Answers to some minor questions about VPN

 

Answers to some minor questions about VPN

 

 

 

--------------------------------------------------------------------------------

 

　

How is the metric definition of the network type?

 

 

What protocol data packets does VPN have?

 

 

How can I ensure the reliability of MongoDB?

 

 

Can you talk about DUAL finite state machine?

 

 

Do you know how to configure the glasunqual-cost load-balancing?

 

 

How do I allocate bandwidth in Frame-relay p2p, p2mp, and hybrid environments?

 

 

Can I list the commonly used command for checking the source image in the source image?

 

 

Answer:

 

 

VPN metrics

 

 

Metric = [K1 * BandW + (K2 * BandW)/(256-load) + K3 * Delay] * [K5/(reliability + K4)]

 

 

By default: K1 = K3 = 1 and K2 = K4 = K5 = 0, so:

 

 

Metric = 10000000/BandW * 256 + Delay/10*256

 

 

If you must change the DELAY or BANDWDITH for your special purpose, we recommend that you change the DELAY because BANDWITH, such as OSPF, is also used for other protocols, BANDWITH is also involved in the use of the command to limit the bandwidth of e igrp, so the DELAY parameter is generally modified (especially in the experiment, to simplify the METRIC value)

 

 

Show interface view value

 

 

Note: The value of k is included in the hello message, and no neighbor relationship is created if the key does not match.

 

 

Set a default metric for the redistribution route

 

 

Default-metric 10000 100 255 1 1500

 

 

There are five protocol packets in the network:

 

 

Hello: Establish a neighbor relationship, 224.0.0.10, no need to confirm

 

 

LAN, p2p WAN, MP bandwidth greater than T1: 5 seconds Interval

 

 

MP bandwidth less than T1: 60 seconds

 

 

Note: The hold time is three times the hello time. To change the hello time, you must manually specify the hold

 

 

# Ip VPN hold-time

 

 

Update: Send route updates

 

 

Query: Query the neighbor's route information.

 

 

Reply: query Reply

 

 

The preceding three types of packets need to be explicitly confirmed (that is, each packet needs to be separately confirmed), and the serial number is set for re-transmission. The maximum number of packets is 16.

 

 

ACK: OK

 

 

Due to the DUAL mechanism, it is necessary to ensure reliable transmission by the RTP protocol (RTP can also achieve unreliable transmission). In addition, when these packets are sent, some are multicast and some are unicast.

 

 

For example, hello uses multicast and is unreliable for transmission.

 

 

ACK is a HELLO packet without data. ACK is always transmitted in Unicast mode and is unreliable.

 

 

UPDATE can be multicast or unicast transmission, and only reliable transmission is used.

 

 

QUERY and REPLY are used in DUAL's finite state mechanism. QUERY can be multicast or unicast, and REPLY is always unicast. reliable transmission is used (determined by DUAL mechanism)

 

 

Can you find the difference between these message mechanisms and OSPF?

 

 

DUAL finite state machine:

 

 

It is actually a transformation of an SPF algorithm.

 

 

First, collect the route Declaration of the neighbor, and calculate the path FD (AD + local metric) from the neighbor to the target network by referring to the metric (AD) of the neighbor to the target network. Select the best path for the FD and put it in the route table, server Load balancer performs load balancing with the lowest FD. If the best path for AD disappears, search for FS in the topology table. If the topology table does not have FS, the query will be sent to the neighbor, calculate again.

 

 

About Finite stat machine (FSM)

 

 

I think it's the most complicated thing about the network.

