Pages

Wednesday, November 13, 2013

STC(Spirent TestCenter) points to remember!!

Spirent TestCenter is a network testing solution designed to simulate and analyze network traffic in various network environments. It is commonly used by network engineers, testers, and developers to validate the performance, scalability, and reliability of network devices and infrastructure. Here's how Spirent TestCenter works:

1. **Traffic Generation**: Spirent TestCenter can generate various types of network traffic, including Layer 2 (Ethernet), Layer 3 (IP), Layer 4 (TCP/UDP), and Layer 7 (application-level) traffic. Users can configure traffic profiles, such as packet size, rate, protocols, and traffic patterns, to simulate real-world network conditions and traffic scenarios.

2. **Topology Configuration**: Users can create complex network topologies using Spirent TestCenter's graphical user interface (GUI) or scripting capabilities. The tool supports a wide range of network protocols and technologies, including Ethernet, VLANs, IP, MPLS, BGP, OSPF, and more. Users can define the layout of network devices, connections, and traffic flows within the test environment.

3. **Traffic Monitoring**: Spirent TestCenter provides real-time monitoring and analysis capabilities to capture and analyze network traffic. Users can view detailed statistics, performance metrics, and traffic patterns to assess the behavior and performance of network devices under test (DUTs). The tool offers various visualization tools, including charts, graphs, and histograms, to visualize traffic data and identify potential issues.

4. **Protocol Emulation**: Spirent TestCenter can emulate various network protocols and behaviors to simulate real-world network conditions. Users can configure protocol-specific parameters, behaviors, and configurations to emulate different network scenarios and test the interoperability and compatibility of network devices and protocols.

5. **Scalability Testing**: Spirent TestCenter supports testing at scale by allowing users to generate large volumes of traffic and emulate thousands or even millions of concurrent connections. This enables users to assess the scalability, capacity, and performance limits of network devices, such as switches, routers, firewalls, and load balancers.

6. **Automation and Scripting**: Spirent TestCenter offers extensive automation capabilities through scripting interfaces (such as Python and Tcl) and integration with test automation frameworks. Users can automate test scenarios, configure test setups programmatically, and integrate testing into continuous integration (CI) and continuous deployment (CD) pipelines.

Overall, Spirent TestCenter provides a comprehensive set of tools and features for network testing, validation, and performance analysis. It enables users to create realistic network environments, generate diverse traffic patterns, analyze network behavior, and assess the performance and reliability of network devices and infrastructure under various conditions.


Real-time capture is possible with only STC version of wireshark.

Break port test is possible only under port.

Raw and bound is customed traffic.

For configuring flows, we need to enable BFDS.

.tcc config can be used as .db

Single device can run multiple protocols same time.

TCP, ARP are emulated frames. Test frames contain signature field.

On the fly while running the test u can change load profile

Control plane packets will capture both send and rx packets in wireshark.

One test profile can have 4000 streamblocks

Hypermetrics CM module can have 32000 streams.

Each modifier can have one stream or the same modifier can be used for multiple streams.

Use streams option will create a separate stream for each variation.

Signature filed is used to track the frames in term of streams, sequencing of packets and latency information.

Each analyzer can analyze up to 64000 streams.

Control plane statistics: data which is generated by CPU like ARP, ICMP,PPP

STC software and firmware version must match.

Single port reservation is possible in case of 10GE port or HM CM module having version > 3.3X otherwise ports are reserved in multiple of two.

Individual ARP request result can be viewed under port traffic and counters -> arp nd results.

In bound stream, by default traffic is port based. Port-based mode means traffic will be shared.

By default analyzer set to analyze everything but it's basically looking for the stream ID.

Analyzer preload is new feature added in 3.50 version. It has an ability to detect dead streams and will know what kind of traffic to expect.This option is enabled under stream block.

Command sequencer record mode is a new feature added in STC in 3.50 version.

We cannot record conditional loops in command seq record mode.

An analyzer can distinguish between duplicate frames.

Real-time results refresh in 1 sec

Histogram – bucket histogram mode means basic sequencing.

Results mode can be changed in settings as well as in result pane.

In histogram mode, the only support is latency.

Use streams is equivalent to traffic streams  in traffic wizard

Results are overwritten everytime you save the file though STC will ask for the popup option to do so.

Port analyzer default filter is stream ID.

PGA requires PGA base package license.

To run batch mode, we use custom test wizard

A single port can have 32K devices.

Can have 4000 stream blocks profiles per test.

Devices and routes can be mixed in single stream block or port.

Raw and bound stream blocks can be mixed in single test.

Each port can provide counts and rates for 32K streams

Advantage of lab server:
-one tcp connection only
-more session based on the number of user connected.
-for overnight test.

Use of raw streams block:
-to create bad traffic
-want to simply send traffic irrespective of destinations.

