Jaycee's Networking

May 15, 2009

About Interfaces

Filed under: Frame Relay, Information, IOS — Jaycee @ 10:59 pm

A. Interface:

1. Each media type has its own configuration commands with few commands are common to all interfaces.

2. Interface is where you set addresses and netmasks and specify how the interface interacts with the routing protocol.

3. Subinterfaces provide a way to have multiple logical configurations for the same interface; most commonly used in Frame Relay, ATM, and Fast Ethernet.

a. Subinterface zero (0) refers to the actual interface:

serial 1 = serial 1.0

b. Frame Relay permits subinberfaces in both point-to-point and multipoint modes.

4. Secondary IP address(es):

interface ethernet 0
ip address 10.10.1.65 255.255.255.224
ip address 10.10.1.97 255.255.255.224 secondary
ip address 10.10.1.129 255.255.255.224 secondary

Problems:

a. Secondary IP addresses are NOT supported by OSPF
b. Routing updates are not sent out to secondary subnets due to split horizon.
c. Too many secondary IP addresses often means you are doing something wrong with your network design.
d. Host broadcasts may or may not be heard by hosts on other subnets, depending on the broadcast address used by the host and the hosts’ implementations.

B. Common Interface Commands:

a. ip directed-bradcast

A directed broadcast is a broadcast that is sent to a specific network or set of networks. They are frequently used in DOS attack. To reduce the vulnerability to such attacks, it’s disabled by default.

b. ip proxy-arp

It allows the router to respond to ARP requests for hosts that it knows about, but that aren’t direclty reachable by the host making the ARP request. If the router receives an ARP request for a host and the router has a route to that host, the router sends an ARP response  with its own data link address to the requestor.

c. ip unreachables

It enables the generation of ICMP protocol unreachable messages (the default). It’s often used on the null interface.

C. Loopback Interface:

1. It’s NOT tied to 127.0.0.1.

2. It’s often used as a termination address for some routing protocols, such as OSPF and BGP for router ID. It never goes down.

3. Use “ip unnumbered” configuration command allows you to enable IP processing on a serial interface without assigning it an explicit IP address.

4.Use it for all management software, which will test whether the router is alive by pinging the loopback interface’s IP.

D. Null Interface:

1. It’s the “bit bucket” or “black hole“interface. A null route directs traffic to a non-existent interface called the null interface. Network packets directed to the “Null 0” interface are discarded as soon as they are received.

2.A null route is useful for removing packets that cannot make it out of the network or to their destination, and/or to decrease congestion created when packets with no currently reachable destination float around the network, or the destination is under a denial of service attack.

3. During a denial of service attack, a null route can temporarily be placed on the next to last hop closest to destination which will cause that device to drop all traffic generated by the attack.

4. It’s most useful for filtering unwanted traffic, because you can discard traffic simply by routing it to the null interface. you could achieve the same goal using ACLs, but ACLs require more CPU overhead.

5. There can be only one null interface (null 0), and it’s always configured. It accepts ONLY ONE configuration command as below:

interface null 0
 no ip unreachables

6. As part of security strategy, uses null0 to prevent routing loops when using summarized addresses.

7. Example:

r001

As the above toplogy, R1 has this static route:

ip route 192.168.0.0 255.255.0.0 null0

a. From R3, if it sends a packet to destination for 192.168.0.3:

=> the packet would send to R1 and then R4 since R4 has the longest match than R1 has. (Choose 192.168.0.0/24 than 192.168.0.0/16)

b. From R3, if it sends a packet to destination for 192.168.2.3:

=> the packet would be dropped.

E. Serial Interface:

1. They are interfaces that connect to a device like a CSU/DUS, which in turn connects to a leased line to complete a point-to-point connection.

2. Serial Encapsulation:

a. PPP (Point-to-Point):

(1) Echo requests are used as keepalives; use “no keepalives” to disable this feature
(2) It’s supported by all router and vendors. If you are creating a serial link with 2 different types of routers, you’ll neeed to use PPP for the two routers to communicate.

b. HDLC:

(1) It provides synchronous frames and error detection without windowing or retransmission.
(2) It’s NOT supported by all vendors.

c. Frame Relay:

(1) Your packets are handled by a switched network that provides virtual circuits between you and the sites.
(2) Frame Relay is an encapsulation type, not an interface type.
(3) Frame Relay communication takes place over some other medium, typically a T1 line.

F. Passive Interface:

1. It tells an interface to listen to RIP or IGRP routes but NOT to advertise them. (Listen but dont’ talk.)

This feature can reduce routing load on the CPU by reducing the number of interfaces on which a protocol needs to communicate.

2. For OSPF and EIGRP, this command completely disables route processing for that interface.

3. Example:

Using Passive Interfaces

router eigrp 300
 network 192.168.10.0
 passive-interface ethernet 0

router rip
 network 192.168.10.0
 passive-interface serial0
 passive-interface serial1
Advertisements

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: