Network Principles (10%)

1.1
General Theory
 Control Plane exchanges routing protocol
Information
 Data Plane forwards data packets by interface
microcode processor
Process/Fast Switching

 Process Switching
Each packet triggers separate lookup
Lookups not cached
 High CPU Utilisation
(config-if)# no ip route-cache
 Fast Switching
Initial packet in flow is processed switched
Forwarding decision added to ip cache in data plane
(config-if)# ip route-cache
#show ip cache
 Cisco Express Forwarding (CEF)
 Forwarding Information Base (FIB)
 Located in data plane
 Built from IP route table
 Contains
- Network prefix (longest match)
- Net hop
- Outgoing interface
 Change in Routing Table triggers change in FIB
 Adjacency Table
 Located in data plane
 Built from ARP, inverse ARP, and FR map
statements
 Contains
- Outgoing interface
- Next hop L3 address
- L2 header information
Commands
#show ip cef
#show ipv6 cef
#show ip cef exact-route <source-ip> <dest-ip>
#show adjacency
(config)#ip cef
(config)#no ip cef
(config-if)#ip route-cache cef
(config-if)#no ip route-cache cef
#show ip interface <interface>
 Additional Information
 Packets that can't be CEF switched are "punted"
and will be process or fast switched
 Exception packets are received by control plane
and include
- Using IP header option
- Have expiring TTL counter
- Forwarded to tunnel interface
- Unsupported encapsulation type
- Exceeds MTU and needs fragmentation
 IPv4 CEF enabled by default
 IPv6 CEF not enabled by default but can be enabled by
activating ipv6 unicast-routing
 Two modes
 Central CEF where FIB and AT are on the route processor
 Distributed
 CEF where FIB and AT are on line cards
Network Principles (10%)
1.2
 Unicast Flooding

Unicast flooding occurs when a switch receives a unicast

frame with no destination MAC in CAM table and floods
the packet out all interfaces minus port it cam is from.
Causes of Unicast Flooding
1. Asymmetric routing
2. CAM table overflow
3. Spanning tree topology change
 Out-of-Order Packets
 Can be caused by load balancing or per-packet load
balancing
 CEF can be used to avoid this
 TCP Issues
1. Packets received out of order will trigger a
duplicate ACK that will trigger a fast retransmit from
sender (bandwidth utilisation)
2. CPU spends more time arranging packets
 UDP Issues
-No concept of sequence numbers
-Time sensitive applications can't cope with missed packets
 Asymmetric Routing
Occurs when a packet does no return on same path it was
transmitted from Issues
1. Can cause unicast flooding
2. If firewall expects a TCP SYN or part of a TCP stream
and it doesn't, packet will be dropped
3. Performance issues where destination path may be
good but return path may experience latency or similar
issue
Network Principles (10%)
1.3 ICMP
 Common ICMP types
0: Echo reply
3: Destination unreachable
5: Redirect
8: Echo request
11: Time exceeded

 ICMP Destination Unreachable

 Informs source host that destination unicast
address is unreachable
  Six code types defined by RFC 762
0: Network unreachable - can't deliver packet to desired
network
1: Host unreachable - can route to network, host does not
exist
2: Protocol unreachable - transport protocol not
supported
3: Port unreachable - transport protocol unable to demux
datagram
4: Datagram to big: packet fragmentation required, DF bit
in IP header is set
5: Source route failed
  If disabled, PMTUD is also disabled
 (config-if)# ip unreachables
 ICMP Redirects
 Notifies remote host that an alternative route
is available
 Should only be sent by a gateway
 Occurs when multiple gateways on same
network , but a different gateway has a better
metric to same destination network
 (config-if)# no ip redirects
IPv4/IPv6 Fragmentation
IPv4
Issues
1. Costly on CPU
2. Firewalls can't inspect
3. If one fragment lost, whole packet is lost
If DF bit set and needs fragmentation, it will be dropped
and ICMP type 3 code 4 message sent back.
ICMP message may also be blocked and not returned to
host
New header attached to each fragment, marked with a
fragment offset.
TCP MSS and PMTUD can be used to avoid fragmentation
IPv6
o Packet fragmented at source
o DF bit always on and contained in IPv6
fragment extension header
o If source router can't fragment and packet is
too large for next hop, ICMPv6 type 2 packet
sent to source with Packet to Big (PTB) code
and MTU size of next hop
Time to Live (TTL)
IPv4
 TTL starts at 255 and decrements at each hop
 Once TTL value reaches 0, it's dropped and a
ICMP type 11 code 0 message is generated
 Traceroute
Discovers the route a packet takes
Process
1. Send three UDP datagrams with TTL value set
to one
 2. This will timeout at first hop which replies with
ICMP type 11 code 0 message.
3. Another three UDP datagrams sent with TTL value
set to two. ICMP type 11 code 0 will be sent back.
