Visit this spreadsheet at http://tiny.

cc/hcip-dat
Trainer: Tony Khoo
Email: khoo.yik.heng@huawei.com
Background: HCIE Datacom, Security, CloudService

Kindly rename your name to this format:

Name - Company - Job Role (eg. Tony - Infosyte - Trainer)

Training Time: 0900-1700 (GMT+7)

Lunch Break: 1200-1330

Training Material Download: https://e.huawei.com/en/talent/#/cert/product-deta

Step by Step Article to install eNSP

https://infosyte.com/how-to-install-huawei-ensp-network-simulator/

eNSP Simulator Download: (only the following 5 items is needed to download fo

https://mega.nz/folder/WtFwWIZB#swLFgAQA156pSBNLYQNk2g

HCIP Datacom Core Technology

Lab Download: http://tiny.cc/hcp-lab

.cc/hcip-datacom-core

ner)

cert/product-details?certifiedProductId=355&authenticationLevel=CTYPE_CARE_HCIP&techni

ator/

ed to download for training)

hcip:
https://e.huawei.com/en/talent/#/cert/product-details?certifiedProductId=355&authenticationLevel=CTYPE_CARE_HCIP&techn

Day1:
ISIS Level-1-2 Router:
Tugas khusus untuk inject/generate default route ke Level1 router, caranya
adalah dengan Set Attached bit di L1 LSP, tp ada syaratnya yaitu dia terhubung ke area lain
Kalau di OSPF fungsinya seperti router ABR

OSPF
Fundamental Knowledge
-OSPF Protocol Packet (Hello, DD, LSR, LSU, LSAck)
DR & BDR Election
Timer

Advanced Knowledge
-Type of LSA (T1,2,3,4,5,7, stub, nssa)
Summarization
Authentication

cost by default is type-2

cost type 2 = ospf external cost only

cost type 1 = ospf external cost + ospf internal cost

OSPF
Fundamental Knowledge
-OSPF Protocol Packet (Hello, DD, LSR, LSU, LSAck)
DR & BDR Election
Timer

Advanced Knowledge
-Type of LSA (T1,2,3,4,5,7, stub, nssa)
Summarization
Authentication
---------------------------------------------------
ISIS Checklist

Structure of ISIS
structure of network entity
-concept of level, area
Election of DIS
ISIS vs OSPF
Protocol Packet
Route Leaking

Day2:

BGP Checklist:
BGP peering (EBGP/IBGP peering using physical/loopback)
BGP Protocol Packet (OPEN, KEEPALIVE, UPDATE, NOTIFICATION, ROUTE REFRESH)
BGP Advertisement Principle
BGP Attributes
BGP Route Selection (Route
https://bgp.he.net/
https://drive.google.com/drive/folders/15IFzwYL6dUu6EpxuhrTaRTBewhzUlZr7
 HCIP-Datacom Core Technology (Fast Track)
No Session Content
AM OSPF
1
PM ISIS

AM BGP Basics
2
BGP Path Attributes and RRs
PM
Preferred BGP Route Selection
AM Routing Policy and Route Control
3
RSTP & MSTP
PM
Stack and CSS Features of Switches
AM Multicast
4
PM Huawei Firewall Technology
BFD
AM
VRRP
5
PM WLAN
Trainer：Tony Khoo Email: tony.khoo@infosyte.com
(Fast Track)
Method Instructor Material Link

