Just some notes for useful CCNP TSHOOT (642-832) Study stuff. Last day to test for this exam: January 29, 2015
Category: Networking
access-class in on vty needs vrf-also
I was upgrading an a Cisco 2811 remotely from 12.4(24)T8 to 15.1(4)M8. The Tunnel is was using for management was part of a VRF.
interface Tunnel9 ... vrf forwarding management-vrf ...
After the upgrade I was able to ping the router remotely but wasn’t able to get an SSH connection. From the steppingstone I was using I got:
[peter@steppingstone-server:~]$ ssh 192.168.1.1 ssh: connect to host 192.168.1.1 port 22: Connection refused
IPv6 addressing on point-to-point links
IPv6 subnets are normally not smaller than /64. But this seems a bit excessive use of the IPv6 space. In this post I’m trying to show u the possibilities to use alternative subnet sizes. You can decide for yourself what prefix size you prefer. You could consider the following alternatives;
/127:
You could see this as the equivalent of the 31-bit prefixes in IPv4. Previously a /127 prefix was considered harmful and described in RFC 3627, but RFC 6547 describes that guidance provided in RFC 6164 is to be followed when the two documents are in conflict. This is a quote from RFC 6164 where the authors refute the arguments from the old RFC.
[RFC3627] discourages the use of 127-bit prefix lengths due to
conflicts with the Subnet-Router anycast addresses, while stating
that the utility of Subnet-Router anycast for point-to-point links is
questionable.[RFC5375] also says the usage of 127-bit prefix lengths is not valid
and should be strongly discouraged, but the stated reason for doing
this is to be in compliance with [RFC3627].Though the analyses in the RFCs are correct, operational experience
with IPv6 has shown that /127 prefixes can be used successfully.
The same RFC explains the following reasons to use more then 64-bits, particularly 127-bits, as prefix length:
- Ping-Pong Issue
- Neighbor Cache Exhaustion Issue
/126:
The lowest possible address in every IPv6 subnet is the “all routers anycast address”. Using a /127 prefix when a vendor is not supporting this could cause problems. Using a 126-bit prefix length solves this issue. However, the highest 128 addresses in every IPv6 prefix are also reserved for anycast addresses (RFC 2526).
/120:
Skips all anycast addresses and you should be save to implement this prefix length.
/112:
same as the /120, but might be more readable for the network engineer. The last four-digit hexadecimal value is used for the host part, so the whole part after the last colon.
/120: NNNN:NNNN:NNNN:NNNN:NNNN:NNNN:NNNN:NNHH
/112: NNNN:NNNN:NNNN:NNNN:NNNN:NNNN:NNNN:HHHH
Sources/Links:
- RFC 2526: Reserved IPv6 Subnet Anycast Addresses
- RFC 3627: Use of /127 Prefix Length Between Routers Considered Harmful
- RFC 4291: IP Version 6 Addressing Architecture
- RFC 6164: Using 127-Bit IPv6 Prefixes on Inter-Router Links
- RFC 6547: RFC 3627 to Historic Status
- SURFnet Whitepaper IPv6-nummerplan opstellen (Dutch)