Professional Documents
Culture Documents
Test rule:
1. Certainly asked three topics,they must contain 3 direction:
(Project Topic, Experiment Topic, the Theory of the Knowledge)
2. Topics on the project, certainly select these 6 question in the section 1;
3. Topics on the experiment, certainly select these 7 question in the section 2
4. Topics on the theory, certainly select these question in the section 3.
1 Project topic
How to choose IGP among 100 routers whose performance are large different? Why?
When selecting routing protocol, does not have the absolute good or bad division, only then suits with is not
suitable, we need select according to the network architecture and user's needs.But in the present network, the
routing protocol mainly has RIP, ospf and isis.
RIP some characteristics which are not suitable for large network
(1) RIP has jumps the number limit most greatly, possibly will cause some networks not to access.With jumping
number computation expenses
(2) RIP meets each 30s to transmit a route to upgrade the package, moreover when the transmission route updates
each time needs to transmit the entire routing table, like in 100 routers kind of large networks, there are many
routes which is quite large , the route update message therefore will waste very high bandwidth resources (each
route cause 20byte)
(3) RIP as compared to other routing protocols, the convergence rate will be slower
(4) Does not have the hierarchical design
RIP does not have no merit to speak, in network design, we may place him the details network, uses with other
protocols.The relative static routing, RIP may the dynamic study route, be quite simple when the configuration,
moreover does not make a mistake easily.So long as the static routing the port does not have down, the route will
appear in the routing list, RIP has timer and other mechanism, therefore may examine the destination route which
are reachable or not.
But ospf and isis are the link-state routing protocols and may not jump the hop limit most likely . Moreover the link
information flooding cycle relatively is also quite long, restraining is also on the other hand quicker than
RIP.Therefore, isis and ospf routing protocol suit the large networks. Then, I compare ospf and isis from the
following several aspects
isis ospf
Only supports two network types, needs Supports four network types, may adapt to the
to make the corresponding configuration different network environment, has very good
Network type to modify to the frame relay network support to the frame relay, on demand link and
and environment can support, moreover other network types.According to the interface rate
computation does not support on demand link.In the computation expenses, can respond the path
expenses mode default situation, each interface's correctly the expenses, therefore quite suitable
(applicable expenses are 10, cannotrespond network architecture and link quite complex
scope) thepathcorrectly theexpenses, compared network
withsuitablenetwork linksolenetwork
The minute L1/L2 area, the L2 area is the Minute backbone area, ordinary area.The backbone
backbone area, the L1 area default does area is the entire ospf domain's core, the ordinary
not have the L2 area's detailed route, if area regarding the backbone area, in ordinary area
L1 needs the L2 area's detailed route, default has all routes (including the exterior route),
needs to make the route leakage, in the may through configuring the special area causes the
Areal type
default situation, made the leakage, L1 exterior route or the area by-road by does not enter
(stratification
had the complete detailed route, outside in the special area, thus reduces in the special area
structure)
route including isis domain.in isis, the L1 router's resource expenses
area either does not have the isis area
by-road by and exterior route, either has
all routes, does not help checking the
route
isis bases on the link level protocol, ospf bases on three protocols, attack method
receives the possibility comparison of relative isis are quite many, moreover attacks also
Security attack lowly (, because is one link level- quite the convenience, may not connect in the link
based protocol, if must therefore attack
isis, must connect in link)
When primary restraining, uses full When primary restraining, uses full spf.When ospf,
spf.When isis, all webpages work as the so long as LSA1 and LSA2 changes, will trigger the i-
leaf, when therefore the webpage on SPF algorithm, only then LSA3, 4, 5and 7 changes
some node changes, what triggers is the triggers PRC, when i.e. the node webpage in area
Restraining prc algorithm, only then, when the node changes will cause LSA1/LSA2 to change, what
changes, triggers the i-SPF algorithm, therefore triggering is the i-SPF algorithm, therefore
restraining of population is quite quick, restraining does not have isis to be quick on the
moreover recomputates route's other hand, calculates route's expenses also
expenses is also quite small compared with big of isis
isis does not support the area to If there is backbone area partitioned situation in
repair.isis is to support the area repairs ospf, ospf may carry on the repair of backbone area
when the protocol development, but through v-link, provides a temporary solution for the
factory when implementing isis the time region splitting question, may ease the pressure that
Identity
does not support, when therefore the L2 the area plans
area was partitioned, in isis, does not
have the temporary solution, can only
carry on to the existing isis area plans
Because in the enterprise network, the The familiar ospf person are quite many, if runs the
big area uses ospf, the familiar isis ospf network to have the breakdown, the speed and
personnel are quite relatively few, the efficiency of trouble clearing will raise greatly, cause
requirement to the network the service to have the problem the probability to
Popular degree management will be higher . Moreover, if be smaller
runs the isis network to have the
breakdown, the speed of trouble clearing
will be quite slow, difficulty to be quite
high
Route clause When ISIS, any routing information uses In OSPF, each route can use corresponding LSA. The
and protocol the TLV transmission, no matter the LSA type are many, transmits and expresses the LSA
extension interior exterior, the structure is simple, expenses that various routes need be big (the rich
is easy to expand, in the improvement LSA type and long LSA forehead).When in supporting
supports more routes is not big to the multi-channel by, needs to make very big
protocol change, TVL also supports IPV6, modification to the protocol itself
and cannot make the modification
In summary, if these 100 routers use in the enterprise network, what I recommend is ospf, because the enterprise
network common line and network architecture is quite complex.
