BPDUGuard vs. BPDUFilter

We all know that Spanning-Tree uses BPDU to communicate link state and configuration changes within a Switched network.  Spanning-Tree will use 2 types of BPDU's:

1. TCN BPDU - will be used to notify other switches of changes occuring
2. Configuration BPDU - will be used for the spanning-tree computations

The main goal of the BPDU's is to assist in maintaining information regarding the link state of neighboring switches so that a loop free switched network can be maintained.  The BPDU's help create the best reference point called the root bridge and helps create alternate pathing in case a link goes down.

So we know that switch ports connected to other switch ports will send each other BPDUs in order to assist spanning-tree, and the those switched ports will use the stp timers ( 2 sec hellos, 15 listening, 15 learning, 20 sec max age).  Given the timers of spanning-tree it could take up to 50 seconds to recover from any link failures.

In order to bypass this 50 second delay, we can configure the switch to bypass the listen, learning, and max age timer by putting the interfaces in portfast mode.

Portfast mode should be used when end devices such as servers, router, and pc's are connecting to the switch.  Spanning-tree is not necessary when connecting to such devices, only necessary when connecting switches to switches.

So why do we need BPDUGuard and BPDUFilter?

Well, what if we assigned a port to a user thinking he/she would plug in their pc, but instead they plugged in their Cisco swith they bought off of Ebay.  That switch would immediately beging sending BPDU's to the other network switches.

Given that the root bridge switch is determined by a combination of both (port priority + mac address) called the bridge ID, this new switch could win the root election thus altering all of the switching behaviour of the entire network....not good.

To prevent such unexpected mayheim, you can configure BPDUGuard or BPDUfilter on those ports that have been set as portfast ports.

BPDUGuard will watch out for BPDU's on configured ports and if it senses any BPDU's, it will shut the port down and put it in errdisable status so that there is no way any new unathorized switch can begin sending BPDU's to the switch network and participation in spanning-tree.

BPDUFilter is very similar to BPDUGuard in that it watches for BPDU's but rather than shutting down the port it merely ignores the BPDU's and filters them out rather than shutting down the port and putting the port in errdisable.

BPDUGuard - shut ports down and puts ports in errdisable if it senses BPDU's
BPDUFilter - does not shut down port or put in errdisable but instead just filters (ignores) BPDU's

Routing Protocol Timers

Routing Protocol Timers:

RIP

(update timer = 30 sec.) entire routing table 

(invalid timer = 180 sec.) 

(hold-down timer = 180 sec.) 

(flush-down timer = 240 sec.)

IGRP

(update timer = 90 sec.) 

(invalid timer = 270 sec.) 

(hold-down timer = 280 sec.) 

(flush-down timer = 630 sec.)

EIGRP

(5 Sec = Hello timer) 
(3 times Hello = Hold-timer)

(60 Sec. = Hello timer) NBMA less than T1 speed

(3 times Hello = Hold-timer)

(90 Sec. = Update timer)

(3 times Update timer = Invalid timer)

(7 times Update timer = Flush timer)

OSPF

(10 Sec. = Hello timer) 

(30 Sec. NBMA = Hello timer)

(4 times Hello = Dead-interval)

(4 times NBMA Hello = NBMA Dead-interval)

How to Remove a Lsas.Blaster.Keylogger virus

If you are finding that you browser is being hijacked by various websites being automatically loaded and your like "what the heck", then you may have the Lsas.Blaster.Keylogger virus.  In order to remove the virus you will need to do the following.

1. Kill Spyware Processes 692527612.exe, 1313928688.exe, 1806188250.exe under task manager.
2. Get rid of Files and Folder
   C:\Documents and Settings\All Users\Application Data\1929146152\1313928688.exe
   C:\Documents and Settings\All Users\Application Data\1372029626\1806188250.exe
   C:\Documents and Settings\All Users\Application Data\870894309\692527612.exe

How a Router Selects the Best Path

It is important to understand how a router selects the best path to a destination.

