1 bit of Everything !

Had an interview and it didn’t go as i expected ….and i will take it as a good experience to prepare the next one better ! after 20 years without any interview ! i realize that ! it is good to know how to do it and understand it , but i need to be able to explain it to ! so am doing this as a little reminder  of everything before my next interview ! my native language is french so this will help for sure !!!! again if you have anything to add or see any mistake ! don’t hesitate ! 

 

Most of these definitions comes from wiki and CISCO websites !

Patrick Denis

IEEE 802 refers to a family of IEEE standards dealing with local area networks and metropolitan area networks , map to the lower two layers (Data Link and Physical) of the seven-layer OSI networking reference model. In fact, IEEE 802 splits the OSI Data Link Layer into two sub-layers named Logical Link Control (LLC) andMedia Access Control (MAC)
IEEE 802.3 is a communication standarts that define  the physical layer and data link layer’s media access control (MAC) “ ETHERNET “ known as the CSMA/CD protocol for operation over optical fiber and twisted-pair cables.

IEEE 802.11 is a set of media access control (MAC) and physical layer (PHY) specifications for implementing wireless local area network (WLAN) computer communication in the 2.4, 3.6, 5, and 60 GHz frequency bands.

IEEE 802.1D
 is the IEEE MAC Bridges standard which includes Bridging, Spanning Tree Revised version

IEEE 802.1W
 is the IEEE Rapid Spanning Tree Protocol (RSTP) provides significantly faster spanning tree convergence .

IEEE 802.1Q is the networking standard that supports virtual LANs (VLANs) on an Ethernet network. The standard defines a system of VLAN tagging for Ethernet frames

Open Shortest Path First (OSPF) is a routing protocol for Internet Protocol (IP) networks. It uses a link state routing algorithm and use autonomous system (AS). It is defined as OSPF Version 2 inRFC 2328 (1998) for IPv4.[1] The updates for IPv6 are specified as OSPF Version 3 in RFC 5340 (2008).[2]

By convention, area 0 (zero), or 0.0.0.0, represents the core or backbone area of an OSPF network
OSPF detects changes in the topology, such as link failures, and converges on a new loop-free routing structure within seconds. It computes the shortest path tree for each route using a method based on Dijkstra’s algorithm, a shortest path first algorithm.

OSPF uses multicast addressing for route flooding on a broadcast domain
OSPF multicast IP packets never traverse IP routers (never traverse Broadcast Domains)
they never travel more than one hop. OSPF is therefore a Link Layer protocol in the Internet Protocol Suite. OSPF reserves the multicast addresses 224.0.0.5 (IPv4) and FF02::5 (IPv6) for all SPF/link state routers (AllSPFRouters) and 224.0.0.6 (IPv4) and FF02::6 (IPv6) for all Designated Routers (AllDRouters), as specified in RFC 2328[3] and RFC 5340.[4]

OSPF does not carry data via a transport protocol, such as the User Datagram Protocol (UDP) or the Transmission Control Protocol (TCP). Instead, OSPF forms IP datagrams directly, packaging them using protocol number 89 for the IP Protocol field. OSPF defines five different message types, for various types of communication:
Hello

Database Description

Link State Request

Link State Update

Link State Acknowledgment

 

 

Enhanced Interior Gateway Routing Protocol (EIGRP) is an advanced distance-vector routing protocol that is used on a computer network to help automate routing decisions and configuration. The protocol was designed by Cisco Systems as a proprietary protocol, available only on Cisco routers.

IGRP / EIGRP IGRP is used in TCP/IP and OSI and use Distance Vector routing technology
EIGRP is an enhanced version of IGRP , and use Distance Vector routing technology the convergence is done through DUAL Diffusing Update Algorithm. That allow all router to synchronize after a topology change .
The distance information in EIGRP is represented as a composite of available bandwidth, delay,  and link reliability , Load , Mtu.

Neighbor discovery is done by sending  hello’s (hellos are multicast for neighbor discovery/recovery. They do not require acknowledgment ) and advertise a holdtimer to directly connected routers .When neighbor are discover it is put in a neighbor table . When A Packet isn’t heard within the HoldTime the holdtime expire and DUAL is informe of the topology change . And Change the is made in the Topology Table.
Reliable Transport is responsable for order  delivery of EIGRP packet to all neighbor with intermixed multicat or unicast packet.

DUAL track all route advertised by neighbor . The distance information is known by metric to select efficient loop free path . These neighbors and the associated metrics are placed in the forwarding table.Dual select the best route and insert them in the routing table  based on feasible successors ( lowest path cost ).

The protocol-dependent
IP-EIGRP module is responsible for sending and receiving EIGRP packets that are encapsulated in IP
, for parsing EIGRP packets and informing DUAL of the new information received ,asks DUAL to make routing decisions and the results of which are stored in the IP routing table and for redistributing routes learned by other IP routing protocols.
Route States Passice / Active

When there are no feasible successors, a route goes into Active state and a route recomputation occurs
While in Active state, a router cannot change the next-hop neighbor when replies are received for a given query, the destination can transition to Passive state and a new successor can be selected.

Packet Format
Hello/Ack, Updates , Queries , Replies , Requests

ROUTE TAGGING
The router ID of the EIGRP router that redistributed the route.
The AS number where the destination resides.
A configurable administrator tag.
Protocol ID of the external protocol.
The metric from the external protocol.
Bit flags for default routing.

 


Routing Information Protocol
 (RIP) is one of the oldest distance-vector routing protocols which employ the hop count as a routing metric.
RIP prevents routing loops by implementing a limit on the number of hops allowed in a path from source to destination. The maximum number of hops allowed for RIP is 15, which limits the size of networks that RIP can support. A hop count of 16 is considered an infinite distance and the route is considered unreachable.
RIP implements the split horizon, route poisoning and holddown mechanisms to prevent incorrect routing information from being propagated.
RIP router transmitted full updates every 30 seconds
RIP uses the User Datagram Protocol (UDP) as its transport protocol, and is assigned the reserved port number 520
RIP version1 ( RFC 1058 ) is a classfull routing doesn’t support vlsm
RIP version2 ( RFC 2453 ) is a classless Inter Domain Routing ( CIDR )
RIP v1 use broadcast to send the routing table to its neighbor .
RIP v2 use Multicast 224.0.0.9 to send the routing table to its neighbor.
RIPng ( RFC 2080 ) is an extention of RIPv2 to support IPV6
RIPng sends updates on UDP port 521 using the multicast group FF02::9

 

 

Border Gateway Protocol (BGP) is a standardized exterior gateway protocol designed to exchange routing and reachability information between autonomous systems (AS) on the Internet.[1] The protocol is often classified as a path vector protocol but is sometimes also classed as a distance-vector routing protocol. The Border Gateway Protocol makes routing decisions based on paths, network policies, or rule-sets configured by anetwork administrator and is involved in making core routing decisions.

BGP may be used for routing within an AS. In this application it is referred to as Interior Border Gateway Protocol, Internal BGP, or iBGP. In contrast, the Internet application of the protocol may be referred to as Exterior Border Gateway Protocol, External BGP, or EBGP.

 

 

Intermediate System to Intermediate System (IS-IS) is a routing protocol designed to move information efficiently within a computer network, a group of physically connected computers or similar devices. It accomplishes this by determining the best route for datagrams through a packet-switched network.The protocol was defined in ISO/IEC 10589:2002 as an international standard within the Open Systems Interconnection (OSI) reference design. Though originally an ISO standard, the IETF republished the protocol as anInternet Standard in RFC 1142
is an interior gateway protocol, designed for use within an administrative domain or network
IS-IS is a link-state routing protocol, operating by reliably flooding link state information throughout a network of routers. Each IS-IS router independently builds a database of the network’s topology, aggregating the flooded network information. Like the OSPFprotocol, IS-IS uses Dijkstra’s algorithm for computing the best path through the network. Packets (datagrams) are then forwarded, based on the computed ideal path, through the network to the destination.

