HCIE interview material

Test rule:
1. Certainly asked three topics,they must contain 3 direction:
(Project Topic, Experiment Topic, the Theory of the Knowledge)
2. Topics on the project, certainly select these 6 question in the section 1;
3. Topics on the experiment, certainly select these 7 question in the section 2
4. Topics on the theory, certainly select these question in the section 3.

1 Project topic

1.1 100 routers

How to choose IGP among 100 routers whose performance are large different? Why?
When selecting routing protocol, does not have the absolute good or bad division, only then suits with is not
suitable, we need select according to the network architecture and user's needs.But in the present network, the
routing protocol mainly has RIP, ospf and isis.
RIP some characteristics which are not suitable for large network
(1) RIP has jumps the number limit most greatly, possibly will cause some networks not to access.With jumping
number computation expenses
(2) RIP meets each 30s to transmit a route to upgrade the package, moreover when the transmission route updates
each time needs to transmit the entire routing table, like in 100 routers kind of large networks, there are many
routes which is quite large , the route update message therefore will waste very high bandwidth resources (each
route cause 20byte)
(3) RIP as compared to other routing protocols, the convergence rate will be slower
(4) Does not have the hierarchical design
RIP does not have no merit to speak, in network design, we may place him the details network, uses with other
protocols.The relative static routing, RIP may the dynamic study route, be quite simple when the configuration,
moreover does not make a mistake easily.So long as the static routing the port does not have down, the route will
appear in the routing list, RIP has timer and other mechanism, therefore may examine the destination route which
are reachable or not.
But ospf and isis are the link-state routing protocols and may not jump the hop limit most likely . Moreover the link
information flooding cycle relatively is also quite long, restraining is also on the other hand quicker than
RIP.Therefore, isis and ospf routing protocol suit the large networks. Then, I compare ospf and isis from the
following several aspects
isis ospf
Only supports two network types, needs Supports four network types, may adapt to the
to make the corresponding configuration different network environment, has very good
Network type to modify to the frame relay network support to the frame relay, on demand link and
and environment can support, moreover other network types.According to the interface rate
computation does not support on demand link.In the computation expenses, can respond the path
expenses mode default situation, each interface's correctly the expenses, therefore quite suitable
(applicable expenses are 10, cannotrespond network architecture and link quite complex
scope) thepathcorrectly theexpenses, compared network
withsuitablenetwork linksolenetwork
 The minute L1/L2 area, the L2 area is the
backbone area, the L1 area default does
not have the L2 area's detailed route, if
L1 needs the L2 area's detailed route,
needs to make the route leakage, in the
Areal type
default situation, made the leakage, L1
(stratification
had the complete detailed route, outside
structure)
route including isis domain.in isis, the L1
area either does not have the isis area
by-road by and exterior route, either has
all routes, does not help checking the
route
isis bases on the link level protocol,
receives the possibility comparison of
Security attack lowly (, because is one link level-
based protocol, if must therefore attack
isis, must connect in link)
When primary restraining, uses full
spf.When isis, all webpages work as the
leaf, when therefore the webpage on
some node changes, what triggers is the
Restraining prc algorithm, only then, when the node
changes, triggers the i-SPF algorithm,
restraining of population is quite quick,
moreover recomputates route's
expenses is also quite small
isis does not support the area to
repair.isis is to support the area repairs
when the protocol development, but
factory when implementing isis the time
Identity
does not support, when therefore the L2
area was partitioned, in isis, does not
have the temporary solution, can only
carry on to the existing isis area plans
Because in the enterprise network, the
big area uses ospf, the familiar isis
personnel are quite relatively few, the
requirement to the network
Popular degree management will be higher . Moreover, if
runs the isis network to have the
breakdown, the speed of trouble clearing
will be quite slow, difficulty to be quite
high
Route clause When ISIS, any routing information uses
and protocol the TLV transmission, no matter the
extension interior exterior, the structure is simple,
is easy to expand, in the improvement
Minute backbone area, ordinary area.The backbone
area is the entire ospf domain's core, the ordinary
area regarding the backbone area, in ordinary area
default has all routes (including the exterior route),
may through configuring the special area causes the
exterior route or the area by-road by does not enter
in the special area, thus reduces in the special area
router's resource expenses
ospf bases on three protocols, attack method
relative isis are quite many, moreover attacks also
quite the convenience, may not connect in the link
When primary restraining, uses full spf.When ospf,
so long as LSA1 and LSA2 changes, will trigger the i-
SPF algorithm, only then LSA3, 4, 5and 7 changes
triggers PRC, when i.e. the node webpage in area
changes will cause LSA1/LSA2 to change, what
therefore triggering is the i-SPF algorithm, therefore
restraining does not have isis to be quick on the
other hand, calculates route's expenses also
compared with big of isis
If there is backbone area partitioned situation in
ospf, ospf may carry on the repair of backbone area
through v-link, provides a temporary solution for the
region splitting question, may ease the pressure that
the area plans
The familiar ospf person are quite many, if runs the
ospf network to have the breakdown, the speed and
efficiency of trouble clearing will raise greatly, cause
the service to have the problem the probability to
be smaller
In OSPF, each route can use corresponding LSA. The
LSA type are many, transmits and expresses the LSA
expenses that various routes need be big (the rich
LSA type and long LSA forehead).When in supporting
 supports more routes is not big to the multi-channel by, needs to make very big
protocol change, TVL also supports IPV6, modification to the protocol itself
and cannot make the modification

In summary, if these 100 routers use in the enterprise network, what I recommend is ospf, because the enterprise
network common line and network architecture is quite complex.
Ospf network type and identity make ospf suitable for this kind of complex network environment. During network
planning, we may place the good performance router in backbone area, places the normal performance routers in
other areas, and configures them as special area. We will thus enable these normal performance routers to play
their roles and does not become bottleneck in the network.

If these 100 routers are in operator network, what I recommend is isis as operator's network architecture and
physical circuit are quite generally unitary. Moreover the operator network has many routes and convergence rate
required is quite high because the network of operator not only serves itself, but also needs to provide service to
other users, and isis performance in these aspects is very outstanding.In designing, we may put the good
performance devices in the L2 area and puts normal performance routers in the L1 area. It can carry on the route
leakage according to our needs, thus normal performance devices cannot become the bottleneck in network

2nd, why we should think about hierarchical structure?

(1) It reduces the lsdb size, reduces the resource expenses
(2) It may make the route to compile, reduces the route table
(3) More control & convenience
(4) In case of network breakdown, influence will be small and in particular area

3rd, can't 20 routers use RIP?

As long as diameter is over 15 network equipment’s, it is not OK to use RIP.
If network equipment diameter is over 15, we must use many RIP processes, and redistribute the different processes
into each other.

4th, why in present network big area use ospf, but doesn't use isis?
ISIS itself is not for ip development, but is developed for osi seven models. ISIS supports the ip network after the
corresponding tlv development, therefore has continued to use osi terminology and names in many aspects (the net
address and so on), but configuration and maintenance brings lots of troubles

5th, understands the network flattening?

(1) the equipment performance is very good, does not have route processing and repeater bottleneck
(2) the single area designs
(3) besides the edge, does not make any check to the backbone route, the entire network current capacity path is
most superior
(4) the design is simple, does not have the complex routing control , helping safeguarding the localization breakdown

6th, in the isis network, how to implement v-link?

isis in design the time is to support the area repairs, but the factory has not implemented, may implement the
smooth transition through layout of equipment many area numbers
1.2 6 routers

What are the advantages and disadvantages between squar type and cross type when six routers are constructed the
network?

square design full cross shape design

Network The link relatively entire interconnection are The link are relatively many, brings the
module (cost) few, the port quantity of needing are less, link leasing costs to add;The link
the fitting that needs relatively are also few, increases, the fitting that increase that
the cost of population network module the port also corresponds, needs
relatively are also few relatively are also many, the population
cost of bringing relatively are also many
Network The network architecture is relatively simple, The network architecture is relatively
architecture has certain redundancy, the simple point complex, the redundancy is good, even
(redundancy) breakdown will not affect other current if the link has the breakdown, will not
capacities to retransmit normally, but bring the influence, is quite on the
retransmits delays can increase . Moreover other hand powerful
the total path expenses will also increase, to
delaying (or expenses) sensitive service can
have certain influence
Extension An each device then up link, the interface on Each device two up links, therefore the
the other hand takes quite few, the interface existing network has occupied the
that therefore the existing network takes massive modules and interface
does not have many of type of chiasma, is positions, because device's module
quite on the other hand good because of the position is restricted, did not have the
 extendibility date glyph to be good in the extended
aspect
The network The network architecture is relatively simple, The network architecture is relatively
transports once network has the breakdown, the complex, once network has the
Uygur difficulty of trouble clearing is quite low, breakdown, the difficulty of trouble
speed to be quite quick, transports Uygur clearing will be bigger than the difficulty
relatively quite to be also simple daily, of Japan font, the routine maintenance
transports the Uygur cost relatively to be difficulty relatively is also quite big
also low
Routing When service exchange visits, cannot carry When may through adjusting the
flexibility on the load to share service exchange visits may implement
the load burden

Analyzes from the following several aspects:

(1) cost
The link cost, the port cost and board card cost (considers redundancy, each link uses a board card), the spare parts
cost (proportionate preparation), the special line ip address cost
(2) network architecture
The network toughness (redundancy, fault-tolerant), load shares
(3) extension
We know that a router's port module is restricted, if the existing network held the massive ports, is accidental
available port quantity to be relatively few, in Figure one, the existing link are few, therefore the idle port are many,
and when increasing link, the port that needs does not have our chart two port to be many;In Figure two, existing
link are many, has taken the massive port numbers, moreover when additional equal amount access level device,
Figure two total need more ports.Therefore generally speaking, a Figure extension is better.
(4) transports Uygur
Trouble clearing difficulty, protocol neighbor and route quantity also corresponding increase and configuration also
on the other hand are more, configures the probability that many possibly makes a mistake to increase
(Routing protocol neighbor were many, route clause also increased, working load is balanced, configures strategy to
be quite troublesome, current capacity not good check)
(5) security
We know that gathering level the device does not meet the user generally, moreover generally we gather a device
also to compare us to connect the level in safety protection wants.When Figure one, assumed exterior up link down,
R5 must access or other sites' devices, needs to pass through other access level R6, we know the access level R6 then
user, then our R5 accesses other sites' resources, possibly has the data subscriber monitored risk
Figure two words do not have this risk, up link down, walked other gathering, the current capacity does not need to
pass through other access level devices, will not have this risk
(6) summary
Network planning not absolute good or bad division, only then suits with is not suitable.Regarding these two analysis
situses, needs according to diverse customer's demand and application scene, the Japan font more suitable cost
estimate not to be high, but needs certain redundancy and delays to the network is not the specially sensitive
client.If in the deployment rents the long-distance path's network, recommendation use chart one.Because the date
font cost link was low, but did not lose the redundancy, when long distance deployment, the sexual price was higher
than the relative type of chiasma's analysis situs network.When a type of chiasma more suitable cost (link cost to be
low) budget is high, to redundancy and network delay requirement high client.Generally when is at the deployment
distance short network (e.g. campus network), recommendation use chart two.Because the link cost is not high,
therefore more will consider the redundancy and toughness
note:
The operators used the date font, because history left behind the reason, the line is unable to carry on the change
and lays down to be compelled to use the date font
The campus network recommended that uses the type of chiasma (redundancy to be good, link cost low)
metropolitan area network recommended that uses the port glyph (distance is far, link cost is high, provides certain
redundancy, extended requirement is high)

2nd, changes into the switchboard theright 6 routers, how network?

Generally when uses the switchboard when carries on the network, uses the type of chiasma, because the
switchboard the interface are quite first many, moreover switchboard's words in a local area network, on the other
hand the line cost will be quite generally low.When carrying on network, needs to note the stp question, should
cause the current capacity through the corresponding adjustment presents the load equalization, causes the link and
device gives full play to

3rd, why we need eth-trunk at Core level?

Because current capacity between the core levels is quite big

1.3 Network migration

How does the large-scale network migration plan implementation? What key section needs to note?
Network migration:
If the running network needs to carry on transformation, upgrade, migration and other changes to the network after
some time, simultaneously these network operation behaviors, occurred in one in the bearer service current
capacity network, then this behavior is called the cleft grafting. The network for which cleft grafting movement,
possibly or other aims at the network for regulating the network structure, additional or the replacement of network
equipment, line replacement and equipment change layout.

1. project background
a) Project status, Client situation and cleft grafting reason
b) Which services need to carry on cleft grafting
c) Explain the need for cleft grafting the device
d) Must replace device

2. Present network condition outline

a) Described present network Topology
b) Approximate IP/Vlan information
c) Which routing protocols are working
d) Which traffic flows

3. Cleft grafting goal

a) We need to encompass the cleft grafting analysis status, when there is an additional device, when ip/vlan
changes and we needs to explain routing protocol plan and data trend after cleft grafting.
b) The difference in cleft grafting goal description and present network. Also we need to show whether the
network after this cleft grafting can satisfy the customer business requirements and whether the network
 after cleft grafting is good

4. Risk assessment
<1> explained that which risks can present, (cleft grafting device, service and interface, which risks possibly present)
Scope of <2> risk influence,
Time of <3> influence, (interruption interval and operating time)
Which <4> probably brings to lose (biggest loss)
How to avoid the risk (selection current capacity small time carries on cleft grafting and host to prepare link and
technical support and analog test, carries important fitting)
(5) before the cleft grafting, prepares
<1> present network network equipment configuration backup;
Operational aspect that <2> records the present network device (CPU utilization ratio, memory utilization ratio,
route situation, protocol neighbor and so on);
<3> record network equipment run and traffic flow is whether normal, when checks with the client, after avoiding
the cleft grafting, client presenting objection does not have the card to look up;
If <4> in the cleft grafting needs to increase or replaces the device need to the new device to conduct the test, if
there is additional link, needs to conduct the test to the link, when some multi-factory devices, needs to conduct the
analog test
<5> understands present network the VRP version and version in network equipment's possibly had bug (, and
downloads corresponding VRP to our Huawei Website on and completes FTP or the TFTP server, prepares for
resuming vrp version)
<6> needs a total time plan, works each time, and when making time plan, each process needs to reserve <
especially reserves retroversion time > some time (, if appears does not have question of estimate, there is a time to
analyze and solution)
<7> must have the corresponding personnel to arrange the table, in the table to have to participate in the contact
method and specific implementation arrangement of this cleft grafting personnel (leader, inspector general,
operator and first party personnel) and so on, should better hold the work contact meeting before the
implementation, with the client confirmed that these personnel arrangements and time arrangements whether has
the question
<8> must prepare with when tool and spare parts, avoid the cleft grafting could not find the tool or the related fitting
causes to shear to meet the failure or the delay
(6) cleft grafting implementation
<1> explained that in the cleft grafting each process needs to execute anything to operate (executes any command),
the goal that must achieve (commands to confirm with anything, the result of examining is what kind of), whether
achieves the goal, if has not achieved the goal, possibly needs the scene to analyze, if after the analysis, still had not
solved the problem, carries on the retroversion according to the retroversion plan implementation retroversion
process
<2> implements before the cleft grafting, examined the first device current operational aspect (hardware operational
aspect), guarantees before the situation of the cleft grafting preparing the record is whether consistent
When the <3> cleft grafting has the problem, record related log and question in order to analyze in the future
<4> when the execution related command, completes the corresponding conversation record, prevents in the cleft
grafting to have the problem, appears disputed
(7) retroversion plan
<1> overall retroversion plan:If showing some cleft grafting failure or one process failure, which may the retroversion
to one step, how carry on the retroversion < retroversion script > (sometimes not to need complete retroversion, for
example a network requirement cleft grafting three and two, two cleft graftings complete test page not to have
question, then we want retroversion three then, two do not need to carry on retroversion) overall retroversion plan
also to need to explain that the latest retroversion time selects, according to the above time arrangement, if the
retroversion time to have not completed the cleft grafting, at this time needs to start the retroversion plan to carry
on the retroversion
In <2> cleft grafting implementation each process implementation plan
(8) test
<1> technical nature test:Examines the hardware running status;Examination corresponding protocol running status
and route neighbor state, routing information and so on;If the protocol does not have the question and route not to
have the question to conduct the connective test (ping, tracert and so on), host to prepare the test, when will test
the emergency apparatus or the spare link work is whether normal, avoids advocating in the future device/link will
have the problem, emergency apparatus/link is unable to relay the main device work
After the <2> technical testing does not have the question, the notice client conducts the relevant operation test, if
the service test does not have the question, needs to defend the bureau
(9) defends the game (safeguard:Defends the game and training) (some breakdowns have not exposed, needs to
defend game observation)
After the cleft grafting completes and test completes, but also needs to the network after cleft grafting to observe,
needs the corresponding engineer to defend the bureau the present according to the client requirement, after
defending the bureau, if normal, this cleft grafting is completes
10. script
The cleft grafting script, the retroversion script and so on places this part in the form of appendix
(11) collects the bamboo slip
First party and second party signature, agreement cleft grafting plan implementation.

2nd, how to guarantee that the cleft grafting does carry on smoothly?
Before the cleft grafting, carries on the full communication with the first party, in the cleft grafting, strictly carries on
the corresponding operation in the scheduled time according to the cleft grafting plan, because the cleft grafting
plan is the process layer upon layer verifies, generally the cleft grafting plan will not have the question.After the cleft
grafting, after needs to do the related test and defends the bureau, may deliver to the first party
1st, the appraisals of various preparation sufficient
2, risks, inform the client
3, implementation plans the orders to carry on (personnel ahead of time, the ahead of time arrangement of spare
parts)
4, different experts verify the cleft grafting plan
5,The technical question that leaves behind needs to solve ahead of time, the company establishes the technician
pool;If there is problem, informs promptly, rapid response;
3rd, if the cleft grafting failure, does need to do?
Answer:Retroversion to original state?
4th, if the retroversion failure, does need to do?
Answered returns the failure, used the contingency plan.The contingency plan has designed generally inside the cleft
grafting plan, like the board replacement, uses the trail road and so on, calls the spare parts urgently and so on.