Ospf network type and identity make ospf suitable for this kind of complex network environment. During network
planning, we may place the good performance router in backbone area, places the normal performance routers in
other areas, and configures them as special area. We will thus enable these normal performance routers to play
their roles and does not become bottleneck in the network.
If these 100 routers are in operator network, what I recommend is isis as operator's network architecture and
physical circuit are quite generally unitary. Moreover the operator network has many routes and convergence rate
required is quite high because the network of operator not only serves itself, but also needs to provide service to
other users, and isis performance in these aspects is very outstanding.In designing, we may put the good
performance devices in the L2 area and puts normal performance routers in the L1 area. It can carry on the route
leakage according to our needs, thus normal performance devices cannot become the bottleneck in network
4th, why in present network big area use ospf, but doesn't use isis?
ISIS itself is not for ip development, but is developed for osi seven models. ISIS supports the ip network after the
corresponding tlv development, therefore has continued to use osi terminology and names in many aspects (the net
address and so on), but configuration and maintenance brings lots of troubles
What are the advantages and disadvantages between squar type and cross type when six routers are constructed the
network?
How does the large-scale network migration plan implementation? What key section needs to note?
Network migration:
If the running network needs to carry on transformation, upgrade, migration and other changes to the network after
some time, simultaneously these network operation behaviors, occurred in one in the bearer service current
capacity network, then this behavior is called the cleft grafting. The network for which cleft grafting movement,
possibly or other aims at the network for regulating the network structure, additional or the replacement of network
equipment, line replacement and equipment change layout.
1. project background
a) Project status, Client situation and cleft grafting reason
b) Which services need to carry on cleft grafting
c) Explain the need for cleft grafting the device
d) Must replace device
4. Risk assessment
<1> explained that which risks can present, (cleft grafting device, service and interface, which risks possibly present)
Scope of <2> risk influence,
Time of <3> influence, (interruption interval and operating time)
Which <4> probably brings to lose (biggest loss)
How to avoid the risk (selection current capacity small time carries on cleft grafting and host to prepare link and
technical support and analog test, carries important fitting)
(5) before the cleft grafting, prepares
<1> present network network equipment configuration backup;
Operational aspect that <2> records the present network device (CPU utilization ratio, memory utilization ratio,
route situation, protocol neighbor and so on);
<3> record network equipment run and traffic flow is whether normal, when checks with the client, after avoiding
the cleft grafting, client presenting objection does not have the card to look up;
If <4> in the cleft grafting needs to increase or replaces the device need to the new device to conduct the test, if
there is additional link, needs to conduct the test to the link, when some multi-factory devices, needs to conduct the
analog test
<5> understands present network the VRP version and version in network equipment's possibly had bug (, and
downloads corresponding VRP to our Huawei Website on and completes FTP or the TFTP server, prepares for
resuming vrp version)
<6> needs a total time plan, works each time, and when making time plan, each process needs to reserve <
especially reserves retroversion time > some time (, if appears does not have question of estimate, there is a time to
analyze and solution)
<7> must have the corresponding personnel to arrange the table, in the table to have to participate in the contact
method and specific implementation arrangement of this cleft grafting personnel (leader, inspector general,
operator and first party personnel) and so on, should better hold the work contact meeting before the
implementation, with the client confirmed that these personnel arrangements and time arrangements whether has
the question
<8> must prepare with when tool and spare parts, avoid the cleft grafting could not find the tool or the related fitting
causes to shear to meet the failure or the delay
(6) cleft grafting implementation
<1> explained that in the cleft grafting each process needs to execute anything to operate (executes any command),
the goal that must achieve (commands to confirm with anything, the result of examining is what kind of), whether
achieves the goal, if has not achieved the goal, possibly needs the scene to analyze, if after the analysis, still had not
solved the problem, carries on the retroversion according to the retroversion plan implementation retroversion
process
<2> implements before the cleft grafting, examined the first device current operational aspect (hardware operational
aspect), guarantees before the situation of the cleft grafting preparing the record is whether consistent
When the <3> cleft grafting has the problem, record related log and question in order to analyze in the future
<4> when the execution related command, completes the corresponding conversation record, prevents in the cleft
grafting to have the problem, appears disputed
(7) retroversion plan
<1> overall retroversion plan:If showing some cleft grafting failure or one process failure, which may the retroversion
to one step, how carry on the retroversion < retroversion script > (sometimes not to need complete retroversion, for
example a network requirement cleft grafting three and two, two cleft graftings complete test page not to have
question, then we want retroversion three then, two do not need to carry on retroversion) overall retroversion plan
also to need to explain that the latest retroversion time selects, according to the above time arrangement, if the
retroversion time to have not completed the cleft grafting, at this time needs to start the retroversion plan to carry
on the retroversion
In <2> cleft grafting implementation each process implementation plan
(8) test
<1> technical nature test:Examines the hardware running status;Examination corresponding protocol running status
and route neighbor state, routing information and so on;If the protocol does not have the question and route not to
have the question to conduct the connective test (ping, tracert and so on), host to prepare the test, when will test
the emergency apparatus or the spare link work is whether normal, avoids advocating in the future device/link will
have the problem, emergency apparatus/link is unable to relay the main device work
After the <2> technical testing does not have the question, the notice client conducts the relevant operation test, if
the service test does not have the question, needs to defend the bureau
(9) defends the game (safeguard:Defends the game and training) (some breakdowns have not exposed, needs to
defend game observation)
After the cleft grafting completes and test completes, but also needs to the network after cleft grafting to observe,
needs the corresponding engineer to defend the bureau the present according to the client requirement, after
defending the bureau, if normal, this cleft grafting is completes
10. script
The cleft grafting script, the retroversion script and so on places this part in the form of appendix
(11) collects the bamboo slip
First party and second party signature, agreement cleft grafting plan implementation.
