Cisco Security Express Exam 500-651

I was recently asked to take the Cisco Security Express SA Exam 500-651.  This had its problems pre-March 2018 where many of the questions didn’t actually make sense!  I watched the videos (which along with the blueprint represents ALL the study material!).

Here is the mind map i made from watching the videos and prior to passing the exam!  Please ignore any spelling etc errors.  It was done in a rush so obviously no warranty provided!

S,

Cisco Security Express SA Exam 500-651

 

Study Notes : OSPF Throttling

These are my notes on OSPF Throttling for CCIE study.

SPF Throttling

This is a feature to delay running the SPF process which could be useful in unstable networks or for other reasons.  It works on the basis that the router controls when to run the shortest path first algorithm, and in a network where LSA are constantly being received can reduce the burden on the router.  The default for Cisco routers are spf-start & hold of 5secs, and max is 10sec.  There are 3 variables:

spf-start: The time between receiving an LSA and rerunning SPF calculation

spf-hold: The minimum delay AFTER running SPF, before allowing another recalculation.  This values doubles each time its referenced until its more than max-wait.

spf-max-wait: this is used for both the max wait between SPF calcs, and the time to pass before the network is considered stable.

Example Below
 R4#conf t
 Enter configuration commands, one per line. End with CNTL/Z.
 R4(config)#router ospf 1

R4(config-router)#timers throttle ?
 lsa OSPF LSA throttle timers
 spf OSPF SPF throttle timers

R4(config-router)#timers throttle spf ?
 Delay between receiving a change to SPF calculation in
 milliseconds

R4(config-router)#timers throttle spf 3000 ?
 Delay between first and second SPF calculation in milliseconds

R4(config-router)#timers throttle spf 3000 10000 ?
 Maximum wait time in milliseconds for SPF calculations

R4(config-router)#timers throttle spf 3000 10000 50000

R4# show ip ospf | in SPF
 Initial SPF schedule delay 3000 msecs
 Minimum hold time between two consecutive SPFs 10000 msecs
 Maximum wait time between two consecutive SPFs 50000 msecs
 Incremental-SPF disabled
 SPF algorithm last executed 00:17:44.824 ago
 SPF algorithm executed 11 times
 SPF algorithm last executed never ago
 SPF algorithm executed 0 times

R4#debug ip ospf spf statistic
 OSPF SPF statistics debugging is on
 ###I then shut, unshut an interface within the area several times.
 R4#
 *Apr 8 22:17:04.827: OSPF-1 MON : reset throttling to 3000ms next wait-interval 10000ms
 R4#
 *Apr 8 22:17:07.827: OSPF-1 STATS: Begin SPF at 2321.288ms, process time 468ms
 *Apr 8 22:17:07.827: OSPF-1 STATS: Last spf_time 00:36:45.964, wait_interval 3000ms
 *Apr 8 22:17:07.851: OSPF-1 MON : Setting next wait-interval to 10000ms <<< Sets to hold
 *Apr 8 22:17:07.851: OSPF-1 STATS: Schedule time 00:38:41.312, Next wait_interval 10000ms

R4#
 *Apr 8 22:17:32.067: OSPF-1 STATS: Begin SPF at 2345.528ms, process time 564ms
 *Apr 8 22:17:32.067: OSPF-1 STATS: Last spf_time 00:38:54.516, wait_interval 10000ms
 *Apr 8 22:17:32.079: OSPF-1 MON : Setting next wait-interval to 20000ms <<< Sets to double current hold
 *Apr 8 22:17:32.079: OSPF-1 STATS: Schedule time 00:39:05.540, Next wait_interval 20000ms

R4#
 *Apr 8 22:17:52.079: OSPF-1 STATS: Begin SPF at 2365.540ms, process time 588ms
 *Apr 8 22:17:52.079: OSPF-1 STATS: Last spf_time 00:39:05.540, wait_interval 20000ms
 *Apr 8 22:17:52.103: OSPF-1 MON : Setting next wait-interval to 40000ms <<< Sets to double current hold
 *Apr 8 22:17:52.103: OSPF-1 STATS: Schedule time 00:39:25.564, Next wait_interval 40000ms