1.4 What is the differences between Layer 3 Switch and Router ?

1st, function
1) The port quantity of switch is high. Router's has many interface types but quantity is less
2) Switch's port type is two ports whereas Router's port type is three ports;
2nd, application scene
1) Router network edge, implements the Internet of network access.
2) Switches are used in local area network and mainly act as data high-speed repeaters in Intranet.

3rd, repeater principle

1) Router mainly sends the data according to IP and searches the FIB table to send data according to target IP.
2) Switch mainly use MAC addresses to send data, if destination MAC address is found in table, data will sent.
4th, support identity
1) Switches support the VLAN technology whereas router is not generally good.
2) Routers supports MPLS, NAT, IPSEC and other technologies whereas switches are not generally good.

1.5 Fast spanning tree edge port

1st, please explain with examples that rstp function of edge port, where to use this function, what question will use
edge port to encounter? How to solve?
Function:
(1) It accelerates rstp restraining; after the port is configured edge port, once port is up, the port immediately enters
the forwarding state
(2) During P/A consultation, the edge port cannot be synchronized; In other words, even if the root port changes, the
edge port may hold the forwarding state continuously.
(3) When the edge port enters forwarding state , it does not refresh the mac address table and thus avoids the
unicast frame flooding.Generally the edge port is connected to terminal and terminal's up/down should not change
the ring status , therefore mac address table is not required to be refreshed
(4) As a safeguarding mechanism: BPDU can be enabled for safety and then configure edge-port for effective
mechanism.

When use edge port question that comes across:

(1) temporary ring circuit question

Conditions description:
SW1 g0/0/1 and g0/0/2 are configured as edge ports and are connected to hub and STP is not running.
Description of Ring Circuit:
Immediately after connection, edge port will enter the forwarding state immediately. If all ports Hub e0/0/0, e0/0/1
as well as SW1 g0/0/1, g0/0/2 goes into forwarding state, Ring circuit appeared. When the edge port receives bpdu,
the identity of edge port disappears and it will become ordinary stp port and will participate in the stp computation
and loop disappears .Because it needs to calculate stp (definite port role, port state, waits for repeater time delay), it
will therefore bring the network to halt.
In order to avoid this network halt and temporary loop, bpdu protection feature will be enabled.
Once bpdu protection feature is enabled, if the edge port receives bpdu the port will be shutdown automatically but
the edge port attributes will not change. Administrator has to unshut the interface manually (may cause self-
recovery through configuration, and sets time delay). If interface was recovered from shutdown state and it receives
bpdu once more, this edge port will once again go into shutdown state .

Time that the temporary ring circuit has?

Transmitted the gap by bpdu + the network transmission time delay +cpu processing latency framing

Shuts down stp, edge-port and under the normal stp port to hang the switchboard, which enters the repeater state
quickly?
Shuts down the stp>edge-port> normal stp port

Edge port use scene?

(1) meets ip phone
(2) hangs the DHCP client the interface
(3) meets other AP or important equipment (server)
(4) links on the wall the information socket's port
Summary:
Switch user side device (for example server and so on) cannot run the STP protocol. If we enable STP on these ports,
then the port state changes (Up/Down) will change the STP status and to enter forwarding state it need some time
but certain services cannot accept this. In order to avoid the above question, edge port should not run STP and edge
port is enabled .After the edge port state becomes Up it will enter the repeater state fast, and will not transmit the
TC message and had no influence of STP on network.
Note:
Does Edge port transmit the BPDU’s continually?
Prevention is similar to above analysis.

1.6 Is it better to put gateway of the campus network on the Access Layer or Aggregation Layer ?

The campus network gateway places the access, places the gathering to be quite good?
The gateway places the access:
Merit:
With being switchboard's the service exchange visits between different webpages, does not need after gathering the
switchboard, therefore raised the access efficiency.
The routing control is finer and flexible, between the access and gathering is three routing protocols of run.
Fault location convenience.
The broadcast domain changes is small
For example attacked area of influence small (for example ARP virus)
ii. The broadcast, the multicast, the unknown unicast frame's flooding scope is small, frugal bandwidth
The access and gathering level interconnection does not need to run the STP protocol
Avoided two ring circuits causing some link jammings, raised the use factor of link
ii. The load is more flexible (based on route strategy routing, can implement to be responsible for sharing)
Flaw:
Need many webpages
Docks into the equipment performance requirement to be quite high, the cost enlarges.
To implementing the personnel with transporting Uygur personnel's the technical level requirement is high
Extended energy balance, this from the following two interpretations:
The server migration needs to replace the IP address
ii. The staff work position disperses (with department)
The gateway places to gather (this good and bad points is actually above in turn, some examinees in answer time
answered here examination official to interrupt, does not need downward to say):
Merit:
Docks into the equipment performance requirement to be quite low, the cost reduces.
Reduces the IP address demand
The analysis situs is simple , helping deploying with transporting Uygur.
Gateway redundancy, VRRP
The service migration is convenient
Description scene:
1. Manages the public network gateway to place to gather
2. The data center network's gateway puts on the switchboard
2 Experiment topic

2.1 OSPF in LAB

How to employ the VLAN15 and the VLAN30 visit each other through Ethernet link? What’s
your idea?

Before R3 and R5 has not made V-link, vlan30 accesses vlan15 is passes Ethernet link
between R3 and R5;But at return trip the time, R5 above learns the vlan30 route to learn
through the frame relay backbone area, therefore has not walked Ethernet link between R3
and R5.
The topic requires between vlan15 and vlan30 exchange visits must first walk through the
Ethernet link, then R5 needs to learn the vlan30 route from R3, the vlan15 unit select R5
achievement accesses the export of vlan30.Creates V-link on R3 and R5, makes R3 turn into
ABR, R5 to learn the vlan30 route from R3, and small of route cost compared with learns
from the frame relay.Therefore R5 selects from R3 study route.Satisfies between topic
vlan15 and vlan30 exchange visits first through the requirement of Ethernet link

[Expansion question]Links SW3 G0/0/1 intonation big cost in R5 is very big, whether
affects R3 to go toward the VLAN15 route?
Answer:
Before R3 and R5 have not made the virtual link, may affect R3 to go toward the VLAN15
route, under R3 to jump will change to R4, selects expenses small LSA3.
After R3 and R5 have made the virtual link, will not affect R3 to go toward the VLAN15
route, under R3 jumped is still R5, because AR3 this was as ABR, will not calculate LSA3
from AR4, how no matter therefore started to adjust AR3 to select AR5 throughout is
under jumps.

Why doesn't ABR receive from non-backbone area's 3 categories of LSA?

Answer: Against link mechanism (notice expands most asked whether also has other against
link mechanism)

[Expansion question]And R3 in ether link cost between R5 is very big (examination official
intention 2 ports enlarges), what has to affect?
Answer:
Modifies on R3 to link the R5 interface cost value, the effect equates in the previous
expansion topic, in the reference an expansion question response.
Modifies on R5 to link the R3 interface cost value, before the virtual link has not done,
does not affect R5 to access the vlan30 route, under R5 jumped is still R4.
Modifies on R5 to link the R3 interface cost value, after the virtual link has done, affects R5
to access the vlan30 route. Under R5 jumps from R3 turns into R4.

[Expansion question]Please analyze, in R3 and R4 make the result after virtual link
Answer:
VLAN15 and VLAN30 exchange visits will back and forth take the frame relay link

[Expansion question]how between r1 and r5 made the virtual link to guarantee the FR
primarily link
Answer:
Adjusts big R1 and R5 G0/0/01 port COST, is bigger than FR interface's COST

[Expansion question]how many strip switchboard SW3 between r1 and r5 can learn (not
to make virtual link) before the area 34 routes?
Answer:
Learns 2 LSA3, the annunciator distinguishes AR1 and AR5,
SW3 studies area 34 routes for the load equalization.

Questioning:Why is the load, examination official's intention is r4 transmits the route

with r5 to r1, the cost value is why same
Answer:
The OSPF network type that AR1, AR4, AR5 runs is the NBMA network, therefore the COST
value is the same.
Questioning:If in the intermediate FR network the NBMA type changes into the P2MP
type, VLAN15 will access VLAN30 also to present the load equalization?(Before has not
made virtual link),
Answer:
Not, at this time will walk from R1.

[Expansion question]What solutions besides the virtual link outside also has other?
Answer:
(1) establishes tunnel between R3 and R5, announced that area0 (notes to expand difference
of use tunnel and vlink is anything)
(2) PBR (position that notice uses)

[Expansion question]Link down between R3 and R5, whether can also access normally?
Answer:
May access normally, after link separation of R3 and AR5, R3 is not ABR, may through the
LSA3 computation route that R4 releases, implements the exchange visits
2.2 BGP in LAB

what problem in LAB will bgp have? How to solve?

Topic requirement:Accesses exterior webpage optimal BB2, BB2 not to reach accesses from
BB1 again

When R4 accesses BB2 will present ring circuit

Route trend:On R1 has made the strategy, enables route AS-Path that BB1 transmits to
grow, therefore not optimal.BB2 transmits the route to R6, R6 passes to R5 (next to jump
through EBGP address 10.1.56.6), when R5 (R3) will pass to through the reflector this route
R4 (passes to the IBGP neighbor, next one jumps does not change, therefore under jumped
address is still 10.1.56.6), after R4 received the route, will pass to EBGP neighbor R2 (next to
jump to point the route R4), R2 will pass similarly also to the route his EBGP neighbor R1
(next jumped is R1)
Data trend:Because on R4 about BB2 circular route next one jumps is 10.1.56.6, through the
route iteration, R4 will give to the BB2 data bawyo the return R1;On R1 about BB2 circular
route next one jumps is 10.1.12.2.R1 will give to the BB2 data bawyo the return R2;On R2
about BB2 circular route next one jumps is 10.1.24.4, R2 will give to the BB2 data bawyo the
return R4;Such R4 issued the BB2 data to wrap in the network to present the ring circuit.
Solution:May configure a strategy on R1, from about after the AS6 route that R2 learns next
one jumps to change to 10.1.56.5, such R4 accessing the BB2 data packet will move toward
for R1→R5→R6→BB2, such ring circuit solved.If requires to make modification on R4, will
jump to establish to set at R3 from the route that R3 there will come (route strategy), such
data packet will not walk the frame relay the network, but will walk R4→R3→R5→R6, such
path will not have the link

[Expansion question] If requires to make modification on R4

R4 this accesses BB2 time, before under going to jump the time data wraps to arrive at five,
in the frame relay first arrives at hub R1, on R1, because goes to under BB2 to jump is R2,
therefore to R2, R2 next one jumps is R4, this
Has formed the ring circuit.The solution on R4, will jump to set Cheng R from the route that
R3 there comes (10.1.34.3), such data packet will not walk the frame relay the network, but
walked 4,3,5,6 such paths not to have the link.

[Expansion question] If to R3 writes netx-hop-local in R5 neighbor whether to solve the

ring circuit
Is unsolvable, because after finishing, R4 accesses under the BB route to jump is 10.1.5.5, still
the recursion arrived at 10.1.145.5, the data packet gives R1, the ring circuit has not solved.

[Expansion question] If to R4 writes netx-hop-local in R3 neighbor whether to solve the

ring circuit
Is unsolvable, first R3 is a reflector, this command to reflecting the route does not become
effective, even if became effective has not solved, because after activation, R4 accessed
under the BB route to jump is 10.1.3.3, still recursion 10.1.145.5,
The data packet gives R1, ring circuit has not solved.

[Expansion question] Is the basic reason that creates the BGP ring circuit what?
Answer:
The BGP Cheng Huan reason, may consider from three aspects,
First:The BGP attribute, receives the EBGP route in IBGP transmits the route the time under
jumps does not modify.
Second:Among the EBGP neighbors has IGP, considered from the IGP aspect, because BGP
next one will jump the identity that did not modify to cause it to hand over
How turns over to inquire to arrive at the address that under this jumps, has next one jumps
the address that the possibility recursion inquired to cause BGP the production of ring
circuit.
Third:From the situation in this analysis situs, one kind is, R4 and R5 that the FR special
condition creates do not have PVC.

[Expansion question] You said under a moment ago IBGP jumps does not modify, why
must design like this?
Answer:
(1) when protocol development regards a whole AS
(2) jumps does not change, when may bootstrap the router access target network in AS
has the unified export
(3) because in AS, next one jumps the words that does not modify, the router in this AS
may act according to under this to jump the address to find to leave this AS most superior
path.

[Expansion question]Other solutions?

Answer:
Also may make the route strategy on R4, these exterior routes next one jumps to change
to R3, when causes on R4 accesses these networks the data to move toward for
R4→R3→R5→R6, this has avoided the ring circuit
On R1 uses the strategy route and to compile the BGP route on R3 (suppresses detailed
route)

[Expansion question]Why when makes the strategy can remove the 10.1.40.0 /24
routes?
Answer:
If not remove, when BB accesses the 10.1.40.0 /24 this webpages, will present the ring
circuit between R1 and R5

[Expansion question]Does BB2 access 10.1.40.0 /24 check stratification planes and data
stratification planes is what kind of?

[Expansion question]Why under BGP IBGP transmission default modification doesn't jump?
Because under the default modification jumps possibly creates a superior path

[Expansion question]Strategy route and difference of route strategy

Strategy route:Matches being interested stream, under compulsion designates to jump,
what aims is the data.
Route strategy:Matches the route, and changes route attribute, changes the routing, what
aims is a route.

[Expansion question] The BGP 13 routing principles, which the recognition must obey the
attribute to have, has any characteristic respectively, implements the principle is
anything, which the BGP internal against link and exterior against link mechanism has,
spoke in the blackboard, the MED attribute, the CLUSTER_LIST attribute simple principle,
described in the blackboard, ORIGIN attribute characteristic principle.Which one BGP
compares to may implement the load to share.
Answer:
BGP common recognizes must obey is sex includes:
ORIGIN, AS_PATH, NEXT_HOP
ORIGIN is the sex traces states comes the source that Lu You updates, but to use to elect to
select most superior Lu Jing.
AS_PATH is the sex traces states Lu Youjing the AS row table, but to use to select most
superior Lu Jing and against stops the link road.
NEXT_HOP is the sex traces to state to reach by the circular item next one jumps the IP
address, only has to jump to reach, BGP Lu Youcai will be recognized may.

In BGP department against link computer system has IBGP water Ping Fenge.If the fruit the
department in AS matched to set at Lu Youfan to shoot, in the route instead shot in the
bunch the department to cause with the ORIGINATOR_ID against link, in the road by
instead was shot the cluster within to cause with the CLUSTER_LIST against link.
The BGP outside against link mechanism has AS_PATH.

MED may choose the non-biography to hand over is the sex, may use to elect to select
most superior Lu Jing.
CLUSTER_LIST may choose the non-biography to hand over is the sex, but to use to elect to
select most superior Lu Jing and against stops the link road.
BGP in electing to select most superior Lu Jing when waits, after compared with arrives at
the cost value that chooses to select to reach to jump, if the fruit matched to set at BGP
The load even graduated arm may presently negative carry to share by reality.
BGP may be able to save in link road, may use Lu Youju sub-not to say Ming about as-set
example.
2.3 The multicast in LAB

why in LAB can't R3 learn the RP information? How to solve?

R2 uses the Loopback 0 addresses to take 236.0.0.0 - 239.255.255.255 multicast address

section C-RP address.
R3 uses the Loopback 0 addresses to take 232.0.0.0 - 239.255.255.255 multicast address
section C-RP address.

R3 will receive the BSR news that R4 sends, because of R4 loo0 in area 0, but link between
R3 and R4 is area 34, R3 goes to BSR (is also R4 loopback0) first virtual-link among R3-R5
study the route walks, walks R5.Therefore receives the BSR news RPF check failure from R4,
therefore is unable to learn RP-set
R3 will not receive the BSR news from R5, because on R5 has similar reason.R5 cannot study
the R1 round BSR news, because in the frame relay network, ospf thinks that R1-R4-R5 is a
MA network, therefore R5 arrives at BSR next one jumps the address is 10.1.145.4, therefore
BSR news RPF check failure, therefore R5 will unable to study the BSR information not to
send the BSR news to give R3.Therefore R3 is unable to study the BSR news, cannot go to
school RP-set
Solution:
May configure the multicast static routing to solve on R3, accessing 10.1.4.4 next one jumps
to point to 10.1.34.4;Perhaps may configure the multicast static routing to solve on R5,
accessing 10.1.4.4 next one jumps to point to 10.1.145.1, studies the BSR news through R5

[Expansion question]What question will R5 encounter?

(1)R5 cannot study the C-BSR news (R4 loopback0 is C-BSR)
In the analysis situs chart, R5 arrives at the C-BSR upstream PIM neighbor is R1, arrives at C-
BSR next one jumps the address is 10.1.145.1. In the routing list, R5 arrives at C-BSR next
one jumps the address is 10.1.145.4, therefore RPF examination failure.May configure the
multicast static routing to solve on R5, the RPF verification next one jumps to point to
10.1.145.1.
(2) is unable to establish the RPT tree
After R5 may study the BSR news, the R5 G0/0/0 port static state joins to multicast group
238.10.10.10.Judges R2 loopback0 according to the RP-SET information in BSR news is
multicast group 238.10.10.10's RP.R5 must toward RP the direction establishes the RPT tree,
R5 carries on RPF check according to the RP address.In the analysis situs chart, R5 arrives at
RP is two load equalizations paths, arrives at RP to have under two to jump:10.1.145.1 and
10.1.145.4.Two addresses compare, R5 optimal 10.1.145.4 and interface s1/0/0 as arriving
at RP RPF neighbor and RPF interface, therefore R5 the RPF neighbor field in join news's is
10.1.145.4, and transmits from s1/0/0.After R1 receives, the inspection (*, G) the upstrem-
neighbor address in message, detects and receive interface address is different, therefore
discards the join news.Thus causes RPT to establish the failure.May configure the multicast
static routing on R5, the RPF verification next one jumps directly points to 10.1.145.1.

[Expansion question]Why can the R5 multicast package walk R1?