4. This repeats until packet reaches the destination.
IPv6
Called Hop Limit in IPv6 header
Sends ICMPv6 time exceeded messages called
ICMPv6 type 3 code 0)
Network Principles (10%)
1.4
Path MTU Discovery (PMTUD)
IPv4
o Only TCP
o PMTUD determines lowest MTU between source and
destination
o Host uses MSS of outgoing interface and sets the DF
bit
 o If packet needs fragmentation, router will drop the
packet and send back ICMP Destination Unreachable
message, with egress interface where packet was
dropped
o Source will reduce MSS
o Relies on ICMP messages
IPv6
o Packets only fragmented at source
o If router receives packet larger then MTU of outgoing
interface, packet will drop, reply with ICMPv6 Packet To
Big message with smaller MTU
Maximum Segment Size (MSS)
o Avoids Fragmentation
o Maximum Amount of Data Receiver can Accept
o Not Negotiated Between TX and RX
o TCP MSS = Minimum Buffer Size and Outgoing MTU - 40
Bytes (20 for IPv4 Header and 20 for TCP header)
o Sent in SYN Packet
Latency
o Defined by Round Trip Time (RTT)
o Inverse Relationship with Throughput
o If Latency is High, Throughput is Low
o Does not Affect UDP the Same
Factors
a. Propagation delay
b. Serialization
c. Data Protocols
d. Buffering
e. Switching
f. Routing
g. Queuing
Windowing
o Initial Size Determines Amount of Bytes That can be Sent
Before ACK is received
o Dynamic in Nature
o If Recipient can Handle More Data, Can Expand Window
Size
o If Overwhelmed, can Slow Flow of Data
o Flow Control Allows Segment to Stay Close to Maximum
Input Rate
o Slow Start is Where Windows Size Starts at One Segment
and will Exponentially Grow
Bandwidth Delay Product
o High bandwidth and long round-trip delay can cause
bottlenecks
o Bandwidth Delay Product (BDP) = Bandwidth (bps) x
Round-Trip Delay (RTT in seconds)
o Number of bits it takes to "fill the pipe"
o TCP Window Size should use BDP to optimize the link
Global Synchronisation
o Many Host Have Active TCP Session
o If Overload, Flow Control Slows Down Tranmissions
o No Overload, Flow Control Picks Up Transmissions
o Bandwidth is Either Underutilised or Saturated
o Can Use Weighted Random Early Detection (WRED) to
Assist
Network Principles (10%)
1.5
TCP Starvation/UDP Dominance
o Occurs as TCP has Flow Control
o While TCP Backs Off/Slow Start, UDP will Take Additional
Bandwidth.
o Avoid by Using Traffic Classes and QoS
Latency
o UDP Does Not Have Windowing
o Can Affect Real Time UDP Applications Sensitive to Jitter/Latency
o Can use Buffers to Collect Data and Present to Application
Network Principles (10%)
1.6
Changes to Routing Protocol Parameters
Changes include
i. Metrics
ii. Redistribution
iii. Additional routes
Factors to consider
i. Speed of convergence
ii. Protocol stability
iii. Multi-vendor environments
Protocol migration can be disruptive
Metrics take into account
Delay
Bandwidth
Load
MTU
Cost
Reliability
Hop count
IPv6 Migration
o Takes careful planning and time to form a IPv4 to
IPv6 migration strategy
o Equipment may require upgrades
o Migration strategies
i. Dual stack: running both IPv4 and IPv6
ii. Tunneling: IPv6 encapsulated with IPv4 packet
iii. 6to4: no configuration required to send IPv6
over a IPv4 network
iv. NAT64: Translates IPv6 to IPv4
 Stateless: manual configuration
 Stateful: Dynamic assignment
Routing Protocol Migration
AD
 AD can be used to set what routing protocol is preferred
 Default AD can be changed to a value between 1 and 255
 Can cost out a protocol to make another routing protocol look
more preferred
 Default ADs
Connected routes 0
Static routes 1
EIGRP Summary 5
External BGP 20
EIGRP 90
OSPF 110
IS-IS 115
RIP 120
Internal BGP 200
Invalid 255
Route Redistribution
o Redistribute to migrate smaller chunks at a time
o Redistribute from old protocol to new protocol
L2 Technologies (10%)
2.1
2.1a
 Authentication is optional
 If authentication is used, peer is authenticated after LCP
establishes link and authentication protocol is chosen
 Authentication is one way.