Lecture & Lab Tony Khoo

Commands
system-view
display current-configuration
display this
display ip interface brief
int g0/0/0
quit
undo <xxxxxx>
display ip routing-table
ospf <process-id> router-id <id>
ip route-static <destination network> <subnet mask>
area <area-id> <next-hop IP>
network <network address> <wildcard mask>
ip pool <pool name>
display ospf
network peer brief
<network address> mask <subnet mask>
gateway-list
display ospf lsdb<gateway address>
excluded-ip-address <ip-address>
dhcp enable
dns-list <dns-address> <dns-address>
int g0/0/0 <day> hour <hour> minute <minute>
lease day
dhcp select <global/interface/relay>
ftp server enable
set default ftp-directory flash:
telnet server enable
display interface ethernet brief
display interface eth-trunk <id>
int e0/0/1
vlan batch <vlan-id> <vlan-id> ......
intport link-type
e0/0/3 access
port
port default
link-typevlan <vlan-id>
trunk
port
porttrunk
hybridallow pass
tagged vlan
vlan <vlan-id>
<vlan-id>
port hybrid untagged vlan <vlan-id>
Description
enter the system view of VRP
show the configuration on the current session
show the configuraton of the current view
show all the available ip address as well as interfaces
enter to interface of gigabitethernet0/0/0
to exit from current view
to undo a command or to delete a command
show the routing table
to manually add the route into routing table
to enable ospf and advertise routes
to check the OSPF peer relationship state
to show the content of lsdb
to enable dhcp service
to create a dhcp pool
to apply dhcp using global/interface/relay mode
to enable ftp service
to set default landing location for ftp client
to enable telnet service
to check the duplex mode, speed
to check the summary of link aggregation
to create VLANs
to configure int e0/0/1 to access port and change the PVID.
to configure in e0/0/3 to trunk port and allow different tagged frames to pass through
"port hybrid tagged vlan <vlan-id>" same function as "port trunk allow-pass vlan <vlan-id>
 Enterprise
Router AR
Switch CE S Series
Firewall USG
WLAN AP & AC

Modular/Chassis Equipment Full Name

MPU Main Processing Unit
LPU Line Processing Unit
SFU Switch Fabric Unit
CMU Centralized Monitoring Unit

L2 Forwarding Within LPU itself / LPU-SFU-LPU

L3 Forwarding MPU perform calculation and send the summary entries to LPU. LP

RIB Table Table generated by routing protocol

Local RIB Table Table generated by direct IP configuration on interfaces = IP Routin

Control Plane (RIB Table) -> Forwarding Plane (FIB Table)

 Campus/ISP/Data Center
NE/CX
CloudEngine
USG
AP & AC

Analogy to Human Body Function

Brain (Control Plane) Process, Calculation, Algorithm
Limbs (Forwarding Plane) Data Forwarding
Nerve System Interconnecting LPU
Skin Temperature/Interface detection management

PU-SFU-LPU
ation and send the summary entries to LPU. LPU will forward accordingly

routing protocol
direct IP configuration on interfaces = IP Routing Table
 1. Manual Configuration
OSPF
Router ID (can be configure globally or protocol level) 2. Loopback Interface (Highest)
Protocol > Global 3. Physical Interface (Highest)
32 bits
area 0 = backbone area
Area ID area N = non-backbone area

Cost Cost = Reference Bandwidth / Link-Speed

Reference Bandwidth default value = 100M

b) Protocol Table (display ospf lsdb) Alternately,

c) IP Routing Table (display ip routing-table)
display ospf routing
6. Loading
OSPF Protocol Packets: 7. Full
1. Hello Packet
Attributes Broadcast/P2P
Hello Interval 10s
Dead Interval 40s
5. Options (Flag value)
ation
ce (Highest)
e (Highest)

Bandwidth / Link-Speed
th default value = 100M

OSPF Supported Network Type

P2MP/NBMA
30s
120s

DR Election: (highest wins) Election only for:

1. Router Priority (default = 1)
Type Number Type of LSA Link State ID AdvRouter
1 Router-LSA Router ID Router ID
2 Network-LSA IP Address of DR Router ID
3 Network-Summary LSA Network Address (other areas) Router ID of ABR
4 ASBR-Summary LSA Router ID of ASBR Router ID of ABR
5 AS-External-LSA Network Address (external routeRouter ID of ASBR
7 NSSA (Not-so-stubby-area) Network Address (external routeRouter ID of ASBR