After the R5 G0/0/0 interface static state joins to multicast group 238.10.10.10, will send the
PIM JOIN news to establish RPT, R5 to arrive at RP in the RP direction through R1 and R4 two
paths to come, but between R5 and R4 has not established the neighborship of PIM,
therefore R5 can only establish RPT through R1.After RPT establishes successfully, R5 along
RPT from RP receive multicast current capacity.Also will receive the multicast stream from
R1

[Expansion question]Why after needing R1 to receive the join news, can inspect?
In the transmission (*, G) jion establishes in the process of RPT tree, if not inspect (*, G) the
upstrem-neighbor address in message, then the MA network will have many (*, G) will
establish successfully, the multicast stream may down, create the redundant multicast
stream.

[Expansion question]Why does the multicast need RPF check, unicast does not need to
carry on RPF check?
Where because is unable to know in advance the multicast recipient, but the multicast
source is definite, therefore conducts the RPF inspection according to the source, thus
prevents the ring circuit and duplicate message, but the unicast target is definite, the middle
router basis target way by with the addressing, does not have the ring circuit and redundant
message, therefore does not need the RPF inspection

[Expansion question]Why needs to carry on RPF check?

(1) prevents the ring circuit
(2) prevents the redundant message, the waste bandwidth

[Expansion question]What flaw configuration static state does RP compare BSR to have?
1. the configuration is complex
2. makes the redundant backup to be complex
3. makes the load equalization to be complex

[Expansion question]Which contents does the BSR news encompass?

[Expansion question]How does C-RP elect?

2.4 In LAB R1 and R4,these pair of router point bidirectional import the route each

other, What the attention point of this scenario? what is your solution to prevent

the route loop ?why ?

Makes ISIS and OSPF two point bidirectional heavy release question on R1 and R4
Answer:
Guides the superior path question, causes the ring circuit question again
In view of R6 on route when R1 makes the introduction question that first brings:
On R6 made rip to get tag100 to the introduction of ospf and modifies cost is 100.R1
introduces after ospf these routes isis, R2 learns the route passes to R4, because R4 ran
ospf and isis, learns these routes' priorities from ospf is 150, from the route that isis learns
is 15, optimal came from isis, when R4 accesses these networks, the data trend for
R4→R2→R1→R5→R6, presents a superior path.When makes isis on R4 to the ospf
introduction, what because on R4 reappears is the isis route, all will introduce ospf, R1 to
receive on this LSA, R1 this route to compare, LSA that R6 comes, the exterior expenses
are 100, R4 are 1, optimal R4 comes.When R1 must access these networks, the data trend
for R1→R4→R2→R1, presents the ring circuit
R4 makes the introduction first also with the R1 argument, similarly will also form a
superior path and ring circuit
Solution:Capture these routes in R1 and R4, their priority modification is below 15 then,
simultaneously gets tag on R1, refuses to make a sound corresponding tag on R4, gets tag
on R4, denies corresponding tag in R1
In view of SW1 on route when R1 makes the introduction first, question that brings:
Has made the introduction on SW1, introduces in the vlan10 webpage ospf, carries FA
address 10.1.30.11.Area34 is the nssa area, by R4 (router-id big) carries on 7/5
conversions, the conversion time does not change the FA address, R1 learns the
10.1.10.0 /24 routes through LSA5 (the adv=R4, FA address = 10.1.30.11) to learn, R1
accesses 10.1.10.0 /24 times, through iterating the FA address, the data trend
is:R1→R5→R3→SW1
At this time, made ospf on R1 to the introduction of isis, R2 has learned this route to pass
to the route R4, because R4 ran ospf and isis, learned these routes' priorities from ospf is
150, from the route that isis learned is 15, optimal camefrom isis, when R4 accessed these
networks, the data trend for R4→R2→R1→R5→R3→SW1, presents a superior path.When
makes isis on R4 to the ospf introduction, what because on R4 reappears is the isis route,
all will introduce this route ospf.Because before is R4 carries on 7/5 conversions, therefore
at this time, R4 will produce about this route's series number bigger LSA5 (FA address =0),
after R1 receives new LSA5, the detection is the same LSA (the type=5, adv=R4, ls id=
10.1.10.0), will therefore select the series number to be big, because this LSA does not
bring the FA address, when R1 accesses this webpage route, through looking for the ASBR
position arrives at the exterior network, namely the data moves toward for
R1→R4→R2→R1, the ring circuit appears
R4 makes the introduction first is also similar argument, will present superior Lu Jin and
ring circuit question, when the difference lies in R1 said that the LSA5 expenses that R4
through comparing SW3 LSA7 and R1 that comes comes chooses LSA5 that R1 comes

[Expansion question]Why only modifies the tag100 exterior route priority, all modifies?
Answer:
All modifies to solve toward the BB time superior road vigor question, but will appear
toward the ISIS route new time superior road vigor question, the example R2 link returns
to the interface

[Expansion question]Only needs to modify the exterior priority simultaneously to solve

the ring circuit and a superior question, why also takes 4 tag
Answer:
After original ISIS some route vanishes, as a result of R2-R4 as well as the R2-R1 road vigor
delay difference question, will cause route restraining does not synchronize, has the new
ring circuit problem, lifts:the 1:R2 link returns to the interface
Gives an example 2:Assuming that R6 and R5 link down, ospf has restrained completes,
but isis has not restrained, therefore R4 reappeared other day the isis route, on R4 has
made isis to the introduction of ospf, therefore R1 will learn this route, will introduce this
route isis, therefore this route has existed, and will create the ring circuit.Data
trend:R1→R4→R2→R1
[Expansion question]R1 and R4 have made the two point bidirectional introduction, but
has not made the strategy, on R1 and R4 about the 10.1.10.0 /24 routes is isis or ospf?
Answer:
Looked where does from ospf to the isis introduction first, first what does is the ospf
route, what latter does is the isis route

[Expansion question]When adjustment priority what needs to note?Why when the

priority does adjust to 8 will not have the problem?
Answer:
So long as adjusts lowly compared with the isis route's priority (15) then, because these
routes in ospf are the exterior route, the priority is 150, even ifthereforemodifiesto 8, will
not affect the ospf domain normal routing

[Expansion question]What has the problem the most basic reason is?
Answer:
When two point bidirectional introduction, when low priority (priority value high) to the
high priority made the introduction will cause the router to select the priority high route,
thus superior path, will also possibly present the ring circuit

[Expansion question]Distributes a static routing to arrive at OSPF in R1 again, what

problem will have?
2.5 QOS

How many methods about Traffic shaping? Which method is used in LAB? Why?
(1) LR (line-rate interface regulating) - in view of all current capacities
<1> can only base on the interface
<2> may use in the router interface (is used in regulating, can only configure percentage)
and switchboard interface (may make reshaping <qos lr outbound>, may do to supervise
<qos lr inbound>)
<3> when the router interface use, must be able to become effective in light of the queue
use
(2) GTS (general current capacity reshaping) - in view of the IP current capacity
<1> may and bases on queue based on the interface, may use MQC to carry on the reshaping
to the specific current capacity (also bases on category)
<2> can only use in router interface (switchboard could not make GTS, switchboard two
interfaces is unable to configure GTS)
If <3> the interface presents the jam, may use queue technology (CBQ)
(3) FRTS (frame relay current capacity reshaping)
<1> is the same with the algorithm of GTS
<2> for frame relay
<3> may or aims at pvc in view of the interface (, if both also enable, the cir small
configuration becomes effective)
(4)qos queue x shaping
On <1> switchboard based on queue reshaping (before configuration queue reshaping,
needs to configure simple flow classification-based priority mapping, the priority mapping of
message is the PHB behavior and color, or configuration complex stream classification-based
internal priority heavy tag, thus makes different service enter different interface queue)
In Lab used LR, on switchboard to make the reshaping only to use LR and qos queue x
shaping, the topic was the requirement makes the reshaping on switchboard's interface, LR
configures simply, and may conform to topic Italy, therefore has used LR
1. the configuration is simple
2. has not required to the current capacity classifies
3. the requirement configures on the switchboard
4. topic requirement reshaping

2nd, what difference on switch board and router does the current capacity reshaping have?
On the router may use gts to carry on the current capacity reshaping . Moreover the router
may carry on the reshaping based on the category (use stream strategy), if presents the jam,
may use the queue technology.Carries on the reshaping based on the software
On the switchboard can only use qos lr outbound to carry on the current capacity reshaping,
if presents the jam, the queue technology has FIFO, carries on the reshaping based on the
hardware.
3rd, what difference current capacity reshaping and do the super vision have?
The current capacity reshaping and current capacity supervision are mainly used in the
regulating in qos
The difference is, the current capacity reshaping to surpassing regulating the message
carries on the buffer, when the interface bandwidth is enough, carries on to dispatch and
retransmit through the corresponding queue technology;But the current capacity
supervision regarding surpassing the regulating message is conducted to discard

5th, WRED work process?

