Directly from Cisco’s website:
1.1 Identify Cisco Express Forwarding concepts
- 1.1.a FIB – Forwarding Information Base, “sh ip cef” to view, used to determine next hop IP addresses, performs Layer 3 “Packet Switching” or Packet forwarding
- 1.1.b Adjacency table – Correlates with FIB to find corresponding MAC addresses for Packet Switching / Forwarding
- Both these exist on the “Data Plane” where actual forwarding occurs, and populates the IP Route Table (RIB) which exists on the “Control Plane”
1.2 Explain general network challenges
- 1.2.a Unicast – “Unknown Unicasts” are generated when a Destination MAC is unknown, switches will flood these packets to all members within the VLAN, possibly causing a “Traffic Storm” which can impact network performance
- 1.2.b Out-of-order packets – Each Packet is forwarded by the best metric to its destination, so this can happen if metrics change during transmission. TCP solves this issue with Ack and Seq numbers to re-order packets when they arrive
- 1.2.c Asymmetric routing – This occurs when traffic takes a different return path then the traffic was sent on, specifically this is an issue with Firewalls and NAT. For example the devices will keep track of the connection states, SYN is sent through a router to a server, but servers Default Gateway is through a different device (Firewall), that device will have no “State Record” of the connection and drop the packets ACK it is trying to send back.
1.3 Describe IP operations
- 1.3.a ICMP Unreachable and Redirects – Redirects are found when debugging ICMP packets, sent back to the source when a better route is found to the Destination by Gateways only (NOT hosts). Unreachable responses come in the form of (U.U.U) meaning the upstream router has no route to the destination network
- 1.3.b IPv4 and IPv6 fragmentation – IPv4 Fragmentation happens when an IP Datagram is passing through a device with a smaller MTU (Maximum Transmission Unit) than the original Sender, and the receiver must reassemble the fragments based upon the flags in the Fragment Offset field in the IPv4 Header. IPv6 does not have a “Fragmentation” field in it’s IPv6 Header, so it must be inserted into the IP Packet “Extension” field by the sender if its determined Fragmentation is needed before transmission rather than during transmission.
- 1.3.c TTL -Time To Live is a value in the Header of an IPv4 Packet, that is decremented (decreased) in value by 1 for each hop or router it passes through, until it hits the value of 0, at which point it is discarded.
1.4 Explain TCP operations
- 1.4.a IPv4 and IPv6 (P)MTU – MTU refers to the Maximum Transmission Unit size that can be sent to a host. IPv4 “may” use Path MTU Discovery to avoid packet framentation along the way, IPv6 “must” use Path MTU Discovery so it can set the Fragmentation in its IPv6 Headers “Extension” field. So (P)MTU = Path MTU.
- 1.4.b MSS – “Maximum Segment Size” is an optional field in the TCP SYN Packet, which can adjust the MTU of a router, generally used for PPPoE (PPP over Ethernet), as the default size of MTU’s is 1500, and PPPoE only supports up to 1492 MTU Size – So it will discard any packets (most default ones) if not adjusted in the MSS
- 1.4.c Latency – The time it takes for a packet to travel from its Source to its Destination, and used by some routing protocols (EIGRP) to determine its metric, and if packets are dropped TCP will request re-transmission of discarded packets
- 1.4.d Windowing – The amount of TCP segments that a Receiver can successfully have transmitted, acknowledged with an ACK back to the Sender. Sliding-Window is a type of Windowing where the segments sent increases until the Receiver can no longer Ack the amount of segments, and the Sender then slows down transmission of segments being sent until Ack’s are again received
- 1.4.e Bandwidth-delay product – The maximum amount of bits that can be on a segment at any given time
- 1.4.f Global synchronization – Also known as TCP Synchronization, is when a routers interface output queue fills to capacity and it must start discarding TCP packets, taking longer for TCP transmissions to go through and ACK’s to be sent. One way to prevent this condition is Weighted Random Early Detection (WRED) that can randomly drop packets from the queue if it gets near capacity.
1.5 Describe UDP operations
- 1.5.a Starvation – When “Connectionless” UDP Packets flood the interface or “starve” the line of bandwidth, causing TCP connections to drop excessive packets, and slow down the transmission of them
- 1.5.b Latency – Any packets discarded will not be re-transmitted as UDP is connectionless, QoS solves this issue between a source and destination
1.6 Recognize proposed changes to the network
- 1.6.a Changes to routing protocol parameters – Understand network wide impact on routing behaviors, plan phases of the protocol behaviors, and have an action plan to migrate back to the initial parameters to minimize downtime
- 1.6.b Migrate parts of the network to IPv6 – Check and confirm LAN nodes are IPv6 compatible, run IPv4 and IPv6 concurrently (Dual-Stack) to confirm compatibility, user IPv6-over-IPv4 tunnels for IPv6 LAN’s to be able to communicate over IPv4 tunnels between sites, and also using NAT64 which converts IPv6 Address to IPv4 addresses entering the LAN
- 1.6.c Routing protocol migration – One method for migration would be to run both protocols concurrently, so if one fails the other can continue to run, another method would be route redistribution one network segment at a time to see how it reacts to the migration