By definition, the default behavior of BGP requires that it must be synchronized with the IGP before BGP may advertise transit routes to external ASs. It is important that your AS be consistent about the routes it advertises to avoid unnecessarily black-holing traffic. For example, if an IBGP speaker were to advertise a route to an external peer before all routers within your AS had learned about the route through the IGP, your AS could receive traffic to destinations for whi..
Designated Routers and Topology Support
DRs minimize topology traffic, but a DR works under the assumption that it is in contact with all devices. Multiaccess topologies, such as those found in NBMA and broadcast OSPF network types, rely on DRs and so are best applied to full-mesh topologies. If the topology is not a full mesh, then the DR should be manually selected, using priorities, to be a router with permanent virtual circuits (PVCs) connecting it to all other routers. For example, in a hub-and-spoke topology ..
Neighbor Discovery and Recovery
Using reliable updates produces two new problems: • The router needs to know how many other routers exist, so it knows how many acknowledgements to expect. • The router needs to know whether a missing advertisement should be interpreted as "no new information" or "neighbor disconnected." EIGRP uses the concept of neighborship to address these problems. EIGRP produces hellos periodically. The first hellos are used to build a list of neighbors; thereafter, hellos indicate ..
Basic Foundation Identity Concepts
Almost all network-connected applications support some basic form of identity. Most often this takes the form of a username and a password. By proactively checking for bad passwords, educating users about choosing good passwords, and giving preference to applications with some form of secure transport (for example, Secure Shell [SSH]), you can achieve reasonable security for most systems. This chapter discusses more advanced identity systems that usually benefit very specific..
Using BPDU Filtering to Disable STP on a Port
Ordinarily, STP operates on all switch ports in an effort to eliminate bridging loops before they can form. BPDUs are sent on all switch ports—even ports where PortFast has been enabled. BPDUs also can be received and processed if any are sent by neighboring switches. You always should allow STP to run on a switch to prevent loops. However, in special cases when you need to prevent BPDUs from being sent or processed on one or more switch ports, you can use BPDU filte..