PAP
 No encryption, username/password sent in clear
 Remote device sends username/password for
checking against local or TACACS+ database
 Two-way handshake
Hostname on one router must match username on other
router and is configured by using
- (config-if)#ppp pap sent-username <R1> password <Cisco>
Completed on initial link establishment
Configuration
(config)# username <username-of-other-end>
password <password>
(config-if)# encapsulation ppp
(config-if)# ppp authentication pap
(config-if)# ppp pap sent-username <username-of-other-end>
password <password>
CHAP
Three-way handshake
1. Challenge sent to remote device
2. Remote device encrypts challenge with shared secret and sends
response back with encrypted value and username
3. Local router uses remote username to lookup secret and
encrypts original challenge to verify encrypted values match
Periodically verifies identity of remote device using three-way
handshake
2.1b
PPP (Overview)
Non-proprietary
Encapsulation mismatch
Physical = Up
Line Protocol = Down
PPP vs. HDLC
PPP provides authentication
PPP provides error detection/recovery features
On interface
- (config-if)#encapsulation ppp
Uses Link Control Protocol (LCP) to establish and test data link, and
ensuring parameters match
Uses Network Control Protocol (NCP) to establish L3 protocols such as
IPCP (ip address negotiated on PPPoE client for example)
Five Phases
1) Link Dead: PPP waits for physical link to become active.
2) Link Establishment: Link Control Protocol (LCP) establishes
the initial connection between the two end points.
3) Authentication: Optional feature and one end of the link will
authenticate with the other end.
4) Network Layer Protocol: Network-layer protocols are configured
by respective NCP.
5) Link Termination: Brings down the link in case of error or user
shutdown.
PPPoE
PPP encapsulated inside Ethernet
PPP tunnel over Ethernet
Used by ISP's
Support's high speed access on existing infrastructure
Easier for customers to configure
Can check user accounting by using CHAP
Two phases
Active Discovery where PPPoE client to for PPPoE server
Session Phase where PPP authentication and negotiation
takes place
Understanding configuration
1. PPP tunnel uses dialer interface (virtual interface) and can configure
static IP or set IPCP
2. PPP CHAP will authenticate customer with ISP and
username\password must match
3. Enable PPPoE on physical interface and link to dialer interface
4. Reduce MTU to 1492 to allow for PPPoE header
Configuration
Client
1. Creating PPPoE dialer interface (handle the PPPoE connection)
(config)# interface dialer1
(config-if)# dialer pool 1
(config-if)# encapsulation ppp
(config-if)# ip address negotiated
2. Change MTU (PPP header adds 8 bytes of overhead to each frame)
(config-if)# mtu 1492
3. Assign ISP-facing interface to PPPoE dial group
(config)# interface <interface>
(config-if)# no ip address
(config-if)# pppoe-client dial-pool-number 1
(config-if)# no shutdown
(config-if)# dialer persistent
2.2
Operations
VCs identified by DLCI that's locally significant between DTE and DCE
DLCIs are a 10-bit value
DLCIs 16-1007 are available for end user’s equipment
Mapping must be done between IP address and DLCI
Dynamic using Inverse ARP
Static using map statement
NBMA network
Can't send broadcast/multicast traffic
 IOS creates a copy of the broadcast/multicast packet for each
neighbor
Will increase PVC and WAN bandwidth
Not for dynamic maps
Use broadcast statement for static map
Split-horizon disabled by default
Local management interface (LMI)
Carries information about PVC
Acts as keep alive
Carries DLCIs; active/inactive status
 Between DTE and DCE
DTE sends ever 10 second, DCE send every 6 seconds
Three types
ANSI
Cisco
Q993a
Two encapsulation types
Cisco >>>>> IETF
Encapsulation must match both ends. Interface will show as
up/down if mismatch.
Three PVC states
Active: PVC operational, passing traffic
Inactive: Connected, problem with connection
Deleted: PVC not present, no LMI's received from DCE
Congestion control
Three bit field in frame
1st Bit - FECN (Forward-Explicit Congestion Notification): If network
congested, DCE sets FECN bit to 1 to notify the destination that the
path the frame took is congested.
 2nd Bit - BECN (Backward-Explicit Congestion Notification): DCE
sets bit to 1 on frames travelling destination to source with their
FECN bit set. Notifies initial sender that the path is congested.
3rd Bit - DE (Discard Eligibility) – Set to 1 indicates that frame has
lower importance. When the network becomes congested, DCE
devices will discard frames with DE bit set before discarded other
frames.
Autosense LMI
1. DTE send all three types of LMI's to DCE
2. DCE will reply to one type.
3. DTE will autoconfigure LMI type.
Inverse ARP
Inverse ARP will automatically map IP address of remote device to
local DLCI
Can disable Inverse ARP by using
(config-if)#no frame-relay inverse-arp
To remove the pre-learnt frame-relay mappings
#clear frame-relay inarp
The word dynamic in frame-relay map command means we are
using Inverse ARP.
To configure frame-relay mappings ourselves
(config)#interface serial <interface>
(config-if)#frame-relay map ip <remote-ip> <local-dlci>
broadcast
(config-if)#frame-relay map ip <remote-ip> <local-dlci>
broadcast
On a physical interface split-horizon is disabled but on the sub-
interface it is enabled by default.