The tail discards:After queue's length reaches the maximum value, all will enter queue's
message (buffer in queue rear part) to be discarded newly, this kind of discarding strategy
will initiate the TCP overall situation synchronization phenomenon, will cause TCP to link is
unable to establish throughout.The so-called TCP overall situation synchronization
phenomenon like chart, three kinds of colors represented that three TCP link, when
simultaneously discards many TCP links the messages, will cause many TCP links
simultaneously to enter the jam to avoid causing the current capacity to reduce with the
slow start state, afterward simultaneously will present the peak traffic in some time, so the
relapse, makes the network traffic suddenly greatly suddenly small

The tail discards the problem that has:The TCP synchronization and TCP starve to death,
undifferentiated discarding
TCP synchronization's flaw is:Without the full use link bandwidth
Creates the reason that TCP starves to death is:UDP does not have TCP that kind of sliding
window
In CBQ, the EF queue and LLQ queue cannot use to discard the strategy, can only the tail
discard

RED:RED through discards data message stochastically, when lets many TCP link to be
different reduce the transmitting speed, thus has avoided the TCP overall situation
synchronization phenomenon
WRED:RED does not have the difference service, even if priority high also possibly
stochastically was discarded, therefore bases on RED, has implemented WRED.Flows the
queue to support based on DSCP or the IP priority carries on WRED to discard, each kind of
priority may set the message drop independently about threshold and drop rate, when the
message arrives at the lower limit, starts the drop, along with the markup of threshold, the
drop rate adds unceasingly, the maximum drop rate does not surpass the setting the drop
rate, until arriving at high threshold, the message discards completely, like this defers
certainly to discards the probability to discard the newspaper article in queue on own
initiative, thus in certain degree avoids jamming the question

丢弃概率

100%

10% 最大丢弃概率

20 25 30 35 40 平均队列长度

AF21
AF22
AF23

6th, when uses there shaping ?When with supervision?

To delaying sensitive use current capacity supervision, the current capacity supervision
cannot bring the extra delay, but the use supervision is easy to have the drop phenomenon
To delaying is insensitive, but to the data packet reliability requirement high use current
capacity reshaping, the current capacity reshaping introduced the buffer mechanism, may
guarantee to a certain extent the data will not be discarded, but will introduce the extra
delay

7th, which does queue technology have?

(1)FIFO:The FIFO queue, is single queue technology, will not introduce the extra delay,
delays only with the queue size related, does not provide any difference service
(2)RR:The polling dispatch, selects the method of polling, carries on to dispatch RR to many
queues by the ring-like mode polling many queues.If polling's queue not for empty, takes a
message from this queue;If this queue for empty, then jumps over this queue directly, the
dispatcher did not wait.In single queue FIFO
(3)WRR:The weighted polling dispatch, is conducted in the queues dispatches in turn,
dispatches the message stream in various queues according to each queue's weight.When
carrying on the WRR dispatch, device carries on the wheel to follow the dispatch according
to each queue's weight.Dispatches a round weight to reduce one, the weight reduces to zero
queue does not participate in the dispatch, when all queues' permissions reduce to 0:00,
starts the next round dispatch.Statistically looked that message stream dispatched number
of times in various queues with this queue's weight are proportional, the weight is bigger the
dispatched number of times are relatively more.Because taking message of WRR dispatch as
unit, the practical bandwidth that therefore each queue fixed bandwidth, under the same
level dispatch opportunity the great size message has not obtained must be bigger than the
bandwidth that the light-sized message obtains
(4)DRR:The differential polling dispatch, is similar to CQ.Solved WRR only to care about the
message, the practical bandwidth that under the same level dispatch opportunity the great
size message obtained must be bigger than the bandwidth question that the light-sized
message obtained, has considered Bao Chang the factor through the scheduling process,
thus achieved the dispatch the speed fairness.In the DRR dispatch, Deficit represented that
queue's bandwidth deficit, the starting value is 0.Before thedispatch,
thesystemisvariousqueuesallocate thebandwidthaccording toweighteach time, calculates
the Deficit value, if queue's Deficit value is bigger than 0, thenparticipates inthisround
thedispatcher, transmits amessage, andaftertransmits theyardage calculationdispatch
ofmessage the Deficit value, as next round dispatcher's basis;If queue's Deficit value is
smaller than 0, thendoes not participate inthisround thedispatcher, presently Deficit value as
next round dispatcher's basis
the (5)PQ:PQ dispatch algorithm safeguards the queue series that a priority decreases
progressively, and only then queue that when all queues of higher priority serve the low
priority for the free time, the PQ dispatch algorithm is useful to the low latency service,
however the PQ dispatch mechanism will enable the message in low priority queue as a
result of not being able to obtain the service, but “starves to death”
(6)FQ:The fair queue, the target shares the network resource as far as possible fairly, causes
the delays and vibrations of all stream achieves superiorly.The different queue has the fair
dispatch opportunity, as a whole the delay of balanced each stream.The short message and
long message obtain the fair dispatch:If among the different queues simultaneously has
many long message and short message waiting transmission, makes the short message first
obtain the dispatch, thus reduces each stream as a whole the vibration between messages
(7)WFQ:Compared with FQ, WFQ (Weighted Fair Queue) added the consideration in priority
when the computation message dispatch order.Statistically, WFQ makes the high priority
message have the priority scheduling opportunity more than the low priority the message,
the short message's dispatcher opportunity is more than long message the dispatch
opportunity.The WFQ dispatch before the message enters the queue, classifies the current
capacity first, two classified modes:
<1> according to stream “conversation” message class:
And so on carried on the stream classification according to the message protocol type,
source and target TCP or the UDP port number, source and first level in target IP address and
ToS domain automatedly, and many provides the queue as far as possible, by puts in each
stream in evenly the different queue, thus as a whole the delay of balanced each stream.Is
setting out, WFQ allocate each stream should according to stream priority (precedence) the
occupied bandwidth.The priority value is smaller, the obtained bandwidth are less.The
priority value is bigger, the obtained bandwidth are more.This mode has the default-class
support of CBQ.
<2> classifies according to the priority:
Maps through the priority the current capacity tag is the local priority, each local priority
corresponds a queue number.Each interface pre-allocation 4 or 8 queues, the message
enters the queue according to the queue number.The default situation, queue's WFQ weight
is the same, current capacity equal distribution interface bandwidth.The users may through
the configuration modification weight, the high priority and low priority according to the
weight proportional distribution bandwidth.
(8) CBQ (EF (encompasses LLQ), AF and BE)
<1>EF queue:Satisfies the low latency service
The EF queue has the high priority queue, one or more categories of messages may be set
enter the EF queue, the different category's message may set takes the different bandwidth.
Sets out in the dispatch, if in the EF queue has the message, will obtain the first dispatch, to
guarantee that it obtains the low latency.When the interface has the jam, the EF queue's
message will transmit first, but to prevent the low priority queue (AF and BE queue) cannot
obtain the dispatch, EF queue by bandwidth regulating of setting.When the interface does
not jam, the EF queue may take AF and BE idle bandwidth.Thus, is EF queue's message both
may obtain the idle bandwidth, and will not take the overswing the bandwidth, has
safeguarded other messages earning bandwidths.
Device except for providing the ordinary EF queue, but also supports one kind of special EF
Queue-llq queue.Two kinds of queues both use absolutely the priority scheduling, but the
LLQ queue uses the current capacity supervision to implement, no matter interface whether
jams, the current capacity will not surpass the setting the bandwidth, the LLQ queue non-
buffer message, may reduces the message transmitted latency for the threshold.This was
(for example the VoIP service) to latency sensitive application has provided the good grade
of service guarantee
<2>AF queue:Satisfies the need bandwidth guarantee the critical data service
Each AF queue corresponds a category of message separately, the user may set the
bandwidth that each category of message takes.Sets out in the system dispatch message,
sets out for the bandwidths of various category of message setup the message according to
the user the transmission, may implement the fair dispatch of each class queue.When the
interface has the residual bandwidths, AF queue according to weight share residual
bandwidths.At the same time, in the interface jams, can still guarantee that various category
of messages obtain the necessary bandwidth of user setup
Regarding the AF queue, when queue's length achieves queue's greatest length, default uses
the strategy that the tail discards, but the user may also select with WRED discards the
strategy
<3>BE queue:Satisfies does not need the strict QoS guarantee the transmission service with
every effort
When the message does not match the user setup all categories, the message sent in the
system definition the default category.Although allows to configure the AF queue for the
default category, and configures the bandwidth, but more situations configure the BE queue
for the default category.The BE queue uses the WFQ dispatch, causes to enter the default
class the message stream-based the queue dispatch.
Regarding the BE queue, when queue's length achieves queue's greatest length, default uses
the strategy that the tail discards, but the user may also select with WRED discards the
strategy

note:
(1)PQ may with WRR, DRR and WFQ mix use (creates the queue template)
(2) according to the difference of lining up and scheduling strategy, the jam managerial
technique on device LAN interface is divided into PQ, DRR, PQ+DRR, WRR and jam
managerial technique on PQ+WRR, WAN interface to be divided into PQ, WFQ and PQ+WFQ
(3)WFQ dispatch's algorithm SN =Previous_SN +weight ×new_packet_length (weight and
Precedence are in reverse proportion), the SN small priority scheduling, namely the
computed result causes Bao Xiao or priority high priority scheduling
2.6 PPP

Please explain the PPP Link establish step in detail? Including the process of certification ?
ppp is Wide area network's one kind of two seal protocols, mainly, has the certification
protocol comprised of lcp and ncp.
lcp is mainly used in establishment and maintenance of link also having the demolition (also
consultative whether link bundle)
the ncp protocol is used in the data format and type that consulted on this link to transmit
The certification protocol is mainly used in the confirmation in network security

