Huawei (HCIE) interview Questions

1- One hour duration

2- Introduction for one Min

3- Note down three questions

Question : IS-IS protocol's Level OR IS-IS Levels OR IS-IS hierarchy

To support large-scale routing networks, IS-IS adopts a two-level hierarchy consisting of a

backbone area and non backbone areas in an autonomous system (AS). Generally, Level-1
routers are deployed in non-backbone areas, whereas Level-2 and Level-1-2 routers are
deployed in the backbone area. Each non-backbone area connects to the backbone area through
a Level-1-2 router..
Level-1 Router
 A Level-1 router manages intra-area routing. It establishes neighbor relationships with
only Level-1 and Level-1-2 routers in the same area. A Level-1 router maintains a Level-1
link state database (LSDB), which contains routes in the local area.
 A Level-1 router forwards packets destined for other areas to the nearest Level-1-2 router.
 A Level-1 router connects to other areas through a Level-1-2 router.

Level-2 Router
 A Level-2 router manages inter-area routing. It can establish neighbor relationships with

Prepared By Sheraz Arshad Email: [email protected]

 Level-2 routers in the same area or in other areas, as well as Level-1-2 routers.
 A Level-2 router maintains a Level-2 LSDB, which contains all routes in the IS-IS network.
 All Level-2 routers form the backbone network of the routing domain,They establish
Level-2 neighbor relationships and are responsible for inter-area communication. Level-2
routers in the routing domain must be physically contiguous to ensure the continuity of the
backbone network.
Level-1-2 Router
 A router that belongs to both a Level-1 area and a Level-2 area is called a Level-1-2
router. It can establish Level-1 neighbor relationships with Level-1 and Level-1-2 routers in
the same area. It can also establish Level-2 neighbor relationships with Level-2 and
Level-1-2 routers in the same area or the other areas.
 A Level-1 router connects to other areas through a Level-1-2 router.
 A Level-1-2 router maintains a Level-1 LSDB for intra-area routing and a Level-2 LSDB for
inter-area routing.

============================================================

Question : PAP and CHAP authentication | Explain CHAP and PAP in details | explain the
PPP link authentication. (3 times repeat)

There are two types of authentication in PPP.

1. PAP (password authentication protocol)

2. CHAP (challenge handshake authentication protocol)

Prepared By Sheraz Arshad Email: [email protected]

1. PAP (password authentication protocol)

PAP: The PAP authentication process is as follows:

(i) The authenticated party sends an Authenticate-Request packet carrying the user name and
password in plaintext to the authenticating party. In this example, the user name and password
are huawei and hello.

(ii) After receiving the user name and password from the authenticated party, the authenticating
party compares the user name and password with those configured locally to check whether they
are correct. If the user name and password are correct, the authenticating party returns an
Authenticate-Ack packet, indicating that the authentication succeeds. If the user name and
password are incorrect, the authenticating party returns an Authenticate-Nak packet, More
indicating that the authentication fails.

PAP packets type:

(i)Authenticate-Request : The authenticated party uses this packet to send username and
password data field contains the plain-text user name and password.

(ii)Authenticate-Ack (acknowledgment) : The authentication party uses this packet to send

authentication success information. The Data field contains text information.

(iii)Authenticate-Nak (negative acknowledgment) : The authenticating party uses this packet

to send authentication failure information. The data field contains text information.

Prepared By Sheraz Arshad Email: [email protected]

2- CHAP (Challenge handshake authentication protocol)

Prepared By Sheraz Arshad Email: [email protected]

CHAP - Packet types

(i)Challenge: The authenticating sends a challenge packet to the authenticated party to initiate
authentication. The data field contains the challenge.

(ii)Response: The authenticated party sends a response packet to the authenticating party to
return user information. The data field contains the user name and password encrypt using an
encryption algorithm.

(iii)Success: The authenticating party ends a success packet to the authenticated party to
indicate that the authentication succeeds. The data field contains text information.

(iv)Failure : The authenticating party sends a failure packet to the authenticated party to indicate
that the authentication fails. The data field contains text information.

NOTE: The encryption algorithm Message Digest 5 (MD5) is used to calculate a 16-byte
character string, which is the concatenation of Identifier+password+challenge. The
authenticated party adds the calculated 16-byte character string to the Data field of the
Response packet and sends the packet to the authenticating party.

Prepared By Sheraz Arshad Email: [email protected]

CHAP is a three-way handshake authentication protocol. The Request packet and Response
packet exchanged between two communicating devices during one CHAP process contain the
same Identifier. Unidirectional CHAP authentication is applicable to two scenarios: the
authenticating party is configured with a user name, and the authenticating party is not configured
with a user name. It is recommended that the authenticating party be configured with a user
name.

• When the authenticating party is configured with a user name (that is, the ppp chap user
username command is configured on the interface):

• The authenticating party initiates an authentication request by sending a Challenge packet that
carries the local user name to the authenticated party.

• After receiving the Challenge packet on an interface, the authenticated party checks whether the
ppp chap password command is used on the interface. If this command is used, the authenticated
party uses MD5 to calculate the concatenation of Identifier, password generated by the ppp chap
password command, and a random number. The authenticated party then sends a Response
packet carrying the calculated ciphertext password and local user name to the authenticating
party. If the ppp chap password command is not configured, the authenticated party searches the
local user table for the password matching the user name of the authenticating party in the
received Challenge packet, and encrypts the matching password by using MD5 in a similar way.
The authenticated party sends a Response packet carrying the calculated ciphertext password
and local user name to the authenticating party.

