In this week's video, Charles looks at data loss prevention (DLP) policies within the Cisco Email Security Appliance (ESA), a security solution outlined in the SCOR (350-701) exam blueprint.

Enjoy the free training!

As we approach Thanksgiving Day here in the states, I've been reflecting on what I'm thankful for this year. Even though 2020 has been a very unique year, I'm thankful for lots of good things that have happened. Here are just a few examples: 

• My youngest daughter got married to a wonderful young man who we love like a son.
• We added another member (Mariam Said) to our KWTrain team.
• My family members (each of whom I love and am grateful for) are happy and healthy.
• And I'm thankful for YOU. Although this year has been a challenging one for many businesses, you've continued to look to us to help you advance your IT career. 

I pray that each of you have a blessed holiday season.

With a grateful heart,

Kevin

In the previous part of our OSPF series, we examined options for manually filtering routes. As we wrap up our look at advanced OSPF topics, we'll discuss default routes, and compare OSPFv2 with OSPFv3.

Default Routes

We have seen where OSPF can automatically generate a default route when needed. This occurs with some of our special area types. For example, of you configure a totally stubby area, of course a default route is required and OSPF generates this route automatically from the ABR.

In order to increase flexibility with your designs, default routes injected into a normal area can be originated by any OSPF router. To generate a default route, you use the default-information originate command.

This command presents two options:

• You can advertise 0.0.0.0 into the OSPF domain, provided the advertising router already has a default route.
• You can advertise 0.0.0.0 regardless of whether the advertising router already has a default route. This second method is accomplished...

In our previous blog post, we examined how OSPF can automatically filter routes through the use of special areas and LSA Types. But what about your options for manually filtering routes in OSPF? In this post, we will examine techniques that you can use at various points in the topology.

Filtering at the ASBR

One simple and effective method of filtering at the ASBR is the use of a distribute list. Here, we define the rules for route identification with an access list, and then reference this access list in the distribute list. 

Figure 1 - OSPF Topology

In this example, our Area 1 is configured as a normal, non-backbone area. You can clearly see this when you examine the routing table on ORL.

Note the two prefixes (E2) of 192.168.10.0 and 192.168.20.0. Let’s filter 192.168.10.0 at the ASBR of ATL.

Note how simple this configuration is. Let’s see if it worked by examining the route table of ORL once again:

The configuration worked perfectly and...

Last time, we began our look at advanced OSPF topics with the configuration of backbone and non-backbone areas. In this blog post, we'll look at the creation of more specific area types.

Stubby Area

Figure 1 - OSPF Topology

It is time to make our Area 1 from Figure 1 a stubby area. This is a simple configuration change. On each device in the area, we need to set the Area 1 as stub. Here is the configuration in our network:

This will cause a reset of the adjacency (as you might guess). After this change, it is time to check the OSPF route table and the OSPF database on ORL:

Just as we would hope, the routing table is smaller now! There is no longer the detail of the external prefixes from the ASBR. Instead we have a default route automatically generated by the ABR. This default route is needed, of course, because the routers in Area 1 still need to be able to access the remote prefixes (if needed).

Now it is time to examine the OSPF database. It is exactly what we would expect to...

The time has arrived to tackle some of the more advanced (and interesting) features of the Open Shortest Path First routing protocol. We begin by examining the configuration and verification of the different OSPF areas. This is an exercise that is not only fun, but it can really cement the knowledge down of how these areas function and why they exist.

OSPF LSA Types

Areas are a fundamental concept of OSPF. It is what makes the routing protocol, hierarchical, as we like to say.

There is a core backbone area (Area 0) that connects to normal, non-backbone areas. The backbone might also connect to special area types we will examine in detail in this chapter. This hierarchical nature of the design helps ensure the protocol is very scalable. We can easily reduce or eliminate unnecessary routing traffic flows and communications between areas if needed. Database sizes are also contained using this approach.

The Backbone and the Non-Backbone Areas

To review a bit from our previous blog...

Before we move on to more advanced topics, we'll wrap up this OSPF Basics series in Part 3. Here we'll examine LSA types, area types, and virtual links.

OSPF LSA Types

Link State Advertisements (LSA) are the lifeblood of an OSPF network. The flooding of these updates (and the requests for this information) allow the OSPF network to create a map of the network. This occurs with a little help from Dijkstra’s Shortest Path First Algorithm. 

Not all OSPF LSAs are created equal. Here is a look at each:

The Router (Type 1) LSA - We begin with what many call the “fundamental” or “building block” Link State Advertisement. The Type 1 LSA (also known as the Router LSA) is flooded within an area. It describes the interfaces of the local router that are participating in OSPF and the neighbors the local OSPF speaker has established.

The Network (Type 2) LSA - Remember how OSPF functions on an Ethernet (broadcast) segment. It elects a Designated Router...

In the previous blog post, we looked at a few fundamental OSPF concepts, including neighbor and adjacency formation. As we continue through the basics of OSPF, this post will examine router roles, timers, and metric calculation.

Designated Router (DR) and Backup Designated Router (BDR)

A designated router (DR) is the router interface that wins an election among all routers on a multiaccess network segment such as Ethernet. A backup designated router (BDR) is the router that becomes the designated router if the current designated router has a failure on the network. The BDR is the OSPF router with the second highest priority at the time of the last election. OSPF uses the DR and BDR concept to assist with efficiencies in the operations of OSPF.

Keep in mind that a given OSPF speaker in your network can have some interfaces that are designated and others that are backup designated, and others that are non-designated. If no router is a DR or a BDR on a given...

The OpenShortest Path First (OSPF) dynamic routing protocol is one of the most beloved inventions in all of networking, widely adopted as the Interior Gateway Protocol (IGP) of choice for many networks. In this blog series, you'll be introduced first to the basic concepts of OSPF and learn about its various message types and neighbor formation.

An Overview of OSPF

Where does the interesting name come from when it comes to OSPF? It is from the fact that it uses Dijkstra's algorithm, also known as the shortest path first (SPF) algorithm. OSPF was developed so that the shortest path through a network was calculated based on the cost of the route. This cost value is derived from bandwidth values in the path. Therefore, OSPF undertakes route cost calculation on the basis of link-cost parameters, which you can control by manipulating the cost calculation formula.

As a link state routing protocol, OSPF maintains a link state database. This is a form of a network...

One of the big announcements this week at Cisco Live was the launch of their new DevNet certification track. Cisco CEO Chuck Robbins reiterated the fact that knowledgeable engineers are always going to be in-demand. Contrary to what many believe, network automation and A.I. integration is not designed as a replacement for those skills, but rather these advancements allow the ability to manage numerous network devices and their services through software. For large scale networks, usage of API’s for automation is the way of the future.

The launch of this new certification track is aimed at joining the skills of software developers with network professionals, with the goal of accelerating the progress of network automation in organizations throughout the world.

Here's a breakdown of the current DevNet certification offerings:

DevNet Associate

This entry-level certification is accessible to those who are...