IPv6 universal/local bit
Muslimtech posted the following question on the IPv6 Link-local article:
“hi man
i want ask you Q About U\L Bit
i read that in Bsci
Universal/Local (U/L)
The seventh bit in an IPv6 interface identifier is referred to as the universal/local bit, or U/L bit. This bit identifies whether this interface identifier is universally or locally administered.
If the U/L bit is set to 0, the address is locally administered. The network administrator has overridden the manufactured address and specified a different address.
If the U/L bit is set to 1, the IEEE, through the designation of an ISP, has administered the address
i cant understand How U\L Bit = 0 i want Ex; About that
and whene he say “locally administered” mean
i use command to change mac address for interface ??
or what”
ICMP, Traceroute and CBAC
Lets say we got a router which is connecting to an insecure (Internet 
) network and we’d like to be able to do ICMP and Traceroute for troubleshooting but we dont want to create static ACLs. I for myself think it somehow feels a bit unsafe to allow everything the router needs for Ping and Traceroute and have it open all the time. Another option is to manually create the holes every time we need it or even remove the ACLs from the interface during that time but I dont really like one of those options. Additionally we dont want to allow the devices behind that router to be able to use Ping and Traceroute towards the Internet.
Based on those points CBAC could be a viable solution to have the router dynamically open the ports only when its needed and close them afterwards.
The sample network is simple:
R1 acts as a client in our internal network and R2 is the perimeter Router which is going to filter every traffic towards the internet, except locally generated ICMP and Traceroute packets. Just to keep it simple R2 will not permit anything else than Traceroute and ICMP but it shouldnt be a problem to change the configuration to allow other applications (HTTP or other stuff). Just keep in mind that for every session the router has to allocate 600 bytes and the more ACL entries the router has to work though the more CPU is needed so keep it as simple as possible 
Cisco’s Traceroute Implementation
Given this topic is very basic and small but its allways good to have those informations handy, you never know when you need it
Cisco’s Traceroute implementation uses a mix of UDP and ICMP packets. A Cisco devices sends 3 UDP packets (default) with an invalid port address and a TTL of 1. Since the TTL is set to one the first router in the path will send a time to live exceeded in transit message (ICMP Type 11, Code 0) back to the source, since its not the target of the packet but it cannot forward the packet to the next hope due to the TTL of 1.
After the device received the 3 ICMP packets it will send 3 UDP packets again but this time with a TTL of 2. The same process recurs until the destination is reached. The destination then will send destination unreachable (port unreachable) messages (ICMP type 3, code 3) instead of the time to live exceeded messages. The traceroute process then knows that it reached the destination and the process can be stopped.
The device can build the path to the destination based on the ICMP messages, since those messages use the interface towards the source device as their source address.
About
Im a network engineer working for an international medical company based in Basel, Switzerland. I began my professional life in 2000 after 4 years of an IT apprenticeship. I started as the Network Management System responsible with quite a lot other of other tasks inside the Cisco networking field. In 2005 I changed to my current employer where I changed my field of knowledge from part NMS part Networking to full time Networking. I also started to educate myself deeper into networking. After passing the CCNA and CCNP exams I wanted to go further with my education and took the CCIE R&S track instead of doing a school with lots of stuff Im not interested in
I started the CCIE journey in August 2007 with the first of 5 workshops at the Cisco Network Academy in Rapperswil and passed the CCIE in Brussels at 07th of May 2008.
During that time I wrote a lot of documents to keep the stuff I learned and I thought it might be an idea to make it public so it might help other people on their path through the Cisco Certifications. I hope this site gets useful not only for CCIE candidates but also for other networking professionals on their search for knowledge.
If you have any questions or want to contact me, please drop me a line to pashtuk at gmail.com