The default ToS/DiffServ on Raw Stream block is 00 while the Bound Stream block is C0.
All packets associated with one particular steam have a signature field with the same stream ID.
Signature field is 20 bytes

How to make DUT as dhcp server
Config t
# ip dhcp pool spirent
# network 1.1.1.0 255.255.255.0

R# show ip dhcp bindings
Clear ip dhcp binding *

Stc can be configured as dhcp client or server .
Dhcp client : cisco router
#int g0/2
Ip dhcp client class-id abc

OSpf config in DUT
Ospf :
Router ospf 1
Network 192.168.11.0 0.0.0.255 area 0
Network 192.168.12.0 0.0.0.255 area 0

Show ip route
Show ip ospf int
Show ip ospf neighbor

Bigger the frame size, more is the latency but there will be less no of drops since the router has to process fewer packets.

BGP config in DUT.
BGP :
Router bgp 100
Neighbor 1.1.1.2 remote as 200
Neighbor 2.2.2.2 remote as 300

Show ip route
Show ip bgp summary
Show ip bgp
Show ip bgpo neighbors

4 byte as no is used if there are many AS numbers.

2 management ports in present in 9U Chasis.

AC failure means power cable is not connected. DC failure means AC power is not converted into DC power. This could be a serious issue.

In avalanche you need to install the license in your pc for the application you are running.
In STC one time the only license need to be installed.

CPU 5002A modules: each  8 port act as individual port: 8 core : default profile is l4/l7
CM modules: there are 4 port groups. Each port groups contains 2 ports. default is stc . Need to install l4/l7 package
DX : 4 port groups : 10 Gbps*4 = 40 Gbps
DX2 is single slot with 32 ports.
CM – 1G – D4 == dual 4 ports. 2 port groups. Dual == optical + electrical

If you are running through wizards, capture is disabled, you need to run manually for capture but through script it is possible.

Simple raw traffic is called data traffic.
Anything with routing and other protocols is called: control traffic

RFC 2544: benchmarking for network interconnected devices. L2/L3 switches

RFC 2889: Benchmarking Methodology for LAN Switching devices

RFC 2889: Methodology for IP Multicast Benchmarking

Spirent TestCenter is fully interactive: Control and data plane parameters can be changed dynamically, and real-time feedback can be received. All tests can be saved as configuration files for simplified test automation.

There are two classes of Spirent TestCenter packages:
-The Base packages provide software for testing network protocols.
-The Test packages provide software for testing based on well-defined test methodologies that are either RFC-based standards or developed by Spirent in working with its customers






Monday, November 11, 2013

A complete list of cmd commands.

Append
The append command can be used by programs to open files in another directory as if they were located in the current directory.The append command is not available in 64-bit versions of Windows 7.

Arp
The arp command is used to display or change entries in the ARP cache.

Assoc
The assoc command is used to display or change the file type associated with a particular file extension.

At
The at command is used to schedule commands and other programs to run at a specific date and time.

Attrib
The attrib command is used to change the attributes of a single file or a directory.

Auditpol
The auditpol command is used to display or change audit policies.

Bcdboot
The bcdboot command is used to copy boot files to the system partition and to create a new system BCD store.

Bcdedit
The bcdedit command is used to view or make changes to Boot Configuration Data.

Bdehdcfg
The bdehdcfg command is used to prepare a hard drive for BitLocker Drive Encryption.

Bitsadmin
The bitsadmin command is used to create, manage, and monitor download and upload jobs.
While the bitsadmin command is available in Windows 7, you should know that it is being phased out. The BITS PowerShell cmdlets should be used instead.

Bootcfg
The bootcfg command is used to build, modify, or view the contents of the boot.ini file, a hidden file that is used to identify in what folder, on which partition, and on which hard drive Windows is located.The bootcfg command was replaced by the bcdedit command beginning in Windows Vista. Bootcfg is still available in Windows 7 but it serves no real value since boot.ini is not used.

Bootsect
The bootsect command is used to configure the master boot code to one compatible with Windows 7 (BOOTMGR).The bootsect command is only available from the Command Prompt in System Recovery Options.

Break
The break command sets or clears extended CTRL+C checking on DOS systems.The break command is available in Windows 7 to provide compatibility with MS-DOS files but it has no effect in Windows 7 itself.

Cacls
The cacls command is used to display or change access control lists of files.Even though the cacls command is available in Windows 7, it's being phased out. Microsoft recommends that you use the icacls command instead.

Call
The call command is used to run a script or batch program from within another script or batch program.The call command has no effect outside of a script or batch file. In other words, running the call command at the Command Prompt will do nothing.

Cd
The Cd command is the shorthand version of the chdir command.

Certreq
The certreq command is used to perform various certification authority (CA) certificate functions.

Certutil
The certutil command is used to dump and display certification authority (CA) configuration information in addition to other CA functions.

Change
The change command changes various terminal server settings like install modes, COM port mappings, and logons.

Chcp
The chcp command displays or configures the active code page number.

Chdir
The chdir command is used to display the drive letter and folder that you are currently in. Chdir can also be used to change the drive and/or directory that you want to work in.

Chglogon
The chglogon command enables, disables, or drains terminal server session logins.Executing the chglogon command is the same as executing change logon.

