Beruflich Dokumente
Kultur Dokumente
0 (642-801)
Table of Contents
The Basics........................................................................................................................................................................ 4
Request for Comments (RFC) ....................................................................................................................................... 4
Cisco Hierarchical Internetworking Model ..................................................................................................................... 4
OSI Protocols ............................................................................................................................................................. 5
Routing ............................................................................................................................................................................. 5
Internet Protocol (IP) Addressing................................................................................................................................... 5
Classfull Addressing................................................................................................................................................... 6
Classless Addressing ................................................................................................................................................. 6
Connection and Non-Connection Protocols ............................................................................................................... 6
IP Helper Addresses .................................................................................................................................................. 7
Passive-Interface........................................................................................................................................................ 7
Network Address Translation (NAT) .............................................................................................................................. 7
RED and WRED ............................................................................................................................................................ 9
Internet Protocol Version 6 (IPv6).................................................................................................................................. 9
Routing Protocol Concepts .......................................................................................................................................... 10
Distance-Vector Routing Protocols .......................................................................................................................... 10
Link State Routing Protocols .................................................................................................................................... 10
Routing Protocol Types................................................................................................................................................ 11
Open Shortest Path First (OSPF) ................................................................................................................................ 12
OSPF Area Types .................................................................................................................................................... 12
Area 0 ....................................................................................................................................................................... 12
Stub and Totally Stubby Area .................................................................................................................................. 13
Router Types ............................................................................................................................................................ 13
LSA Types ................................................................................................................................................................ 14
Quick Review ........................................................................................................................................................... 14
Route Table Updates ............................................................................................................................................... 14
Traffic Types............................................................................................................................................................. 14
Network Types ......................................................................................................................................................... 15
Broadcast MultiAccess Networks............................................................................................................................. 15
OSPF Operations ..................................................................................................................................................... 15
OSPF Startup ........................................................................................................................................................... 16
Special Media........................................................................................................................................................... 16
Virtual Links .............................................................................................................................................................. 16
OSPF and Redistribution.......................................................................................................................................... 17
OSPF Commands (Single Area) Setup.................................................................................................................... 17
The Basics
Request for Comments (RFC)
RFCs are a series of numbered Internet informational documents and standards widely followed by commercial
software and freeware in the Internet and UNIX communities. They are unusual in that they are floated by technical
experts acting on their own initiative and reviewed by the Internet at large, rather than formally promulgated through an
institution or standards setting organizations. For this reason, they remain known as RFCs, even once they have been
adopted as official standards.
The RFC tradition of pragmatic, experience-driven, after-the-fact standards writing, done by individuals or small
working groups has important advantages over the more formal, committee-driven process typical of ANSI or ISO.
RFCs usually manage to avoid either the ambiguity often found in informal specifications, and the committeeperpetrated meaningless drivel that often haunts formal standards; and they define a network that has grown to truly
worldwide proportions.
If you really want to understand the history and mechanics of modern networking protocols, you should read the RFCs
that define them. Especially important RFCs to know for this exam include:
RFC 2328 OSPF
http://www.ietf.org/rfc/rfc2328.txt?number=2328
RFC 1142 IS-IS
http://www.ietf.org/rfc/rfc2328.txt?number=2328
RFC 1771 BGPv4
http://www.ietf.org/rfc/rfc1771.txt?number=1771
RFC 2460 IPv6
http://www.ietf.org/rfc/rfc2460.txt?number=2460
As an amusing aside, you might be interested to know that there exists a flourishing tradition of "joke" RFCs (generally
one a year, usually on April 1st). These include:
RFC 527 (ARPAWOCKY) - A sham technical document, written in the style of Lewis Carroll.
RFC 748 (Telnet Randomly-Lose Option) - A parody of the TCP/IP documentation style.
RFC 1149 (A Standard for the Transmission of IP Datagrams on Avian Carriers) - A deadpan skewering of
standards-document legalese, describing protocols for transmitting Internet data packets by carrier pigeon.
Remember that few RFCs are standards, but all Internet standards are recorded in RFCs.
This link is the starting point for RFC searches:
http://www.ietf.org/rfc.html
OSI Protocols
Created by the International Organization for Standardization (ISO) to develop standards for data networking, the
Open System Interconnection (OSI) protocols represent an international standardization program that facilitates multivendor equipment interoperability. In an OSI network there are four significant architectural entities: hosts, areas, a
backbone, and a domain.
Host Any non-routing host or node.
Area A logical entity formed by a set of contiguous routers and the data links that connect them.
Backbone - Many routing protocols use a hierarchical design that defines separate areas, connected through a
shared area, which forms a backbone.
Domain - Any portion of an OSI network that is under common administrative authority.
Routing
Internet Protocol (IP) Addressing
IP is a layer-3 routed protocol with two primary responsibilities: providing connectionless, best-effort delivery of
datagrams; and providing fragmentation and reassembly of datagrams to support data links with different maximumtransmission unit (MTU) sizes.