 

 

Hot Standby Router Protocol (HSRP) is a Cisco proprietary redundancy protocol for establishing a
fault-tolerant default gateway, HSRP establishes a framework between network routers in order to achieve default gateway failover if the primary gateway becomes inaccessible, HSRP routers send multicast Hello messages to other routers to notify them of their priorities (which router is preferred) and current status (Active or Standby).
Routers have a priority of between 1-255 and the router with the highest priority will become the Active . The default priority is 100, for address owner the priority is always 255

 

Virtual Router Redundancy Protocol (VRRP) is a computer networking protocol that provides for automatic assignment of available Internet Protocol (IP) routers to participating hosts. This increases the availability and reliability of routing paths via automatic default gateway selections on an IP subnetwork.This is done with multiple routers Master and Backup routers acting as a group.
A virtual router must use 00-00-5E-00-01-XX as its Media Access Control (MAC) address. The last byte of the address (XX) is the Virtual Router IDentifier (VRID).
Routers have a priority of between 1-255 and the router with the highest priority will become the master. The default priority is 100, for address owner the priority is always 255

 

 

Gateway Load Balancing Protocol (GLBP) is a Cisco proprietary protocol that attempts to overcome the limitations of existing redundant router protocols by adding basic load balancing functionality. In addition to being able to set priorities on different gateway routers, GLBP allows a weighting parameter to be set. Based on this weighting (compared to others in the same virtual router group), ARP requests will be answered with MAC addresses pointing to different routers. GLBP elects one AVG (Active Virtual Gateway) for each group. Other group members act as backup in case of AVG failure. In case there are more than two members, the second best AVG is placed in the Standby state and all other members are placed in the Listening state. This is monitored using hello and holdtime timers, which are 3 and 10 seconds by default. The elected AVG then assigns a virtual MAC address to each member of the GLBP group, including itself, thus enabling AVFs (Active Virtual Forwarders). Each AVF assumes responsibility for forwarding packets sent to its virtual MAC address. There could be up to four AVFs at the same time
GLBP routers use the local multicast address 224.0.0.102 to send hello packets to their peers every 3 seconds over UDP 3222

 

VSS simplifies network configuration and operation by reducing the number of Layer 3 routing neighbors and by providing a loop-free Layer 2 topology. VSS combines a pair of switches into a single network element. An access switch connects to both chassis of the VSS using one logical port channel. The VSS manages redundancy and load balancing on the port channel. This capability enables a loop-free Layer 2 network topology. The VSS also simplifies the Layer 3 network topology because the VSS reduces the number of routing peers in the network.
When you create or restart a VSS, the peer chassis negotiate their roles. One chassis becomes the VSS active chassis, and the other chassis becomes the VSS standby.
For the two chassis of the VSS to act as one network element, they need to share control information and data traffic.

The virtual switch link (VSL) is a special link that carries control and data traffic between the two chassis of a VSS. The VSL is implemented as an EtherChannel with up to eight links. The VSL gives control traffic higher priority than data traffic so that control messages are never discarded. Data traffic is load balanced among the VSL links by the EtherChannel load-balancing algorithm.

 

Dynamic Trunking Protocol (DTP) is Cisco  proprietary negotiating trunking on a link between VLANS on the layer 2 of the osi model Vlan trunks use IEEE 802.1Q or ISL trunking Protocols.

VTP ( VLAN Trunking Protocol ) is a Cisco proprietary protocol that propagates the definition of Virtual Local Area Networks (VLAN) on the whole local area network.[1] To do this, VTP carries VLAN information to all the switches in a VTP domain. VTP advertisements can be sent over ISL, 802.1Q.