Chgport
The chgport command can be used to display or change COM port mappings for DOS compatibility.Executing the chgport command is the same as executing change port.

Chgusr
The chgusr command is used to change the install mode for the terminal server.Executing the chgusr command is the same as executing change user.

Chkdsk
The chkdsk command, often referred to as check disk, is used to identify and correct certain hard drive errors.

Chkntfs
The chkntfs command is used to configure or display the checking of the disk drive during the Windows boot process.

Choice
The choice command is used within a script or batch program to provide a list of choices and return of the value of that choice to the program.

Cipher
The cipher command shows or changes the encryption status of files and folders on NTFS partitions.

Clip
The clip command is used to redirect the output from any command to the clipboard in Windows.

Cls
The cls command clears the screen of all previously entered commands and other text.

Cmd
The cmd command starts a new instance of the command interpreter.

Cmdkey
The cmdkey command is used to show, create, and remove stored user names and passwords.

Cmstp
The cmstp command installs or uninstalls a Connection Manager service profile.

Color
The color command is used to change the colors of the text and background within the Command Prompt window.

Command
The command command starts a new instance of the command.com command interpreter.The command command is not available in 64-bit versions of Windows 7.

Comp
The comp command is used to compare the contents of two files or sets of files.

Compact
The compact command is used to show or change the compression state of files and directories on NTFS partitions.

Convert
The convert command is used to convert FAT or FAT32 formatted volumes to the NTFS format.

Cscript
The cscript command is used to execute scripts via Microsoft Script Host.The cscript command is most commonly used to manage printing from the command line with scripts like prncnfg.vbs, prndrvr.vbs, prnmngr.vbs, and others.

Date
The date command is used to show or change the current date.

Debug
The debug command starts Debug, a command line application used to test and edit programs.The debug command is not available in 64-bit versions of Windows 7.

Defrag
The defrag command is used to defragment a drive you specify. The defrag command is the command line version of Microsoft's Disk Defragmenter.

Del
The del command is used to delete one or more files. The del command is the same as the erase command.

Diantz
The diantz command is used to losslessly compress one or more files. The diantz command is sometimes called Cabinet Maker.The diantz command is the same as the makecab command.

Dir
The dir command is used to display a list of files and folders contained inside the folder that you are currently working in. The dir command also displays other important information like the hard drive's serial number, the total number of files listed, their combined size, the total amount of free space left on the drive, and more.

Diskcomp
The diskcomp command is used to compare the contents of two floppy disks.

Diskcopy
The diskcopy command is used to copy the entire contents of one floppy disk to another.

Diskpart
The diskpart command is used to create, manage, and delete hard drive partitions.

Diskperf
The diskperf command is used to manage disk performance counters remotely.The diskperf command was useful for disk performance counter administration in Windows NT and 2000 but are permanently
enabled in Windows 7.

Diskraid
The diskraid command starts the DiskRAID tool which is used to manage and configure RAID arrays.

Dism
The dism command starts the Deployment Image Servicing and Management tool (DISM). The DISM tool is used to manage features in Windows images.

Dispdiag
The dispdiag command is used to output a log of information about the display system.

Djoin
The djoin command is used to create a new computer account in a domain.

Doskey
The doskey command is used to edit command lines, create macros, and recall previously entered commands.

Dosx
The dosx command is used to start DOS Protected Mode Interface (DPMI), a special mode designed to give MS-DOS applications access to more than the normally allowed 640 KB.The dosx command is not available in 64-bit versions of Windows 7.The dosx command (and DPMI) is only available in Windows 7 to support older MS-DOS programs.

Driverquery
The driverquery command is used to show a list of all installed drivers.

Echo
The echo command is used to show messages, most commonly from within script or batch files. The echo command can also be used to turn the echoing feature on or off.

Edit
The edit command starts the MS-DOS Editor tool which is used to create and modify text files.The edit is not available in 64-bit versions of Windows 7.

Edlin
The edlin command starts the Edlin tool which is used to create and modify text files from the command line.The edlin command is not available in 64-bit versions of Windows 7.

Endlocal
The endlocal command is used to end the localization of environment changes inside a batch or script file.

Erase
The erase command is used to delete one or more files. The erase command is the same as the del command.

Esentutl
The esentutl command is used to manage Extensible Storage Engine databases.

Eventcreate
The eventcreate command is used to create a custom event in an event log.

Exe2Bin
The exe2bin command is used to convert a file of the EXE file type (executable file) to a binary file.The exe2bin command is not available in 64-bit versions of Windows 7.

Exit
The exit command is used to end the Command Prompt session that you're currently working in.

Expand
The expand command is used to extract a single file or a group of files from a compressed file.

Extrac32
The extrac32 command is used to extract the files and folders contained in Microsoft Cabinet (CAB) files.The extrac32 command is actually a CAB extraction program for use by Internet Explorer but can be used to extract any Microsoft Cabinet file. Use the expand command instead of the extrac32 command if possible.

