Category: Router Config

Control Plane Protection in Cisco IOS

CoPP – Control Plane Protection or better Control Plain Policing. It is the only option to make some sort of flood protection or QoS for traffic going to control plane.

In the router normal operation the most important traffic is control plain traffic. Control plane traffic is traffic originated on router itself by protocol services running on it, destined to other router device on the network. In order to run properly, routers need to speak with each other. They speak with each other by rules defined in protocols and protocols are running in shape of router services.

Examples for this kind of protocols are routing protocols like BGP, EIGRP, OSPF or some other non-routing protocols like CDP etc..

CoPP

Control Plane Policing is QoS applied on ingress sub-interfacess towards Route Processor

When router is making BGP neighbour adjacency with the neighbouring router, it means that both routers are running BGP protocol service on them. BGP service is generating control plane traffic, sending that traffic to BGP neighbour and receiving control plane traffic back from the neighbour.

Usage of Control Plane Protection is important on routers receiving heavy traffic of which to many packets are forwarded to Control Plane. In that case, we can filter traffic based on predefined priority classes that we are free to define based on our specific traffic pattern.

| Continue Reading.. |

Mitigate DoS Attack using TCP Intercept on Cisco Router

This is really cool feature on Cisco router not usually mentioned until you dig a little deeper inside Cisco IOS. But first a bit of theory…

What is TCP SYN flood attack

TCP 3-way handshake

SYN flood DoS attack happens when many sources start to send a flood of TCP SYN packets usually with fake source IP.

This attack uses TCP 3-way handshake to reserve all server available resources with fake SYN requests not allowing legitimate users to establish connection to the server. SYN packet is the first step in TCP 3-way handshake. This is the step where client sends connection synchronization request to the server. Server receives TCP SYN from client, the server replies back with SYN ACK. SYN ACK acknowledges synchronization request.

In that moment server is waiting the client to complete the handshake by sending an ACK back to server to acknowledge the SYN ACK. With this third step, TCP session is successfully established and communication between server and client begins.

If the ACK is not received from the client side, server will wait for it for some time and then the session will timeout and get dropped. When the server deletes the session, his resources will be released.

TCP SYN flood attack

TCP SYN flood attack sends first packet of 3-way handshake SYN packet to server many times to cause the server to allocate resources for sessions that will never become established. It means that client who is attacking will never respond to server SYN ACK and the session will remain on the second step of 3-way.

| Continue Reading.. |

Saving Router Configuration to Server

VoIP protocols functionalityIf you want to store a backup copy of your router’s configuration on a TFTP server we have a simple solution for you. This article will explain all the commands needed to save backup configuration of a device to TFTP server. All this for Cisco and also for Juniper device.

CISCO

You need to make regular backups of your router configuration files and keep copies in a safe place. If you have a serious failure that damages a router’s hardware or software, the configuration will be destroyed. And anybody who has had to reconstruct a complex router configuration file from memory will tell you how difficult and stressful this task is. But if you have a backup of the last working configuration file, you can usually get a router working again within minutes of fixing any hardware problems.

| Continue Reading.. |

Use TFTP to configure a Router

If we want to send previously prepared configs commands to Router via TFTP we can do this in very simple way and in this article we will se how to do it on Cisco and Juniper device.

CISCO

When we use TFTP to download configuration commands to the router, he is not making an echo of each command which reduces overall time consumption, CPU consumption and increases speed.

In this example, we will configure this router by making it receive the file named RConfig from the server at 20.20.1.1 by using the Trivial File Transfer Protocol – TFTP. The router will use the whole file received via TFTP before entering all the commands into the running configuration. This is particularly good because some commands in the configuration process could prevent your access to the router by locking you out or disconnecting you from the network, but the rest of the commands might fix the issue. If you enter the same configurations manually using telnet or “configure t”, you would simply lock yourself out of the router and not be able to continue with your work. A usual example of this issue happens when you change an active access-list. When you enter the first line, the router puts an implicit deny at the end, which will break your connection. Entering commands by using TFTP avoids any of this kind of problem.

| Continue Reading.. |