Addresses (IPv4) are 32 bits long, with the most significant bits specifying the network, as determined by a subnet
mask. This subnet is either derived from the first few bits of the address, or specified directly, depending on if you are
using classful (conforming to major address boundaries) or classless (further subnetting classful addresses)
addressing. IP addresses are written in dotted-decimal format, with each set of eight bits separated by a period. The
minimum and maximum packet headers for IP are 20 and 24 bytes, respectively with the actual length depending on
the application in use. Here is an excellent description of the primary fields:
http://www.erg.abdn.ac.uk/users/gorry/course/inet-pages/ip-packet.html
Here are the basic facts about the different classes of IP addresses:
IP
Address
Class
Purpose
HighOrder
Bit(s)
Few large
organizations
Medium-size
organizations
10
Relatively
small
organizations
110
Multicast
groups (RFC
1112)
1110
Default Subnet
Mask
Address Range
255.0.0.0
1.0.0.0 to
126.0.0.0
255.255.0.0
128.1.0.0 to
191.254.0.0
255.255.255.0
192.0.1.0 to
223.255.254.0
N/A
224.0.0.0 to
239.255.255.255
Experimental
1111
N/A
240.0.0.0 to
254.255.255.255
Remember that the default Subnet Mask is just that, a default; it can be adjusted as necessary (depending on the
routing protocol) by the network designer.
Classfull Addressing
This addressing scheme is commonly used where the subnet mask reflects the number of bits used to calculate the
default gateway (e.g., Class A 10.0.0.0 mask 255.X.0.0, Class B 172.0.0.0 mask 255.255.0.0, Class C 192.0.0.0 mask
255.255.255.0). RIPv1 and IGRP can only be used with a classfull addressing scheme.
Classless Addressing
CIDR - Classless Inter-Domain Routing - is used to conserve and use address space effectively (see VLSM). It is
required for route summarization to work correctly. Careful planning and implementation are both required. An easy
way to identify a classless address is to look at the subnet mask. You will commonly see a Class A address with a
Class B or C subnet mask. Some protocols require additional configuration to support discontiguous subnets. Link
state protocols support classless addressing. RIP version 1 and IGRP do not, because they do not pass subnet
information.
IP Helper Addresses
By default routers dont forward broadcast packets. The ip helper command is used to forward User Datagram
Protocol (UDP) broadcasts, including BOOTP packets, received on an interface. Since DHCP protocol information is
carried inside BOOTP packets, it is also supported. The ip helper command allows you to control which broadcast
packets a router forwards. The helper address is configured on the interface from which the BOOTP request is going
to be received, and references the final destination of the request packet.
The IP-HELPER command should be entered on the same interface that the BOOTP frame is received. It is converted
to a unicast message and forwarded to the specified destination. Here is a sample configuration:
ip helper-address X.X.X.X (where X.X.X.X is the destination IP)
Passive-Interface
When enabled on an interface, the PASSIVE-INTERFACE router command allows the interface to receive routing
updates, but does not allow it to forward routes out of the interface.
You should know that the passive interface feature behaves differently with different protocols. For most protocols,
passive interface stops the router from sending updates to a particular neighbor, but continues to listen and use routing
updates from that neighbor. However, on EIGRP and OSPF, passive interface causes the router to stop sending and
receiving hello packets, preventing the forming of peers.
The passive-interface command is applied at the global level and allows the specified interface to hear routing
updates, but not repeat them. This is used to control the propagation of routing updates.
Here is a sample configuration:
RouterA(config)# router rip
RouterA(config-router)# passive-interface serial 0
R2#show run
!
interface Ethernet0
ip address 192.168.12.2 255.255.255.0
no ip directed-broadcast
ip nat inside
!
interface Serial0
ip address 172.16.23.2 255.255.255.0
no ip directed-broadcast
ip nat outside
no ip mroute-cache
!
ip nat inside source static 192.168.12.1 172.16.23.1
Key
Protocol
Used by
Type
Metrics
Scalability
Range
RIP
IP
DV
Classfull
Hop count
15 Hops
RIPv2
IP
DV
Classless
Hop count
15 Hops
IGRP
IP
DV
Classfull
BDRL
EIGRP
IP, IPX
and
AppleTalk
Hybrid
Classless
BDRL
Thousands of routers
RTMP
AppleTalk
DV
N/A
Hop count
15 Hops
AURP
AppleTalk
DV
N/A
Hop count
IPX RIP
IPX
DV
N/A
Ticks/Hop
count
15 Hops
DV = Distance
Vector
LS = Link State
BDRL =
Bandwidth, Delay,
Reliability and
Load
DVDEE = Default
value, delay,
expense and errors
PV = Path-vector
NLSP
IPX
LS
N/A
Cost/Bandwidth
127 Hops
OSPF
IP
LS
Interior
Cost
IS-IS
IP
LS
Interior
DVDEE
Thousands of routers
BGP
IP
PV
Exterior
PA
Thousands of routers
PA = Path
attributes and other
factors
Area 0
The core backbone area for OSPF is area 0. One of the basic rules of OSPF
is that all areas must connect to area 0 (just as all roads lead to Rome). If
there is an area that is not contiguous with area 0, your only option is to use
a virtual-link. This will provide a tunnel through another area in order to
make it appear that the area is directly connected to area 0.
The main dictate in OSPF is that multiple areas must all connect directly to
Router Types
These include:
Internal Router (LSA Type 1 or 2) Internal routers are those that have all their interfaces in the same area,
whether that is area 0, or another. Having an identical link-state database and running a single copy of the
routing algorithm would be the defining characteristic of an internal router.
Backbone Routers There are routers that have at least one interface connected to area 0. This is simply an
internal router that happens to be in area 0.