Fastopen
The fastopen command is used to add a program's hard drive location to a special list stored in memory, potentially improving the program's launch time by removing the need for MS-DOS to locate the application on the drive.The fastopen command is not available in 64-bit versions of Windows 7. Fastopen only exists in 32-bit versions of Windows 7 to support older MS-DOS files.

Fc
The fc command is used to compare two individual or sets of files and then show the differences between them.

Find
The find command is used to search for a specified text string in one or more files.

Findstr
The findstr command is used to find text string patterns in one or more files.

Finger
The finger command is used to return information about one or more users on a remote computer that's running the Finger service.

Fltmc
The fltmc command is used to load, unload, list, and otherwise manage Filter drivers.

For
The for command is used to run a specified command for each file in a set of files. The for command is most often used within a batch or script file.

Forfiles
The forfiles command selects one or more files to execute a specified command on. The forfiles command is most often used within a batch or script file.

Format
The format command is used to format a drive in the file system that you specify.Drive formatting is also available from Disk Management in Windows 7.

Fsutil
The fsutil command is used to perform various FAT and NTFS file system tasks like managing reparse points and sparse files, dismounting a volume, and extending a volume.

Ftp
The ftp command can used to transfer files to and from another computer. The remote computer must be operating as an FTP server.

Ftype
The ftype command is used to define a default program to open a specified file type.

Getmac
The getmac command is used to display the media access control (MAC) address of all the network controllers on a system.

Goto
The goto command is used in a batch or script file to direct the command process to a labeled line in the script.

Gpresult
The gpresult command is used to display Group Policy settings.

Gpupdate
The gpupdate command is used to update Group Policy settings.

Graftabl
The graftabl command is used to enable the ability of Windows to display an extended character set in graphics mode.The graftabl command is not available in 64-bit versions of Windows 7.

Graphics
The graphics command is used to load a program that can print graphics.The graphics command is not available in 64-bit versions of Windows 7.

Help
The help command provides more detailed information on other Command Prompt commands.

Hostname
The hostname command displays the name of the current host.

Hwrcomp
The hwrcomp command is used to compile custom dictionaries for handwriting recognition.

Hwrreg
The hwrreg command is used to install a previously compiled custom dictionary for handwriting recognition.

Icacls
The icacls command is used to display or change access control lists of files. The icacls command is an updated version of the cacls command.

If
The if command is used to perform conditional functions in a batch file.

Ipconfig
The ipconfig command is used to display detailed IP information for each network adapter utilizing TCP/IP. The ipconfig command can also be used to release and renew IP addresses on systems configured to receive them via a DHCP server.

Irftp
The irftp command is used to transmit files over an infrared link.

Iscsicli
The iscsicli command starts the Microsoft iSCSI Initiator, used to manage iSCSI.

Kb16
The kb16 command is used to support MS-DOS files that need to configure a keyboard for a specific language.The kb16 command is not available in 64-bit versions of Windows 7.

Klist
The klist command is used to list Kerberos service tickets. The klist command can also be used to purge Kerberos tickets.

Ksetup
The ksetup command is used to configure connections to a Kerberos server.

Ktmutil
The ktmutil command starts the Kernel Transaction Manager utility.


Friday, July 12, 2013

Miscellaneous

#Why Are OSPF Neighbors Stuck in Exstart/Exchange State?
The problem occurs most frequently when attempting to run OSPF between a Cisco router and another vendor's router. The problem occurs when the maximum transmission unit (MTU) settings for neighboring router interfaces don't match. If the router with the higher MTU sends a packet larger that the MTU set on the neighboring router, the neighboring router ignores the packet.
http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080093f0d.shtml

#OSPF Neighbor Problems Explained
http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094050.shtml?referring_site=bodynav

#What is the difference between a thread and a process?
Processes and threads are both fundamental concepts in operating systems and are used to execute tasks concurrently. However, they differ in several key aspects:

1. **Definition**:
   - **Process**: A process is an instance of a running program. It consists of the program code, associated data, and resources such as memory, file descriptors, and system resources. Each process has its own memory space and runs independently of other processes.
   - **Thread**: A thread is a lightweight unit of execution within a process. Threads share the same memory space and resources as the process that created them. Multiple threads within the same process can run concurrently and share resources such as memory, file descriptors, and I/O operations.

2. **Resource Usage**:
   - **Process**: Processes are heavy-weight entities that require their own memory space, address space, and resources. Each process has its own memory allocation, file descriptors, and other system resources.
   - **Thread**: Threads are light-weight entities that share the same memory space and resources within a process. Threads within the same process can communicate and share data directly without the need for inter-process communication mechanisms.

3. **Concurrency**:
   - **Process**: Processes are independent units of execution and run concurrently with other processes on the system. Inter-process communication mechanisms such as pipes, sockets, and shared memory are used to facilitate communication between processes.
   - **Thread**: Threads within the same process share the same memory space and resources and can execute concurrently. Threads can communicate and share data directly without the need for inter-process communication mechanisms.