Frame relay create virtual circuits to connect remote LAN’s throught  WAN using a packet switching methodology.

Port Aggregation Protocol (PAgP) is a Cisco Systems proprietary networking protocol, which is used for the automated, logical aggregation of Ethernet switch ports, known as an etherchannel

Mode are :

auto Enable PAgP only if a PAgP device is detected
desirable Enable PAgP unconditionally

Link Aggregation Control Protocol (LACP) provides a method to control the bundling of several physical ports together to form a single logical channel known as an etherchannel

Mode are :

on Mode that forces the LAN port to channel unconditionally. In the on mode, a usable
EtherChannel exists only when a LAN port group in the on mode is connected to another
LAN port group in the on mode. Because ports configured in the on mode do not negotiate,
there is no negotiation traffic between the ports.

active Enable LACP unconditionally
passive Enable LACP only if a LACP device is detected

The Internet Group Management Protocol (IGMP) is an Internet protocol that provides a way for an Internet computer to report its multicast group membership to adjacent routers. ( RFC 1112 )

Distance-vector routing protocol requires that a router inform its neighbors of topology changes periodically. Distance-vector routing protocols have less computational complexity and message overhead

Link-state routing protocols requires that a router inform all the nodes in a network of topology changes,

Ethernet ( IEEE 802.3)is a family of computer networking technologies for local area networks (LANs) and metropolitan area networks (MANs) ( IEEE 802 )

Point-to-Point Protocol (PPP) is a data link protocol used to establish a direct connection between two nodes. It can provide connection authentication, transmission encryption .

 

High-Level Data Link Control (HDLC) is a bit-oriented code-transparent synchronous data link layer protocol developed by the International Organization for Standardization (ISO) HDLC provides both connection-oriented and connectionless service

 

Synchronous serial communication describes a serial communication protocol in which “data is sent in a continuous stream at a constant rate.”[1]

Synchronous communication requires that the clocks in the transmitting and receiving devices are synchronized – running at the same rate – so the receiver can sample the signal at the same time intervals used by the transmitter. No start or stop bits are required. For this reason “synchronous communication permits more information to be passed over a circuit per unit time

Asynchronous serial communication is a form of serial communication in which the communicating endpoints’ interfaces are not continuously synchronized by a common clock signal. Instead of a common synchronization signal, the data stream contains synchronization information in form of start and stop signals, before and after each unit of transmission, respectively. The start signal prepares the receiver for arrival of data and the stop signal resets its state to enable triggering of a new sequence.

 

 

EtherChannel is a port link aggregation technology or port-channel architecture used primarily on Cisco switches. It allows grouping of several physical Ethernet links to create one logical Ethernet link for the purpose of providing fault-tolerance and high-speed links between switches, routers and servers. An EtherChannel can be created from between two and eight active Fast, Gigabit or 10-Gigabit Ethernet ports, with an additional one to eight inactive (failover) ports which become active as the other active ports fail. EtherChannel is primarily used in the backbone network, but can also be used to connect end user machines.

 

Internet Group Management Protocol (IGMP) is a communications protocol used by hosts and adjacent routers on IPv4 networks to establish multicast group memberships. IGMP is an integral part of IP multicast.

 

PDUs are relevant in relation to each of the first 4 layers of the OSI model as follows:
The Layer 1 (Physical Layer) PDU is the bit
The Layer 2 (Data Link Layer) PDU is the frame
The Layer 3 (Network Layer) PDU is the packet
The Layer 4 (Transport Layer) PDU is the segment for TCP or the datagram for UDP
The Layer 5-6-7 (Application Layer) PDU is the data, which can be clear text, encrypted, or compressed

 

Transmission Control Protocol (TCP) is a core protocol of the Internet Protocol Suite. It originated in the initial network implementation in which it complemented the Internet Protocol (IP). Therefore, the entire suite is commonly referred to as TCP/IP. TCP provides reliable, ordered, and error-checked delivery of a stream of octets between applications running on hosts communicating over an IP network. It is connection oriented !

