This post brought back some ancient memories … and I’m always amazed how far we’ve got in the last 30 years. For me, it all started with an IBM 360, having 48K (forty eight kilobytes) of core memory in which it ran an operating system and three user partitions. Fortran IV was the only programming language and card reader the only input device.

Moving to a VAX 11/780 was a major improvement; it was a multitasking environment with real terminals. VAX was an interesting beast: the first step in the boot process was to start an embedded PDP-11 processor that read an 8” floppy disc and uploaded the microcode to the main CPU. The only drawback was that 30 users had to share 2M (two megabytes) of main memory and so I couldn’t crash the machine whenever I wanted.

Assuming you have the following configurations on R1 and R2:

hostname R1
!
interface Loopback 0
 ip address 10.0.0.1 255.255.255.255
!
interface Serial 0
 encapsulation ppp
 ip unnumbered Loopback0
 ip ospf 1 area 1
!
router ospf 1

I’ve received several e-mails responding to the mismatched OSPF subnet challenge. Some of the readers claimed that the configuration would work as-is; if you were one of them, I would advise you to do some lab tests the next time.

A few of the respondents also noted that it was more a review question than a challenge (since I’ve been writing about this topic a few days back), and everyone who decided the configuration has to be fixed has provided the correct solution: you have to configure the Fast Ethernet as a point-to-point OSPF interface and the routers stop complaining about the OSPF subnet mask mismatch.

One of my readers made an interesting observation in response to my “Knowledge or recipes” post: maybe network associates need recipes more than knowledge. My first reaction was to disagree; in my understanding, technicians work with recipes, engineers need to know what they’re doing and why. But then I tried to figure out what the term “networking associate” really means.

A while ago I've got an interesting question from one of the readers:

I'd like to be able to configure a set of routers to only be manageable from each other. Something like an access-class matching minimum packet TTL would probably be good enough, better if some connected routes could be tagged and access granted based on that. The idea is to keep router-by-router logins in case of routing problems, without opening up access too widely.

I did a few tests with IOS release 12.4(15)T and neither access-class nor control-plane policing recognizes the TTL field in ACL (various bits and pieces of IOS use the same data structures in different procedures, thus resulting in inconsistent behavior). Alternatively, you could deploy inbound access lists on all interfaces, but this is probably way too cumbersome to manage.

Someone recently asked me how to get the physical location of an IP address. One of the better (free) services available on the Internet is the IP2Location (demo) service.

This feature might come handy if you're trying to figure out who's attacking your application servers (when the TCP session has already been established). Denial-of-service attacks commonly use fake source IP addresses.

A few days after my “Knowledge or Recipes” post, Greg Ferro started his “Experience or Certifications” series with a radical “I would always choose certification over experience” approach that quickly moderated into “Knowledge is more fundamental than experience … but you need both”. It’s nice to see someone else thinking along the same lines as yourself.

You could get something like this only in a CCIE lab (I would hope): R1 and R2 should establish OSPF adjacency, but you cannot change or remove any of the existing configuration commands (you can add new commands).

A while ago cciepursuit described his problems with PPP-over-Frame Relay. Most probably his problems were caused by a static IP address assigned to the virtual template interface (this address gets cloned to all virtual access interfaces and IOS allows you to have the same IP address on multiple WAN point-to-point links). I recreated a very similar (obviously seriously broken) scenario in my lab using point-to-point subinterfaces over Frame Relay to simplify the setup.

The common wisdom says that the subnet mask mismatch will stop the OSPF adjacency from forming. In reality, the subnet mask is checked only on the multi-access interfaces and is ignored on point-to-point links. The source of this seemingly weird behavior is the Section 10.5 of RFC 2328, which says:

The generic input processing of OSPF packets will have checked the validity of the IP header and the OSPF packet header. Next, the values of the Network Mask, HelloInterval, and RouterDeadInterval fields in the received Hello packet must be checked against the values configured for the receiving interface. Any mismatch causes processing to stop and the packet to be dropped. In other words, the above fields are really describing the attached network's configuration. However, there is one exception to the above rule: on point-to-point networks and on virtual links, the Network Mask in the received Hello Packet should be ignored.