Area Border Router (LSA Type 3 or 4) These are routers that have interfaces attached to multiple areas.
They maintain separate link-state databases for each area. This may require the router to have more memory
and CPU power. These routers act as gateways for inter-area traffic. They must have at least one interface in
the backbone area, unless a virtual link is configured. These routers will often summarize routes from other
areas into the backbone area.
Autonomous System Boundary Router (LSA Type 5 or 7) These are routers that have at least one
interface into an external network, such as a non-OSPF network. These routers can redistribute non-OSPF
network information to and from an OSPF network. Redistribution into an NSSA area creates a special type of
link-state advertisement (LSA) known as type 7. This router will be running another routing protocol besides
OSPF, such as EIGRP, IGRP, RIP, IS-IS, etc.
LSA Types
These include:
Router link entry - Type 1 LSAs, which broadcast only in a specific area. Contains all the default Link State
information. This information is generated by each router for each area to which it belongs. It describes the state
of the routers link to the area. The link status and cost are two of the descriptors provided. It sends information
about the routers links.
Network entry - Type 2 LSAs, which multicast to all area routers in a multi-access network by the Designated
Router (DR). They describe the set of routers attached to a particular network, and are flooded only within the
area that contains the network.
Summary entry - Type 3 and 4 LSAs. Type 3 LSAs have route information for the internal networks and are
sent to the backbone routers. Type 4 LSAs have information about the ASBRs. This information is broadcast by
the ABR, and it will reach all the backbone routers.
Autonomous system entry - This is a Type 5 or 7 LSA. These come from the ASBR and contain information
related to external networks. Type 7 LSAs are only found in NSSA areas. Type 5 LSA is flooded through all
autonomous systems except the stub, totally stubby and no so stubby area.
Quick Review
Just to make sure this sticks in your mind, here is a list of the OSPF area types and the LSAs they accept:
Area 0 (backbone) - LSA types 1, 2, 3, 4, 5
Non-backbone, non-stub - LSA types 1, 2, 3, 4, 5
Stub - LSA types 1, 2, 3
Totally Stub - LSA types 1, 2
Not-so-Stubby (NSSA) - LSA types 1, 2, 7
Traffic Types
These include:
Intra-area - Traffic passed between routers within a single area.
Inter-area - Traffic passed between routers in different areas.
External - Traffic passed between an OSPF router and a router in another autonomous system.
Network Types
When OSPF is enabled on an interface, it defines itself based on the physical network:
Broadcast - For FDDI, Ethernet and Token Ring.
Point-to-point For most conventional point-to-point WAN technologies.
Non-broadcast - For Serial, Frame Relay and ATM.
OSPF Operations
(Summary from RFC 2328):
Router starts and initializes the protocol, then waits for an indication that all the interfaces are up and
operational.
OSPF Hello Protocol is used to discover neighbors. OSPF sends and receives hello packets. On broadcast and
point-to-point networks, hello packets are sent via multicast AllSPFRouters address - 224.0.0.5. Non-broadcast
networks need neighbor configuration in order to form a proper adjacency.
A designated router (DR) is elected (if necessary) to determine which routers should be adjacent.
Routers form adjacencies with neighbors, and then synchronize their link-state databases. Routing updates are
only sent to adjacent neighbors, and routers send state updates, also known as Link State Advertisements
(LSAs).
All routers send their changes in the LSA to the 224.0.0.6 address, which is the address of all OSPF DR and
BDRs.
Flooding of LSAs throughout the area ensures that all link-state databases are identical. This database is used
to construct the shortest-path tree, and ultimately, the routing table.
OSPF Startup
After router1 startup, it is in down state. It doesnt have information about other routers. It sends hello packets
through its OSPF enabled interfaces to the multicast address 224.0.0.5.
All running routers add the router1 to their list of neighbors. This is the init state.
All routers that received the router hello packets send the unicast hello packet to the router1. The neighbor field
includes all neighbor router information.
Router1 adds received neighbor information to its neighbor table. This is two-way state.
The router realizes who are the DR and BDR.
Special Media
OSPF has some specialized functionality for certain configurations:
Demand circuits The Hello protocol sends and receives packets on set intervals. If Hello packets are not
received within 4 times of the hello interval (dead interval), the link will be torn down. This can cause issues
over ISDN links, because OSPF will keep the link up trying to form an adjacency. The solution to the problem is
the command, ip ospf demand-circuit. This stops router to router communication once their databases have
been exchanged.
Broadcast Media OSPF relies on multicast to function, and if it cannot, problems will result. Manual
configuration is required to ensure proper adjacencies over non-broadcast media. The neighbor <ip address>
command will ensure proper communications take place.
Virtual Links
All areas must have at least one router that is connected to the backbone. In some rare instances, you might have a
router that needs to cross another area to get to the backbone. To do this you need to create a virtual link. The virtual
link is not recommended, and is usually used during a migration. VLs have two main purposes:
Linking an area that does not have a physical connection to area 0.
As a patch, in the event the ABR that connects an area to the backbone fails.
VLs must be configured on both routers, and cannot be configured through stub areas. Below are the commands for
VLs:
Router(config-router)#area area-id virtual-link router id This is the most basic form of the command. To
display information about VLs on the router, use sh ip ospf virtual-links.
OSI CLNP
OSI connectionless network service is implemented by using the Connectionless Network Protocol (CLNP) and
Connectionless Network Service (CLNS) (both described in the ISO 8473 standard).
