RE: How to verify connectivity to Backbone routers

From: Joseph Brunner (joe@affirmedsystems.com)
Date: Sat Apr 05 2008 - 20:00:25 ART

• Next message: Capt.Spock: "Re: anyone in the Washington dc area ?"
• Previous message: Carlos G Mendioroz: "Re: Prefix list question"
• Maybe in reply to: Huan Pham: "How to verify connectivity to Backbone routers"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Actually, I was joking ;)

I have some verification methods for almost anything with the backbones.
While I was doing Brian and Brian's workbook VOL II., I realized you can
fake a backbone routing protocol config with your adjacent switch. The ie
racks were 11 hour slots... I did the workbook lab in 8, then spent the
other 3 hours practicing this kind of stuff.

The only time you couldn't do this stuff was when the issue was with a
backbone connected to a router on frame relay. All in all, if you play with
the VOL II. Workbook labs long enough you will know how to verify the
connectivity to the backbones before you go to the real lab.

-Joe

-----Original Message-----
From: Paul Cosgrove [mailto:paul.cosgrove@heanet.ie]
Sent: Saturday, April 05, 2008 6:24 PM
To: Joseph Brunner
Cc: 'Huan Pham'; 'Cisco certification'
Subject: Re: How to verify connectivity to Backbone routers

That would be interesting if telneting to the wrong IP led to criminal
proceedings! Would be a good way to put people under even more pressure
during the test. Not sure how many would agree to it though, especially
amongst those attending labs outside U.S. jurisdicton. If someone did
waste lab time trying to hack a router which just injects routes into
their topology, they should wise up and then schedule another lab
attempt. Cisco could of course impose a ban if they suspected foul
play, and that should be a sufficient deterent.

If a task asks you to filter or summarise routes then you may need to
verify what routes you send to the BB routers using debugs. Obviously
you may also be modifying the received routes as they are propagated
through your topology. You could have situation where your end point
routers can ping the BB, but other links on the same routers are not
being advertised out because of a typo. Pings will not provide full
verification unless you perform multiple tests from each router and
change the destination and source addresses. If you cannot guess a
valid IP on the BB subnets quite quickly, perhaps turning off domain
lookups and using ttl bounded traceroutes may help.

Paul.

Joseph Brunner wrote:
> If you even try to access the backbone router's you will be charged under
> the Computer Fraud and Abuse act of 1986. You agree to this by showing up
in
> the lab.
>
> The proctor's are authorized to detain you until govt. officials arrive at
> the lab, at which time you will be arrested.
>
> Bottom line;
>
> DON'T TRY IT
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Huan
> Pham
> Sent: Tuesday, April 01, 2008 9:37 PM
> To: 'Cisco certification'
> Subject: How to verify connectivity to Backbone routers
>
> Hi GS
>
> For internal reachability, it's can be done via ping test or automated
> TCL/Macro scripts.
>
> My question is how we verify connectivity to the backbone.
>
> 1 - Can we log on to the backbone and collect IP addresses?
> If we can, then the same ping test approach can apply here.
>
> 2 - If we can not log on to BB routers, how we can collect backbone IP
> address, and verify connectivity?
>
> My approach is
>
> 2.1. On the routers closest to backbone, show routes advertised from
> backbone. Here we can be quite confident that we have collected all the
> routes BB advertise (if we have correct configuration on these router).
>
> 2.2. Best guess is to take the first available IP from each subnet, and do
> ping test from the routers closest to backbone first.
>
> 2.3. If we get ping responses, then these are in fact valid IP addresses.
We
> then can roll out the ping tests to all routers in the lab.
>
> 2.4. If we do not get ping response, then the actual IP may be different.
> There's no way to get valid IP addresses in use. We will then have to
check
> that backbone routes are received on each internal routers by show ip
> routes, and we are advertising internal subnets to BB using (only need to
> check on the routers peering with BB):
>
> show ip bgp nei advertised,
> show ip ospf database,
> show ip eigrp topo
> show ip rip database
>
>
> Please let me know your thought.
>
>
>
> Cheers,
>
> Huan Pham
> Network Engineer
> p: +61 2 9722 3428
> f: +61 2 9722 3410
> e: huan.pham@valuenet.com.au
> w: www.valuenet.com.au
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Capt.Spock: "Re: anyone in the Washington dc area ?"
• Previous message: Carlos G Mendioroz: "Re: Prefix list question"
• Maybe in reply to: Huan Pham: "How to verify connectivity to Backbone routers"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu May 01 2008 - 08:25:50 ART