4. **Creation Overhead**:
   - **Process**: Creating a new process involves significant overhead, including memory allocation, copying the process image, and setting up process-specific resources. As a result, creating a new process is relatively expensive.
   - **Thread**: Creating a new thread within a process is relatively lightweight compared to creating a new process. Threads within the same process share the same memory space and resources, so creating a new thread involves minimal overhead.

5. **Isolation**:
   - **Process**: Processes are isolated from each other and run independently. Each process has its own memory space and resources, which provides a level of isolation and protection.
   - **Thread**: Threads within the same process share the same memory space and resources and can access each other's data directly. There is no inherent isolation between threads within the same process.

In summary, processes and threads are both used for concurrent execution in operating systems, but they differ in terms of resource usage, concurrency model, creation overhead, isolation, and communication mechanisms. Processes provide stronger isolation between tasks, while threads provide lightweight concurrency within the same process.

A process is an executing instance of an application. What does that mean? Well, for example, when you double-click the Microsoft Word icon, you start a process that runs Word. A thread is a path of execution within a process. Also, a process can contain multiple threads. When you start Word, the operating system creates a process and begins executing the primary thread of that process.
It’s important to note that a thread can do anything a process can do. But since a process can consist of multiple threads, a thread could be considered a ‘lightweight’ process. Thus, the essential difference between a thread and a process is the work that each one is used to accomplish. Threads are used for small tasks, whereas processes are used for more ‘heavyweight’ tasks – basically the execution of applications.
Another difference between a thread and a process is that threads within the same process share the same address space, whereas different processes do not. This allows threads to read from and write to the same data structures and variables, and also facilitates communication between threads. Communication between processes – also known as IPC, or inter-process communication – is quite difficult and resource-intensive.

MultiThreading
Threads, of course, allow for multi-threading. A common example of the advantage of multithreading is the fact that you can have a word processor that prints a document using a background thread, but at the same time another thread is running that accepts user input, so that you can type up a new document.
If we were dealing with an application that uses only one thread, then the application would only be able to do one thing at a time – so printing and responding to user input at the same time would not be possible in a single threaded application.
Each process has it’s own address space, but the threads within the same process share that address space. Threads also share any other resources within that process. This means that it’s very easy to share data amongst threads, but it’s also easy for the threads to step on each other, which can lead to bad things.
Multithreaded programs must be carefully programmed to prevent those bad things from happening. Sections of code that modify data structures shared by multiple threads are called critical sections. When a critical section is running in one thread it’s extremely important that no other thread be allowed into that critical section. This is called synchronization, which we won't get into any further over here. But, the point is that multithreading requires careful programming.
Also, context switching between threads is generally less expensive than in processes. And finally, the overhead (the cost of communication) between threads is very low relative to processes.
Here’s a summary of the differences between threads and processes:
1. Threads are easier to create than processes since they don't require a separate address space.
2. Multithreading requires careful programming since threads share data structures that should only be modified by one thread at a time.  Unlike threads, processes don't share the same address space.
3.  Threads are considered lightweight because they use fewer resources than processes.
4.  Processes are independent of each other.  Threads, since they share the same address space are interdependent, so caution must be taken so that different threads don't step on each other. 
This is really another way of stating #2 above.
5.  A process can consist of multiple threads.

#Are MAC addresses only for devices with an ethernet interface?
No, this is a popular misconception. Even iPhones – which have no Ethernet interface – still have (and need) a MAC address.

MAC (Media Access Control) addresses are typically associated with devices that have Ethernet interfaces, as Ethernet is the most common technology that uses MAC addresses for addressing at the data link layer (Layer 2) of the OSI model. However, MAC addresses are not exclusive to Ethernet interfaces.

While Ethernet interfaces are the primary users of MAC addresses, other network technologies also utilize MAC addresses for addressing. Some examples include:

1. **Wi-Fi (IEEE 802.11)**: Wi-Fi devices also have MAC addresses associated with their wireless network interfaces. Wi-Fi frames use MAC addresses for addressing within the local wireless network.

2. **Bluetooth**: Bluetooth devices use Bluetooth MAC addresses for communication within the Bluetooth network. Bluetooth MAC addresses are used for addressing devices participating in Bluetooth connections.

3. **Token Ring**: Token Ring networks also utilize MAC addresses for addressing devices within the Token Ring network. Each device on a Token Ring network has a unique MAC address.

4. **Fiber Channel**: Fiber Channel networks use MAC addresses known as World Wide Port Names (WWPNs) for addressing devices within the Fiber Channel fabric.

While Ethernet interfaces are the most common devices associated with MAC addresses, other network technologies also use MAC addresses for addressing and identification purposes. The structure and format of MAC addresses are standardized across these different network technologies to ensure interoperability and compatibility.

