Month: September 2017



  • Point-to-multipoint layer 3 overlay VPN
  • Logical hub and spoke topology
  • Direct spoke to spoke is support

DMVPN uses a combination of:

  • Multipoint GRE tunnels (mGRE)
  • Next Hop Resolution Protocol ( NHRP )
  • IPsec Crypto Profiles
  • Routing



  • Virtual Private Network
    • Route exchange privacy
    • Path determination for packets
    • Data Security
      • IPSec IP security
    • Collection of standized protocols that provide
      • Confidentiality
      • Integrity
      • Authentication
      • Anti-Reply



  • Transition technique designed to allow native IPv6 hosts to access IPv4-only content.
    • (Translation technique not a tunneling technique).
  • Primarily used to allow v6 hosts to initiate connections to IPv4 content.
    • Mechanisms do exist to allow the reverse.
  • Stateful and stateless versions.
    • stateful can use any prefix
    • stateless has restriction on prefix

NAT64 and DNS64 co-existance.

  1. IPv6 host sends AAAA DNS Query
  2. DNS64 server tries AAAA lookup and fails
  3. DNS64 server successfully resolves IPv4 address
  4. DNS64 server generates AAAA DNS response of <IPv6 prefix:IPv4 adress> and sends it back to the client.


IPv6 Tunnels

  • point-to-point tunnels
  • MCT ( manually configured tunnel )
  • GRE ( Generic Routing Encapsulation )
  • Virtual point-to-point between two IPv4 routers
  • IPv6 iGP routing protocols can run over these virtual links.


IPv6 iGP redistribution

Similarities to IPv4

  • Redistribution takes routes from the IP routing table, not from the iGP databases.
  • Route maps can be used for filtering, metrics, route tags.
  • Admnistrative distance has not changed.
  • Options to prevent routing loops; Administrative distance, route tags, filtering.
  • Syntax is the same.

Differences to IPv4

  • Supported “match” commands in route-maps vary on iGP
    • OSPF/RIP cannot match op “route-type” with a Route-map
      • EIGRP has no problems using “route-type”
    • Route-map matching IPv6 ACLs must have IPv6 prefix as source portion and “any” as destination of ACL.
  • IPv6 redistribute connected does not include interfaces running the iGP;
    • redistribute include-connected






  • UPD port number 521
  • No autosummarization for IPv6
  • Destination address FF02::9
  • Link-Local next-hops
  • IPv6 uses IPv6 AH/ESP Authentication
  • Enable it on the interface
    • ipv6 rip CCNP enable fa0/0
  • No network command


  • EIGRP uses the neighbor’s link local address as the next-hop
  • Destination FF02::AA
  • Authentication relies on the IPv6 built-in authentication nad privacy
  • IPv4 defaults to auto summarization, IPv6 doesn’t
    • ipv6 unicast-routing
    • ipv6 route eigrp 100
    • (config-if)#ipv6 eigrp 100
    • eigrp router-id RID


BGP Path Attributes

BGP Path Attributes


“We Love Oranges AS Oranges Mean Pure Refreshment”

WWeight (highest)
LLocal_pref (higest)
OOriginate (Local)
ASAS_PATH (shortest)
OORIGIN code ( igp > egp > incomplete)
MMED (lowest)
PPaths ( External > Internal)
RRID (Lowest)
R1#sh ip bgp
*Mar  1 00:17:21.323: %SYS-5-CONFIG_I: Configured from console by console
R1#sh ip bgp
BGP routing table entry for, version 4
Paths: (2 available, best #1, table Default-IP-Routing-Table)
  Advertised to update-groups:
  30 from (
      Origin IGP, metric 0, localpref 100, valid, external, best
  20 from (
      Origin IGP, metric 0, localpref 100, valid, external

R1#sh ip bgp
BGP table version is 4, local router ID is
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*>                  0             0 20 i
*>                  0             0 30 i
*>                  0             0 30 i
*                           0             0 20 i


BGP Filtering

  • BGP filtering can be done on any routers
  • Filtering can be done inbound and outbound
  • After filtering is applied BGP neighbor must be reset or cleared for the filter to take effect
    • clear ip bgp in/out  preferred
    • clear ip bgp *   (hard reset)
    • clear ip bgp soft in/out


BGP Next-hop & iBGP switching

sh ip bgp

R1#sh ip bgp
BGP table version is 6, local router ID is
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path                                0 i
 r>               0             0 20 ?
 r>               0             0 20 ?
 *>               0             0 20 ?
 *>i                  0    100      0 i


BGP Routing

Injecting routes into BGP.

  • Use the network command.
    • Different than the network command in iGP; it isn’t used to listen/active interfaces.
    • the BGP network command looks for the prefix in the routing table and originates that into the BGP table.
    • If no mask is defined, IOS assumes a classful network.
    • Classful route is added if:
      • the exact route is in the ip routing table
      • Any subset of routes are in the routing table (only with auto-summery)
    • create a null0 route
      •  ip route null0
router bgp 20
 bgp log-neighbor-changes
 network mask
 neighbor remote-as 10
 neighbor ebgp-multihop 255
 neighbor update-source Loopback1