2nd, how to guarantee that the cleft grafting does carry on smoothly?
Before the cleft grafting, carries on the full communication with the first party, in the cleft grafting, strictly carries on
the corresponding operation in the scheduled time according to the cleft grafting plan, because the cleft grafting
plan is the process layer upon layer verifies, generally the cleft grafting plan will not have the question.After the cleft
grafting, after needs to do the related test and defends the bureau, may deliver to the first party
1st, the appraisals of various preparation sufficient
2, risks, inform the client
3, implementation plans the orders to carry on (personnel ahead of time, the ahead of time arrangement of spare
parts)
4, different experts verify the cleft grafting plan
5,The technical question that leaves behind needs to solve ahead of time, the company establishes the technician
pool;If there is problem, informs promptly, rapid response;
3rd, if the cleft grafting failure, does need to do?
Answer:Retroversion to original state?
4th, if the retroversion failure, does need to do?
Answered returns the failure, used the contingency plan.The contingency plan has designed generally inside the cleft
grafting plan, like the board replacement, uses the trail road and so on, calls the spare parts urgently and so on.
1st, function
1) The port quantity of switch is high. Router's has many interface types but quantity is less
2) Switch's port type is two ports whereas Router's port type is three ports;
2nd, application scene
1) Router network edge, implements the Internet of network access.
2) Switches are used in local area network and mainly act as data high-speed repeaters in Intranet.
1st, please explain with examples that rstp function of edge port, where to use this function, what question will use
edge port to encounter? How to solve?
Function:
(1) It accelerates rstp restraining; after the port is configured edge port, once port is up, the port immediately enters
the forwarding state
(2) During P/A consultation, the edge port cannot be synchronized; In other words, even if the root port changes, the
edge port may hold the forwarding state continuously.
(3) When the edge port enters forwarding state , it does not refresh the mac address table and thus avoids the
unicast frame flooding.Generally the edge port is connected to terminal and terminal's up/down should not change
the ring status , therefore mac address table is not required to be refreshed
(4) As a safeguarding mechanism: BPDU can be enabled for safety and then configure edge-port for effective
mechanism.
Conditions description:
SW1 g0/0/1 and g0/0/2 are configured as edge ports and are connected to hub and STP is not running.
Description of Ring Circuit:
Immediately after connection, edge port will enter the forwarding state immediately. If all ports Hub e0/0/0, e0/0/1
as well as SW1 g0/0/1, g0/0/2 goes into forwarding state, Ring circuit appeared. When the edge port receives bpdu,
the identity of edge port disappears and it will become ordinary stp port and will participate in the stp computation
and loop disappears .Because it needs to calculate stp (definite port role, port state, waits for repeater time delay), it
will therefore bring the network to halt.
In order to avoid this network halt and temporary loop, bpdu protection feature will be enabled.
Once bpdu protection feature is enabled, if the edge port receives bpdu the port will be shutdown automatically but
the edge port attributes will not change. Administrator has to unshut the interface manually (may cause self-
recovery through configuration, and sets time delay). If interface was recovered from shutdown state and it receives
bpdu once more, this edge port will once again go into shutdown state .
Shuts down stp, edge-port and under the normal stp port to hang the switchboard, which enters the repeater state
quickly?
Shuts down the stp>edge-port> normal stp port
1.6 Is it better to put gateway of the campus network on the Access Layer or Aggregation Layer ?
The campus network gateway places the access, places the gathering to be quite good?
The gateway places the access:
Merit:
With being switchboard's the service exchange visits between different webpages, does not need after gathering the
switchboard, therefore raised the access efficiency.
The routing control is finer and flexible, between the access and gathering is three routing protocols of run.
Fault location convenience.
The broadcast domain changes is small
For example attacked area of influence small (for example ARP virus)
ii. The broadcast, the multicast, the unknown unicast frame's flooding scope is small, frugal bandwidth
The access and gathering level interconnection does not need to run the STP protocol
Avoided two ring circuits causing some link jammings, raised the use factor of link
ii. The load is more flexible (based on route strategy routing, can implement to be responsible for sharing)
Flaw:
Need many webpages
Docks into the equipment performance requirement to be quite high, the cost enlarges.
To implementing the personnel with transporting Uygur personnel's the technical level requirement is high
Extended energy balance, this from the following two interpretations:
The server migration needs to replace the IP address
ii. The staff work position disperses (with department)
The gateway places to gather (this good and bad points is actually above in turn, some examinees in answer time
answered here examination official to interrupt, does not need downward to say):
Merit:
Docks into the equipment performance requirement to be quite low, the cost reduces.
Reduces the IP address demand
The analysis situs is simple , helping deploying with transporting Uygur.
Gateway redundancy, VRRP
The service migration is convenient
Description scene:
1. Manages the public network gateway to place to gather
2. The data center network's gateway puts on the switchboard
2 Experiment topic
How to employ the VLAN15 and the VLAN30 visit each other through Ethernet link? What’s
your idea?
