job at a big enterprise that has multiple sites connected over their own managed MPLS Core. Each site runs EIGRP as the CE - PE routing protocol. You get the task to route some traffic in a particular way, but you cannot make it. What is missing ?

Quiz #20 &#8211 NAT between Two Partner Companies

Your company has a border router (R2) that is connected to two partner companies: Partner-DB (R1) providing database services and Partner-APP (R3) that provides different application services to your web servers in DMZ (200.200.200.0/24). You are requested to configure NAT according to some requirements.

Quiz #19 &#8211 Short Network Cuts with MSTP

As a senior network administrator, you receive complaints from server team that yesterday there were multiple short network cuts that impacted some very sensitive applications running in the data center. You investigate and find out that one of the level 1 network engineers performed some network changes. What went wrong?

Quiz #18 &#8211 Cisco vs. Juniper – Filtering ICMP between BGP Peers

Your company uses multi-vendor routing platforms (Cisco and Juniper) and has multiple sites connected via MPLS from a service provider. Each remote site has a GRE tunnel with the Headquarter (HQ) and a BGP session over this tunnel. After some security change in the network, sites that are Juniper-based behave differently than the Cisco-based ones, creating outage for the customer. What's wrong?

1 2 3 4