CLNP is an OSI network layer protocol that carries upper-layer data and error indications over connectionless
links. It provides the interface between the Connectionless Network Service (CLNS) and upper layers.
CLNS provides network layer services to the transport layer via CLNP. It does not perform connection setup or
termination because paths are determined independently for each packet that is transmitted through a network.
This contrasts with Connection-Mode Network Service (CMNS). In addition, CLNS provides best-effort
delivery, which means that no guarantee exists that data will not be lost, corrupted, misordered, or duplicated.
CLNS relies on transport layer protocols to perform error detection and correction.
Even though IS-IS is primarily used with TCP/IP, it was designed to be (and still is) an OSI CNLP protocol, with a
completely different set of transport methods, requiring a CLNP addressing structure in order to support the flow of ISIS packets. These are carried without any encapsulation. Normally one CLNP-based address is assigned to reach
router in the domain. This address (configured in the router configuration section) is software based (like a loopback
interface), which means it will not go down as long as the router is running. Because connectivity is based on CNLP
instead of IP, it is possible to have an IS-IS network that is at full convergence with all the routing traffic being passed,
but with no IP connectivity available.
Remember that CLNS is a network layer service that is used for peer communication. In this system, routers are
Intermediate Systems (IS) and hosts are called Host Systems (HS). Below is a description of the operation:
An End System (ES) does not have routing information; they discover routers through Intermediate System
Hellos (ISHs). An ES will also send hellos (ESHs), to help the protocol determine how best to optimally route
traffic.
There is no ARP or ICMP for CLNS, but there is an ES-IS protocol that provides these services. IS-IS is the
protocol for routing OSI, and operates at the data-link layer.
Hello
IS-IS makes use of two Hello packet formats: one for point-to-point links and one for LAN (broadcast) links. When two
routers disagree on the packet format, no adjacency can be formed. There is no equivalent of the 'IP OSPF
NETWORK' command in IS-IS; the network type is entirely dependent on the interface type:
Broadcast
Not supported
Point-to-point
Not supported
Metrics
Unlike OSPF, which uses a formula to determine a cost associated with each link, IS-IS uses an almost arbitrary cost
value. Valid metric settings for cost are between 1 and 63, the Cisco default metric value being 10 for all interfaces,
regardless of bandwidth (with the exception of the lo0 interface, which has a default metric of 0). It is often necessary
to modify this default metric to efficiently direct traffic flow across IS-IS backbones.
The total cost of a path is determined by adding all the costs en route. Originally, 1023 was the highest path cost, but
Cisco added the use of a 24-bit metric, deemed a wide metric, which now allows values to be between 1 and 224-1
(16,777,215).
There is an excellent discussion of IS-IS metrics on pages 110-112 of the Cisco Press book IS-IS Network Design
Solutions by Abe Martey.
The original IS-IS specification uses four types of metrics. Cost, being the default metric, is supported by all routers.
Delay, expense, and error are optional metrics.
The Cisco implementation uses cost only.
Basic Operation
Hello packets are sent out of all IS-IS interfaces to allow neighbors to be discovered, and adjacencies to be
established.
Adjacencies are formed when three main criteria are matched: authentication parameters, IS-type and MTU size.
Link-state packets (LSPs) are built for active interfaces, along with information from adjacent routers. Flooding
generally occurs to all adjacent neighbors.
Each router constructs a link-state database from these LSPs.
Each IS constructs a shortest-path tree, and uses this to build a routing table.
Adjacency Creation
Two routers will become neighbors if the following parameters are agreed:
Level 1 - The two routers sharing a common network segment must have their interfaces configured to be in the
same area if they are to have a Level 1 adjacency.
Level 2 - The two routers sharing a common network segment must be configured as Level 2 if they are in
different areas and want to become neighbors.
IS-IS on NBMA
IS-IS allows control of link state packet (LSP) flooding. This is vitally
important on meshed point-to-point links over NMBA. There are two ways to
reduce LSP flooding:
Block flooding at the interface level.
Configuration of mesh groups Mesh groups allow grouping of
interfaces. When an LSP is received on an interface that is a member
of a mesh group, the LSP is not forwarded to interfaces that are
members of the group (normally it would be forwarded out all
interfaces).
Router Types
Large routing domains use a two-level hierarchy. A large domain will be
divided into several areas, with each system residing in its own area.
Routing within a single area is referred to as Level 1 routing. Routing
between areas is called Level 2 routing. Routers can be Level 1, Level 2, or
support both functions (L1/L2).
Level 1 Intermediate Systems track routing within their areas. If a
Addressing
The protocol conveys both OSI network layer information, along with subnetwork addresses. The address identifies
either:
Network Service Access Point (NSAP) The interface between layers-3 and -4.
Network Entity Title (NET) The network layer entity for OSI IS.
Subnetwork addresses, also called Subnetwork Point-of-Attachment Addresses (SNPAs), are the physical
attachment points, and uniquely identify each system on the network. The SNPA is the 48 bit MAC address. Systems
transmit NSAP and NET to SNPA mapping information to help define the network.
The command SHOW ISIS DATABASE displays the IS-IS link state database; basically, the list of IS-IS Link State
Protocol Data Units (LSP) that the router has received on its IS-IS enabled interfaces.