Before R3 and R5 has not made V-link, vlan30 accesses vlan15 is passes Ethernet link
between R3 and R5;But at return trip the time, R5 above learns the vlan30 route to learn
through the frame relay backbone area, therefore has not walked Ethernet link between R3
and R5.
The topic requires between vlan15 and vlan30 exchange visits must first walk through the
Ethernet link, then R5 needs to learn the vlan30 route from R3, the vlan15 unit select R5
achievement accesses the export of vlan30.Creates V-link on R3 and R5, makes R3 turn into
ABR, R5 to learn the vlan30 route from R3, and small of route cost compared with learns
from the frame relay.Therefore R5 selects from R3 study route.Satisfies between topic
vlan15 and vlan30 exchange visits first through the requirement of Ethernet link
[Expansion question]Links SW3 G0/0/1 intonation big cost in R5 is very big, whether
affects R3 to go toward the VLAN15 route?
Answer:
Before R3 and R5 have not made the virtual link, may affect R3 to go toward the VLAN15
route, under R3 to jump will change to R4, selects expenses small LSA3.
After R3 and R5 have made the virtual link, will not affect R3 to go toward the VLAN15
route, under R3 jumped is still R5, because AR3 this was as ABR, will not calculate LSA3
from AR4, how no matter therefore started to adjust AR3 to select AR5 throughout is
under jumps.
[Expansion question]And R3 in ether link cost between R5 is very big (examination official
intention 2 ports enlarges), what has to affect?
Answer:
Modifies on R3 to link the R5 interface cost value, the effect equates in the previous
expansion topic, in the reference an expansion question response.
Modifies on R5 to link the R3 interface cost value, before the virtual link has not done,
does not affect R5 to access the vlan30 route, under R5 jumped is still R4.
Modifies on R5 to link the R3 interface cost value, after the virtual link has done, affects R5
to access the vlan30 route. Under R5 jumps from R3 turns into R4.
[Expansion question]Please analyze, in R3 and R4 make the result after virtual link
Answer:
VLAN15 and VLAN30 exchange visits will back and forth take the frame relay link
[Expansion question]how between r1 and r5 made the virtual link to guarantee the FR
primarily link
Answer:
Adjusts big R1 and R5 G0/0/01 port COST, is bigger than FR interface's COST
[Expansion question]how many strip switchboard SW3 between r1 and r5 can learn (not
to make virtual link) before the area 34 routes?
Answer:
Learns 2 LSA3, the annunciator distinguishes AR1 and AR5,
SW3 studies area 34 routes for the load equalization.
[Expansion question]What solutions besides the virtual link outside also has other?
Answer:
(1) establishes tunnel between R3 and R5, announced that area0 (notes to expand difference
of use tunnel and vlink is anything)
(2) PBR (position that notice uses)
[Expansion question]Link down between R3 and R5, whether can also access normally?
Answer:
May access normally, after link separation of R3 and AR5, R3 is not ABR, may through the
LSA3 computation route that R4 releases, implements the exchange visits
2.2 BGP in LAB
[Expansion question] Is the basic reason that creates the BGP ring circuit what?
Answer:
The BGP Cheng Huan reason, may consider from three aspects,
First:The BGP attribute, receives the EBGP route in IBGP transmits the route the time under
jumps does not modify.
Second:Among the EBGP neighbors has IGP, considered from the IGP aspect, because BGP
next one will jump the identity that did not modify to cause it to hand over
How turns over to inquire to arrive at the address that under this jumps, has next one jumps
the address that the possibility recursion inquired to cause BGP the production of ring
circuit.
Third:From the situation in this analysis situs, one kind is, R4 and R5 that the FR special
condition creates do not have PVC.
[Expansion question] You said under a moment ago IBGP jumps does not modify, why
must design like this?
Answer:
(1) when protocol development regards a whole AS
(2) jumps does not change, when may bootstrap the router access target network in AS
has the unified export
(3) because in AS, next one jumps the words that does not modify, the router in this AS
may act according to under this to jump the address to find to leave this AS most superior
path.
[Expansion question]Why when makes the strategy can remove the 10.1.40.0 /24
routes?
Answer:
If not remove, when BB accesses the 10.1.40.0 /24 this webpages, will present the ring
circuit between R1 and R5
[Expansion question]Does BB2 access 10.1.40.0 /24 check stratification planes and data
stratification planes is what kind of?
[Expansion question]Why under BGP IBGP transmission default modification doesn't jump?
Because under the default modification jumps possibly creates a superior path
[Expansion question] The BGP 13 routing principles, which the recognition must obey the
attribute to have, has any characteristic respectively, implements the principle is
anything, which the BGP internal against link and exterior against link mechanism has,
spoke in the blackboard, the MED attribute, the CLUSTER_LIST attribute simple principle,
described in the blackboard, ORIGIN attribute characteristic principle.Which one BGP
compares to may implement the load to share.
Answer:
BGP common recognizes must obey is sex includes:
ORIGIN, AS_PATH, NEXT_HOP
ORIGIN is the sex traces states comes the source that Lu You updates, but to use to elect to
select most superior Lu Jing.
AS_PATH is the sex traces states Lu Youjing the AS row table, but to use to select most
superior Lu Jing and against stops the link road.