#Puzzles:
http://programmerinterview.com/index.php/puzzles/introduction

#What is a virtual memory, how is it implemented, and why do operating systems use it?
Real, or physical, memory exists on RAM chips inside the computer. Virtual memory, as its name suggests, doesn’t physically exist on a memory chip. It is an optimization technique and is implemented by the operating system in order to give an application program the impression that it has more memory than actually exists. Virtual memory is implemented by various operating systems such as Windows, Mac OS X, and Linux.
So how does virtual memory work? Let’s say that an operating system needs 120 MB of memory in order to hold all the running programs, but there’s currently only 50 MB of available physical memory stored on the RAM chips. The operating system will then set up 120 MB of virtual memory, and will use a program called the virtual memory manager (VMM) to manage that 120 MB. The VMM will create a file on the hard disk that is 70 MB (120 – 50) in size to account for the extra memory that’s needed. The O.S. will now proceed to address memory as if there were actually 120 MB of real memory stored on the RAM, even though there’s really only 50 MB. So, to the O.S., it now appears as if the full 120 MB actually exists. It is the responsibility of the VMM to deal with the fact that there is only 50 MB of real memory.

#Memory corruption

Memory corruption refers to the unintended modification of data stored in computer memory. It occurs when a program writes to an area of memory that it does not have permission to access or modifies memory locations beyond the intended boundaries of data structures. Memory corruption can lead to various issues, including program crashes, data corruption, security vulnerabilities, and unpredictable behavior.

There are several common causes of memory corruption:

1. **Buffer Overflows**: A buffer overflow occurs when a program writes more data to a buffer (an allocated block of memory) than it can hold. This can overwrite adjacent memory locations, leading to memory corruption.

2. **Use-after-Free**: Use-after-free is a type of memory corruption that occurs when a program accesses memory that has been deallocated (freed). This can happen when a program continues to use a pointer to memory that has already been released, leading to unpredictable behavior.

3. **Dangling Pointers**: Dangling pointers occur when a program dereferences a pointer that points to invalid memory, typically because the memory has been deallocated or the pointer has not been properly initialized.

4. **Heap Corruption**: Heap corruption occurs when a program improperly manipulates memory allocated on the heap (dynamically allocated memory). This can happen due to bugs in memory allocation/deallocation routines or incorrect usage of pointers.

5. **Stack Smashing**: Stack smashing, also known as stack buffer overflow, occurs when a program writes beyond the bounds of a stack-allocated buffer. This can overwrite the return address, function pointers, or other stack metadata, potentially leading to code execution vulnerabilities.

Memory corruption can have serious consequences, including crashes, data loss, security vulnerabilities (such as buffer overflow exploits), and system instability. Detecting and fixing memory corruption issues is essential for maintaining the reliability, security, and integrity of software systems. Techniques such as bounds checking, memory sanitization, and static/dynamic analysis tools can help identify and mitigate memory corruption vulnerabilities.

Memory corruption occurs in a computer program when the contents of a memory location are unintentionally modified due to programming errors; this is termed violating memory safety. When the corrupted memory contents are used later in that program, it leads either to program crash or to strange and bizarre program behavior. Nearly 10% of application crashes on Windows systems are due to heap corruption.

Modern programming languages like C and C++ have powerful features of explicit memory management and pointer arithmetic. These features are designed for developing efficient applications and system software. However, using these features incorrectly may lead to memory corruption errors.
Memory corruption is one of the most intractable class of programming errors, for two reasons:
The source of the memory corruption and its manifestation may be far apart, making it hard to correlate the cause and the effect.
Symptoms appear under unusual conditions, making it hard to consistently reproduce the error.
Memory corruption errors can be broadly classified into four categories:
Using uninitialized memory: Contents of uninitialized memory are treated as garbage values. Using such values can lead to unpredictable program behavior.
Using un-owned memory: It is common to use pointers to access and modify memory. If such a pointer is a null pointer, dangling pointer (pointing to memory that has already been freed), or to a memory location outside of current stack or heap bounds, it is referring to memory that is not then possessed by the program. Using such pointers is a serious programming flaw. Accessing such memory usually causes operating system exceptions, which most commonly lead to a program crash. Strictly-speaking, if the memory access is a READ the issue may not be considered corruption because the memory is not modified.
Using beyond allocated memory (buffer overflow): If an array is used in a loop, with incorrect terminating condition, memory beyond the array bounds may be manipulated. Buffer overflow is one of the most common programming flaws exploited by computer viruses causing serious computer security issues (e.g. return-to-libc attack, stack-smashing protection) in widely used programs. One can also incorrectly access the memory before the beginning of a buffer.
Faulty heap memory management: Memory leaks and freeing non-heap or un-allocated memory are the most frequent errors caused by faulty heap memory management.

#SNMP agent error codes:
The agent reports that no errors occurred during transmission.
The agent could not place the results of the requested SNMP operation in a single SNMP message.
The requested SNMP operation identified an unknown variable.
The requested SNMP operation tried to change a variable but it specified either a syntax or value error.
The requested SNMP operation tried to change a variable that was not allowed to change, according to the community profile of the variable.
The specified SNMP variable is not accessible.
The value specifies a type that is inconsistent with the type required for the variable.
The variable does not exist, and the agent cannot create it.
Assigning the value to the variable requires allocation of resources that are currently unavailable.
An authorization error occurred.
The variable exists but the agent cannot modify it.