TCP use a Three-way handshake
SYN: The active open is performed by the client sending a SYN to the server. The client sets the segment’s sequence number to a random value A.
SYN-ACK: In response, the server replies with a SYN-ACK. The acknowledgment number is set to one more than the received sequence number i.e. A+1, and the sequence number that the server chooses for the packet is another random number, B.
ACK: Finally, the client sends an ACK back to the server. The sequence number is set to the received acknowledgement value i.e. A+1, and the acknowledgement number is set to one more than the received sequence number i.e. B+1.

The connection termination phase uses Four-way handshake, with each side of the connection terminating independently. When an endpoint wishes to stop its half of the connection, it transmits a FIN packet, which the other end acknowledges with an ACK. Therefore, a typical tear-down requires a pair of FIN and ACK segments from each TCP endpoint. After the side that sent the first FIN has responded with the final ACK, it waits for a timeout before finally closing the connection

User Datagram Protocol (UDP) is one of the core members of the Internet protocol suite. UDP uses a simple connectionless transmission model with a minimum of protocol mechanism. It has no handshaking dialogues, and thus exposes any unreliability of the underlying network protocol to the user’s program. There is no guarantee of delivery, ordering, or duplicate protection. UDP provides checksums for data integrity, and port numbers for addressing different functions at the source and destination of the datagram.

 

 The Internet Protocol (IP) also call TCP/IP is the principal communications protocol in the Internet protocol suite for relaying datagrams across network boundaries. Its routingfunction enables internetworking, and essentially establishes the Internet.

IP has the task of delivering packets from the source host to the destination host solely based on the IP addresses in the packet headers. For this purpose, IP defines packet structures that encapsulate the data to be delivered. It also defines addressing methods that are used to label the datagram with source and destination information.
Internet Protocol Version 4 (IPv4), is the dominant protocol of the Internet. Its successor is Internet Protocol Version 6 (IPv6).

 

Simple Network Management Protocol (SNMP) is an “Internet-standard protocol for managing devices on IP networks”. Devices that typically support SNMP include routers, switches, servers, workstations, printers, modem racks and more.[1] SNMP is widely used in network management systems to monitor network-attached devices for conditions that warrant administrative attention. SNMP is a component of the Internet Protocol Suite as defined by theInternet Engineering Task Force (IETF). It consists of a set of standards for network management, including an application layer protocol, a databaseschema, and a set of data objects.
An SNMP-managed network consists of three key components:
Managed device
Agent — software which runs on managed devices
Network management station (NMS) — software which runs on the manager

 

Dynamic Host Configuration Protocol (DHCP) is a standardized network protocol used on Internet Protocol (IP) networks for dynamically distributing network configuration parameters, such as IP addresses for interfaces and services. With DHCP, computers request IP addresses and networking parameters automatically from a DHCP server, reducing the need for a network administrator or a user to configure these settings manually. The DHCP employs a connectionless service model, using the User Datagram Protocol (UDP). It is implemented with two UDP port numbers for its operations which are the same as for the BOOTP protocol. UDP port number 67 is the destination port of a server, and UDP port number 68 is used by the client.
DHCP operations fall into four phases: server discovery, IP lease offer, IP request, and IP lease acknowledgment. These stages are often abbreviated as DORA for discovery, offer, request, and acknowledgment.

 

The Internet Control Message Protocol (ICMP) is one of the main protocols of the Internet Protocol Suite. It is used by network devices, like routers, to send error messages indicating, for example, that a requested service is not available or that a host or router could not be reached. ICMP can also be used to relay query messages.[1] It is assigned protocol number 1.