The authenticating party encrypts the locally saved password of the authenticated party by using
MD5. The authenticating party then compares the generated ciphertext password with that
carried in the received Response packet, and returns a response based on the check result.

When the authenticating party is not configured with a user name (that is, the ppp chap user
username command is not configured on the interface):

• The authenticating party initiates an authentication request by sending a Challenge packet.

• After receiving the Challenge packet, the authenticated party uses MD5 to calculate the
concatenation of Identifier, password generated by the ppp chap password command, and a
random number. It then sends a Response packet carrying the ciphertext password and local
user name to the authenticating party.

• The authenticating party encrypts the locally saved password of the authenticated party by using
MD5. The authenticating party then compares the generated ciphertext password with that
carried in the received Response packet, and returns a response based on the check result.

============================================================

Prepared By Sheraz Arshad Email: [email protected]

Question : How to identify the multicast and unicast mac address ?

if 8th bit of first byte is zero then its unicast if 1 then multicast. (If all bits are FFFFFFFFFFFFFF
then it is Broadcast mac address.)

9A-E9-79-80-42-95 Unicast Address (10011010 8th bit of first byte is zero)

3B:AB:24:68:35:AC Multicat Address (00111011 8th bit of first byte is 1 )

FF:FF:FF:FF:FF:FF:FF Broadcast Address.

============================================================

Question : STP and RSTP comparison OR Question : why RSTP convergence is faster
than STP? (2 times)

The following table outlines the main differences between Rapid STP (802.1w) and the legacy
STP(802.1d):
STP (802.1d)
Rapid STP (802.1w)

In stable topology all

In stable topology only the root sends BPDU and
bridges generate BPDU every Hello (2 sec) : used
relayed by others.
as “keepalives” mechanism.
Port states
Disabled
Discarding (replaces disabled, blocking and
Blocking
listening)
Listening
Learning
Learning
Forwarding
Forwarding
To avoid flapping, it takes 3 seconds for a port to migrate from one protocol to another (STP / RSTP) in a
mixed segment.
Port roles

Root (Forwarding) Root (Forwarding)

Designated (Forwarding) Designated (Forwarding)
Non-Designated (Blocking) Alternate(Discarding)Backup (Discarding)

– An edge port (end node port) is an integrated Link type

Additional configuration to make an end node
which depends on the duplex : Point-to-point for full
port a port fast (in case a BPDU is received).
duplex & shared for half duplex).

Prepared By Sheraz Arshad Email: [email protected]

 STP (802.1d)
Topology changes and convergence
Use timers for convergence (advertised by the
root):
Hello(2 sec)
Max Age(20 sec = 10 missed hellos)
Forward delay timer (15 sec)
Slow transition (50sec):
Blocking (20s) =>Listening (15s) =>Learning
(15s) =>Forwarding
Use only 2 bits from the flag octet:Bit 7 :
Topology Change Acknowledgment.Bit 0 :
Topology Change
The bridge that discover a change in the
network inform the root, that in turns informs
all others by sending BPDU with TCA bit set
and instruct them to clear their DB entries
after “short timer” (~Forward delay) expire.
If a non-root bridge doesn’t receive Hello for
10*Hello (advertised from the root), start
claiming the root role by generating its own
Hello.
Wait until TC reach the root + short timer
(~Forward delay) expires, then flash all root
DB entries
Prepared By Sheraz Arshad Email: [email protected]
Rapid STP (802.1w)
– Introduce proposal and agreement process for
synchronization (< 1 sec).- Hello, Max Age and Forward
delay timer used only for backward compatibility with
standard STP
Only RSTP port receiving STP (802.1d) messages will
behaves as standard STP.
Faster transition on point-to-point and edge ports
only:Less states – No learning state, doesn’t wait to be
informed by others, instead, actively looks for possible
failure by RLQ (Request Link Query) a feedback
mechanism.
Use other 6 bits of the flag octet (BPDU type 2/version 2):
Bit 1 : ProposalBit 2, 3 : Port roleBit 4 : LearningBit 5 :
ForwardingBit 6 : AgreementBit 0, 7 : TCA & TCN for
backward compatibility
TC is flooded through the network, every bridge generate
TC (Topology change) and inform its neighbors when it is
aware of a topology change and immediately delete old
DB entries.
Wait for 3*Hello on a root port (advertised from the root)
before deciding to act.
Delete immediately local DB except MAC of the port
receiving the topology changes (proposal)
Prepared By Sheraz Arshad Email:

[email protected]
Summary:

RSTP needs backwards compatibility with STP switches. Thus Discarding state merges
Disabled, Blocking, Listening into one. Ideally if running a complete RSTP topology then
discarding becomes practically unneeded due to the explanation below.

In STP BPDU will only be sent from root bridge > down, therefore non-root bridges would only
forward on BPDUs that are received from the root-bridge via their root port. Therefore topology
change will mean a longer convergence time as the TCN has to be propagated to the root bridge
first then from the root bridge out to all remaining bridges in the switching domain.

For STP Hello(2 sec), max age timer (10 x hello time, by default 20s), then 15s each for Listening
and Learning. If no timers are touched for STP and you haven't enabled any add-on features like
backbone fast or uplinkfast then you can be looking at ~50s for convergence time.

In RSTP all switches can send BPDUs every hello time period not just the root bridge, the BPDUs
carry up to date information. This enables faster convergence as the switch that determines the
failure can advise the rest of the switching domain(bridge) of the TCN(Topology Change
Notification) immediately. As the failure detection time becomes 3 x hello timer. Therefore if the
hello timers are left at the default of 2 secs, detection of a failure can happen within ~6 secs.