Special Area Stub Area T1, T2, T3 Added a default route of T3 and maint
Totally Stubby Area T1, T2 + default route (ABR) Remain only a T3 default route genera

NSSA T1, T2, T3, T7 Added a default route of T3, 7 and ma

Totally NSSA T1, T2, T7 + default route (ABR)All inter-area route remove. Use defau

Remark:
LSA update is perform every 1800s (30min)
Imported route has
LSA will expire 2 cost(1hour)
in 3600s type if it is not updated
Type-4 LSA1 only
Cost Type exist after
= External RouteType-5
Cost appear in the
+ Internal OSPF
Route Costtopology
Cost Type 2 (default) = External Route Cost only
 Description
The router that participate in the intra-area
It tells who is the DR
The list of network route from other OSPF areas
How to get to ASBR
The list of network route from outside of OSPF topology
Similar to T5, but with additional feature to replace all inter-area route with default route

ult route of T3 and maintain the other T3 LSA

a T3 default route generated by ABR

ult route of T3, 7 and maintain the other T3 LSA. Added with external route
route remove. Use default route only. Added with external route
 Local Router Peer Router
L1 L1
L1 L1/2
L1/2 L1/2
result to
L2 L2
L2 L1/2
L1 L2
1. Broadcast
2. P2P

Comparison OSPF ISIS

Hello Packet IIH
Database Description CSNP
Link State Request PSNP
Link State Update LSP
Link State Acknowledge PSNP

DR DIS
(to reduce LSA flooding) (to create
pseudonode.
Pseudonode will
responsible for
LSDB
synchronization
with all ISIS
routers.)
OSPF dr-priority = 0 ISIS dis-priority = 0
(do not join election) (still join election)
OSPF is non-preemptive
ISIS is preemptive
(cannot force election)

Remark:
The level of ISIS router can be configure in protocol mode or interface mode
Interface level > Protocol level

b) Protocol Table (display isis lsdb)

c) IP Routing Table (display ip routing-table)

IIHLevel-2 IIH (broadcast)

2.
3. P2P IIH
Normal ISIS router's IIH by default is 10s. The holding time is 3 times of IIH interval
DIS's IIH by default is 10/3s. The holding timer is 9s
OSPF (Broadcast/P2P/P2MP/NBMA)
OSPF Protocol Packets:
1. Hello Packet
 Neighbor Relationship
L1
L1 Non-backbone area
L1 & L2
L2
L2 Backbone area
X

ISIS Hello
Complete Sequence Number PDU
Partial Sequence Number PDU
Link State PDU
Partial Sequence Number PDU

DIS election:
1. DIS Priority (default = 64, highest wins)
2. MAC Address (highest wins)

l mode or interface mode

ing time is 3 times of IIH interval

ISIS
IIH -> LSP -> CSNP (menu) -> PSNP (request) -> LSP (update) -> PSNP (ack)
DIS send CSNP send periodically every 10s.
If the CSNP received is not same as LSDB information, then only router will trigger PSNP to request
Important Tables are
BGP Protocol
a) Neighbor Packets:
Table (display bgp peer)
BGP
1.
b) Open
Protocol Table (display bgp routing-table)
2. Keepalive
c) IP Routing Table (display ip routing-table)
3. Update
4.
1. Notification
BGP-4 is by default support only IPv4 and unicast packet only
5.
2. Route-refresh
In order to prevent infinite packet forwarding/potential loop, every EBGP packets are design to have only TTL=1
3. The TTL value will be reduce when travel from AS to another AS.
4. TTL value will not change if travel within AS
Remark:
5. A router should not advertise a route that is not belongs to its' AS
6. A BGP speaker cannnot accept a route that coming from its own AS

BGP Peering (display bgp peer)

EBGP Peering Physical IP Peering

IBGP Peering Loopback IP Peering

2 methods
BGP to advertise
Advertisement (to route:
build BGP Protocol Table (display bgp routing-table)

1. network command
2. import-route command
Advertisement
Tips: We can usePrinciples:
"network" command to manually advertise 1 by 1. Applicable to small amount of route advertisement.
1.
In Only
case best > and
of large valid of
amount * routes can be
route need toadvertise to other
be advertise, BGP peer.will be better choice. You can apply route policy tools to fil
"import-route"
2. EBGP -> EBGP, IBGP
3. IBGP ---X---> IBGP
4. IBGP routes = IGP routes, in order for IBGP --> EBGP (Route Sychronization rule - doesnt apply anymore)

BGP Attributes

Well Known Mandatory Must be supported by all vendors and must be carried in every UPDATE message
Discretionary Must be supported by all vendors and may/may not be carried in every UPDATE message

Optional Transistive May not be supported by all vendors. But still can accept/influence by UPDATE message
Non-transistive May not be supported by all vendors. Router can ignore if not supported and not recognize.
ave only TTL=1

oute advertisement.
apply route policy tools to filter/choose which routes to advertise.

DATE message
ery UPDATE message

by UPDATE message
orted and not recognize.
Priority of BGP route selection
*Next Hop must be valid.
1. Preferred Value (highest wins)
2. Local Preference (highest wins) Influence internal peer on how they can leave the AS (leaving A
3. Manual Summarize > Auto Summarize > Detail Routes
4. AS_Path (shortest wins)
5. Origin ( i > e > ?)
6. MED (lowest wins) Influence external peer on how they can come to the AS (comin
7. EBGP > IBGP
8. IGP metric (lowest wins)
9. Cluster_List (RR, shortest wins)
10. Router ID/Originator ID (RR, smallest wins)
11. Peer's IP address (smallest wins)

Community NO-ADVERTISE Do not advertise to EBGP & IBGP peer

NO-EXPORT Do not advertise to EGBP peer

Next Hop --> Community --> Other attributes

Route Reflector

*Everyone must peer with RR.

Reflection Principles:
1. Non-client --> RR --> Client
2. Client --> RR --> Client & Non-Client
3. EBGP --> RR --> Client & Non-Client
4. Non-client --> RR --X--> Non Client (deduce from first rule)

BGP EVPN

BGP -> MP-BGP

VPN L3 MPLS BGP VPN

L2 MPLS L2 VPN: VLL, VPLS

Issue with L2VPN: consume many bandwidth while learning the remote sites' MAC address using ARP broadcast mechanism
Solution: EVPN as the control plane
2. Campus Network
3. SD-WAN

Route Control/Path Control

Tools: Integrate with:

PBR Interface PBR for traffic that passes through the router apply on incoming interface
 Local PBR for traffic that is originating from the router apply globally

MQC Traffic Classifiermatching conditions

Traffic Behaviorto apply action
Traffic Policy combine selected classifier and behavior
 can leave the AS (leaving AS)

can come to the AS (coming into AS)