An NSAP address consists of two parts: the initial domain part (IDP) and the domain specific part (DSP). The IDP
consists of a 1-byte authority and format identifier (AFI) and a variable-length initial domain identifier (IDI), and the
DSP is a string of digits identifying a particular transport implementation of a specified AFI authority. Everything to the
left of the system ID is the area address of a network node.
The big difference between NSAP addressing and IP addressing is that there will be a single NSAP address for the
entire router, whereas with IP there will be one IP address per interface.
Security
IS-IS provides the ability to configure a password for a specified link, area, or domain. Password exchange becomes a
prerequisite for routers to become neighbors. Passwords are passed in clear text. The three types are used for:
Link Authentication Between ISs in a common subnet. It is possible to use a separate configuration for L1 and
L2, but L1 is the default.
Area Authentication Between ISs in the same IS area.
Domain Authentication Only available on L2 and L1/L2 ISs.
Other Resources
The Cisco Press book IS-IS Network Design Solutions by Abe Martey is an excellent resource to learn more about
the IS-IS protocol.
Choosing Routes
DUAL selects primary and backup routes based on the composite metric, and guarantees that the selected routes are
loop free. The primary routes are then moved to a routing table. The rest (up to 6) are stored in the topology table as
feasible successors.
EIGRP uses the same composite metric as IGRP to determine the best path*. The default criteria (**) used are:
Bandwidth - The smallest bandwidth cost between source and destination.
Delay - Cumulative interface delay along the path.
Reliability - Worst reliability between source and destination based on keepalives.
Load - Utilization on a link between source and destination based on bits per second on its worst link.
MTU - The smallest Maximum Transmission Unit.
* Only Bandwidth and Delay are used by default.
** To help you remember, think of Bob Doesnt Really Like Me for Bandwidth, Delay, Reliability, Load and
MTU.
Protocol Dependence
EIGRP can provide routing services for IP, IPX, and AppleTalk. Each is managed by a different module, and maintains
a separate set of tables. The IPX EIGRP module is responsible for sending and receiving EIGRP packets that are
encapsulated in IPX. The Apple EIGRP module is responsible for AppleTalk packets. The IP EIGRP module is
responsible for IP packets. They route like strangers in the night, except they dont even exchange glances.
Tables
Tables include:
Neighbor table This contains the current configuration of all the routers immediately adjacent neighbors.
EIGRP keeps a table of adjacent routers for each of the protocols that are running (IPX, IP, and AppleTalk).
This table is responsible for maintaining all neighbor information: it holds the neighbors address and interface,
along with information required by RTP (sequence numbers and a transmission list), and round-trip information
to dynamically adjust transmission intervals. Remember that each protocol module maintains its own unique
neighbor table.
Topology table - This table is maintained by the protocol dependent modules, and is used by DUAL. It has all
the destination networks advertised by the other neighbor routers, and is a table of all the route entries the router
has learned. Each entry in the table includes the destination, and a list of all the neighbors that can reach it,
along with metric information and link costs. There are two states for a destination within the topology table:
active and passive. Each protocol module maintains its own topology table.
Routing table - EIGRP chooses the best routes to a destination network from the topology table and places
these routes in the routing table. EIGRP calculates the best route, or successor, from the topology table and
puts the entry in the routing table. Each protocol maintains its own routing table. The routing table contains:
How the route was discovered.
Destination network address and the subnet mask.
Metric Distance: This is the cost of the metric from the router.
Next hop address.
Route age.
Outbound interface.
Route Tagging
There are two types of routes within EIGRP: internal and external. Internal are originated within the AS. External are
learned from the outside (redistribution). External routes are tagged with the following:
Router ID of the router that performed the route injection.
AS number of the destination.
Load Balancing
EIGRP can have up to six parallel equal-cost paths for load balancing, with the variance command used to adjust the
metrics if there is a need to provide unequal-path load balancing.
Route Age
An important point to remember with EIGRP is that very old routes are to be expected in a healthy network. Since
updates only occur when there is a change, and change is bad (indicating an unstable network), like fine wines,
EIGRP routes should be seasoned by time. Here is a sample output from a show IP route on an EIGRP network.
Router#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
U - per-user static route, o - ODR
Gateway of last resort is not set
172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
D 172.16.0.0/16 is a summary, 4d06h, Null0
C 172.16.1.0/24 is directly connected, TokenRing0
C 192.168.4.0/24 is directly connected, Loopback3
C 192.168.5.0/24 is directly connected, Loopback4
D 10.0.0.0/8 [90/832000] via 172.16.1.3, 4d06h, TokenRing0
C 192.168.1.0/24 is directly connected, Loopback0
C 192.168.2.0/24 is directly connected, Loopback1
C 192.168.3.0/24 is directly connected, Loopback2
Router#
Notice that some routes have designations of 4d06h, which mean the routes are over four days old. Short aging
periods in an EIGRP network indicates change, and should be monitored carefully.
Stuck-in-Active
A stuck-in-active (SIA) condition occurs when a neighbor fails to reply to an EIGRP query for a better route within
three minutes. This causes the neighbor relationship of the router to be reset. There is an excellent description of this
problem in chapter 7 of Cisco Press Troubleshooting IP Routing Protocols by Shamim, Aziz, Liu and Martey.
Reasons for this condition can include:
The router is too busy to answer the query (generally due to high CPU utilization).