#SNMP engine ID
The SNMP engine ID is a unique string used to identify the device for administration purposes. You do not need to specify an engine ID for the device; a default string is generated using Cisco's enterprise number (1.3.6.1.4.1.9) and the mac address of the first interface on the device.

#Explain LAG. Why it is not supported on a half duplex port. What is a static LAG.
LACP does not support half-duplex mode. Half-duplex ports in LACP port channels are put in the suspended state.With a static link aggregate, all configuration settings will be setup on both participating LAG components.

#Layer 2 switches and bridges are faster than routers because they don’t take up time looking at the
network layer header information. Instead, they look at the frame’s hardware addresses before deciding to either forward, flood or drop the frame.

#There can be only one spanning-tree instance per bridge, while switches can have many.

#No data will be forwarded until convergence is complete.

#Following the type/length field is the actual data contained in the frame. After physical-layer and
link-layer processing is complete, this data will eventually be sent to an upper-layer protocol. In the
case of Ethernet, the upper-layer protocol is identified in the type field. In the case of IEEE 802.3,
the upper-layer protocol must be defined within the data portion of the frame, if at all. If data in the
frame is insufficient to fill the frame to its minimum 64-byte size, padding bytes are inserted to
ensure at least a 64-byte frame.

#Conversion
1 Bit = Binary Digit
8 Bits = 1 Byte
1024 Bytes = 1 Kilobyte
1024 Kilobytes = 1 Megabyte
1024 Megabytes = 1 Gigabyte
1024 Gigabytes = 1 Terabyte
1024 Terabytes = 1 Petabyte
1024 Petabytes = 1 Exabyte
1024 Exabytes = 1 Zettabyte
1024 Zettabytes = 1 Yottabyte
1024Yottabytes = 1 Brontobyte
1024 Brontobytes = 1 Geopbyte
1024 Geopbyte=1 Saganbyte
1024 Saganbyte=1 Pijabyte
Alphabyte = 1024 Pijabyte
Kryatbyte = 1024 Alphabyte
Amosbyte = 1024 Kryatbyte
Pectrolbyte = 1024 Amosbyte
Bolgerbyte = 1024 Pectrolbyte
Sambobyte = 1024 Bolgerbyte
Quesabyte = 1024 Sambobyte
Kinsabyte = 1024 Quesabyte
Rutherbyte = 1024 Kinsabyte
Dubnibyte = 1024 Rutherbyte
Seaborgbyte = 1024 Dubnibyte
Bohrbyte = 1024 Seaborgbyte
Hassiubyte = 1024 Bohrbyte
Meitnerbyte = 1024 Hassiubyte
Darmstadbyte = 1024 Meitnerbyte
Roentbyte = 1024 Darmstadbyte
Coperbyte = 1024 Roentbyte...

#What if I configure the administrative distance to be the same for two routing protocols? Will the router install routes from each routing protocol and allow me to load balance traffic?
http://bradhedlund.com/2007/12/31/two-routing-protocols-same-administrative-distance/

#What are the benefits of subnetting?
Subnetting helps reduce network traffic and the size of the routing tables. It’s also a way to add security to network traffic by isolating it from the rest of the network.

Q. What does the EIGRP stuck in active message mean?
A. When EIGRP returns a stuck in active (SIA) message
The route reported by the SIA has gone away.
An EIGRP neighbor (or neighbors) have not replied to the query for that route.
When the SIA occurs, the router clears the neighbor that did not reply to the query

#ospf area test and convergence
http://rekrowten.wordpress.com/2012/03/05/crazy-big-ospf-area-test-with-24-routers/

#adjacency issue in ospf
http://rekrowten.wordpress.com/2012/03/26/ospf-mtu-adjacency-establishment-problem/

#decision rules of route map
http://rekrowten.wordpress.com/2012/05/23/decision-rules-of-route-map/

#network layer convergence
http://rekrowten.wordpress.com/2012/07/16/convergence-at-network-layer/

#convergence of stp and rstp
http://rekrowten.wordpress.com/2012/07/23/convergence-of-stp-rstp-and-mst-part-2/

#convergence of HSRP,VRRP,GLBP
http://rekrowten.wordpress.com/2012/07/30/convergence-of-hsrp-vrrp-and-glbp-part-3/

#RIP convergence
http://rekrowten.wordpress.com/2012/08/13/convergence-of-protocol-rip-part-5/

#OSPF convergence
http://rekrowten.wordpress.com/2012/08/20/convergence-of-protocol-ospf-part-6/

#EIGRP convergence
http://rekrowten.wordpress.com/2012/09/03/convergence-of-protocol-eigrp-part-8/

#BGP multiple paths
http://rekrowten.wordpress.com/2013/06/14/bgp-multiple-best-paths/
























Wednesday, July 10, 2013

IP Fragmentation Q&A

#What is meant by IP fragmentation?
The breaking up of a single IP datagram into two or more IP datagrams of smaller size is called IP fragmentation.

