Study Set 3
Routing table entries fall into four general categories:
-Direct network routes, for subnets to which the router is directly attached. -Remote network routes, for subnets and IP networks that are not directly attached. -Host routes, for routes to a specific IP address. A host route has a /32 network prefix. -Default routes, which are used when an exact match for a network or host route is not found.
Open Shortest Path First (OSPF)
-Dynamic routing protocol that uses a link-state algorithm and a hierarchical topology. -most widely adopted link state protocol -suited to large organizations with multiple redundant paths between networks. It has better convergence performance than RIP. -Where RIP and EIGRP are flat routing systems, OSPF is hierarchical. -OSPF also supports plaintext or cryptographic authentication.
IPv6 uses an updated version of ICMP. The key new features are:
-Error messaging -Informational messaging
Router separation
-Hosts with addresses in the same subnet or IP network must not be separated by a router. -Conversely, hosts with addresses in different subnets or IP networks must be separated by a router
Internet Control Message Protocol (ICMP)
-IP-level protocol for reporting errors and status information supporting the function of troubleshooting utilities such as ping. -ICMP messages are generated under error conditions in most types of unicast traffic, but not for broadcast or multicast packets. -ICMP can also be used to test and troubleshoot connectivity issues on IP networks
Neighbor Discovery (ND) Protocol
-IPv6 protocol used to identify link local nodes. -Address autoconfiguration -Prefix discovery -Local address resolution -Redirection
IP configuration issues
-Incorrect IP Address -Incorrect Subnet Mask
Hardware failure and network interface failures
-Power Issues -Hardware Failure Issues -Interface Status Issues (duplex)
3 versions of RIP
-RIPv1 is a classful protocol and uses inefficient broadcasts to communicate updates over UDP port 520. -RIPv2 supports classless addressing and uses more efficient multicast transmissions over UDP port 520. It also supports authentication. -RIPng (next generation) is a version of the protocol designed for IPv6. RIPng uses UDP port 521
IPv6 multicast address parts
-The first 8 bits indicate that the address is within the multicast scope (1111 1111 or ff). -The next 4 bits are used to flag types of multicast if necessary; otherwise, they are set to 0. -The next 4 bits determine the scope; for example, 1 is node-local (to all interfaces on the same node) and 2 is link local. -The final 112 bits define multicast groups within that scope.
Classless addressing was designed to solve two major problems of the classful addressing scheme
-The first was that network addresses, specifically, Class B addresses, were becoming very scarce and the second was near exponential growth in Internet routing tables
arp syntaxes
-arp -a (or arp -g ) shows the ARP cache contents. You can use this with IPAddress to view the ARP cache for the specified interface only. The ARP cache will not necessarily contain the MAC addresses of every host on the local segment. There will be no cache entry if there has not been a recent exchange of frames. -arp -s IPAddress MACAddress adds an entry to the ARP cache. Under Windows, MACAddress needs to be entered with hyphens between each hex byte. -arp -d * deletes all entries in the ARP cache; it can also be used with IPAddress to delete a single entry.
The Address Resolution Protocol (ARP)
-is used by hosts to determine which MAC address is associated with an IP address on the local network. ARP queries are sent as broadcasts. -The arp utility can be used to perform functions related to the ARP table cache. You would use this to diagnose a suspected problem with local addressing and packet delivery
BGP
-works with classless network prefixes called Network Layer Reachability Information (NLRI). -Path selection is based on multiple metrics, including hop count, weight, local preference, origin, and community. -BGP is not a pure distance vector algorithm. In fact, BGP is more usually classed as a path vector routing protocol. -BGP works over TCP on port 179.
A security technician is analyzing packets on an IPv6 network. Which of the following headers would indicate a multicast packet?
1111 1111 ff
Which of the parameters in the following routing table entry represents the gateway? R 192.168.1.0/24 [120/1] via 198.51.100.254, GigabitEthernet0/1
198.51.100.254-the gateway is the address of the next hop router. 192.168.1.0/24 is the destination and GigabitEthernet0/1 is the interface that the packet should be forwarded out of to reach the gateway.
In IPv6, how is the loopback address best expressed?
::1
Unspecified address (0:0:0:0:0:0:0:0)
A host that has not obtained a valid address. This is often expressed as ::.
Link state
Algorithm used by routing protocols that build a complete network topology to use to select optimum forwarding paths.
Distance vector
Algorithm used by routing protocols that select a forwarding path based on the next hop router with the lowest hop count to the destination network.
What is a directly connected route?
An IP network or subnet connected to one of the router's interfaces.