ARP broadcast mechanism

VLAN
Type Command Description
Access int g0/0/1 The port is access port.
port link-type access The PVID is vlan 10.
port default vlan 10 If untagged frame goes into the port = the frame will be tagged according to PV
Trunk int g0/0/1 The port is trunk port.
port link-type trunk The PVID by
If a tagged default
frame withisvlan
1. 10 coming out from this port = this frame will be unta
port trunk allow-pass vlan all If a tagged frame with other vlans apart from vlan 10 = this frame will be discard
int g0/0/1 The port is trunk
If untagged frameport.
goes into the port = the frame will be tagged according to PV
port link-type trunk The PVID by default is 10.
port trunk pvid vlan 10 If a tagged frame with vlan 1 coming out from this port = this frame will be untag
Hybrid int g0/0/1
port trunk allow-pass vlan 10 The
If port is hybrid
If untagged
a tagged frame port.
framewith
goesother
into vlans
the port = the
apart frame
from vlanwill
1 =be tagged
this frameaccording to PV
will be allow to
port link-type hybrid The PVID by default is 10.
port hybrid pvid vlan 10 If a tagged frame with vlan 10 coming out from this port = this frame will be unta
int g0/0/1
port hybrid untagged vlan 10 20The
If port is hybrid
If untagged
a tagged frame port.
framewith
goesother
into vlans
the port = the
apart frame
from vlanwill
10be tagged
= this according
frame to PV
will be discard
port link-type hybrid The PVID by default is 1.
port hybrid tagged vlan 10 20 If a tagged frame with vlan 1, 10, 20 coming out from this port = this frame will b
If
If untagged framewith
a tagged frame goesother
into vlans
the port = the
apart frame
from vlanwill
1 orbevlan
tagged according
10 or vlan 20 =tothis
PVf
STP/ RSTP / MSTP
If a tagged frame with vlan 1 coming out from this port = this frame will be untag
If a tagged frame with vlan 10, 20 coming out from this port = this frame will be
If a tagged
In switches redundancy design, potential loops may occur. frame with other vlans apart from vlan 1 or vlan 10 or vlan 20 = this f
Solution: STP/RSTP/MSTP (by logically blocking a port from forward data packet)

Which port need to be blocked? We need to choose port to block.

By controlling the root bridge and port role, we can decide which port to be blocked.
Step 1: Elect a root bridge Reason: How:
A root bridge will have all its' port in forwarding. Based on ROOT ID (Root Bridge ID in every sw
All the ports will be in Designated port role and in
Step 2: Define the root port Reason:
forwarding state. How:
Bridge ID = Bridge Priority (by default 32768) fo
Root port is the shortest back for a non-root bridge Based on Root Path Cost.
to send TCN BPDU back to Root Bridge. The cost generated based on bandwidth of the
Step 3: Define the designated Reason: How:
Varies according different calculation standard.
port for each link. Designated
Only one rootport
portwilper
help to forward
switch exceptConfiguration
Root BridgeBased on bridge ID
BPDU from Root Bridge to Non-Root Bridge
Step 4: Define the alternate Reason: How:
port This port will be blocked from data forwarding but The worst bridge ID among all
RSTP Improvement based on STP
1. BPDU forwarding at every hello time regardless receiving from uplink
MSTP Role Election: CIST ROOT --> Master Bridge ( choose master port) -> Internal Region Root -> MSTI Root

Stack/CSS

Stacking can be perform through a dedicated stack card or through service port(supported by selected model)
CSS can be performing through SFU or MPU/LPU

Stack can be connected in ring mode or chain mode. Ring is beter

Stack Split detection to overcome multiple master stacks that using same IP address and Mac Address. The technology is calle
l be tagged according to PVID.

port = this frame will be untagged.

0 = this frame will be discarded
l be tagged according to PVID.

ort = this frame will be untagged.

l=be tagged
this frameaccording to PVID.
will be allow Same
to maintain the vlan headerlikedue
access port
to the behavior, vlan all" command
"allow-pass
but it can perform multiple vlan untagged.
port = this frame will be untagged.
0l be tagged
= this according
frame to PVID.
will be discarded Same as trunk port behavior

m this port = this frame will be untagged.

lor
bevlan
tagged according
10 or vlan 20 =tothis
PVID.
frame will be discarded.

ort = this frame will be untagged.

his port = this frame will be maintaining the vlan header.
or vlan 10 or vlan 20 = this frame will be discarded.

(Root Bridge ID in every switches' BPDU). The lowest value win.

Priority (by default 32768) followed by Mac Address

h Cost.
based on bandwidth of the link.
ferent calculation standard.

-> MSTI Root

ress. The technology is called as Multi Active Detection (MAD)

Multicast/IGMP/PIM

Unicast 1:1
Broadcast 1:everyone/all
Multicast 1:group

224.0.1.1 -> 224 0 1 1

1110 0000 0000 0000 0000 0001 0000 0001

Multicast Mac -> ignore taking only the last 23 bits. Counting from
right.