EIGRP Configuration
Router(config)#router eigrp autonomous system This enables the routing process for the specified AS. You
should remember that an EIGRP AS is not the same as a BGP AS number.
Router(config-router)#network network-number This associates networks with the router process. EIGRP
sends updates to the interfaces specified with the network statement. If you do not specify an interfaces
network, it will not be advertised.
Router(config-router)#auto-summary This enables auto summarization.
Router(config-router)#maximum-paths Sets the maximum paths (4 is the default).
Router(config-if)#ip summary-address eigrp as-number address mask This interface level command enables
summarization.
Router(config-router)#passive-interface interface This prevents EIGRP updates and hello packets from being
sent on the named interface.
Router(config-router)#variance metric-variance-multiplier Use this to allow load balancing over unequal cost
paths. This includes routes with a metric less than or equal to the multiplier times the minimum metric for the
route to the destination.
Verifying Operations
Router#show ip protocols Shows routing protocol information.
Router#show ip eigrp neighbors Displays neighbor information within the same AS.
Router#show ip eigrp interfaces Shows interfaces that are participating in the EIGRP process.
Router#show ip eigrp topology Shows the topology database.
The Cisco Press book EIGRP Network Design Solutions by Ivan Pepelnjak is an excellent resource for learning
EIGRP.
CIDR
BGPs effective use of Classless Inter-domain Routing (CIDR) has been a major factor in slowing the explosive
growth of the Internet routing table. A network is called a super-net when the prefix boundary contains fewer bits than
the networks natural mask.
Situations that may require BGP include:
Extremely large networks.
A network that is connected to more than one AS.
Networks that are connected to two or more Internet Service Providers.
When you have a unique routing policy that requires it.
If you manage the network for a major ISP.
When youre preparing for, or taking the CCIE Lab exam.
AS Numbers
On the Internet, an Autonomous System (AS) is a unit of router policy; meaning either a network or a group of
networks that is controlled by a common network administrator (or group of administrators) on behalf of a single
administrative entity (such as a university, a business enterprise, or a business division).
Networks within an AS communicate routing information to each other using an IGP. An Autonomous System shares
routing information with other Autonomous Systems using the BGP. An AS (sometimes referred to as a routing
domain) will be assigned a globally unique number, called an Autonomous System Number (ASN).
BGP routes carry a list of AS numbers between the source and destination called the AS path. You might want to think
of the AS paths as similar to a traceroute for IP, but instead of IP addresses, the route contains a list of AS numbers.
Each AS along the path prepends its AS number to the AS_PATH.
By default, BGP will choose one best path among the possible equal-cost paths learned from a remote AS, but this
can be changed. It is possible to load balance a single router in the local AS with multiple routers in a single remote AS
(a single homed BGP environment) using the maximum-paths command.
AS numbers from 64512-65535 are private AS numbers and are similar in fashion to the RFC 1918 IP addresses of
10.0.0.0/8; 172.16.0.0/16-172.31.0.0/16 and 192.168.0.0/24. These AS numbers arent used anywhere in the Core
BGP route tables, and are understood to be non-unique. They are used to keep the AS number requirement down.
Smaller BGP users will often use Private AS numbers, and then have them translated to public AS numbers by routers
upstream toward the core of the Internet. Many of the larger ISPs may have multiple public AS numbers. Smaller ISPs
will usually only have one public AS number.
Synchronization/Full Mesh
The synchronization rule states that BGP will not advertise routes to external neighbors learned via iBGP, unless the
IGP has knowledge of the destination. This means that BGP must either maintain a full mesh within an AS, or use
route reflectors to simulate this mesh.
With synchronization enabled (the default condition), BGP waits until the IGP has propagated routing information
across the Autonomous System before advertising transit routes to other ASs. This ensures networks are reachable
before eBGP advertises a route. This feature prevents routing blackholes, by ensuring consistency throughout the
routing domain.
This can be turned off using the Cisco IOS no sync command. But, this isnt recommended unless all the routers in
your AS are running BGP and are fully meshed, or if your AS isnt a transit AS. The inappropriate use of the no sync
command can cause non-BGP routers within an Autonomous System to receive traffic for destinations that they dont
have a route for.
Summarization
When BGP auto-summary is enabled (which it is by default) locally originated BGP networks are summarized at their
classfull address boundaries. When auto-summary is disabled, routes that are locally introduced into the BGP table
are not summarized at their classfull boundaries (obviously). When a subnet exists in the routing table AND there is a
classfull network statement for a network in the routing table AND a classfull mask on that network statement AND
auto-summary is enabled, then when any subnet of that network is put into the local routing table, BGP will install the
whole classfull network into the BGP table.
If the AS doing BGP does not own the complete classfull network, Cisco recommends disabling BGP auto-summary.
Peering
RFC 1771 specified four Border Gateway Protocol 4 (BGP-4) messages used by routers running BGP (BGP
speakers):
Initial Exchange The OPEN message passes the BGP version number, the AS of the sending router, an
identifier, the hold time, and a set of optional fields, including the parameter field length and the defined
parameter itself.
Updates Once the initial exchange is complete, the routers then send UPDATE messages. The initial update
is the entire routing table. Once the peers have passed all their routes, the updates are only done as needed.
These messages contain path information, along with attributes.
Keepalives BGP routers constantly ensure that all neighbors are reachable. This is done with a KEEPALIVE
message.