A network technician is investigating a significant increase in network bandwidth usage impacting network performance. After running diagnostic commands on the network switch, the technician notices unusually high counters on IGMP messages through each switch port. Which of the following is most likely causing the increased bandwidth consumption and network slowdown?
At layer 2, if a switch is not multicast-aware, it treats multicast transmissions as broadcasts and floods them across all ports, consuming a lot of bandwidth and slowing down the network.
What is an ASN?
Autonomous system numbers (ASN) are allocated to ISPs by IANA via the various regional registries.
Users on a floor served by a single switch cannot get a network connection. What is the best first step?
Check that the switch is powered on and reset it. If that does not work, check for other causes such as a poorly seated plug-in module.
subinterfaces
Configuring a router's physical interface with multiple virtual interfaces connected to separate virtual LAN (VLAN) IDs over a trunk
ifconfig
Deprecated Linux command tool used to gather information about the IP configuration of the network adapter or to configure the network adapter.
Routing Information Protocol (RIP)
Distance vector-based routing protocol that uses a hop count to determine the least-cost path to a destination network.
A helpdesk technician is trying to troubleshoot a client who is having issues with its network adapter. What should the technician try first?
Driver
Exterior Gateway Protocol (EGP)
Dynamic routing protocol used to exchange information about network paths in separate autonomous systems.
Interior Gateway Protocol (IGP)
Dynamic routing protocol used to exchange path forwarding information between routers in the same autonomous system.
Tunneling
Encapsulating data from a local protocol within another protocol's PDU to transport it to a remote network over an intermediate network. Tunneling protocols are used in many contexts, including virtual private networks (VPNs) and transport IPv6 packets over IPv4 networks.
Static route
Entry in the routing table added manually by an administrator.
Directly connected routes
Entry in the routing table representing a subnet in which the router has an active interface.
Dynamic routing protocol
Entry in the routing table that has been learned from another router via a dynamic routing protocol.
Default route
Entry in the routing table to represent the forwarding path that will be used if no other entries are matched.
What is an EUI-64, and how might it be used by IPv6?
Extended unique identifier (EUI) is IEEE's preferred term for a MAC address. EUI-64 is a 64-bit hardware interface ID. A 48-bit MAC address can be converted to an EUI-64 by using a simple mechanism. The EUI-64 can be used as the IPv6 interface ID, though a randomly generated token is often preferred.
True or false? 6to4 is a dual stack method of transitioning from IPv4 to IPv6.
False. 6to4 is a method of tunneling IPv6 packets over an IPv4 network. Dual stack means that hosts and routers process both IPv4 and IPv6 traffic simultaneously.
True or False? The arp utility will always show another host's MAC address if that host is on the same subnet.
False. While that is the function of the Address Resolution Protocol, the arp utility is used to inspect the ARP table cache, which may or may not contain the other host's address. Note that a standard means to ensure the MAC address is cached is to ping the destination address first. This is the basis of a utility called arping.
IPv6 addressing
First 64 bits - Network ID Second 64 bits - Interface ID
A security engineer is analyzing IPv6 packets. Which of the following header fields is for quality of service?
Flow label
Canonical notation
Format for representing IPv6 addresses using hex double-bytes with colon delimitation and zero compression.
Autonomous system (AS)
Group of network prefixes under the administrative control of a single organization used to establish routing boundaries.
Dual stack
Host operating multiple protocols simultaneously on the same interface. Most hosts are capable of dual stack IPv4 and IPv6 operation for instance.
Link local
IP addressing scheme used within the scope of a single broadcast domain only. link local unicast
What output would you expect when running the command ip neigh?
IP:MAC address mappings held in the ARP cache of a Linux host.
Linux IP duplicates
If there are two systems with duplicate IPs, a sort of race condition will determine which receives traffic. Obviously, this is not a good way for the network to be configured, and you should identify and fix the machines. To do this, obtain the MAC addresses of both interfaces using ping and then arp -a to examine the ARP cache table. On Linux, you can use the arping tool (arping -D) to report duplicate replies. Once identified, configure each host to use a unique address.
A company has eight networks, using the subnet addresses 192.168.0.0/24, 192.168.1.0/24 ... 192.168.7.0/24. What network prefix and subnet mask can be used to summarize a supernet route to these networks?
It takes 3 bits to summarize eight networks (2^3 =8). Subtracting 3 bits from the existing network mask makes the supernet network prefix /21. The third octet of the mask will use 5 bits, which is 248 in decimal (2^5 =32), so the full mask is 255.255.248.0.