XXXX XXXX X000 0000 0000 0001 0000 0001

01-00-5E 00 01 01

239.0.1.1 -> 239 0 1 1

1110 1111 0000 0000 0000 0001 0000 0001
Multicast Mac -> ignore taking only the last 23 bits. Counting from
right.

01-00-5E 00 01 01

The multicast address for 224.0.0.1, 225.0.0.1, 226.0.0.1 ~~~~ 239.0.0.1 is totally the same multicast address

IGMPv1 IGMPv2 IGMPv3 (SSM)

General Query / / /
Membership Report / / /
with specific
source
Querier Election X / /
Leave Message X / Use the report
Group Specific Query X / /
with specific
source

Remark:
IGMPv1 do not support election. Only can depend on DR assigned through PIM.
PIM-DM
Only for small size of network
Flooding mechanism + pruning
mechanism
Assert Mechanism To prevent multiple router forward the same multicast traffic by selecting only one router throug
Election is based on unicast routing table ( route preference > cost > highest IP)
Graft Mechanism To allow a previous prune state multicast router to request the upstream multicast to resume th
traffic forwarding.
PIM-SM
RPT establishment Last hop router must form a MDT towards RP
Source registration First hop router register to RP by using SPT (shortest distance to reach RP)
DR Election First hop router = Source DR
Last hop router= Receiver DR

DR Election
 cting only one router through election.
> highest IP)
ream multicast to resume the multicast
ach RP)
IPv6

Unicast Global Unicast 2000::/3 Communication in public network. It is routable

Unique Local FC00/7 FC00::/8 Communication in private network (intranet). It is routable within
FD00::/8
Link Local FE80::/10 Communication in private network and within link. It is not routa

EUI-64 MAC address --> IPv6 (last 64bits)

SLAAC DHCPv6 + EUI 64

Multicast Usual multicast FF00::/8

Solicited Node FF02::1:FF/104

Anycast 1 : nearest

SLAAC Default router (prefix) + EUI64 M=0, O=0 if the router is the one
DHCPv6 (prefix + other parameters) + EUI64 M=1, O=1 if the current router is not dhcp

DHCPv6 Stateful Prefix + Other parameters + Interface ID

Stateless (SLAAC) Prefix + Other parameters
Prefix Delegation (PD) Prefix
intranet). It is routable within the intranet

and within link. It is not routable

Firewall

4 default zones local firewall itself 100

trust internal 85
untrust external 5
dmz server farm 50

Security Policy default behavior is to deny.

FTP active (legacy) Client initiate TCP (control connection) to port 21, server initiate Data (ftp connection) on port 20
passive Client can initiate both TCP (port 21) and Data connection (random port).

sFTP/SSH encryption on port 22

ta (ftp connection) on port 20
WLAN

Direct Forwarding The data packet received from STA will be forwarded to AP and AP will forward to destina
Tunnel Forwarding The data packet received from STA will be forwarded to AP and AP will forward the data p

Before roaming
Layer 2 Roaming Tunnel ForwardingSTA --> HAP --> HAC --> destination
Layer 2 Roaming Direct Forwarding STA --> HAP --> destination
Layer
Layer 3
3 Roaming
Roaming Tunnel ForwardingSTA --> HAP --> HAC --> destination
Direct Forwarding
(HAP
Layer as Home Agent)
3 Roaming Direct Forwarding STA --> HAP --> destination
(HAC as Home Agent) STA --> HAP --> destination
ed to AP and AP will forward to destination without send through AC
ed to AP and AP will forward the data packet to AC, AC will forward it to destination.

After roaming
STA --> FAP --> FAC --> destination
STA --> FAP --> destination
STA --> FAP --> FAC --> HAC --> destination
STA --> FAP --> FAC --> HAC --> HAP --> destination
STA --> FAP --> FAC --> HAC --> destination