Prepared By Sheraz Arshad Email: [email protected]

RSTP also has two additional port states:

Alternate port : Technically in discarding state but is allocated as a alternate best path to the
root-bridge. If the current root port fails the alternate port will take over.

Backup port : This port is allocated as a redundant designated port. If there is already a
designated port forwarding for that segment then this port will remain backup until it is needed.
Technically this port is in discard state until needed.

One more point RSTP marks edge ports as ports connected to end devices (No BPDUs expected
on this port). This enables STP 'portfast' features to ensure the host port comes up as quickly as
possible to avoid dropping DHCP packets etc.

These are the main differences - Hope this helps.

============================================================

Question No.6

What is edge port ? (2 times repeat)

Edge port

• In RSTP, a designated port on the network edge is called an edge port.

•An edge port directly connects to a terminal and does not connect to any other switching devices.
An edge port does not receive configuration BPDUs, so it does not participate in the RSTP

Prepared By Sheraz Arshad Email: [email protected]

 calculation. It can directly change from the Disabled state to the Forwarding state without any
delay, just like an STP-incapable port. If an edge port receives bogus configuration BPDUs from
attackers, it becomes a common STP port. The STP recalculation is performed, causing network
flapping.

============================================================

Question : In case of network planning. While deploying a Core / distribution and

access layer topologies. How you will plan to implement your L2 and L3 boundaries.

Answer: In planning if we are talking about the network performance and

practices we should limit the L2 boundries and we should extend the L3 boundaries

so that the broadcast domain is limited. Whereas if the cost is a consideration

then to reduce the cost i will use the L2 switches at access layer as well

which ultimately will be of less cost but will increase the L2 boradcast domain.

============================================================

Question : What are the factors which if not same on both sides OSPF devices,

OSPF will not be able to form the adjacencies?

From the perspective of OSPF, there are a couple of things that must match for
a OSPF neighborship to establish; these include:

 ANSWER: (i)Hello timer (ii)Dead interval timer (iiii) Network mask (iv)Network type (v)Cost (vi)
Area ID (vii) Authentication (viii) Stub area flag
============================================================

Question : BGP Loop and prevention.

There are 2 major factors of preventing loops in BGP.

(i)Route Reflector (iBGP) (ii) Every router check it’s AS Numbers (Split Horizon rule) (BGP)

When BGP updates travel through different Autonomous Systems (AS), EBGP routers prepend
their AS to AS PATH attribute. BGP routers use this information to check through which
Autonomous Systems certain updates passed. If a EBGP speaking router detects its own AS in
AS PATH attribute update, the router will ignore the update and will not advertise it further to IBGP
neighbors, because it is a routing information loop. This is a built in mechanism for loop

Prepared By Sheraz Arshad Email: [email protected]

prevention in BGP. (It is like split horizon)

Let’s consider the following scenario:

In the scenario above you see four BGP speaking routers. R1 and R2 are in AS (Autonomous
System) 65001 and form IBGP neighbor relationship with each other. R3 is in AS 65002 and
form EBGP neighborship with R1 and R4. R4 is in AS 65003 and form EBGP neighborship with
R2 and R3. The only network prefix advertised in BGP is 192.168.0.1, which is advertised by R1.
All the other routers learn this route from BGP. Router R2 learns this network prefix directly from
R1 which is in the same AS. Also, this prefix is sent to R3 by R1 as a BGP routing update and by
R3 to R4. Router R4 in turn will send BGP routing update to R2. And now, routing information loop
would have occurred if loop prevention mechanism wouldn’t exist. Because routing update
about 192.168.0.0/24 received by R2 from R4 contains R2’s own AS (65001), R2 will reject that
update and will not be sent further to other IBGP neighbors (in this case – R1).

This is how BGP handles BGP loop prevention of information updates between Autonomous
Systems. Well, that is just part of the story. To avoid routing information loops within the same
AS, all IBGP routers must peer with every router within AS (only TCP sessions required, not
physical connections) – this is called full mesh IBGP. IBGP uses split horizon rule (covered in
other question), which states that routes learned from one IBGP neighbor is never sent to the rest
of IBGP neighbors. That way, when you have full mesh IBGP, routing information loops will not
occur, because all routers have the same routing information.

============================================================

Prepared By Sheraz Arshad Email: [email protected]

Question : BGP Route reflector loop avoidance?

Routes learnt from One iBGP Peer cannot be advertised to another iBGP Peer. Here in the in
above figure Router B received prefix x form Router A cannot advertised to its IBGP neighbor
Router C.
In iBGP, the routes learnt from one iBGP neighbor are not advertised to another iBGP neighbor
due to the BGP Split Horizon Rule. To overcome the issues generated by this rule, one option is to
have a full mesh of iBGP routers, where each iBGP router is peering directly with all other iBGP
routers in the AS

As shown in figure below

Prepared By Sheraz Arshad Email: [email protected]

The solution is feasible if you have a small number of iBGP routers, but it will not scale if you need
a large numbers ‘500’ of iBGP speaking routers in the AS. Than you need another solution for it
that is a Route Reflector.