Stateless Address Autoconfiguration (SLAAC)
Mechanism used in IPv6 for hosts to assign addresses to interfaces without requiring manual intervention.
Administrative Distance (AD)
Metric determining the trustworthiness of routes derived from different routing protocols.
A helpdesk technician is setting up a new IP configuration for a new Ethernet adapter on a client using PowerShell. Which command should the technician use?
New-NetIPAddress
How can you check the IP configuration of an interface on an end system host at the command line?
On Windows, run ipconfig (or netsh interface ip show config or Get-NetIPAddress). On Linux, run ifconfig or ip a.
Router advertisement
Packet sent by an IPv6-capable router to notify hosts about prefixes and autoconfiguration methods available on the local link
Border Gateway Protocol (BGP)
Path vector exterior gateway routing protocol used principally by ISPs to establish routing between autonomous systems
A workstation cannot connect to a server application on a remote network. What is the first test you could perform to establish whether the workstation's link is OK?
Ping another local system, such as the default gateway.
Convergence
Process whereby routers agree on routes through the network to establish the same network topology in their routing tables (steady state). The time taken to reach steady state is a measure of a routing protocol's convergence performance.
The following main parameters define a routing entry:
Protocol-The source of the route. Destination-Routes can be defined to specific hosts but are more generally directed to network IDs. The most specific destination prefix (the longest mask) will be selected as the forwarding path if there is more than one match. Interface-The local interface to use to forward a packet along the chosen route. This might be represented as the IP address of the interface or as a layer 2 interface ID. Gateway/next hop-The IP address of the next router along the path to the destination.
A helpdesk technician is troubleshooting issues on a Windows client. Which command does the technician use to clear the current IP address so that a new one may be obtained?
Release
Output from a ping command reports some values in milliseconds. What does this measure?
Round Trip Time (RTT) is a measure of the latency or delay between the host sending the probe and receiving a reply. ping will report minimum, maximum, and average RTT values.
Of the routing protocols listed in the CompTIA Network+ syllabus, which has the highest default value AD and does that make it more or less trusted than other protocols?
Routing Information Protocol (RIP) has a default administrative distance (AD) value of 120. In AD, lower values are preferred, so RIP is less trusted than other protocols.
Routing protocols
Some of the most popular protocols are listed in the following table
In IPv6, how can a host obtain a routable IPv6 address without requiring manual configuration?
Stateless address autoconfiguration (SLAAC) allows a host to autoconfigure an interface by listening for Router Advertisements to obtain a network prefix.
Layer 3 cable switch
Switch appliance capable of IP routing between virtual LAN (VLAN) subnets using hardware-optimized path selection and forwarding. -can maintain a mapping table of IP addresses to MAC addresses so that when a path is established, it can use low-latency hardware-based forwarding
A technician is troubleshooting a network and has asked your advice. He is trying to ping 192.168.16.192. The network has been subnetted with the custom mask 255.255.255.224. Why might this return a "Destination host unreachable" message?
The IP address resolves to the subnet network address, not a host address. Windows does not normally allow pinging the network address. Other OSs treat it as an alternative broadcast address, but most systems are configured to disallow such directed broadcasts for security reasons.
An IP network comprises hundreds of subnets deployed to offices in multiple geographical locations. Of the routing protocols listed in the CompTIA Network+ syllabus, which is best suited to this scale of network and why?
The hierarchical design of Open Shortest Path First (OSPF) means that it can divide the network into areas to represent different sites, reduce the size of routing tables, and ensure fast convergence. That said, Enhanced Interior Gateway Routing Protocol (EIGRP) can also support large networks and can have better convergence performance and so could be an equally good choice. Routing Information Protocol (RIP) is too limited to meet the requirements of a large network. Border Gateway Protocol (BGP) is not typically used on private networks as it is slower than OSPF or EIGRP and relatively complex to configure.
Which factors are used by default in EIGRP to identify the least-cost path?
The lowest bandwidth link along the path and the sum of latency along the path.
You have pinged the router for the local subnet and confirmed that there is a valid link. The local host cannot access remote hosts, however. No other users are experiencing problems. What do you think is the cause?
The router is not configured as the default gateway for the local host. You can ping it, but the host is not using it for routing.
net-tools has been replaced by the iproute2 package
These tools can interface properly with modern network configuration manager packages. As part of the iproute2 package, the ip command has options for managing routes as well as the local interface configuration
While all modern protocols use classless addressing, you should understand that legacy classful protocols do not use subnet masks or network prefixes
They determine an IPv4 network ID based on the value of the first three bits of the address.
What type of routing table entry is shown below? S* 0.0.0.0/0 [1/0] via 192.0.2.1
This is a static entry for the default route. The destination 0.0.0.0/0 represents an unknown network and will be matched if there is no match to a more specific destination. 192.0.2.1 is the gateway or next hop router for the default route.
Two client hosts have intermittent connectivity issues when accessing a server service on another subnet. No other client hosts exhibit this problem. What configuration problem might you suspect?
This is likely to be caused by a duplicate IP or MAC address. Replies from the server will be misdirected between the two hosts.
Default AD (administrative distance) values are coded into the router but can be adjusted by the administrator if necessary.
This means, for example, that given identical prefix lengths, a static route will be preferred to anything other than directly connected networks and that a route discovered by OSPF would be preferred to one reported by RIP. The value of 255 for unknown routes means that they will not be used.
Link local addresses start with a leading fe80, but global IPv6 addresses begin with 001.
True
True or False? VLSM means using more than one mask to subnet an IP network.
True. By using different mask sizes, variable length subnet masking (VLSM) allows designers to match subnet sizes to requirements more precisely.
Loopback address (0:0:0:0:0:0:0:1)
Used for testing (for the host to send a packet to itself). This is often expressed as ::1.
variable length subnet masking (VLSM)
Using network prefixes of different lengths within an IP network to create subnets of different sizes.
Classless Inter-Domain Routing (CIDR)
Using network prefixes to aggregate routes to multiple network blocks ("supernetting"). This replaced the old method of assigning class-based IP addresses based on the network size.
Multicast Listener Discovery (MLD) protocol
allows nodes to join a multicast group and discover whether members of a group are present on a local subnet.
Autonomous System Numbers (ASN)
are allocated to ISPs by IANA via the various regional registries.
Edge routers designed to work with DSL or cable broadband access methods
are called small office/home office (SOHO) routers
A network administrator is diagnosing a suspected problem with local addressing and packet delivery. Which of the following commands would the administrator use to flush the ARP cache?
arp -d
Static routes
can be configured either as non-persistent or persistent/permanent. A non-persistent route is removed from the routing table if the router is rebooted. A non-persistent route might be added as a troubleshooting action, for instance. If a static route is not reachable, it will be disabled.
The iproute package
can interface correctly with modern network configuration manager packages. Running the ip addr command performs the basic reporting functionality of ifconfig that shows the current address configuration. -replaced net-tools
Traffic class field
describes the packet's priority.
Which of the following IPv6 addresses is a valid unicast host address? fe80::218:8bff:fea7:bd37 fe80::219:d2ff::7850 ff02::219:d2ff:fea7:7850
fe80::218:8bff:fea7:bd37
Payload length
indicates the length of the packet payload, up to a maximum of 64 KB. If the payload is larger than that, then this field is 0, and the security engineer will establish a special Jumbo Payload (4 GB) option
A Linux systems administrator wants to interface correctly with modern network configuration manager packages. Which of the following would be best to accomplish this?
iproute2
Flow label
is for quality of service (QoS) management, such as for real-time streams. The security engineer sets the flow label to 0 for packets not part of any delivery sequence or structure.
When BGP is used within an AS
it is referred to as Interior BGP (IBGP), and when implemented between autonomous systems, it is referred to as Exterior BGP (EBGP)
If Windows detects a duplicate IP address
it will display a warning and disable the IP. Linux does not typically check for duplicate IP addresses.
At layer 2, if a switch is not multicast-aware,
it will treat multicast transmissions as broadcasts and flood them across all ports in the broadcast domain. This can consume a lot of bandwidth and slow down the network. This problem becomes particularly acute if the switch floods multicast traffic to virtual LANs (VLANs) that do not need to receive it. -To combat this, IGMP snooping, which is only applicable to multicast-aware switches, can be enabled as a global option on a switch and as a per-VLAN option.
ping Switches
ping can be used with several switches. You can use a host name or fully qualified domain name rather than an IP address to test name resolution. When pinging by name, -4 or -6 force the tool to query the IPv4 host record or IPv6 host record respectively. Also, -t continues to ping the host until interrupted (by pressing Ctrl+C).
Hop limit
replaces the time to live (TTL) field in IPv4 but performs the same function.
Interior Gateway Routing Protocol (IGRP)
was developed by Cisco to provide a routing protocol for routing within a domain or autonomous system. Limitations in IGRP, such as lack of support for classless addressing, led to the development of Enhanced IGRP (EIGRP). There are versions for IPv4 and IPv6.
The customer's router is referred to as the customer edge (CE)
while the service provider's router is referred to as the provider edge (PE)