Notifications The NOTIFICATION message is sent when there are errors between the peers. This message
either terminates the negotiation, or gracefully closes the connection.
In eBGP peering, the next hop is the IP address of the neighbor that announced the route. However, when the route is
advertised on a multi-access media (such as Ethernet or Frame Relay), the next hop is usually the IP address of the
router interface connected to that media that originated the route.
BGP Attributes
BGP routes have properties, or attributes, that are used to determine the best route to a destination.
These properties include:
Weight A Cisco defined attribute that is known only to the local router. If more than one route exists to a
destination, the one with the highest weight will be preferred.
Local preference Used to prefer an exit from the local Autonomous System. The local preference attribute is
known throughout the AS, with the higher local preference chosen exit point.
AS_Path The ordered list of ASs through which an advertisement has passed. BGP uses this to prevent
loops, as it will never accept an advertisement that includes its own AS in the path.
Multi-exit Discriminator (MED) Allows an AS to advertise a preferred entry point to a neighbor AS.
Origin This describes how BGP has learned a route. There are three possible values:
IGP The route was learned within the AS. These are routes advertised via the network command.
EGP Routes learned via the External Gateway Protocol.
Incomplete - The route was redistributed into BGP.
Next-Hop-Self Command
The rules of BGP state that if a route is learned via iBGP, then the next-hop information does not change. With eBGP
peers, the next hop information is modified at each eBGP router (in each AS), so the next-hop appears as the
advertising router.
In a non-meshed environment where you know that a path exists from the current router to a specific address, the
BGP router command neighbor {ip-address | peer-group-name} next-hop-self can be used to disable next-hop
processing. This will cause the current router to advertise itself as the next hop for a specified neighbor, simplifying
the network. Other BGP neighbors will then forward packets for that destination to the current router.
This feature allows you to set BGP attributes for a BGP route reflector and turn off the next-hop calculation for eBGP
peers. This, in conjunction with iBGP Multipath Load Sharing, allows you to use an outbound route map to include
BGP route reflectors in the forwarding path.
This would not be useful in a fully meshed environment, since it will result in unnecessary extra hops where there may
be a more direct path.
Policy Routing
Policy routing is a means of managing routes and the paths used with manually configured rules. It makes routing
decisions based on a variety of parameters such as source address or source and destination address rather than just
destination address alone. Policy routing can be used to manipulate traffic inside an AS or between ASs. Policy
routing has many of the same drawbacks as static routing.
Route Dampening
A network that has a router with flapping routes (routes that go up and down) can often cause problems, as the BGP
routers must continuously update their routing tables. Route dampening is used to control this route instability.
Dampening classifies routes as "well-behaved" or "ill-behaved" based on their past reliability and penalties are
assigned each time a route flaps. When a set penalty is reached, BGP suppresses the route until it is well behaved
and trusted again. There is no penalty limit at which a route is permanently barred from joining the domain. Route
dampening is not enabled by default.
Commands:
bgp dampening - Enables route dampening for BGP.
clear ip bgp dampening address mask - Use the clear command to reverse dampening.
show ip bgp flap-statistics -Use the flap-statistic command to show flapping routes.
clear ip bgp flap-statistics - Use the clear command to clear the statistics.
Route Distribution
Static Routes BGP is one method of dealing with flapping networks and preventing BGP instability. The drawback
with static routes is BGP will show the route to be active even if the route is down. Static routing with BGP enables the
route to always be advertised and always in the routing database. Use the redistribute static command and use the
following syntax to distribute static routes.
router bgp 100
neighbor 131.108.0.0 mask 255.255.0.0
neighbor 131.108.32.5 remote-as 300
redistribute static
ip route 10.0.0.0 0.255.255.255 null 0
null 0 is a null interface. With the configuration above it will cause any packet destined for the 10.x.x.x network to be
discarded.
Default Route (Gateway)
0.0.0.0
is the default gateway. It is also the gateway of last resort, usually an interface on the border router
leading to your ISP. Use the following syntax:
ip route 0.0.0.0 0.0.0.0 s1
Multi-Homing BGP
Running BGP connected to multiple ISPs is called multi-homing. There are several ways to implement multi-homing,
including:
Receiving full Internet routes (this requires huge amounts of memory and processing power).
Receiving directly connected routes (which will only give you your ISP networks, along with a default route, but is
much easier on the router resources).
Receiving default routes only (this is preferable when your router has minimal memory and processing power,
and usually gets the job done if you are just looking for redundancy).
There is an excellent Cisco document on this topic at:
http://www.cisco.com/warp/public/459/27.html
BACKDOOR configurations
The BACKDOOR argument of the NETWORK command changes the normal eBGP Administrative distance on a link
(20, by default) to the AD of an iBGP route (200, by default), thus making an IGP route preferred for a local link. This
is done when you must use BGP, but an IGP route is more efficient locally. There is an excellent example of this
statement being used in a configuration on page 326 of the Cisco Press book Internet Routing Architectures by Sam
Halabi. To enable a backdoor route, use the following command.
Network address backdoor
Basic Configuration
Router(config)#router bgp Autonomous System This command enables the bgp process on a router, and
assigns an AS number.
Router(config-router)#neighbor ip address remote-as autonomous-system This designates the neighbor with
its IP address, along with the AS of the peer. Note that this statement is how BGP determines whether the peer
is an Internal or External peer. An internal peer is configured with the same AS as the router itself. An external
peer has another AS.