2.Route Reflector
A route reflector (RR) is a network routing component. It offers an alternative to the logical
full-mesh requirement of internal border gateway protocol (IBGP). A RR acts as a focal point for
IBGP sessions. The purpose of the RR is concentration. Multiple BGP routers can peer with a
central point, the RR - acting as a route reflector server - rather than peer with every other router
in a full mesh. All the other IBGP routers become route reflector clients

This approach, similar to OSPF's DR/BDR feature, provides large networks with added IBGP

Prepared By Sheraz Arshad Email: [email protected]

scalability. In a fully meshed IBGP network of 10 routers, 90 individual statements (spread
throughout all routers in the topology) are needed just to define the remote-AS of each peer: this
quickly becomes a headache to administer. A RR topology could cut these 90 statements down to
18, offering a viable solution for the larger networks administered by ISPs.
RR servers propagate routes inside the AS based on the following rules:
If a route is received from nonclient peer, reflect to clients only.
If a route is received from a client peer, reflect to all nonclient peers and also to client peers,
except the originator of the route. If a route is received from an EBGP peer, reflect to all client and
nonclient peers

Prepared By Sheraz Arshad Email: [email protected]

 ============================================================

Question : IGMP snooping ?

Multicast: IGMP snooping: What is the mechanism of IGMP snooping & the difference
with IGMP proxy? What is the IGMP shortcoming? Will snooping check all multicast
packet or not? & How to do it?
IGMP snooping
 It is a basic Layer 2 multicast function that forwards and controls multicast traffic at
Layer 2.
 Switch at the edge of the access layer forwards the multicast packets to receiver hosts. If
Switch does not run IGMP snooping, it broadcasts multicast packets at Layer 2. After
IGMP snooping is configured, Switch forwards multicast packets only to specified hosts.
 With IGMP snooping configured, Switch listens on IGMP messages exchanged
between Router and hosts. It analyzes packet information (such as packet type,
group address, and receiving interface) to set up and maintain a Layer 2 multicast
forwarding table, and forwards multicast packets based on the Layer 2 multicast
forwarding table.
 Limitation of IGMP Snooping: IGMP snooping device only analysis received IGMP
packet ,so it can establish MAC and port mapping table to forward data, but L2 device
cannot tell which muticast packet belong to IGMP packet , so it will sent to CPU, it will
cause CPU load.

Prepared By Sheraz Arshad Email: [email protected]

  IGMP Messages
o IGMP General Query message
o IGMP Report message
o IGMP Leave message
o IGMP Group-Specific/Group-Source-Specific Query message
 IGMP Snooping Ports
o Router port, Member port
 IGMP snooping’s purpose to avoid flooding un-necessary multicast traffic,
 IGMP snooping proxy ‘s purpose to reduce packet account from downlink to
uplink
IGMP Snooping Proxy:
 When IGMP snooping is configured on Switch, it forwards IGMP Query, Report, and
Leave
messages transparently to the upstream Router. When numerous hosts exist on the
network, redundant IGMP messages increase the burden of Router.
 With IGMP snooping proxy configured, Switch can terminate IGMP Query
messages sent from Router and IGMP Report/Leave sent from downstream hosts.
Switch functions as a host for its upstream device and a querier for its
downstream hosts. Layer 3 device considers that it interacts with only one user.
 IGMP snooping proxy function conserves bandwidth by reducing IGMP message
exchanges. o IGMP snooping proxy functions as a querier to process protocol
messages received from downstream hosts and maintain group memberships.
This reduces the load of the upstream Layer 3 device.
============================================================

Question : OSPF attributes and packet types ?

OSPF Packet Types

As we know routing procedure of OSPF protocol is: neighbor ship, completing database table
than routing table than forwarding. OSPF uses five different packets from neighbor table to
routing table.In OSI reference model the network layer attached its header to segment received
form transport layer become IP Packet. There is a filed for OSPF and EIGRP in this IP header,
known as OSPF/EIGRP packet.

Prepared By Sheraz Arshad Email: [email protected]

Prepared By Sheraz Arshad Email: [email protected]
If we use debug ip ospf packet we can look at the OSPF packet on our router. Let’s look at the
different fields we have:

R2#debug ip ospf packet

OSPF packet debugging is on

OSPF: rcv. v:2 t:1 l:48 rid:1.1.1.1

aid:0.0.0.0 chk:4D40 aut:0 auk: from FastEthernet0/0

V:2 stands for OSPF version 2. If you are running IPv6 you’ll version 3.

T:1 stands for OSPF packet number 1 which is a hello packet. I’m going to show you the different
packets in a bit.

L:48 is the packet length in bytes. This hello packet seems to be 48 bytes.

RID 1.1.1.1 is the Router ID.

AID is the area ID in dotted decimal. You can write the area in decimal (area 0) or dotted decimal
(area 0.0.0.0).

CHK 4D40 is the checksum of this OSPF packet so we can check if the packet is corrupt or not.

AUT:0 is the authentication type. You have 3 options:

0 = no authentication

1 = clear text

2 = MD5

AUK: If you enable authentication you’ll see some information here.

Prepared By Sheraz Arshad Email: [email protected]

Prepared By Sheraz Arshad Email: [email protected]
OSPF Attributes

Suppose we have a Multi-Access Network with Network ID 10.0.0.0/8. There is a change in DBD
packet of Router E it will send to all routers than all routers send LSR to Router E and Router E will
send LSU to all routers after receiving LSR, all routers also send LSU to Router E and in last
Router E sends LSAck to all routers and all routers also send LSAck to Router E. We have
configured OSPF in this multi-access network like point to point but this is not a good idea
because there is a chance of network choking in this case. Here the change is occur only in
Router E, What if there is a change in all routers A,B,C,D and F? Result is network Chock. As
shown in figure above there is no chance of data forwarding.

What is the solution than?

To overcome on it “Dijkstra” already provided the solution for this.

OSPF Over Multi-Access Network

In previous lecture we discussed Multi-Access network in this network OSPF was running like
point to point network that cause network chock burden router processor etc.. The behavior of
OSPF over Multi-Access network should be different from the behavior of Point to Point network.