#Why is an IP datagram fragmented?
Every transmission medium has a limit on the maximum size of a frame (MTU) it can transmit. As IP datagrams are encapsulated in frames, the size of IP datagram is also restricted. If the size of An IP datagram is greater than this limit, then it must be fragmented.

#Which RFCs discuss IP fragmentation?
RFC 791 & RFC 815 discusses about IP datagrams, fragmentation and reassembly.

#Is it possible to select an IP datagram size to always avoid fragmentation?
It is not possible to select a particular IP datagram size to always avoid fragmentation, as the MTU for different transmission It is possible, though, for a given path to choose a size that will not lead to fragmentation. This is called Path MTU Discovery and is discussed in the RFC 1191. The TCP transport protocol tries to avoid fragmentation using the Maximum Segment Size (MSS) option.

#Where an IP datagram may get fragmented?
An IP datagram may get fragmented either at the sending host or at one of the intermediate routers.

#Where are the IP datagram fragments reassembled?
The IP fragments are reassembled only at the destination host.

#How to prevent an IP datagram from being fragmented?
A IP datagram can be prevented from fragmentation, by setting the "don't fragment" flag in the IP header.

#What happens when a datagram must be fragmented to traverse a network, but the "don't fragment" flag in the datagram is set?
The datagram whose "don't fragment" flag is set is discarded, if it must be fragmented to traverse a network. Also, an ICMP error message is sent back to the sender of the datagram.

#Will all the fragments of a datagram reach the destination using the same path?
The different fragments of the same IP datagram can travel in either in the same path or in different paths to the destination.

#Will all the fragments of a datagram arrive at the destination system in the correct order?
The different fragments of a single IP datagram can arrive in any order to the destination system.

#What happens to the original IP datagram when one or more fragments are lost?
When one or more fragments of an IP datagram are lost, then the entire IP datagram is discarded after a timeout period.

#What is the minimum size of an IP fragment?
The minimum size of an IP fragment is the minimum size of an IP header plus eight data bytes. Most firewall-type devices will drop an initial IP fragment (offset 0) that does not contain enough data to hold the transport headers. In other words, the IP fragment normally need 20 octets of data in addition to the IP header in order to get through a firewall if the offset is 0.

#What are the limitations on the size of a fragment?
The size of an IP datagram fragment is limited by
The amount of remaining data in the original IP datagram
The MTU of the network and
Must be a multiple of 8, except for the final fragment.

#How is an IP datagram fragment differentiated from a non-fragmented IP datagram?
A complete IP datagram is differentiated from an IP fragment using the offset field and the "more fragments" flags. For a non-fragmented IP datagram, the fragment offset will be zero and the "more fragments" flag will be set to zero.

#How are the fragments of a single IP datagram identified?
The "identification" field in the IP header is used to identify the fragments of a single IP datagram. The value of this field is set by the originating system. It is unique for that source-destination pair and protocol for the duration in which the datagram will be active.

#How is the last fragment of an IP datagram identified?
The last fragment of an IP datagram is identified using the "more fragments" flag. The "more fragment" flag is set to zero for the last fragment.

#How is the length of a complete IP datagram calculated from the received IP fragments?
Using the fragment offset field and the length of the last fragment, the length of a complete IP datagram is calculated.

#How is an IP datagram fragmented?
In the following example, an IP datagram is fragmented into two. This same algorithm can be used to fragment the datagram into 'n' fragments.
The IP layer creates two new IP datagrams, whose length satisfies the requirements of the network in which the original datagram is going to be sent.
The IP header from the original IP datagram is copied to the two new datagrams.
The data in the original IP datagram is divided into two on an 8 byte boundary. The number of 8 byte blocks in the first portion is called Number of Fragment Blocks (NFB).
The first portion of the data is placed in the first new IP datagram.
The length field in the first new IP datagram is set to the length of the first datagram.
The fragment offset field in the first IP datagram is set to the value of that field in the original datagram.
The "more fragments" field in the first IP datagram is set to one.
The second portion of the data is placed in the second new IP datagram.
The length field in the second new IP datagram is set to the length of the second datagram.
The "more fragments" field in the second IP datagram is set to the same value as the original IP datagram.
The fragment offset field in the second IP datagram is set to the value of that field in the original datagram plus NFB.

#How a destination system reassembles the fragments of an IP datagram?
When a host receives an IP fragment, it stores the fragment in a reassembly buffer based on its fragment offset field.
Once all the fragments of the original IP datagram are received, the datagram is processed.
Upon receiving the first fragment, a reassembly timer is started.
If the reassembly timer expires before all the fragments are received, the datagram is discarded.

#What fields are changed in an IP header due to fragmentation?
The following IP header fields are changed due to IP fragmentation:
Total Length
Header Length
More Fragments Flag
Fragment Offset
Header Checksum
Options

#What happens to the IP options field when an IP datagram is fragmented?
Depending on the option, either it is copied to all the fragments or to only the first fragment.

#Which IP options are copied to all the fragments of an IP datagram?
If the most significant bit in the option type is set (i.e. value one), then that option is copied to all the fragments. If it is not set (i.e. value zero), it is copied only to the first fragment.