NEXT_HOP is the sex traces to state to reach by the circular item next one jumps the IP
address, only has to jump to reach, BGP Lu Youcai will be recognized may.
In BGP department against link computer system has IBGP water Ping Fenge.If the fruit the
department in AS matched to set at Lu Youfan to shoot, in the route instead shot in the
bunch the department to cause with the ORIGINATOR_ID against link, in the road by
instead was shot the cluster within to cause with the CLUSTER_LIST against link.
The BGP outside against link mechanism has AS_PATH.
MED may choose the non-biography to hand over is the sex, may use to elect to select
most superior Lu Jing.
CLUSTER_LIST may choose the non-biography to hand over is the sex, but to use to elect to
select most superior Lu Jing and against stops the link road.
BGP in electing to select most superior Lu Jing when waits, after compared with arrives at
the cost value that chooses to select to reach to jump, if the fruit matched to set at BGP
The load even graduated arm may presently negative carry to share by reality.
BGP may be able to save in link road, may use Lu Youju sub-not to say Ming about as-set
example.
2.3 The multicast in LAB
R3 will receive the BSR news that R4 sends, because of R4 loo0 in area 0, but link between
R3 and R4 is area 34, R3 goes to BSR (is also R4 loopback0) first virtual-link among R3-R5
study the route walks, walks R5.Therefore receives the BSR news RPF check failure from R4,
therefore is unable to learn RP-set
R3 will not receive the BSR news from R5, because on R5 has similar reason.R5 cannot study
the R1 round BSR news, because in the frame relay network, ospf thinks that R1-R4-R5 is a
MA network, therefore R5 arrives at BSR next one jumps the address is 10.1.145.4, therefore
BSR news RPF check failure, therefore R5 will unable to study the BSR information not to
send the BSR news to give R3.Therefore R3 is unable to study the BSR news, cannot go to
school RP-set
Solution:
May configure the multicast static routing to solve on R3, accessing 10.1.4.4 next one jumps
to point to 10.1.34.4;Perhaps may configure the multicast static routing to solve on R5,
accessing 10.1.4.4 next one jumps to point to 10.1.145.1, studies the BSR news through R5
[Expansion question]Why after needing R1 to receive the join news, can inspect?
In the transmission (*, G) jion establishes in the process of RPT tree, if not inspect (*, G) the
upstrem-neighbor address in message, then the MA network will have many (*, G) will
establish successfully, the multicast stream may down, create the redundant multicast
stream.
[Expansion question]Why does the multicast need RPF check, unicast does not need to
carry on RPF check?
Where because is unable to know in advance the multicast recipient, but the multicast
source is definite, therefore conducts the RPF inspection according to the source, thus
prevents the ring circuit and duplicate message, but the unicast target is definite, the middle
router basis target way by with the addressing, does not have the ring circuit and redundant
message, therefore does not need the RPF inspection
[Expansion question]What flaw configuration static state does RP compare BSR to have?
1. the configuration is complex
2. makes the redundant backup to be complex
3. makes the load equalization to be complex
other, What the attention point of this scenario? what is your solution to prevent
Makes ISIS and OSPF two point bidirectional heavy release question on R1 and R4
Answer:
Guides the superior path question, causes the ring circuit question again
In view of R6 on route when R1 makes the introduction question that first brings:
On R6 made rip to get tag100 to the introduction of ospf and modifies cost is 100.R1
introduces after ospf these routes isis, R2 learns the route passes to R4, because R4 ran
ospf and isis, learns these routes' priorities from ospf is 150, from the route that isis learns
is 15, optimal came from isis, when R4 accesses these networks, the data trend for
R4→R2→R1→R5→R6, presents a superior path.When makes isis on R4 to the ospf
introduction, what because on R4 reappears is the isis route, all will introduce ospf, R1 to
receive on this LSA, R1 this route to compare, LSA that R6 comes, the exterior expenses
are 100, R4 are 1, optimal R4 comes.When R1 must access these networks, the data trend
for R1→R4→R2→R1, presents the ring circuit
R4 makes the introduction first also with the R1 argument, similarly will also form a
superior path and ring circuit
Solution:Capture these routes in R1 and R4, their priority modification is below 15 then,
simultaneously gets tag on R1, refuses to make a sound corresponding tag on R4, gets tag
on R4, denies corresponding tag in R1
In view of SW1 on route when R1 makes the introduction first, question that brings:
Has made the introduction on SW1, introduces in the vlan10 webpage ospf, carries FA
address 10.1.30.11.Area34 is the nssa area, by R4 (router-id big) carries on 7/5
conversions, the conversion time does not change the FA address, R1 learns the
10.1.10.0 /24 routes through LSA5 (the adv=R4, FA address = 10.1.30.11) to learn, R1
accesses 10.1.10.0 /24 times, through iterating the FA address, the data trend
is:R1→R5→R3→SW1
At this time, made ospf on R1 to the introduction of isis, R2 has learned this route to pass
to the route R4, because R4 ran ospf and isis, learned these routes' priorities from ospf is
150, from the route that isis learned is 15, optimal camefrom isis, when R4 accessed these
networks, the data trend for R4→R2→R1→R5→R3→SW1, presents a superior path.When
makes isis on R4 to the ospf introduction, what because on R4 reappears is the isis route,
all will introduce this route ospf.Because before is R4 carries on 7/5 conversions, therefore
at this time, R4 will produce about this route's series number bigger LSA5 (FA address =0),
after R1 receives new LSA5, the detection is the same LSA (the type=5, adv=R4, ls id=
10.1.10.0), will therefore select the series number to be big, because this LSA does not
bring the FA address, when R1 accesses this webpage route, through looking for the ASBR
position arrives at the exterior network, namely the data moves toward for
R1→R4→R2→R1, the ring circuit appears
R4 makes the introduction first is also similar argument, will present superior Lu Jin and
ring circuit question, when the difference lies in R1 said that the LSA5 expenses that R4
through comparing SW3 LSA7 and R1 that comes comes chooses LSA5 that R1 comes
[Expansion question]Why only modifies the tag100 exterior route priority, all modifies?
Answer:
All modifies to solve toward the BB time superior road vigor question, but will appear
toward the ISIS route new time superior road vigor question, the example R2 link returns
to the interface
[Expansion question]What has the problem the most basic reason is?
Answer:
When two point bidirectional introduction, when low priority (priority value high) to the
high priority made the introduction will cause the router to select the priority high route,
thus superior path, will also possibly present the ring circuit
How many methods about Traffic shaping? Which method is used in LAB? Why?
(1) LR (line-rate interface regulating) - in view of all current capacities
<1> can only base on the interface
<2> may use in the router interface (is used in regulating, can only configure percentage)
and switchboard interface (may make reshaping <qos lr outbound>, may do to supervise
<qos lr inbound>)
<3> when the router interface use, must be able to become effective in light of the queue
use
(2) GTS (general current capacity reshaping) - in view of the IP current capacity
<1> may and bases on queue based on the interface, may use MQC to carry on the reshaping
to the specific current capacity (also bases on category)
<2> can only use in router interface (switchboard could not make GTS, switchboard two
interfaces is unable to configure GTS)
If <3> the interface presents the jam, may use queue technology (CBQ)
(3) FRTS (frame relay current capacity reshaping)
<1> is the same with the algorithm of GTS
<2> for frame relay
<3> may or aims at pvc in view of the interface (, if both also enable, the cir small
configuration becomes effective)
(4)qos queue x shaping
On <1> switchboard based on queue reshaping (before configuration queue reshaping,
needs to configure simple flow classification-based priority mapping, the priority mapping of
message is the PHB behavior and color, or configuration complex stream classification-based
internal priority heavy tag, thus makes different service enter different interface queue)
In Lab used LR, on switchboard to make the reshaping only to use LR and qos queue x
shaping, the topic was the requirement makes the reshaping on switchboard's interface, LR
configures simply, and may conform to topic Italy, therefore has used LR
1. the configuration is simple
2. has not required to the current capacity classifies
3. the requirement configures on the switchboard
4. topic requirement reshaping
2nd, what difference on switch board and router does the current capacity reshaping have?
On the router may use gts to carry on the current capacity reshaping . Moreover the router
may carry on the reshaping based on the category (use stream strategy), if presents the jam,
may use the queue technology.Carries on the reshaping based on the software
On the switchboard can only use qos lr outbound to carry on the current capacity reshaping,
if presents the jam, the queue technology has FIFO, carries on the reshaping based on the
hardware.
3rd, what difference current capacity reshaping and do the super vision have?
The current capacity reshaping and current capacity supervision are mainly used in the
regulating in qos
The difference is, the current capacity reshaping to surpassing regulating the message
carries on the buffer, when the interface bandwidth is enough, carries on to dispatch and
retransmit through the corresponding queue technology;But the current capacity
supervision regarding surpassing the regulating message is conducted to discard
The tail discards the problem that has:The TCP synchronization and TCP starve to death,
undifferentiated discarding
TCP synchronization's flaw is:Without the full use link bandwidth
Creates the reason that TCP starves to death is:UDP does not have TCP that kind of sliding
window
In CBQ, the EF queue and LLQ queue cannot use to discard the strategy, can only the tail
discard
RED:RED through discards data message stochastically, when lets many TCP link to be
different reduce the transmitting speed, thus has avoided the TCP overall situation
synchronization phenomenon
WRED:RED does not have the difference service, even if priority high also possibly
stochastically was discarded, therefore bases on RED, has implemented WRED.Flows the
queue to support based on DSCP or the IP priority carries on WRED to discard, each kind of
priority may set the message drop independently about threshold and drop rate, when the
message arrives at the lower limit, starts the drop, along with the markup of threshold, the
drop rate adds unceasingly, the maximum drop rate does not surpass the setting the drop
rate, until arriving at high threshold, the message discards completely, like this defers
certainly to discards the probability to discard the newspaper article in queue on own
initiative, thus in certain degree avoids jamming the question
丢弃概率
100%
10% 最大丢弃概率
20 25 30 35 40 平均队列长度
AF21
AF22
AF23
note:
(1)PQ may with WRR, DRR and WFQ mix use (creates the queue template)
(2) according to the difference of lining up and scheduling strategy, the jam managerial
technique on device LAN interface is divided into PQ, DRR, PQ+DRR, WRR and jam
managerial technique on PQ+WRR, WAN interface to be divided into PQ, WFQ and PQ+WFQ
(3)WFQ dispatch's algorithm SN =Previous_SN +weight ×new_packet_length (weight and
Precedence are in reverse proportion), the SN small priority scheduling, namely the
computed result causes Bao Xiao or priority high priority scheduling
2.6 PPP
Please explain the PPP Link establish step in detail? Including the process of certification ?
