cisco ccna ccnp

Sponsored Links

Sponsored Links

Donate ciscoforall

Your contribution will help keep this site updated!

Email Subscriptions

Enter your email address:

Sponsored Links

Donate

Your contribution will help keep this site updated!

Web Hosting

Web Hosting 1$/month

affiliate_link

VPN (Virtual private network) Connectivity

VPN technology allows businesses to use their existing Internet connections to connect to other offices (site-to-site VPNs) or allow telecommuting or mobile users to connect into the office network from their PCs (remote-access VPN).

VPN Connectivity

VPNs provide a variety of benefits over private-line connections:

  • Cost savings over private-line connections
  • Remote-access connections for telecommuting or mobile users
  • Scalability

At the same time, VPNs have some major drawbacks:

  • Higher overhead
  • Varying service levels
  • Additional security considerations

VPN connections come in two major genres: site-to-site and remote-access VPNs.

Site-to-site VPNs are the direct replacement for private-line WAN connections. They allow offices to maintain permanent or semipermanent connections between each other through the Internet.

Remote-access VPNs typically are used to allow telecommuting or mobile workers to connectto the corporate network from home or hotel-like locations. These remote-access VPNs comein a couple of styles: client-based (requires the installation of a VPN client) and clientless (also known as SSL or WebVPN; users connect through a secure web page).

The key protocol that drives VPN connections is IPsec. This is actually a suite of protocols that provide standards for encryption, authentication, and data integrity.

Three primary encryption standards are used with IPsec:

  • Data Encryption Standard (DES) algorithm was originally developed by IBM to support a 56-bit key.
  • Triple DES (3DES) algorithm uses three different DES keys to encrypt data, thus tripling the strength of DES.
  • Advanced Encryption Standard (AES) currently offers 128-, 192-, and 256-bit encryption.

Currently, two data-integrity standards are used with IPsec:

  • Message Digest 5 (MD5) uses a 128-bit hashing algorithm.
  • Secure Hash Algorithm 1 (SHA-1)uses a 160-bit hashing algorithm.

OSPF Characteristics

OSPF
Hello/dead time 10/40, 30/1 20
Cisco or IETF I ETF
Updates Multicast (224.0.0.5, 224.0.0.6)
Load balancing Equal paths
Routed protocols IP

 

OSPF
Hello/dead time 10/40, 30/1 20
Cisco or IETF I ETF
Updates Multicast (224.0.0.5, 224.0.0.6)
Load balancing Equal paths
Routed protocols IP

 

OSPF is a link-state routing protocol that automatically discovers its neighbors by sending hello messages to 224.0.0.5. After the neighbors are discovered, they form an adjacency by syn­chronizing their databases. This database lists all possible routes that the neighbor is aware ofin the topology. Each subnet learned has a cost associated with it, which is calculated by tak­ing 1 08/bandwidth. The paths with the lowest cost to a destination are put in the routing table.

TCost Values Based on Bandwidth
Bandwidth OSPF Cost
56Kbps 1785
64Kbps 1562
T1 (1 .544 Mbps) 64
E1 (2048 Mbps) 48
Ethernet (10 Mbps) 10
Fast Ethernet (100 Mbps)Gigabit Ethernet (1000 Mbps) 11

 

 Verifying and Troubleshooting OSPF Commands

Command Output
show ip route The routing table with OSPF entries represented as “O.” Routes learned from other areas also have an interarea indicator ( “ IA”).
show ip protocols OSPF process ID and advertised networks.
show ip ospf interface Local router’s router ID, interface topology type, link cost and priority, router ID for the DR and BDR on the segment, hello/dead intervals, and a count of how many neighbors and adjacencies.
show ip ospf neighbor Neighbor table to verify neighbor IDs and if neighbor is DR or BDR.
showip ospf database OSPF subnets and advertising routers in the topology table.
debug ip ospf events Real-time display of LSAs and LSUs being sent and received.