Router(config-router)#network net-address mask netmask This command tells BGP to advertise this route to
neighbors. Note that BGP will only advertise this route if it knows how to reach it (if it is in its routing table). If
the destination cannot be reached by the router, this will not be advertised.
Summary Routes
Use the aggregate-address command to summarize network routes.
Syntax:
Aggregate-address address mask
or
Aggregate-address address mask summary-only
There are more variations of this command.
Statistic Commands
Show ip bgp summary - Use the summary argument to display the status of all BGP connections.
Show ip bgp paths - Use the paths argument to view the BGP database.
Show ip bgp neighbors address - Provides a detailed list of the bgp neighbors and the TCP information.
Verifying Operations
Show ip bgp neighbor This command will show information about the BGP neighbors, and the current state.
An ESTABLISHED state indicates that peer relationship is established, and routes are being exchanged.
Show ip bgp This gives information about the BGP process, Network Layer Reachability Information
(NLRI), attributes, and path information.
The Cisco Press books Internet Routing Architectures, 2nd edition by Sam Halabi, Routing TCP/IP, volume 2
by Jeff Doyle and the Cisco BGP-4 Command and Configuration Handbook by William Parkhurst are excellent
resources for BGP.
Redistribution
It is not always possible or desirable to use a single routing protocol on your entire Internetwork. In this case, you will
need to implement a way of passing the networks learned by one routing protocol into another so that every server,
host and networked device can find every other. Redistribution provides this tool.
Steps for Redistribution:
1. Enable the relevant routing protocols on the border routers.
2. Specify the networks to be advertised within each specific routing entry domain.
3. Determine how you want to redistribute (one- or two-way).
4. Determine what metrics need to be established to facilitate redistribution, and, if the protocol being
redistributed into is OSPF, that the "subnet" parameter is being used.
5. Apply any distribute-lists, if required.
6. Apply any route-maps, if required.
7. Address any VLSM/FLSM issues that remain.
Metric
Value
bandwidth
A value based on the bandwidth of a specific interface; for example, 10000 for
10Mbps Ethernet.
delay
reliability
loading
MTU
The following output shows an EIGRP router redistributing static, OSPF, RIP, and ISIS routes using the defaultmetric command:
router eigrp 1
network 131.108.0.0
redistribute static
OSPF
A metric is not required for OSPF, however, if you redistribute an IGP into OSPF without specifying a default-metric, it
will be assigned a metric of 20.
There is an important keyword with OSPF - subnets. If you omit the subnets parameter of the redistribution
command, subnetted (non-major subnets) routes will not be redistributed into OSPF. Since it doesnt hurt your
configuration to have this parameter, even if you dont need it, get used to always including it.
The OSPF metric is based on 108/ bandwidth of the link. For example, the OSPF cost of Ethernet is 10: 108/107 = 10
Multiple OSPF processes can run on the same router, with redistribution between them, but this is rarely necessary,
and will consume memory and CPU cycles.
Whenever you use the redistribute or the default-information router configuration commands to redistribute routes
into an OSPF routing domain, the router automatically becomes an Autonomous System Boundary Router (ASBR).
However, an ASBR does not, by default, generate a default route into the OSPF routing domain.
Keywords:
The keyword internal indicates the OSPF intra-area and inter-area routes.
The keyword External 1 is the external route type 1.
The keyword External 2 is the external route type 2.
BGP
You dont generally want to redistribute BGP routes into an IGP, or IGP routes into BGP.
It is, however, somewhat common to redistribute one or two routes and to make them exterior routes for IGRP, or to
allow BGP to generate a default route for your entire autonomous system. When redistributing from BGP into IGP,
only the routes learned using eBGP get redistributed.
To allow the redistribution of internal Border Gateway Protocol (iBGP) routes into an Interior Gateway Protocol (IGP)
such as Intermediate System-to-Intermediate System (IS-IS) or Open Shortest Path First (OSPF), use the bgp
redistribute-internal command in address family configuration mode. To restore the system to the default condition,
use the no form of this command.
You would not generally redistribute your IGP into BGP, but rather list the networks in your autonomous system with
network commands within the BGP router configuration. Networks that are listed this way are referred to as local
networks and have a BGP origin attribute of "IGP." They must appear in the main IP routing table and can have any
source; for example, they can be directly connected or learned via an IGP. The BGP routing process periodically scans
the main IP routing table to detect the presence or absence of local networks, updating the BGP routing table as
appropriate.
If you do choose to redistribute into BGP, you must be very careful about the validity of the routes coming from your
IGP, especially if the routes were redistributed from BGP into the IGP elsewhere. This can create a situation where
BGP is injecting information into the IGP and then sending such information back into BGP, and vice versa. Incorrectly
redistributing routes into BGP can result in the loss of critical information, such as the AS-path, which is required for
BGP to function properly.
Networks that are redistributed into BGP from the EGP protocol will be given the BGP origin attribute "EGP." Other
networks that are redistributed into BGP will have the BGP origin attribute of "incomplete." The origin attribute in our
implementation is only used in the path selection process.
Once the criteria is defined, then how they will be handled is defined through the use of the set statement.
To learn more about PBR, here is an excellent link from the Cisco website:
http://www.cisco.com/en/US/products/hw/switches/ps4324/products_configuration_guide_chapter09186a008011c8c7.html#10065
78