 

 

When an event causes a PASSIVE route and searches for FS again, if FS exists, the FS is upgraded to S (SUCCESSOR). If no FS exists, the router sends a QUERY to all neighbors, this route changes to the ACTIVE status. There are many restrictions in this status, for example, you cannot change FD or SUCCESSOR. When all the queries sent receive REPLY, the router recalculates the route, select the new S and FD, and delete the FS that do not meet the FC conditions. An important condition for FC is that the distance (AD) advertised by the next hop route must be smaller than the current FD, this is to prevent LOOP and so on)

 

 

And send UPDATE. As the router that receives the QUERY from the router, find the best announcement in its FS to the initial router. If there is no QUERY, send the QUERY. Note that, by default, if the router does not receive a query reply within three minutes, it performs the SIA status and queries all the routes received by this neighbor, time can be changed manually

 

 

Another point is that a well-designed network should not be connected to SIA. a wrong idea is to design multiple AS connections. It turns out that this method is not good, because the QUERY will be sent to another AS at the AS boundary, the result is that there is no SIA In the AS, but there may be SIA In the other.

 

 

In fact, FSM is more complex than above (very complex). For example, there are three factors that can cause Route status changes, such as new routing discovery, the status changes caused by different factors and q uery and REPLY may be processed differently in different directions.

 

 

Don't think it's that simple, comrades.

 

 

Kerberos ququal-Cost Load Balancing

 

 

Allow a route entry with metric less than the minimum FD multiple to become a successor.

 

 

For example, there are three routes for a routerworker to reach the network Z.

 

 

Via B: AD = 10, FD = 30

 

 

Via C: AD = 10, FD = 20

 

 

Via D: AD = 25, FD = 45

 

 

Obviously, via C is the shortest path, but equivalent Server Load balancer does not allow multiple routes to coexist. By setting variace, the routing protocol can automatically perform load balancing.

 

 

If # variance 2

 

 

Then via C: 30 <2 * FD (20) meets the conditions

 

 

Via D: 45> 2 * FD (20) does not meet the conditions

 

 

Therefore, routes of via B and via C will be selected for non-equivalent load balancing.

 

 

If you set VARIANCE to 3 during unequal balancing, the data in all balanced routes is allocated proportionally, for example ,.

 

 

Also, when balancing, consider the value of your max-path.

 

 

Another problem is that the following path exists:

 

 

F to D to B = 15

 

 

F to C to B = 15

 

 

F to C to G = 10

 

 

F to e to a = 30

 

 

Your variance 2

 

 

That is to say, the best METRIC can be less than 2*10 = 20

 

 

There are three paths:

 

 

15

 

 

15

 

 

10

 

 

Theoretically, 1.5 groups should be sent on the 10 path after each group is sent on the two paths of 15.

 

 

In reality, the router may send two groups because it cannot send only one half Group

 

 

Bandwidth over WAN interface

 

 

1. p2p subint using frame-relay: Set to CIR

 

 

2. Multipoing: set as the sum of neighbor bandwidth

 

 

If each PVC has a different CIR

 

 

-Convert to p2p Configuration

 

 

-Lowest CIR * Total Number of PVC

 

 

For example:

 

 

Point-to-Point star topology with Headquarters CIR = 256 k. There are 10 PVC entries in each branch, each CIR = 56 kbps.

 

 

Divide p2p subint, allocate 25 kbps for each PVC, and adjust the maximum VC capacity occupied by the VPN protocol datagram by 50%

 

 

# Interface serial 0.1 point-to-point

 

 

Bandwidth 25

 

 

Ip bandwidth-percent: China site

 

 

Note: 110% of 25 is 28 Kbps, that is, 56 kbps/2.

 

 

Related commands

 

 

Show ip VPN nodes

 

 

Show ip VPN topology

 

 

Show ip route VPN

 

 

Show ip protocols

 

 

Show ip subnet traffic

 

 

Debug OSPF packets

 

 

Debug OSPF neighbors

 

 

Debug ip subnet

 

 

Debug ip: VPN gateway

 

 

I have another point to talk about.

 

 

Is about the release of the MongoDB.

 

 

Before 12.0 (4) t is:

 

 

Network-number

 

 

In the future, it can be:

 

 

Network-number [wildcard nwtwork-mask]

 

 

This allows you to publish the version of the image in the specified interface.

 

 

 

This article is from the "T76" blog