ppp is Wide area network's one kind of two seal protocols, mainly, has the certification
protocol comprised of lcp and ncp.
lcp is mainly used in establishment and maintenance of link also having the demolition (also
consultative whether link bundle)
the ncp protocol is used in the data format and type that consulted on this link to transmit
The certification protocol is mainly used in the confirmation in network security
The link setup procedure mainly has the following several phases:
(1)lcp negotiation phase:
After the link gets up, the lcp consultation started.First the R1 transmission configuration
request (configuration request) news, inside carries with own parameter (MRU, certifies
type and magic character), if R2 agreed that returns to confirmation news (ack).If R2 did not
agree, return nak or the reject news, after R1 receives nak or the reject news, (, if receives
parameter configuration request news that includes itself unable to distinguish on
transmission reject, if receives to distinguish, but is unable to consult parameter that passes
on transmission nak), transmitted once more uses the new consultative parameter
configuration request news (configuration request most to transmit 10 times).Likewise, R2
will also carry on similar process to R1.Finally, if both sides consulted successfully, was in the
next negotiation phase, if the consultation did not succeed the ppp link unable to establish
(2) certification phase:The certification consultation is a dispensable phase, looked whether
the user has to make the related configuration, the certification may be divided into two
kinds, one kind is pap, one kind of chap, after the certification passes, is in the next
negotiation phase, if certifies the failure, the ppp link is unable to establish finally
(3) ncp (in the ip network is ipcp) negotiation phase
After the certification passes, is in the ncp negotiation phase.At this time R1 will send a
configuration request news toward R2, if the R1 interface has configured ip, then the
configuration request news will carry this end interface ip, because has not carried the mask,
after R2 receives, replies ack, and will generate 32 bits of host routes for this ip, the ncp
consultation completes.If R1 has not configured ip, but configured extracted ip through ppp
(ip add ppp-nei), R1 when sending configuration request, the ip field after entire 0, R2
received this configuration news from the address pool chooses one after NAK to transmit
R1, R1 received nak, uses ip that nak carried, the mask was 32 bits.Then R1 sends
configuration request news once more, after R2 receives, replies ack, and generates 32 bits
of host routes for this ip, the ncp consultation completes
after (4)ncp consulted successfully, the ppp link established successfully, may start to
transmit the data
note:
(1)PAP proof procedure
Was confirmed the side transmits local subscriber name and verbal orders to the
confirmation side
The confirmation side basis local subscriber table examined whether has is confirmed the
side the user name
If there is, then examination verbal orders is whether correct, if the verbal orders are
correct, then certifies to pass;If the verbal orders are not correct, then certification failure.
If no, then certification failure.
使用Challenge对密码做加密运算的算法为MD5{ Identifier+密码+Challenge }
7th, was the chap certification, certified the side to have the interface password?
Is uncertain, when certifies side transmission in the challenge news carries the user name,
the password may configure in the global database
8th, in chap, certifies side to have the relations with user who was certified the side?
Has not related inevitably, in the local database found the corresponding password to make
hash according to the user name that the opposite party sent, user itself does not participate
in hash
11th, how PPP certifies determined that certifies Fang He to be certified the side?
In the LCP negotiation phase, certifies the side transmission the configuration request news
certification field to have the corresponding certification mode, if were certified the side also
to configure the similar certification mode, will then reply ACK, then carries on the
certification phase
12th, tworouterusebidirectionalcertification, use PAPat the same time, at the same time
uses the CHAP, PPP link to consult successfully?
Ok
13th, the NCP phase has not consulted completes, whether can transmit the IP data?
Ok, in the NCP phase, so long as after the IPCP consultation completes, may transmit the IP
data
Note:
NCP has IPCP to consult incessantly, the consultations of other upper protocols, for example
mpls cp, IPV6 CP
The Flag:Flag domain marked a physical frame the outset and finished, this byte was 0x7E
The Address:Address domain may uniquely mark to end.The PPP protocol was utilized on
the point-to-point link, therefore, uses the PPP protocol interconnection two communication
facilities not to need to know the opposite party data link layer address.According to the
stipulation of protocol this byte stuffing for entire 1 cast address, regarding the PPP protocol,
this field not practical significance.
Control:This field default value is 0x03, indicated that to not have the serial number frame,
the PPP default has not used the series number and confirmation reply implements the
reliable transmission
Address and Control domain marks this message together is the PPP message, namely PPP
message is FF03
Protocol domain:The Protocol domain may be used to differentiate in the PPP data frame
the information domain the load bearing data packet type
The function of FCS:FCS domain mainly to the accuracy of PPP data frame transmission
examines
Introduced some guarantee mechanism of transmission in the data frame, will introduce
many expenses, this will possibly add the application layer interactive delay
15th, does PPP have other phases besides LCP, NCP and certification phase?
16th, in the lcp consultation, the magic character and mru consulted, why to use?
17th, the chap certification service end has many clients to need to certify, does the server
end differentiate the certified user?
Differentiates through different ID
18th, chap certification id and random number, so long as does carry on the chap
certification to be good?
Challenges id and random number participates to calculate hash, in addition challenges id
also to record talks each time, the random number may prevent the playback attack
19th, since the pap certification may not encrypt, the chap certification may encrypt, had the
chap certification to be good, why can also have the pap certification?
21st, what CHAP and does the PAP certification have to distinguish?
1st, CHAP is initiated by the certification end on own initiative, PAP was certified the end to
initiate on own initiative
2nd, the CHAP three handshakes, PAP shakes hand twice
3rd, CHAP scrambled text certification, PAP plain text certification
4th, the CHAP certification user name may elect, PAP is not good
after the 22.PPP link establishes, magic character will still not change
2.7 Area 0 certification of OSPF
in lab does the ospf area 0 certification have the place that what needs to note?
OSPF area 0 authentication do need to pay attention when the router virtual link belong to
the backbone router. Even if the above is not the router interface runs in the backbone area,
but also to configure the authentication backbone area. Otherwise, it may lead to the virtual
link not be established
2nd, in message of OSPF area certification carries key or the hash value?
When OSPF uses MD5 certifies, inside the OSPF package has not carried key, what inside
carries is Key ID and certification data length and encryption series number.The hash
supplements in OSPF package of behind, does not test worry is OSPF package of parts.The
certification data length described the supplement in the length of OSPF package of
following hashes.
OSPF MD5 hash is the ospf package (ospf header + ospf payload) and key computed result,
generates 128 long (16Byte) values.And supplements in ospf message behind
When OSPF uses the plain text certifies, inside the message of OSPF area certification carries
the plain text password
3rd, do the OSPF area 0 certification, which have to implement the mode?
The router supports two verification modes:
Area verification mode
Interface verification mode
When two verification modes both exist, privileged operation interface verification mode
4th, insidesaying the MD5 certification had a series number, the function of series number?
The encryption series number is used to make the guard playback attack;
The playback attack refers to the aggressor the capture from the link encompassing the
certification information ospf news first, then timely puts on the link to transmit, to achieve
to disturb among the ospf neighbor routers the communication target.
After the neighbor router receives this series number the message, then writes down this
series number, the encryption series number field value in afterward ospf news is smaller
than was equal to that previous memory value, the neighbor router discards this news. The
target was to prevent the aggressor captured once message, sent this news to link on.
Therefore the series number in each news is increasing progressively
(Is the aggressor forge bigger encryption series number makes the neighbor router
remember in view of the attack of series number, the relatively small series number that the
valid router sends does not accept on the contrary, to neighborship down.Attacks
successfully.Therefore the encryption series number isn't provides perfect safety program
certainly)???
10th, apair of ospf neighbor, the use area certifies at the same time, at the same time
certifies with the interface, whether can through the certification?
the ospf certification places ospf header, which kind of certification any field has not
indicated with, so long as the key and key id, the certification type is the same, may through
the certification
The OSPF interface certification surpasses the area to certify.An end configuration area
certifies, an end configuration interface certification, can establish the neighbor, because in
the OSPF message is unable to distinguish to the end configuration interface certification or
the area certifies.
3 Manages the Thesis
Remarks:Here is just a simple answer,the detailed solution you have to find authoritative
material.
(一) What’s the technology principle and application scenarios of VRRP?
Answer: about the vrrp principle.
(二) Which messages are used on the synchronization process description of LSDB in ISIS?
Answer: about the ISIS message package style and purpose.
(三) What’s the coincidence relation between layers 2 multicasting address and layers 3
multicasting address?
Answer: bout the multicast between layer 3 mapping layer 2.
(四) What are the types and functions of LSA in OSPF?
Answer: manly about typ1.typ2.typ3.typ4.typ5.typ7.just describe the principle and
purpose.
(五) Which factors are affecting OSPF neighbor relationship establishment (at least 5)?
How to solve?
Answer: router id,segment,hello time.area id,network type,mtu,etc.
(六) Describe the process of OSPF neighbor relationship establishment.
Answer:from down-initial-2-way-exstart-exchang-loading-full.
(七) What’s the function of OSPF-FA address? What are the application scenarios of the
OSPF-FA address?
Answer:prevent the suboptimized route. And so on …
(八) Where can we use V-Link? What’s the disadvantage?
Answer:draw the topo like this :
(九) What are the routing rules of BGP? And exemplify how each rule is used.
Answer:just 13 rule.and the selection of the rule just one by one step.
And the from the pref-value---local preference----as-path-----…..last one.
(十) How many Anti ring/loop mechanisms does BGP have?
Answer: EBG--------as-path. IBG ------------- split-horizon
(十一) How about the attributive classifications does BGP have?
Answer:1.well-know mandatory; ------ next hop,as-path,origin.
2. well-know discretionary; -------local pref, Atomic_Aggregate
3. optinal transitive---------- Aggregator, Community
4. optional non-transitive Multi_Exit_Disc, Originator ID, Cluster List
(十二) What’s the encapsulation process when PC1 access PC2 data packets(in the IPv6
scenarios)?pay attention there is not refer to ipv4 scenarios
Answer:There refer to the NDP .you need to master the link-local address and the principle
of address resolution.
(十三) What’s the role does trust and interception function of DHCP snooping play?
(十七) What are multicast static RP’s backup methods and principles?
(十八) What are the features of two layer loop and three layer loop and differences
between them?
layer 2------------stp .etc
Layer3------------ttl/use the dynamic route protocol and so on
(十九) What are the classifications and characteristics of Routing Protocol?
Static
Dynamic:DV/LS
(二十) In the layer 2 network, what is the benefit of the rstp than the stp? Why? What is
the rstp performace the mechanism which is good than the stp ?
Answer: 1.P/A;2.AP fast change to rp;3.edge port;