Prepared By Sheraz Arshad Email: [email protected]

Every single router sends Hello to all OSPF routers in the network and as we know these packets
are multicast periodically to 224.0.0.5 in every 10 seconds and become neighbors of each other
after exchanging hello packet.
Every multi-access network has a Designated Router and Backup Designated Router.

For example, on multi-access networks, DR and BDR serve as the central point for exchanging
OSPF routing information. Each DRO router will exchange routing information only with the DR
and BDR, instead of exchanging updates with every router on the network segment. DR will then
distribute information to every other router inside the same area. This reduces OSPF traffic.

To send routing information to a DR or BDR the multicast address of 224.0.0.6 is used. DR or

BDR sends routing updates to the multicast address of 224.0.0.5. If DR fails, BDR takes over its
role of redistributing routing information.

Prepared By Sheraz Arshad Email: [email protected]

DR, BDR Election Criteria:
DR:
1. Router with the highest interface OSPF priority will become a DR. By default, all routers have a
priority of 1 and priority can be changed. Priority Value is form 0 to 255.
2. If there is a tie, a router with the highest router ID wins the election. In figure above Router A is
DR.

Note: Any router with priority 0 means is not participating in DR, BDR election.

BDR:
The router with the second highest OSPF priority or router ID will become a BDR.
Note: First 40 seconds after running OSPF, DR,BDR are elected.
Note: DR, BDR election done on the bases of Hello Packet.
After DR, BDR election if a router with highest priority 250 added in network than already elected
DR,
BDR are remains intact DR and BDR. And if, DR is down than BDR become DR and that newly
added router with highest priority, selected as a BDR. And if previous DR again up than it acts like
a DRO.

Note: Do not change DR, BDR for stability in network.

 DR and BDR are Adjacent Neighbors

 DR and DROs are Adjacent Neighbors
 BDR and DROs are Adjacent Neighbors
 DROs and DROs are only Neighbors

============================================================

Prepared By Sheraz Arshad Email: [email protected]

Question : A network of 100 routers, select the IGP with reason.(OSPF and ISIS,,, ) ?

Ans: You are supposed to tell advantages of OSPF and ISIS. Disadvantages of RIP.
Ans: can’t choose rip ,because convergence slowly, 16 hop limitation ,don’t support the big
network.cost is by hop,easy to make loop.
So choose between ospf and isis.recommand chose the ospf. Because OSPF can support
different layer,
we can put the good performance device in the core layer,
put the low performance device in the NSSA ,STUB layer, it can reduce the size of the route table.
ospf is easy to control the route. Ospf have the internal external ,E1 ,E2 route.

==================================================

Question : BGP attributes types

BGP route attributes are a set of parameters that further describe BGP
routes. Using BGP route attributes, BGP can filter and select routes.
Common attributes are as follows:
 Origin: A well-known mandatory attribute.
 AS_Path: A well-known mandatory attribute.
 Next_Hop: A well-known mandatory attribute.
 Local_Pref: A well-known discretionary attribute.
 Community: An optional transitive attribute.
 MED: An optional non-transitive attribute.

Prepared By Sheraz Arshad Email: [email protected]

  Originator_ID: An optional non-transitive attribute.
 Cluster_List: An optional non-transitive attribute.

ORIGIN:
The Origin attribute defines the origin of a route and marks the path of a BGP route. The Origin
attribute is classified into the following types:
IGP: A route with the Origin attribute IGP is an IGP route and has the highest priority. For
example, the Origin attribute of the routes injected to the BGP routing table using the network
command is IGP.
EGP: A route with the Origin attribute EGP is an EGP route and has the secondary highest
priority. Incomplete: A route with the Origin attribute Incomplete is learned by other means and
has the lowest priority. For example, the Origin attribute of the routes imported by BGP
using the import-route command is Incomplete

AS_PATH:

The AS_Path attribute records all the ASs that a route passes through from a source to a
destination in the distance-vector order. To prevent inter-AS routing loops, a BGP device does not
accept the EBGP routes of which the AS_Path list contains the local AS number. Assume that a
BGP speaker advertises a local route:
 When advertising the route to other ASs, the BGP speaker adds the local AS number to
the AS_Path list, and then advertises it to neighboring routers in Update messages.

 When advertising the route to the local AS, the BGP speaker creates an empty AS_Path
list in an Update message. Assume that a BGP speaker advertises a route learned in the

Prepared By Sheraz Arshad Email: [email protected]

 Update message sent by another BGP speaker:

 When advertising the route to other ASs, the BGP speaker adds the local AS number to
the leftmost of the AS_Path list. According to the AS_Path attribute, the BGP router that
receives the route can determine the ASs through which the route has passed to the
destination. The number of the AS that is nearest to the local AS is placed on the leftmost
of the list,and the other AS numbers are listed according to the sequence in which the
route passes through ASs.

 When advertising the route to the local AS, the BGP speaker does not change the
AS_Path attribute of the route. Assume that a BGP speaker advertises a route learned in
the Update message sent by another BGP speaker:

 When advertising the route to other ASs, the BGP speaker adds the local AS number to
the leftmost of the AS_Path list. According to the AS_Path attribute, the BGP router that
receives the route can determine the ASs through which the route has passed to the
destination. The number of the AS that is nearest to the local AS is placed on the leftmost
of the list, and the other AS numbers are listed according to the sequence in which the
route passes through ASs. When advertising the route to the local AS, the BGP speaker
does not change the AS_Path attribute of the route.

