Today’s CCENT-level challenge involves the methods that are commonly used to describe and compare modern network infrastructures regarding such things as performance and structure.
ICND1-1: What common descriptive characteristic for a modern network often encompasses a measure of the probability of a network failure called the Mean Time Between Failures or MTBF?
Dennis caught our eye creating Visio versions of the best-selling Volume 1 workbook network topology for his fellow students in the IEOC. Thanks again Dennis and enjoy your $50 Gift Certificate for Amazon.com.
The files that Dennis created for his fellow students can be found by clicking here.
Here is his story…
In 1991, I began my official work life as a Customer Service Representative. I repaired all manner of equipment for many well-known small to medium sized retail chains and large retail chains with names ending in “mart”. In 1996 I took a position with a small contracting company working at NOAA (National Oceanic and Atmospheric Administration). I worked as a Help desk Engineer for several years. I became Microsoft MSCE certified in 1998. In 1999 I took another position within my company still at NOAA for their Computer Incident Response Team. I had several satisfying years in that position learning all about incident detection, response and remediation.
In our recent Implement Layer 2 Technologies series, we examined Q-in-Q tunneling in great detail. In this discussion, I mentioned a big caution about the Service Provider cloud with 802.1Q trunks in use for switch to switch trunking. This caution involved the use of an untagged native VLAN.
You see, this configuration could lead to what is known as the VLAN hopping attack. Here is how it works:
- A computer criminal at a customer site wants to send frames into a VLAN that they are not part of.
- The evil-doer double tags the frame (Q-in-Q) with the outer frame matching the native VLAN in use at the provider edge switch.
- The provider edge switch strips off the outer tag (because it matches the native VLAN), and send this frame across the trunk.
- The next switch in the path examines the frame and reads the inner VLAN tag and forwards the frame accordingly. Yikes!
Notice the nature of this attack is unidirectional. The attacker can send traffic into the VLAN, but traffic will not return. Admittedly, this is still NOT something we want taking place!
What are solutions for the Service Provider?
- Use ISL trunks in the cloud. Yuck.
- Use a Native VLAN that is outside of the range permitted for the customer. Yuck.
- Tag the native VLAN in the cloud. Awesome.
Today’s challenge is drawn from the exciting area of CCNA Security. Enjoy. As always, you can find the answer in the comments area a day or two after the date of this post.
IINS-1: The CIA Triad seeks to define the three primary purposes for network security. These are to secure an organization’s data confidentiality, integrity, and availability. Define integrity as it is used in the CIA Triad. For bonus credit, provide the term texts often attribute the A for in CIA as opposed to Availability.
Cisco had promised us Christmas 2010 editions of these new exams. Those dates have slipped again.
The new Cisco CCDA 640-864 DESGN and CCDP 642-874 ARCH exams are now scheduled to hit by January 31, 2011.
Both exams promise to test new material regarding virtualization and data centers. Stay tuned to see if these new exams do actually materialize. For those tracking such things – this is the third new date for these exams.
You will find the answer to today’s CVOICE Exam Practice in the comments area of the blog approximately 24 hours after the post. Have fun!
CVOICE-1: Cisco Unified Communications gateways support various VoIP signaling protocols. For each description below, provide the signaling protocol that is described:
A. This protocol specifies the commands and responses to set up and tear down calls. It also details features such as security, proxy, and transport control protocol (TCP or User Datagram Protocol [UDP]) services. It is a text-based protocol that borrows many elements of HTTP, using the same transaction request-and-response model and similar header and response codes.
B. This protocol definition controls VoIP gateways that are connected to external call control devices, referred to as call agents.
C. This standard specifies the components, protocols, and procedures that provide multimedia communication services—real-time audio, video, and data communications—over packet networks, including IP networks. The protocol is part of a family of ITU-T recommendations.
D. This Cisco proprietry protocol is used between Cisco Unified Communications Manager and Cisco Unified IP phones.
Beginning January 17th, 2011, Cisco will add Layer 2 Switch Troubleshooting to the 2 hour Troubleshooting section of the lab exam. Like the Layer 3 Troubleshooting that you will perform, these switches are emulated devices using Cisco’s IOU product – that stands for IOS on UNIX and is a similar approach to the popular Dynamips platforms. Cisco calls the ability to emulate switches on UNIX – L2IOU.
As you know, INE has been addressing Layer 2 Troubleshooting in all of our CCIE R&S products for a long time – so there will be few modifications that need to be made. I realize that change does cause some level of fear among students studying hard for this exam. I will be sure to schedule a free vSeminar next week to chat about this latest exam format and answer your questions. Watch the blog for the date and time of that vSeminar.
By the way, Cisco announced this change on the Cisco Learning Network this week. Here is the original post.
Many times, students believe that they could use a bit of a boost when it comes to solving the very complex and difficult Practice Lab Exams featured in our famous Volume II workbook here at INE. To respond to this, Keith Barker and I came up with an idea for a new INE product unlike anything that had been created before.
We created a fully interactive video guide to lab exam strategy and actual solutions for the first five labs of the workbook. But we did not stop there. We also recorded bonus lessons on topic areas that students always seem to want extra guidance with. Such areas as:
- Am I fast enough when it comes to making configurations?
- What is the best way to master DOC-CD navigation?
- What are appropriate strategies for Troubleshooting?
- What should I do if I am struggling with Redistribution tasks?
Here are some sample lessons from the Interactive Video Companion for Volume II so you can see this remarkable product for yourself. I am also publishing the complete outline here so you can examine that as well.
The Course Outline:
Lab 1 – Dos and Donts – 20 minutes
Lab 1 – Lab Strategy – 30 minutes
Lab 1 – Backup Link – 20 minutes
Lab 1 – Spanning Tree Manipulation – 10 minutes
Lab 1 – Spanning Tree Security – 15 minutes
Lab 1 – Private VLANs – 30 minutes
Lab 1 – Layer 2 Traffic Engineering – 20 minutes
Lab 1 – OSPF Prefix Adv – 10 minutes
One of the most important technical protocols on the planet is Open Shortest Path First (OSPF). This highly tunable and very scalable Interior Gateway Protocol (IGP) was designed as the replacement technology for the very problematic Routing Information Protocol (RIP). As such, it has become the IGP chosen by many corporate enterprises.
OSPF’s design, operation, implementation and maintenance can be extremely complex. The 3-Day INE bootcamp dedicated to this protocol will be the most in-depth coverage in the history of INE videos.
This course will be developed by Brian McGahan, and Petr Lapukhov. It will be delivered online in a Self-Paced format. The course will be available for purchase soon for $295.
Here is a preliminary outline:
Day 1 OSPF Operations
● Dijkstra Algorithm
● Neighbors and Adjacencies
○ OSPF Packet Formats
○ OSPF Authentication
○ Link-State information Flooding
About the Protocol
- The algorithm used for this advanced Distance Vector protocol is the Diffusing Update Algorithm.
- As we discussed at length in this post, the metric is based upon Bandwidth and Delay values.
- For updates, EIGRP uses Update and Query packets that are sent to a multicast address.
- Split horizon and DUAL form the basis of loop prevention for EIGRP.
- EIGRP is a classless routing protocol that is capable of Variable Length Subnet Masking.
- Automatic summarization is on by default, but summarization and filtering can be accomplished anywhere inside the network.
EIGRP forms “neighbor relationships” as a key part of its operation. Hello packets are used to help maintain the relationship. A hold time dictates the assumption that a neighbor is no longer accessible and causes the removal of topology information learned from that neighbor. This hold timer value is reset when any packet is received from the neighbor, not just a Hello packet.