The link setup procedure mainly has the following several phases:
(1)lcp negotiation phase:
After the link gets up, the lcp consultation started.First the R1 transmission configuration
request (configuration request) news, inside carries with own parameter (MRU, certifies
type and magic character), if R2 agreed that returns to confirmation news (ack).If R2 did not
agree, return nak or the reject news, after R1 receives nak or the reject news, (, if receives
parameter configuration request news that includes itself unable to distinguish on
transmission reject, if receives to distinguish, but is unable to consult parameter that passes
on transmission nak), transmitted once more uses the new consultative parameter
configuration request news (configuration request most to transmit 10 times).Likewise, R2
will also carry on similar process to R1.Finally, if both sides consulted successfully, was in the
next negotiation phase, if the consultation did not succeed the ppp link unable to establish
(2) certification phase:The certification consultation is a dispensable phase, looked whether
the user has to make the related configuration, the certification may be divided into two
kinds, one kind is pap, one kind of chap, after the certification passes, is in the next
negotiation phase, if certifies the failure, the ppp link is unable to establish finally
(3) ncp (in the ip network is ipcp) negotiation phase
After the certification passes, is in the ncp negotiation phase.At this time R1 will send a
configuration request news toward R2, if the R1 interface has configured ip, then the
configuration request news will carry this end interface ip, because has not carried the mask,
after R2 receives, replies ack, and will generate 32 bits of host routes for this ip, the ncp
consultation completes.If R1 has not configured ip, but configured extracted ip through ppp
(ip add ppp-nei), R1 when sending configuration request, the ip field after entire 0, R2
received this configuration news from the address pool chooses one after NAK to transmit
R1, R1 received nak, uses ip that nak carried, the mask was 32 bits.Then R1 sends
configuration request news once more, after R2 receives, replies ack, and generates 32 bits
of host routes for this ip, the ncp consultation completes
after (4)ncp consulted successfully, the ppp link established successfully, may start to
transmit the data
note:
(1)PAP proof procedure

Was confirmed the side transmits local subscriber name and verbal orders to the
confirmation side
The confirmation side basis local subscriber table examined whether has is confirmed the
side the user name
If there is, then examination verbal orders is whether correct, if the verbal orders are
correct, then certifies to pass;If the verbal orders are not correct, then certification failure.
If no, then certification failure.

(2)CHAP proof procedure

(Under certification end interface cannot certainly configure password, otherwise did not
call certification end, user may also match to be possible not to match, was certified under
end interface to use for parts name of head of household, password may match to be
possible not to match)
In a certification end interface configuration user situation, was certified end interface user
to match, the password may match to be possible not to match;Under certification end's
interface has not configured in a user situation, was certified under the end interface user
definitely to have, at this time the password must configure.Otherwise certification process
failure.
The <1> confirmation side has configured the user famous proof procedure
a and confirmation side initiates confirmation to request on own initiative that the
confirmation direction was confirmed message (Challenge) that the side transmits some
produces randomly, simultaneously and together transmits the user supplementary of this
end is confirmed the side (inside challenge message encompasses a random number and ID)
after b, was confirmed the side receives the confirmation request of confirmation side, first
inspects on this end interface whether has configured the ppp chap password command, if
has configured this command, was confirmed the side encrypts with the user password and
MD5 algorithm this stochastic message that in message ID and command configures,
scrambled text and own user sending back confirmation side (Response) that will generate.If
on the interface has not configured the ppp chap password command, confirms the side the
user name to search this user correspondence in this end user table according to this
newspaper article in the password, (password) and MD5 algorithm encrypts this stochastic
message with message ID and this user's key, the scrambled text that will generate and was
confirmed side own user sending back confirmation side (Response)
c and confirmation side with is confirmed the side password and MD5 algorithm that oneself
save to the original stochastic message encryption, compared with two's scrambled text, if
compares the result to be consistent, the certification passes, if compares the result not to
be inconsistent, certification failure
The <2> confirmation side has not configured the user famous proof procedure
a and confirmation side initiates confirmation to request on own initiative that the
confirmation direction was confirmed message (Challenge) that the side transmits some
produces randomly
after b, was confirmed the side receives the confirmation request of confirmation side, using
message ID and CHAP password and MD5 algorithm of ppp chap password command
configuration this stochastic message encrypts, scrambled text and own user sending back
confirmation side (Response) that will generate
c and confirmation side with is confirmed the side password and MD5 algorithm that oneself
save to the original stochastic message encryption, compared with two's scrambled text, if
compares the result to be consistent, the certification passes, if compares the result not to
be inconsistent, certification failure

使用Challenge对密码做加密运算的算法为MD5{ Identifier＋密码＋Challenge }

2nd, what does the chap random number have to affect?

Makes hash to calculate and prevent playback attack, will make the certification the random
number to change each time, but the change of random number to cause the change of
hash computed result, the target of thus achieving against playback attack

3rd, pppoe work process?

Discovery phase
The (1)PPPoE Client broadcast transmits PADI (PPPoE Active Discovery Initial) message,
encompasses the service type information that in this message PPPoE Client wants to obtain.
(2) after all PPPoE Server receive the PADI message, the service that will request compares
with the service that can provide, if may provide, then the unicast replies PADO (PPPoE
Active Discovery Offer) message
(3) according to the network topology, PPPoE Client possibly receives many PPPoE Server
transmissions the PADO messages, PADO message correspondence PPPoE Server that the
PPPoE Client selection receives first takes own PPPoE Server, and unicast transmits PADR
(PPPoE Active Discovery Request) message
(4)PPPoE Server produces only conversation ID (Session ID), then marking and conversation
of PPPoE Client, through transmitting PADS (PPPoE Active Discovery Session-confirmation)
message transmits conversation ID PPPoE Client, after the conversation establishes
successfully, enters the PPPoE Session phase
(5) after completing, communication both sides know that PPPoE Session_ID as well as the
opposite party Ethernet address, they have determined only PPPoE Session together
Session phase
Consulted unanimously with PPP, was mainly used in the certification, allocate ip, dns and so
on
Terminate phase
PPP communication both sides should use the PPP protocol own to finish PPPoE talking, in is
unable to use the PPP protocol ended the conversation may use PADT (PPPoE Active
Discovery Terminate) message.
After being in the PPPoE Session phase, PPPoE Client and PPPoE Server may through
transmitting the mode of PADT message ended the PPPoE link.The PADT data packet may
establish the later random time unicast transmission in the conversation.After transmitting
or receiving PADT, did not allow to use this conversation to transmit the PPP current
capacity again
note:
pppoe data packet format

4th, pap and chap difference

(1)chap adopts three times the handshake, pap shakes hand twice
when chap certification, was certified side to need to challenge id and random
number carries on the hash computation, therefore needs to certify the side to initiate on
own initiative
(2)chap is initiated by the certification side, pap was certified to initiate
(3)chap carries the user name and hash, pap carries the user name and password

5th, difference of MTU and MRU?

MTU is the data unit that an interface can transmit most greatly
Data unit that an interface can receive most greatly MRU is

6th, in CHAP challenges the function of id and random number?

Challenges id and random number participates to calculate hash, in addition challenges id
also to record talks each time, the random number may prevent the playback attack

7th, was the chap certification, certified the side to have the interface password?
Is uncertain, when certifies side transmission in the challenge news carries the user name,
the password may configure in the global database

8th, in chap, certifies side to have the relations with user who was certified the side?
Has not related inevitably, in the local database found the corresponding password to make
hash according to the user name that the opposite party sent, user itself does not participate
in hash

9th, difference of PPP and HDLC?

HDLC:High-level Data Link Control high-level data link control
Is the two seal protocols on Wide area network, HDLC does not support point-multipoint,
does not support to certify and consult the ip address
10th, MRU inconsistent consultation process?
By this end's MRU transmission configuration request news, after the end receives the
configuration request news, the MRU value that to the end send the configuration request
that carries to reply, transmits ACK directly.But will modify to be small MRU in a MRU big
side, causes both sides to receive and dispatch the data normally

11th, how PPP certifies determined that certifies Fang He to be certified the side?
In the LCP negotiation phase, certifies the side transmission the configuration request news
certification field to have the corresponding certification mode, if were certified the side also
to configure the similar certification mode, will then reply ACK, then carries on the
certification phase

12th, tworouterusebidirectionalcertification, use PAPat the same time, at the same time
uses the CHAP, PPP link to consult successfully?
Ok

13th, the NCP phase has not consulted completes, whether can transmit the IP data?
Ok, in the NCP phase, so long as after the IPCP consultation completes, may transmit the IP
data
Note:
NCP has IPCP to consult incessantly, the consultations of other upper protocols, for example
mpls cp, IPV6 CP

14th, PPP frame format?

