Many fans were very interested in yesterday's year-end summary of resources, and there were so many people who asked me for resources that they almost gave me a title.
There are still friends in need, you can click to get resources: they are all network engineers who have worked for several years, so please don’t write year-end summary like this again
Having said that, the year-end summary is also to better carry out the work plan for next year. If you don't give you hard arrangements, you don't know what you have been tossing this year.
On weekdays, many novices come to ask me questions, all of which are too basic, and I am too lazy to answer the basics... It is conceivable how weak the foundation of most Internet workers is.
Therefore, reviewing your technical level at the end of the year is also a top priority.
If you want to know how much your own technical level has improved this year, it is not enough to rely on written summaries, you have to rely on random tests.
What kind of random testing method? Of course it depends on the interview. During the interview, it is time to test your technical level.
Lao Yang is currently sorting out the interview questions of network engineers from several major manufacturers such as Cisco and Huawei. He feels that many people will need it in the next year.
Today, I will post 12 common network interview questions for Cisco network engineers. If the number of likes exceeds 30, I will continue to post questions from Huawei, Ruijie, and ZTE. Therefore, it still depends on whether the children like it or not.
When you look at the questions, it is also the time for you to think and improve.
Don't think that if you don't play with Cisco equipment, these are useless, don't be so narrow. The principles and underlying logic are shared by every manufacturer. If you can understand them all, why not go sideways?
Cisco network engineer interview questions 12 (with answers)
01 Now 6509 and 7609, the switching bandwidth of SUP720 has gone to 720G, can it be said that 7609/6509 can replace part of the status of GSR?
Answer: From a certain part of the function, it is possible. Previously, 6509 was mainly positioned as the core switch of the company's LAN, while GSR was positioned as the high-speed core routing device for the wide area network.
SUP720 of 7609 can provide 720G high-speed switching capability, MSFC3 and PFC3 provide high-speed routing processing capability and a large number of FEATURE, coupled with the new SIP+SPA high-speed wire-speed board on the 7600 series, it is fully capable of working as a core routing device, and is most suitable for aggregation and service provision routers.
With the development of technology and the emergence of CRS-1, GSR gradually converges from the core to the backbone. As the convergence of various high-speed and low-speed lines, both 7609 and GSR can be used in this respect.
However, 7609 and GSR are still fundamentally different in architecture. 7609 is developed from a switch. Internally, GSR decomposes data into standard cell exchanges. There are also differences in queuing and scheduling. Therefore, as a pure core router, GSR is better, because it has been tested for many years.
In terms of price, 7609 is still relatively expensive, and GSR is sometimes cheaper.
02 Which route does the routing table of ISIS level1 include? When there are multiple level-1-2 exits, where does it learn other routes and how to select routes?
Answer: ISIS level1 and level2 maintain LSD and SPF. The routing table of LEVEL1 is calculated by LSD of LEVEL1 through SPF, and only includes the detailed route of the local AREA and the default route sent by LEVEL-1-2 connected to it through the ATT bit.
When there are multiple LEVEL12s, each LEVEL12 sets the ATT bit in the outgoing LSP packet to indicate that it has routes to other AREAs, and when the LEVEL1 router receives this LSP, it selects the nearest LEVEL12 router to forward traffic.
03 MPLS L3 VPN, if I want two different VPNs to communicate in one direction, what should I do?
Answer: If it is the intercommunication between two VPNs, the routing information of the two VPNs can be exported to the same RT and imported to realize intercommunication.
If one-way access is required, a public VPN can be established, and the RTs of two VPNs can be exported, and both VPNs can access the public VPN.
04 Can you talk about the idea of cross-domain MPLS L3 VPN?
Answer: Both RFC2547bis and the latest rfc4364 have definitions for it. There are three main types, namely Option ABC.
Option A: back to back v** interconnection. Two *Ss are connected through back-to-back connections between VRFs, and static or dynamic routing can be selected for routing. This method is simple and practical, and is suitable for connections between different operators.
Option B: MeBGP vpnv4 connects two ASs and establishes MeBGP vpnv4 between ASBRs, and VPN routes are carried by MBGP, which has good scalability.
Option C: Multi-hop MeBGP between RRs Establish MEBGP between two ASs, but not on the ASBR, but between the RRs of the two ASs, which has better scalability and flexibility. But more complicated. To solve the next hop problem there is a label problem.
05 A user of MPLS L3 VPN needs to access the Internet, how to realize it? How many ways are there? What are the characteristics?
Answer: There are three types.
(1) Access to the Internet through VPN. The traditional method is: set up a centralized firewall to realize Internet access through NAT, which is simple and easy to implement, but it cannot distinguish Internet traffic from VPN traffic, and there are security problems. Or configure PACK LEAKING on the PE router.
(2) Independent INTERNET access provides independent INTERNET connection lines to each VPN SITE, and the CE router implements NAT to INTERNET. PE routers are required to provide independent lines or virtual circuits to CE, and PE routers must have the ability to access the INTERNE. The advantage is that VPN traffic can be separated from Internet traffic.
(3) Realize the Internet connection through a separate VPN, establish a separate VPN, inject the Internet default route and some routes, and realize VPN intercommunication on the PE router connected to the SIET that needs Internet access, so as to access the Internet. It is more complicated, but it can support various Internet access requirements.
06 What are the characteristics of L3 VPN and L2 VPN? Which model do you think is more promising in operation?
Answer: The PE router of L3 VPN needs to maintain the routing information of the customer VPN, and realize the routing selection and maintenance of each VPN, while the L2 VPN only establishes a transparent layer 2 channel between customers, does not maintain the information of the third layer, and is relatively less complicated than the L3 VPN.