R4#
 *Apr 8 22:18:32.107: OSPF-1 STATS: Begin SPF at 2405.568ms, process time 664ms
 *Apr 8 22:18:32.107: OSPF-1 STATS: Last spf_time 00:39:25.568, wait_interval 40000ms
 *Apr 8 22:18:32.123: OSPF-1 MON : Setting next wait-interval to 50000ms <<< Sets to Max-Age
 *Apr 8 22:18:32.123: OSPF-1 STATS: Schedule time 00:40:05.584, Next wait_interval 50000ms

R4#
 *Apr 8 22:19:22.127: OSPF-1 STATS: Begin SPF at 2455.588ms, process time 736ms
 *Apr 8 22:19:22.127: OSPF-1 STATS: Last spf_time 00:40:05.588, wait_interval 50000ms
 *Apr 8 22:19:22.151: OSPF-1 MON : Setting next wait-interval to 50000ms
 *Apr 8 22:19:22.155: OSPF-1 STATS: Schedule time 00:40:55.616, Next wait_interval 50000ms

###I waited for the max-age to time out then shut, unshut an interface within the area.
 *Apr 8 22:22:37.767: OSPF-1 MON : reset throttling to 3000ms next wait-interval 10000ms
 R4#
 *Apr 8 22:22:40.767: OSPF-1 STATS: Begin SPF at 2654.228ms, process time 776ms
 *Apr 8 22:22:40.767: OSPF-1 STATS: Last spf_time 00:40:55.616, wait_interval 3000ms
 *Apr 8 22:22:40.795: OSPF-1 MON : Setting next wait-interval to 10000ms
 *Apr 8 22:22:40.795: OSPF-1 STATS: Schedule time 00:44:14.256, Next wait_interval 10000ms

LSA Throttling

This is a feature to delay generating the same LSA (the same being link, type and originator).  There are 3 variables and these have the same functionality as the spf timers.  Start-interval, Hold-Interval an Max-interval.  The default values for Cisco are start 0Sec, hold and max of 5Secs each.

R1(config-if)#router ospf 1
R1(config-router)#timers throttle lsa 3000 10000 50000 
R1(config-if)#do show ip ospf | in LSA 
R1#show ip ospf | in LSA
 Initial LSA throttle delay 3000 msecs
 Minimum hold time for LSA throttle 10000 msecs
 Maximum wait time for LSA throttle 50000 msecs
 Minimum LSA arrival 1000 msecs
 LSA group pacing timer 240 secs

As well as throttling outbound, the command “timers lsa arrival {msec}” which will only process the first of the same LSAs with the time specified.  It is 1000 msec by default.

Putty – Auto Save Sessions

Problem

Remembering what happened in your last putty session!

Solution

Within Session > Logging > {all session output } insert the following

C:\Users\<user>\Documents\Projects\PUTTY SESSIONS\&H-&Y&M&D&T.log

It will save all session output into the folder specified with the filename of Host-Year-Month-Day-Time.log

Save this in the default profile to enable it for future use.

I am using putty Release 0.67

 

F5 – TCPDump Basics

Problem

Needing to monitoring the traffic on an F5.

Solution

Running a packet capture over SSH and then grabbing the file using sftp or winscp.

tcpdump -s0 -nni 0.0 host <Client_IP> and port <number> and host <VS_IP> -w /var/tmp/Monitor_Resets.pcap

 where:
-s0 gives the complete packet.
-nni disable service port lookups, dns lookups and specifies internal interface

 

All the rest of the options can be found at F5 here.

 

Cisco Firepower 6.1.0 Upgrade Fail

 

Problem

I hit this Firepower bug while upgrading two 5525x firepower modules to 6.1.0.  Everything appeared normal until i got to one of the 6.1.0 firepower images.

The error appeared in the sfr console logs as:

Cisco-Firewall# show module sfr log console

DB error - will retry: Cannot connect to DB at /usr/local/sf/lib/perl/5.10.1/SF/SFDBI.pm line 588.
DB error - will retry: Cannot connect to DB at /usr/local/sf/lib/perl/5.10.1/SF/SFDBI.pm line 588.
DB error - will retry: Cannot connect to DB at /usr/local/sf/lib/perl/5.10.1/SF/SFDBI.pm line 588.

Solution

This ties in with following bug at Cisco.com.

Re-imaging SFR module to 6.1 fails on ASA version 9.5(2) : CSCvb53856

An upgrade to the ASA software to 9.6 resolved the issue!