Topology description
 When R4 advertises route 10.0.0.0/24 to AS 400 and AS 100, it adds the local AS number
to the AS_Path list. When R5 advertises the route to AS 100, it also adds the local AS
number to the AS_Path list. When R1 and R3 in AS 100 advertise the route to R2 in the
same AS, they keep the AS_Path attribute of the route unchanged. R2 selects the route
with the shortest AS_Path when other BGP routing rules are the same. That is, R2
reaches 10.0.0.0/24 through R3

Prepared By Sheraz Arshad Email: [email protected]

NEXT_HOP:

The Next_Hop attribute records the next hop that a route passes through. The Next_Hop attribute
of BGP is different from that of an IGP because it may not be the neighbor IP address. A BGP
speaker processes the Next_Hop attribute based on the following rules:
 When advertising a locally originated route to an IBGP peer, the BGP speaker sets the
Next_Hop attribute of the route to be the IP address of the local interface through which
the BGP peer relationship is established.
 When advertising a route to an EBGP peer, the BGP speaker sets the Next_Hop attribute
of the route to be the IP address of the local interface through which the BGP peer
relationship is established.
 When advertising a route learned from an EBGP peer to an IBGP peer, the BGP speaker
does not change the Next_Hop attribute of the route.

Prepared By Sheraz Arshad Email: [email protected]

LOCAL_PREF:

Local_Pref attribute
 This attribute indicates the BGP preference of a router. It is exchanged only between
IBGP peers and not advertised to other ASs.
 This attribute helps determine the optimal route when traffic leaves an AS. When a BGP
router obtains multiple routes to the same destination address but with different next hops
from IBGP peers, the router prefers the route with the highest Local_Pref.

Topology description
R1,R2,R3 are IBGP Peers of each other in AS 100, R2 establish EBGP Peer with AS 200 and R3
establish EBGP Peer with AS 300. So R2 and R3 will learn route 10.0.0.0/24 from EBGP, R1
learns two routes to 10.0.0.0/24 from two IBGP peers (R2 and R3) in the local AS. Prefers R2
routing 10.0.0.0/24 to other ASs in AS100, it need configure the Local_Pref with R2 and R3: one
with Local_Pref value 300 from R2 and the other with Local_Pref value 200 from R3. R1 prefers
the route learned from R2.

Prepared By Sheraz Arshad Email: [email protected]

MED:

The MED attribute helps determine the optimal route when traffic enters an AS. When a BGP
router obtains multiple routes to the same destination address but with different next hops from
EBGP peers, the router selects the route with the smallest MED value as the optimal route if the
other attributes of the routes are the same. The MED attribute is exchanged only between two
neighboring ASs. The AS that receives this attribute does not advertise the attribute to any other
AS. This attribute can be manually configured. If the MED attribute is not configured for a route,
the MED attribute of the route uses the default value 0.
Topology description
 R1 and R2 advertise routes 10.0.0.0/24 to their respective EBGP peers R3 and R4. When
other routing rules are the same, R3 and R4 prefer the route with a smaller MED value.
That is, R3 and R4 access network 10.0.0.0/24 through R1

Prepared By Sheraz Arshad Email: [email protected]

COMMUNITY:

The Community attribute is a set of destination addresses with the same characteristics. It is
expressed as a 4-byte list and in the aa:nn or community number format.
 aa:nn: The value of aa or nn ranges from 0 to 65535. The administrator can set a specific
value as required. Generally, aa indicates the AS number and nn indicates the community
identifier defined by the administrator. For example, if a route is from AS 100 and its
community identifier defined by the administrator is 1, the Community attribute is 100:1.
 Community number: An integer that ranges from 0 to 4294967295. As defined in RFC
1997, numbers from 0 (0x00000000) to 65535 (0x0000FFFF) and from 4294901760
(0xFFFF0000) to 4294967295 (0xFFFFFFFF) are reserved. The Community attribute
helps simplify application, maintenance, and management of routing policies. With the
community, a group of BGP routers in multiple ASs can share the same routing policy.
This attribute is a route attribute and is transmitted between BGP peers without being
restricted by ASs. Before advertising a route with the Community attribute to peers, a BGP
router can change the original Community attribute of this route.
Well-known community attributes
 Internet: All routes belong to the Internet community by default. A route with this attribute
can be advertised to all BGP peers
 No_Advertise: A device does not advertise a received route with the No_Advertise
attribute to any peer.
 No_Export: A BGP device does not advertise a received route with the No_Export
attribute to devices outside the local AS. If a confederation is defined, the route with the
No_Export attribute cannot be advertised to ASs outside of the confederation but to other
sub-ASs in the confederation.

Prepared By Sheraz Arshad Email: [email protected]

  No_Export_Subconfed: BGP device does not advertise the received route with the
No_Export_Subconfed attribute to devices outside the local AS or to devices outside the
local sub-AS in a confederation.

BGP Routing Rules:

BGP routing rules

 The next-hop addresses of routes must be reachable.
 The PrefVal attribute is a Huawei proprietary attribute and is valid only on the device
where it is configured.
 If a route does not have the Local_Pref attribute, the Local_Pref attribute of the route uses
the default value 100. You can use the default local-preference command to change the
default local preference of BGP routes.
 Locally generated routes include the routes imported using the network or import-route
command, manually summarized routes, and automatically summarized routes.
• Summarized routes have a higher priority than nonsummarized routes.
• Manually summarized routes generated using the aggregate command have a higher priority
than automatically summarized routes generated using the summary automatic command.
• Routes imported using the network command have a higher priority than routes imported using
the importroute command.
 Prefers the route with the shortest AS_Path.
• The AS_Path length does not include AS_CONFED_SEQUENCE and AS_CONFED_SET.

Prepared By Sheraz Arshad Email: [email protected]

• An AS_SET counts as 1 no matter how many AS numbers the AS_SET contains
BGP does not compare the AS_Path attributes of routes after the bestroute as-path-ignore
command is executed.
 Prefers the route with the lowest MED.
• BGP compares only the MED values of routes sent from the same AS (excluding a
confederation sub-AS).That is, BGP compares the MED values of two routes only when the first
AS numbers in the AS_SEQUENCE attributes (excluding the AS_CONFED_SEQUENCE) of the
two routes are the same.
• If a route does not have the MED attribute, BGP considers the MED value of the route as the
default value 0. After the bestroute med-none-as-maximum command is executed, BGP
considers the MED value of the route as the maximum value 4294967295.
• After the compare-different-as-med command is executed, BGP compares the MEDs in the
routes sent from peers in different ASs. Do not use this command unless different ASs use the
same IGP and route selection mode, otherwise routing loops may occur.
• After the bestroute med-confederation command is executed, BGP compares the MED
values of routes only when the AS_Path does not contain external AS numbers (sub-ASs that do
not belong to a confederation) and the first AS number in
AS_CONFED_SEQUENCE is the same.
• After the deterministic-med command is executed, routes are not selected in the sequence in
which routes are received.
Load Balancing
 When there are multiple equal-cost routes to the same destination, you can perform load
balancing among these routes to load balance traffic.
 Equal-cost BGP routes can be generated for traffic load balancing only when the rules
before the attibutes "Prefers the route with the lowest IGP metric“ are the same

=========================================================

Question No : ISIS link types (2 times repeat)

Intermediate System-to-Intermediate System (IS-IS) Protocol, there are two types of networks:
point-to-point and broadcast. Unlike Open Shortest Path First (OSPF) Protocol, IS-IS does not
have other network types like non-broadcast and point-to-multipoint. For each type of network, a
different type of IS-IS Hello (IIH) packet is exchanged to establish adjacency. On point-to-point
networks, point-to-point IIHs are exchanged; and on broadcast networks (such as LAN), Level 1
or Level 2 LAN IIHs are exchanged. A frame-relay network that is running IS-IS can be configured
to belong to one of these network types, depending on the type of connectivity (Fully meshed,
Partially meshed, or Hub and Spoke) that is available between the routers through the cloud.

More basic detail

Note: There are two basics type of a network: 1- Point to Point and 2- Multi-access.
Point to Point: “A network, in which two devices can be connected and communicate with each
other.” If a network has 30 bits “/30” then host bits left 2 (formula for calculating host that is 22-2 =
4-2 = 2.) it’s an example of point to point network in which only two IP addresses are available for
hosts but it’s not a valid confirmation of point to point connectivity. Point to point confirmation that
you can get by knowing which protocol/encapsulation is running in the network. In point to point
network, encapsulation is always and only HDLC or PPP.

Multi-access: “A network in which two or more than two devices can be connected or

Prepared By Sheraz Arshad Email: [email protected]

communicate with each other.”
If a network has /30, /29, /28 and so on we get more hosts by doing this, mean it is a multi-access
network but it’s not a final confirmation that the network is multi-access or not. Multi-access
network confirmation that you can get by knowing which protocol/encapsulation is running in the
network. In multi-access network, encapsulation is Ethernet and Frame relay.

=========================================================

Question : How ISIS forms the adjacencies and what is the full process between two
devices to form the neighborship through different types (2 times repeat)

Neighborship Process:

Two routers running IS-IS need to establish a neighbor relationship before exchanging protocol
packets to implement routing. On different networks, the modes for establishing IS-IS neighbor
relationships are different.
In a broadcast network, routers exchange LAN IIHs to establish neighbor relationships. LAN IIHs
are classified into Level-1 LAN IIHs (with the multicast MAC address 01-80-C2-00-00-14) and
Level-2 LAN IIHs (with the multicast MAC address 01-80-C2-00-00-15). Level-1 routers exchange
Level-1 LAN IIHs to establish neighbor relationships. Level-2 routers exchange Level-2 LAN IIHs
to establish neighbor relationships. Level-1-2 routers exchange Level-1 LAN IIHs and Level-2

Prepared By Sheraz Arshad Email: [email protected]

LAN IIHs to establish neighbor relationships. In this example, two Level-2 routers establish a
neighbor relationship on a broadcast link.
 R1 multicasts a Level-2 LAN IIH (with the multicast MAC address 01-80-C2-00-00-15)
with no neighbor ID specified.
 R2 receives the packet and sets the status of the neighbor relationship with R1 to Initial.
R2 then responds to R1 with a Level-2 LAN IIH, indicating that R1 is a neighbor of R2.
 R1 receives the packet and sets the status of the neighbor relationship with R2 to Up. R1
then responds to R2 with a Level-2 LAN IIH, indicating that R2 is a neighbor of R1.
 R2 receives the packet and sets the status of the neighbor relationship with R1 to Up. R1
and R2 successfully establish a neighbor relationship.

The network is a broadcast network, so a DIS needs to be elected. After the neighbor relationship
is established, routers wait for two intervals before sending Hello PDUs to elect the DIS. Hello
PDUs exchanged by the routers contain the Priority field. The router with the highest priority is
elected as the DIS. If the routers have the same priority, the router with the largest interface MAC
address is elected as the DIS. In an IS-IS network, the DIS sends Hello PDUs at an interval of
10/3 seconds, and non-DIS routers send Hello PDUs at an interval of 10 seconds.
Differences between IS-IS Adjacencies and OSPF Adjacencies
 In IS-IS, two neighbor routers establish an adjacency if they exchange Hello PDUs. In
OSPF, two routers establish a neighbor relationship if they are in 2-Way state, and
establish an adjacency if they are in Full state.
 In IS-IS, a router whose priority is 0 can participate in a DIS election. In OSPF, a router
whose priority is 0 does not take part in DR election.
 In IS-IS, the DIS election is based on preemption. In OSPF, a router cannot preempt to be
the DR or BDR if the DR or BDR has been elected.

Prepared By Sheraz Arshad Email: [email protected]

Unlike the establishment of a neighbor relationship on a broadcast network, the establishment of
a neighbor relationship on a P2P network is classified into two modes: two-way mode and
three-way mode.
Two-Way Mode
 Upon receiving a P2P IIH from a peer router, a router considers the peer router Up and
establishes a neighbor relationship with the peer router.
 Unidirectional communication may occur. Three-Way Mode
 A neighbor relationship is established after P2P IIHs are sent for three times. The
establishment of a neighbor relationship on a P2P network is similar to that on a broadcast
network.

IS-IS Adjacencies:

Well, every routing protocol has differences, IS-IS is not the exception, it is a link state routing
protocol like OSPF but in order to create adjacency you must know it uses Areas: L1 and L2.

Now you can form adjacency with:

L1 Router connected to L1 Router = yes (L1 adjacency)

L1 Router connected to L1/L2 Router = yes

L1 Router connected to L2 Router = no

L1/2 Router connected to L2 Router = yes (L2 adjacency)

L2 Router connected to L2 Router = yes

L1/L2 Router connected to L1/L2 Router = yes (L1 and L2 Adjacency if Area matches otherwise

Prepared By Sheraz Arshad Email: [email protected]

L2 only)

NOTE: Take in consideration the the Area ID is important and it must match, also take in
consideration that the network type must match.

In IS-IS there are 3 states involved to form adjacency: Down, Initializing and UP.

1) Down is the first state, no hellos are being transmitted.

2) Initializing, is the second state, the routers have started to receive hellos packets from the
neighbor.

3) Up, the final step, the routers have created the neighborship because the router’s knows they
are receiving the hellos sent.

Question : Redistribution how the routing loop has been Prevent ? OR In question of RIP
and OSPF redistribution how the routing loop has been prevented ? (2 times repeat)

Redistribution: Allows different routing policies to communicate or it allows routing between

different routing policies. Its act like a translator, translate one administrative policy to another
one. For example:
if two languages Chinese and English, than it is used to translate Chinese to English and English
to Chinese.

In a link-state routing protocol, such as OSPF or IS-IS, a routing loop disappears as soon as the
new network topology is flooded to all the routers within the routing area. Assuming a sufficiently
reliable network, this happens within a few seconds.

Newer distance-vector routing protocols (BGP, DSDV, Babel) have built-in loop prevention: they
use algorithms that assure that routing loops can never happen, not even transiently. Older
routing protocols (RIP) do not implement the newest forms of loop prevention and only implement
mitigations such as split horizon, route poisoning and route filtering and tagging.

Redistribution Loop Prevention with tag:

Tags (Routing map)

=====================================================

Prepared By Sheraz Arshad Email: [email protected]

Question : IS-IS VS OSPF

 OSPF supports P2P, P2MP, NBMA, and multicast networks. IS-IS

supports only P2P and broadcast networks.

 OSPF works only at the network layer and the protocol number is 89

Prepared By Sheraz Arshad Email: [email protected]

When an OSPF neighbor relationship is established, the two routers check the mask,
authentication mode, Hello/dead interval, and area ID in Hello packets. The conditions for
establishing an IS-IS neighbor relationship are relatively loose.
 Establishing a neighbor relationship over an OSPF P2P link requires a three-way handshake.
Establishing an IS-IS neighbor relationship does require a three-way handshake. Huawei devices
are enabled with the three-way handshake function on an IS-IS P2P network by default, which
ensuring reliability for establishing the neighbor relationship.
 An IS-IS neighbor relationship has level 1 and level 2.
 The election of an OSPF DR/BDR is based on the priority and IP address. The elected DR/BDR
cannot be preempted. On an OSPF network, all DRothers establish full adjacency relationships
with DRs/BDRs, and establish 2-way adjacency relationships with each other. When the priority of
a router on the OSPF network is 0, the router does not participate in the DR/BDR election.
 The election of an IS-IS DIS is based on the priority and MAC address. The elected DIS can be
preempted. On an IS-IS network, all routers establish adjacency relationships with each other. If
the priority of a router on the IS-IS network is 0, the router can still participate in the DIS election
and just has a lower priority

Prepared By Sheraz Arshad Email: [email protected]

  IS-IS supports a few type of LSPs but provides good extension capabilities through the
TLV field contained in LSPs.

 SPF costs are calculated based on bandwidth. IS-IS supports the default cost, delay cost,
overhead cost, and error cost. IS-IS uses the default cost for implementation.

=====================================================

Question : QoS

Read Huawei HCIE book from 864 till end.

=====================================================

Prepared By Sheraz Arshad Email: [email protected]

Question : Describe the advantages and disadvantages of gateway at access layer and at
convergence layer.

Ans:

Prepared By Sheraz Arshad Email: [email protected]

LAB Question

1. Whether R4 will be able to reach R1.

2. Id the link between R2 and R4 broke down whether R4 will be able to reach R2 interface
connected to R1.

3. If the link between R2 and R4 is shutdown down whether it will reach R4 loopback
address.

Ans:

Prepared By Sheraz Arshad Email: [email protected]