L3 VPN has been used in the real environment for many years and is relatively mature. It is suitable for complex users with multiple sites. MPLS L2 VPN is used to replace traditional Layer 2 FR, ATM and other technologies, and is suitable for point-to-point interconnection or a small number of SITE connections.
Due to the convenient maintenance and high cost performance of L2 VPN, it should develop rapidly in recent years, and the traditional L3 VPN will not be eliminated in a short time.
07 Let’s talk about the difference between ISIS and OSPF in various aspects.
A: They have a lot in common, they are both link state routing protocols, both use the SPF algorithm, and VSLM converges quickly. There is no difference in terms of usage. In terms of protocol implementation, OSPF is based on the TCP/ip protocol cluster and runs on the IP layer.
08 What are the reasons for choosing ISIS and OSPF for a backbone network or MAN?
Answer: In terms of usability, both IGP protocols are acceptable, but for specific situations, after analysis, it may be concluded which protocol is better.
In terms of stability and reliability:
The backbone network requires high stability and reliability of the routing protocol, as well as fast convergence.
The OSPF protocol is based on the IP layer, so it can only support IP networks, and some IP-based attacks on the network will affect the normal operation of OSPF.
ISIS runs directly on the link layer, which can carry a variety of network types, and also has some natural advantages in preventing network attacks.
From the perspective of supported network scale:
Both OSPF and ISIS have the concept of network layering and the concept of area. OSPF has backbone area 0 and branch area, and ISIS has the corresponding concept of Level 2 and Level 1.
OSPF has common area, stub area, total stub area, NSSA area and other area types, while IS-IS is a simplified version of OSPF from the functional point of view, and only implements the backbone area (LEVEL2) and stub area (LEVEL1). Since its LEVEL1 accesses other area networks through the nearest L1/L2 router, routing sub-optimization problems are likely to occur.
In this way, some networking requires other methods to realize certain functions, such as:
In the process of constructing MPLS VPN, route penetration is required, which makes implementation and maintenance complicated.
Because ISIS uses PRC calculation when calculating routes, the ip prefix is used as the leaf node of the shortest spanning tree, while OSPF is built around links. In the same size area, ISIS is more stable and consumes less resources than OSPF, and it supports a larger network than OSPF.
In terms of flexibility:
The OSPF protocol is relatively flexible. The protocol is based on interfaces, supports comprehensive network types, and has mature technology. In the metropolitan area network, IGP is used to propagate user routes, and the networking equipment is complex. The focus is on the flexibility and compatibility of the protocol, and whether it can meet the needs of a large number of users for complex routing control. These are the strengths of OSPF, and OSPF is recommended.
For new maintenance, the OSPF protocol has been widely used in the metropolitan area network, especially the early network maintenance personnel are quite familiar with the OSPF protocol.
From the perspective of scalability:
ISIS has a rigorous structure and stable operation. IS-IS routers can only belong to one area, and do not provide direct support for NBMA and P2MP interfaces. ISIS has better scalability: ISIS can support multiple network layer protocols (OSPF only supports IP protocol);
ISIS regions can be smoothly translated, split, and merged without interruption of traffic; ISIS is based on TLV, and the protocol itself is easy to expand. In recent years, the ISIS protocol has been widely used in the backbone networks of major operators.
When choosing a protocol, you need to consider what kind of protocol is running in the original network. For example, some operators currently use ISIS at the backbone level, while OSPF is used inside the metropolitan area network.
In order to protect the continuity of the network, it needs to be considered when selecting the protocol type. For a new network, if all devices support ISIS, you can consider ISIS.
09 What are the common BGP route selection principles? How to use it together between the backbone network and the MAN?
Answer: BGP has many attributes, about 9 are used for routing selection, and the commonly used ones are LCALPREFERENCE, AS-PATH, MED, METRIC, and COMMUNITY.
In the connection between the backbone network and the MAN, the backbone network sends the default route or some detailed routes to the MAN, and the MAN sends the local routing information to the backbone network.
The receiving route is mainly controlled by setting the lcoal preference to control the uplink traffic sharing. If the detailed route sent from the backbone network has MED, it can also be controlled by the MED value.
The advertised routes control the distribution of backhaul traffic through the MED AS PATH. To publish routes, you can set COMMUNITY to indicate the origin of the route. When there are multiple egress links, BGP implements traffic sharing.
10 If BGP adds max path, which BGP routing attribute will apply this option before?
Answer: Before the last BGP router id.
11 Why is the backbone network pop and the MAN egress set as next-hop-self?
Answer: The backbone network and the MAN are connected through EBGP, and the backbone network route received by the MAN will not change the next hop of the route when it is sent to the internal IBGP neighbor.
The address of the next hop is the address of the backbone network device, and the IBGP internal router does not have its routing information, so all the next hops of the routes are unreachable. Only when the RR in the MAN sends the route to the IBGP neighbor must add next-hop-self to change the next hop of the route, the route can be reached.
12 There are four routers connected to each other between two ASs. One of the routers learns a network from EBGP and learns the same network from IBGP. Which route should I choose? Which attribute is affected? If the one I came from IBGP plus the MED is less than the one I came from EBGP, which one should I choose? Why?
Answer: Choose the EBGP one. If MED is added, choose the one with the lower MED.
Finishing: Lao Yang 丨 8-year senior network engineer , more network workers to improve dry goods, please pay attention to the official account: Network Engineer Club