 

Internet Protocol version 4 (IPv4) is the fourth version in the development of the Internet Protocol (IP). IPv4 uses 32-bit (four-byte) addresses, which limits the address space to 4294967296 (232) addresses.
Reserved address blocks

Range Description Reference
0.0.0.0/8 Current network (only valid as source address) RFC 6890
10.0.0.0/8 Private network RFC 1918
100.64.0.0/10 Shared Address Space RFC 6598
127.0.0.0/8 Loopback RFC 6890
169.254.0.0/16 Link-local RFC 3927
172.16.0.0/12 Private network RFC 1918
192.0.0.0/24 IETF Protocol Assignments RFC 6890
192.0.2.0/24 TEST-NET-1, documentation and examples RFC 5737
192.88.99.0/24 IPv6 to IPv4 relay RFC 3068
192.168.0.0/16 Private network RFC 1918
198.18.0.0/15 Network benchmark tests RFC 2544
198.51.100.0/24 TEST-NET-2, documentation and examples RFC 5737
203.0.113.0/24 TEST-NET-3, documentation and examples RFC 5737
224.0.0.0/4 IP multicast (former Class D network) RFC 5771
240.0.0.0/4 Reserved (former Class E network) RFC 1700
255.255.255.255 Broadcast RFC 919

 Private networks

Name Address range Number of addresses Classful description Largest CIDR block
24-bit block 10.0.0.0–10.255.255.255 16777216 Single Class A 10.0.0.0/8
20-bit block 172.16.0.0–172.31.255.255 1048576 Contiguous range of 16 Class B blocks 172.16.0.0/12
16-bit block 192.168.0.0–192.168.255.255 65536 Contiguous range of 256 Class C blocks 192.168.0.0/16

 

Network Time Protocol (NTP) is a networking protocol for clock synchronization between computer systems over packet-switched, variable-latency data networks. NTP is one of the oldest Internet protocols in current use. NTP is intended to synchronize all participating computers to within a few milliseconds of Coordinated Universal Time (UTC). Implementations send and receive timestamps using the User Datagram Protocol (UDP) on port number 123.[4][5] They can also use broadcasting or multicasting, where clients passively listen to time updates after an initial round-trip calibrating exchange.

NTP uses a hierarchical, semi-layered system of time sources. Each level of this hierarchy is termed a “stratum” and is assigned a number starting with zero at the top.

stratum 0
These are high-precision timekeeping devices such as atomic (cesium, rubidium) clocks, GPS clocks or other radio clocks. They generate a very accurate pulse per second signal that triggers an interrupt and timestamp on a connected computer. Stratum 0 devices are also known as reference clocks.

Stratum 1
These are computers whose system clocks are synchronized to within a few microseconds of their attached stratum 0 devices. Stratum 1 servers may peer with other stratum 1 servers for sanity checking and backup.[10] They are also referred to as primary time servers.[2][3]

Stratum 2
These are computers that are synchronized over a network to stratum 1 servers. Often a stratum 2 computer will query several stratum 1 servers. Stratum 2 computers may also peer with other stratum 2 computers to provide more stable and robust time for all devices in the peer group.

Stratum 3
These are computers that are synchronized to stratum 2 servers. They employ exactly the same algorithms for peering and data sampling as stratum 2, and can themselves act as servers for stratum 4 computers, and so on.

The upper limit for stratum is 15; stratum 16 is used to indicate that a device is unsynchronized. The NTP algorithms on each computer interact to construct a Bellman-Ford shortest-path spanning tree, to minimize the accumulated round-trip delay to the stratum 1 servers for all the clients

 

 

Domain Name System (DNS) is a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network. It translates domain names The Domain Name System distributes the responsibility of assigning domain names and mapping those names to IP addresses by designating authoritative name servers for each domain
Multicast are use to address a number of hosts on a network  (one-to-many or many-to-many distribution).

Group communication may either be application layer multicast or network assisted multicast, where the latter makes it possible for the source to efficiently send to the group in a single transmission.

 

 Unicast is the opposite of broadcast which means transmitting the same data to all possible destinations , it is directed to one specific host .