1. When there are multiple routes to a destination, a route that has the "longest prefix" length is chosen.
   E: 192.168.1.0 /27 via 10.1.1.1, serial1 <<<< this route will win
   O: 192.168.1.0 /24 via 10.1.1.2, serial0
2. When there are multiple routes to a destination and the prefix is equal between the routes, then the lowest administrative distance will be chosen.
3. When there are multiple routes to a destination that have both the same prefix length and the same administrative distance, then the route with the lowest metric will be chosen.
4. If the multiple routes have the same prefix length, same administrative distance, and the same metric, then the route will be equally load balanced.

You must consider that directly connected networks have a metric of 0 and static routes using the next hop address will have a metric of 1.  Static routes with a exit interface will have a metric of 0.

Here are the Administrative Distances that should be memorized:

• Static routes using exit interface: 0
• Directly connected routes: 0
• Static routes with and next hop address: 1
• EIGRP Summary routes: 5
• External BGP: 20
• Internal EIGRP: 90
• IGRP: 100
• OSPF: 110
• External EIGRP: 170
• Internal BGP: 200
• Unknown networks 255

TCP/IP Review

1. Name the 5 layers of TCP/IP protocol suite and each layers purpose?

The TCP/IP protocol suite has 5 layers not to be confused with the OSI model 7 layers. The upper 3 layers in the TCP/IP protocol suite is made up of the Application layer, Presentation layer, and the Session Layer altogether called the Application Layer or the 5th TCP/IP protocol suite Layer. The 4 lower layers of the TCP/IP suite consist of the Physical, Data, Network, and Transport.

-5 Application Layer ( Application Presentation Session)
 -Application - allows access to network resources...ie...outlook..gmail...etc
 -Presentation - prepares data by compressing, encrypting, or translate
 -Session - establishes connections involving sockets 

-4 Host-to-Host Layer - is responsible for delivery...upd and tcp

-3 Internet (IP) Layer - enables actual routing of data across a logical network by packet format and address format.  Moves packets from source to destination.

-2 Data Layer - layer deals with the protocols (Ethernet, Frame-relay, ATM and SONET) that will control the data link layer.
Data link layer deals with:

-how the medium is accessed and shared *CSMA*
-how devices on the medium are identified *MAC address*
-how data is frame before being transformed on the medium

-1 Physical Layer - Transmission of bits over chosen medium and deals with electrical and mechanical specifications.


2. How many bits are in a ipv4 address and what is the most common version being used?

IPv4 is a 32 bit binary string.  Depending on the class of the address some of the bits will be Network bits and some bits will be host bits.  We will use subnet mask bits to distinguish the network bits from the host bits.

3. Explain Fragmentation?

Fragmentation is when the sending packet is larger than the Max Transmission Unit(MTU) of the data link that it is passing through.  For example, if the original packet traversing the network is 3000 bytes in size, once it hits a data link that has an MTU of 1500 bytes, the packet will have to be fragmented into smaller packets.  The router that placed the packet onto the data link will fragment the 3000 byte packet into 2 packets no larger than 1500 bytes in size each.

The router will use 3 fields to fragment the packet:
-Flags - 3 bit field.  First bit is unused.  Second bit is set to Don't Fragment (DF) bit. When the second bit is set to 1 then the router is instructed not to fragment the packet.  It is important to know that when the packets cannot be fragmented then they will be dropped and an error message will be sent to the source.  The third bit is the More Fragment (MF) bit and is set by the router when it fragments a packet.  The router sets the MF bit to 1 in all of the fragments except the last fragment.  By setting the MF bit to 1 the receiving device will continue to expect more fragments but when the MF bit is set to 0 the receiving device will no longer expect any more fragments for that packet.
-Fragmentation offset - 13 bit field that specifies the offset in units of 8 octets.  Allows for packets to be reassembled in the correct sequencial order.  This is especially important given that the fragments may not arrive in sequence.  It is important to note that if a single fragment is lost during transmission then the entire packet must be resent and refragmented.
-Identifier - 16 bit field that will mark each fragment with the same number in the Identifier field so that the receiving device can understand which packets go together.

4. Explain Time to Live(TTL)?

Time to Live is designed to help packets from forever wandering around that network and being lost.  TTL is an 8 bit field and it sets a certain number on each packet when orginally generated.  Each router that passes the packet will decrement the packet by 1.  Once the number reaches zero, the packet will be dropped/discarded and an error message will be sent to the source.  TTL is just like hop count with a recommended value of  64.