The Flag:Flag domain marked a physical frame the outset and finished, this byte was 0x7E
The Address:Address domain may uniquely mark to end.The PPP protocol was utilized on
the point-to-point link, therefore, uses the PPP protocol interconnection two communication
facilities not to need to know the opposite party data link layer address.According to the
stipulation of protocol this byte stuffing for entire 1 cast address, regarding the PPP protocol,
this field not practical significance.
Control:This field default value is 0x03, indicated that to not have the serial number frame,
the PPP default has not used the series number and confirmation reply implements the
reliable transmission
Address and Control domain marks this message together is the PPP message, namely PPP
message is FF03
Protocol domain:The Protocol domain may be used to differentiate in the PPP data frame
the information domain the load bearing data packet type

The function of FCS:FCS domain mainly to the accuracy of PPP data frame transmission
examines
Introduced some guarantee mechanism of transmission in the data frame, will introduce
many expenses, this will possibly add the application layer interactive delay

15th, does PPP have other phases besides LCP, NCP and certification phase?
16th, in the lcp consultation, the magic character and mru consulted, why to use?

17th, the chap certification service end has many clients to need to certify, does the server
end differentiate the certified user?
Differentiates through different ID

18th, chap certification id and random number, so long as does carry on the chap
certification to be good?
Challenges id and random number participates to calculate hash, in addition challenges id
also to record talks each time, the random number may prevent the playback attack

19th, since the pap certification may not encrypt, the chap certification may encrypt, had the
chap certification to be good, why can also have the pap certification?

20th, can PPP run on these lower level links?

Generally uses on the serial link, on the ATM link may use PPPoA, on the Ethernet link uses
PPPoe

21st, what CHAP and does the PAP certification have to distinguish?
1st, CHAP is initiated by the certification end on own initiative, PAP was certified the end to
initiate on own initiative
2nd, the CHAP three handshakes, PAP shakes hand twice
3rd, CHAP scrambled text certification, PAP plain text certification
4th, the CHAP certification user name may elect, PAP is not good

after the 22.PPP link establishes, magic character will still not change
2.7 Area 0 certification of OSPF

in lab does the ospf area 0 certification have the place that what needs to note?
OSPF area 0 authentication do need to pay attention when the router virtual link belong to
the backbone router. Even if the above is not the router interface runs in the backbone area,
but also to configure the authentication backbone area. Otherwise, it may lead to the virtual
link not be established

Authentication key and certification type key ID also needs to be consistent

2nd, in message of OSPF area certification carries key or the hash value?
When OSPF uses MD5 certifies, inside the OSPF package has not carried key, what inside
carries is Key ID and certification data length and encryption series number.The hash
supplements in OSPF package of behind, does not test worry is OSPF package of parts.The
certification data length described the supplement in the length of OSPF package of
following hashes.
OSPF MD5 hash is the ospf package (ospf header + ospf payload) and key computed result,
generates 128 long (16Byte) values.And supplements in ospf message behind
When OSPF uses the plain text certifies, inside the message of OSPF area certification carries
the plain text password

3rd, do the OSPF area 0 certification, which have to implement the mode?
The router supports two verification modes:
Area verification mode
Interface verification mode
When two verification modes both exist, privileged operation interface verification mode

4th, insidesaying the MD5 certification had a series number, the function of series number?
The encryption series number is used to make the guard playback attack;
The playback attack refers to the aggressor the capture from the link encompassing the
certification information ospf news first, then timely puts on the link to transmit, to achieve
to disturb among the ospf neighbor routers the communication target.
After the neighbor router receives this series number the message, then writes down this
series number, the encryption series number field value in afterward ospf news is smaller
than was equal to that previous memory value, the neighbor router discards this news. The
target was to prevent the aggressor captured once message, sent this news to link on.
Therefore the series number in each news is increasing progressively
(Is the aggressor forge bigger encryption series number makes the neighbor router
remember in view of the attack of series number, the relatively small series number that the
valid router sends does not accept on the contrary, to neighborship down.Attacks
successfully.Therefore the encryption series number isn't provides perfect safety program
certainly)???

5th, if afteraddingto themaximum value, howoccurredto change?

After the encryption series number achieves in a big way, the neighborship meets the reset,
causes the network to shake.
The encryption series number reaches the maximum value is the 2^32 automated reset is 0;
At this time, this value was smaller than the maximum value in neighbor memory, therefore
the ospf news will be refused to accept by neighbor router, these also encompassed the
hello message. After Dead interval overtime, neighborship down falls. When new
neighborship establishes, 32 bits of long encryption series numbers from 0 starts, neighbor's
memory also 0 will start to remember again, after therefore the series number reaches the
maximum value, neighbor meeting reset one time.Will shake to the network. But practical,
even if 32 bits of encryption series numbers add 1 every second, thetime
ofrequiringalsowants for more than 100 years, therefore may not consider.

6th, whyuses thecertification?

The confirmation neighbor router, prevents the neighbor who has not been authorized to
connect the network (will cause network to be attacked -> forge massive useless routing
information transmits to the ospf domain in)
In a MA network, partitions many ospf domain to implement the route isolation

7th, certificationinformationin LSA or hello?

In ospf, but is not at inside the LSA or hello message

8th, how to implement the smooth transitionusing keychain?

Using the key effective time and receive time

9th, why can theinterfacecertificationsurpass theareato certify?

The controllability of interface is stronger, the sphere of action is smaller, is more accurate,
is more nimble

10th, apair of ospf neighbor, the use area certifies at the same time, at the same time
certifies with the interface, whether can through the certification?
the ospf certification places ospf header, which kind of certification any field has not
indicated with, so long as the key and key id, the certification type is the same, may through
the certification

11th, whenuses theareato certify?Whenuses theinterfaceto certify?

The certification of different situation use different type, area certification when needs to
carry on the certification for the entire area, for guaranteeing entire area's route interactive
security.But interface certification for guaranteeing on some link the security of interactive
route
12th, whatareacertificationand dointerfacecertificationhaveto distinguish?
The sphere of action is different, the area certification in all interfaces to the area certifies,
the interface certification only has the certification to some interface
The collocation method is different, configures under the area, configures under the
interface

13th, whatcertificationand do theencryptionhaveto distinguish?

The certification mainly confirms the neighbor validity
The encryption encrypts the data packet, even if the data diaper steals, is unable to learn
content in the data packet

Vlink also needs to configure the certification, method:

1.R3 configures the certification in Area0
2.Vlink figure of neighbor time configures certification (is equal to interface certification)

The OSPF interface certification surpasses the area to certify.An end configuration area
certifies, an end configuration interface certification, can establish the neighbor, because in
the OSPF message is unable to distinguish to the end configuration interface certification or
the area certifies.
3 Manages the Thesis

Remarks:Here is just a simple answer,the detailed solution you have to find authoritative
material.
(一) What’s the technology principle and application scenarios of VRRP?
Answer: about the vrrp principle.
(二) Which messages are used on the synchronization process description of LSDB in ISIS?
Answer: about the ISIS message package style and purpose.
(三) What’s the coincidence relation between layers 2 multicasting address and layers 3
multicasting address?
Answer: bout the multicast between layer 3 mapping layer 2.
(四) What are the types and functions of LSA in OSPF?
Answer: manly about typ1.typ2.typ3.typ4.typ5.typ7.just describe the principle and
purpose.
(五) Which factors are affecting OSPF neighbor relationship establishment (at least 5)?
How to solve?
Answer: router id,segment,hello time.area id,network type,mtu,etc.
(六) Describe the process of OSPF neighbor relationship establishment.
Answer:from down-initial-2-way-exstart-exchang-loading-full.
(七) What’s the function of OSPF-FA address? What are the application scenarios of the
OSPF-FA address？
Answer:prevent the suboptimized route. And so on …
(八) Where can we use V-Link? What’s the disadvantage?
Answer:draw the topo like this :
 (九) What are the routing rules of BGP? And exemplify how each rule is used.
Answer:just 13 rule.and the selection of the rule just one by one step.
And the from the pref-value---local preference----as-path-----…..last one.
(十) How many Anti ring/loop mechanisms does BGP have?
Answer: EBG--------as-path. IBG ------------- split-horizon
(十一) How about the attributive classifications does BGP have?
Answer:1.well-know mandatory; ------ next hop,as-path,origin.
2. well-know discretionary; -------local pref, Atomic_Aggregate
3. optinal transitive---------- Aggregator, Community
4. optional non-transitive Multi_Exit_Disc, Originator ID, Cluster List

(十二) What’s the encapsulation process when PC1 access PC2 data packets(in the IPv6
scenarios)?pay attention there is not refer to ipv4 scenarios
Answer:There refer to the NDP .you need to master the link-local address and the principle
of address resolution.

(十三) What’s the role does trust and interception function of DHCP snooping play?

(十四) What’s the princple of assert mechanism in the PIM ?

(十五) how about the solution of the VPN’s routing loop mechanism in MPLS-VPN?
Answer: 1.PE-CE connection is the ospf---------------down-bit-set/lsa7’tage;
2.PE-CE conncetion is the BGP--------------SOO
(十六) How does frame relay interface obtain IP address?
Answer:explain the inverse arp principle.

(十七) What are multicast static RP’s backup methods and principles?

(十八) What are the features of two layer loop and three layer loop and differences
between them?
layer 2------------stp .etc
Layer3------------ttl/use the dynamic route protocol and so on
(十九) What are the classifications and characteristics of Routing Protocol?
Static
Dynamic:DV/LS
(二十) In the layer 2 network, what is the benefit of the rstp than the stp? Why? What is
the rstp performace the mechanism which is good than the stp ?
Answer: 1.P/A;2.AP fast change to rp;3.edge port;