 

Route Redistribution When you redistribute one protocol into another, the metrics of each protocol play an important role in redistribution. Each protocol uses different metrics.
For example, RIP use hop count so if you redistribute OSPF or a static routing protocol you need to specify either “redistribute “routing protocol x” metric 1 or use the default-metric command.
When redistributing in EIGRP , IGRP and EIGRP use 5 metrics ( bandwidth , delay , reliability , Load and MTU , so you need to apply them by adding the metric command or the default-metric command .
When redistributing OSPF , The OSPF metric is a cost value based on 108/ bandwidth of the link in bits/sec ( Ethernet is 10: 108/107 = 10 ) and by default when redistribute as a cost of 20 except for BGP it is 1 .

When redistributing  RIP metric is composed of hop count, When redistributing a protocol into RIP, Cisco recommends that you use a low metric, such as 1.

 

Virtual LAN (VLAN) is any broadcast domain that is partitioned and isolated in a computer network at the data link layer (OSI layer 2).[1][2] and provide the network segmentation.

 

Network address translation (NAT) is a methodology of remapping one IP address space into another by modifying network address information in Internet Protocol(IP) datagram packet headers while they are in transit across a traffic routing device.
Basic NAT translate one to one translation of ip address.
One-to Many NAT translate from the private address to the public address assign by the ISP.

Network address translation is not commonly used in IPv6, because one of the design goals of IPv6 is to restore end-to-end network connectivity.

 

Internet Protocol Security (IPsec) is a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session.
IPsec uses the following protocols  :

Authentication Headers (AH) provide connectionless integrity and data origin authentication for IP datagrams and provides protection against replay attacks.
Encapsulating Security Payloads (ESP) provide confidentiality, data-origin authentication, connectionless integrity, an anti-replay service (a form of partial sequence integrity), and limited traffic-flow confidentiality.
Security Associations (SA) provide the bundle of algorithms and data that provide the parameters necessary for AH and/or ESP operations. The Internet Security Association and Key Management Protocol (ISAKMP) provides a framework for authentication and key exchange,
by manual configuration with pre-shared keys, Internet Key Exchange (IKE and IKEv2), Kerberized Internet Negotiation of Keys (KINK), or IPSECKEY DNS records.

 

Virtual private network (VPN) extends a private network across a public network, such as the Internet. It enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. VPN is created by establishing a virtual point-to-pointconnection through the use of dedicated connections, virtual tunneling protocols, or traffic encryption.

 

Dynamic Multipoint Virtual Private Network (DMVPN)[1] is a dynamic tunneling form of a virtual private network (VPN) based on the standard protocols, GRE, NHRPand IPsec. It is supported on Cisco IOS-based routers, Huawei AR G3 routers[2] and USG firewalls, and on Unix-like Operating Systems. This DMVPN provides the capability for creating a dynamic-mesh VPN network without having to pre-configure (static) all possible tunnel end-point peers, including IPsec (Internet Protocol Security) and ISAKMP (Internet Security Association and Key Management Protocol) peers. DMVPN is initially configured to build out a hub-and-spoke network by statically configuring the hubs (VPN headends) on the spokes, no change in the configuration on the hub is required to accept new spokes. Using this initial hub-and-spoke network, tunnels between spokes can be dynamically built on demand (dynamic-mesh) without additional configuration on the hubs or spokes. This dynamic-mesh capability alleviates the need for any load on the hub to route data between the spoke networks.

DMVPN is combination of the following technologies:

Multipoint GRE (mGRE)

Next-Hop Resolution Protocol (NHRP)

Dynamic Routing Protocol (EIGRP, RIP, OSPF, BGP)

Dynamic IPsec encryption

Cisco Express Forwarding (CEF)

 

 

Virtual routing and forwarding (VRF) is a technology that allows multiple instances of a routing table to co-exist within the same router at the same time. Because the routing instances are independent, the same or overlapping IP addresses can be used without conflicting with each other.

 

Leave a Comment