5. What is the First Octet Rule?

Network addresses are broken up into classes.  There are 4 octets each 8 bits long.  Those 8 bit binary numbers are translated into more human friendly numbers.  The first octet number will determine the class of the address.  Example 192.168.1.50 is a class C address given that 192 falls in the class C range of addresses.  So the First Octet Rule allows us to quickly determine which class the address belongs to.

Class A (1-126)
Class B (128-191)
Class C (192-223)

6. Show Class A, B, and C written in binary and decminal.

- Class A
*Binary form  (00000000 - 01111111)
*Decimal form (1 - 127)
-Class B
*Binary form (10000000 - 10111111)
*Decimal form (1 - 127)
-Class C
*Binary form (11000000 - 11011111)
*Decimal form (1 - 127)

7. What is the Address Mask?

There are 32 bits in a Network Address broken up into 4 octets. The address mask will consist of 1's or 0's in binary. For example the address mask of the Class C network address 192.168.1.20 is 255.255.255.0 or in binary 11111111.11111111.11111111.00000000. The address simply separates the network bits from the host bits. The 255's in the example are the network and the 0 represents the hosts.

8. Explain a Subnet and why its use.

Given that each data link (network) and host will require unique identification, subnetting can be used to divide up each major address into subnetworks.  This is done by using some of the host bits to become network bits.  Example would be a Class A address of 10.0.0.0 255.0.0.0 being subnetted to 10.0.0.0 255.255.0.0.  Notice that the subnet mask changed to 255.255.0.0.  By adding all 1's (255) to the second octet of the subnet mask, we have just that easily changed the network portion of the network address to 10.0 leaving the remaining 16 bits to host address.  A subnet is simply a subnetwork of a class A,B,or C network.

9. Explain why all O's or 1's cannot be used in a classful routing subnet environment.

Classful routing protocols (Rip ver1/IGRP) cannot distinguish between the network number and an all zero subnet.  Classful routing protocols cannot distinguish between all 1's in the subnet and the network number either. 
Classless protocols can recognize subnets with all 1's and 0's:
-RIP ver2
-EIGRP
-OSPF
-IS-IS
-BGP4

10. Describe ARP?

ARP is used to help devices discovered the data link identifier (mac address) of another device.  In this case, ARP request will be encapsulated into the frame.  ARP will map the discovered data link identifier to the IP address.

11. How does TCP provide connection oriented service?

TCP uses 3 mechanisms to assist TCP:
-labels packets with sequence numbers so that it can be properly ordered before delivery
-creates acknowledgements, checksums, and timer allowing sender and receiver to communicate regarding delivery of packets
-windowing allow the flow of packet delivery to be controlled

Bootmgr is compressed error

I foolishly compressed my harddrive and forgot the Bootmgr will not work on a compressed harddrive.  So after completely compressing my C:\ my computer would not boot correctly.  At boot up I received a "Bootmgr is compressed" error.  In order to fix the problem I had to pull out my Vista DVD and I did the following:

1. Boot the computer with the Vista DVD
2. Choose the "Repair my computer" option
3. Choose the Operating system installation and "load drivers"
4. Choose the drive that was compressed and deselect "compress this drive"
5. Reboot

802.1w - Spanning-Tree

802.1w know as Rapid Spanning-Tree is a great improvement over 802.1d Spanning-Tree.  802.1w operates with the same principle of Spanning-Tree however the convergence time is dramatically faster.

Another added benefit of 802.1w(Rapid Spanning-Tree) is the fact that single or multiple instances can be applied.  This can be done by applying RSTP with the Cisco proprietary PVST+ forming what's called RPVST+.

Just like 802.1d(Spanning-Tree) 802.1w(Rapid Spanning-Tree) chooses the Root Bridge based on the lowest Bridge ID.

Rapid Spaning-Tree Port Roles

• Root Port -  one port on each switch with best Root Path Cost to the Root Bridge
• Designated Port - ports on the Root Bridge
• Alternate Port - a different less desirable path to the Root Bridge and not the same as the Root Port
• Backup Port - a port that creates a redundant path to an already connected segment