To disable
(config-subif)#no ip split-horizon eigrp <AS>
If no broadcast keyword is used on the frame-relay map command,
manually specify EIGRP neighbors we will switch over to unicast
(config-subif)#router eigrp <AS>
(config-router)#neighbor <remote-ip> serial <remote-subif>
(config-router)#neighbor <remote-ip> serial <remote-subif>
Bandwidth Options
To change bandwidth on an interface to a percentage of the
CIR
(config-subif)# ip bandwidth-percent eigrp <AS> <%>
If you use multipoint interfaces EIGRP will divide the
bandwidth over the number of neighbors.
Point-to-Point
Only one DLCI assigned to each interface
If you use point-to-point it will solve your split-horizon problem but
you'll need to use a different IP subnet per PVC.
Don't use the frame-relay map command for point-to-point sub-
interfaces but you have to use the frame-relay interface dlci
command
Configuration Example
(config)# interface serial 0/0
(config-if)# encapsulation frame-relay
(config)# interface serial 0/0.1 point-to-point
(config-subif)# ip address 192.168.12.1 255.255.255.0
(config-subif)# frame-relay interface-dlci 102
Multipoint
Multiple DLCIs assign to the same interface
Point-to-multipoint means you have the split-horizon problem but
you can use a single IP subnet for all PVCs.
L3 Technologies (40%)
3.1
3.1a
Address Types
Unicast
 One-to-one.
 Traffic is exchanged only between one sender and one receiver.
 Source addresses can only be a unicast address.
Broadcast
 Used for sending traffic to all devices in a subnet.
 One sender to all connected receivers.
 Local Broadcast
255.255.255.255
 Broadcast address is last IPv4 address in each subnet.
Multicast
 Identifies a group of interfaces across different
devices.
 Traffic is sent to multiple addresses at the same time.
 Clients receive a stream of packets only if they have
previously elected to do so.
  Membership of a group is dynamic and controlled by
the receiver.
 IPv4 Address Range
224.0.0.0 - 239.255.255.255
 IPv6 Address Range
FF00::/8
VLSM
 Variable-length subnet mask.
 Crucial for a scalable network and efficient use of IP
addresses.
 Classful routing updates do not carry the subnet mask
where classless routing updates to carry the subnet
mask.
 Allows more than one subnet mask within a major
network.
 Greater capability to use route summarization.
 Reduces the number of routing table entries.
 Introduced with CIDR to slow IPv4 depletion.
3.1b
ARP
Information
 Finds MAC address of a host from its known IP
address.
 Maintains cache (table) where MAC addresses are
mapped to IP addresses.
 A MAC address is 48-bits.
 Operation
Device looks in its cache to see if an MAC to IP
address mapping exists.
If no entry exists, source device sends a broadcast
(FF:FF:FF:FF:FF:FF:) to every device on its network.
Device with the matching IP address replies with the
MAC address of the device.
 Static cache entry is manually configured and kept in
the cache table on a permanent basis.
 Dynamic cache entry is added by the Cisco IOS and is
kept for a period of time before being removed.
Configuration
Static Mapping
(config)# arp {ip-address|vrf <vrf-name>} <hardware-address>
<encap-type> [interface-type]
Clearing Cache
clear arp interface <interface>
clear arp-cache
Verification
show interfaces
show arp
show ip arp
3.1c
Server
Information
Server and relay agent are enabled by default.
DHCP server port (UDP 67) does not open until DHCP service
is running.
Server accepts address assignment requests and renewals
from the client and assigns the addresses from a predefined
group of addresses within a DHCP address pool.
Configuration
Start/Stop Service
(config)# service dhcp
(config)# no service dhcp
DHCP Pool
 (config)# ip dhcp pool <pool-name>
 (config-if)# network <network-number>
[mask|/prefix] [secondary]
 (config-if)# domain-name <domain>
 (config-if)# dns-server <address>
[address2...address8]
  (config-if)# default-router <address>
[address2...address8]
 (config-if)# lease {days [hours[minutes]] |
infinite}
 (config-if)# option <code> {ascii <string> | hex
<string> | <ip-address>}
Verification
 DHCP Sockets
show ip sockets details
show sockets detail
 show ip dhcp pool <name>
 show ip dhcp binding <address>
 show ip dhcp conflict <address>
Relay
Information
A DHCP relay agent forwards DHCP packets between client
and server when they're not on the same subnet.
Relay agent received the DHCP message then generates a
new DHCP message out on another interface.
Replay agent information (Option 82) is added to the packet
that's sent towards DHCP server.
Server sends reply to client with Option 82 information being
removed along the way.
Can configure one helper address for each server.
Configuration
(config-if)# ip helper-address <address>
3.1d
Can remember through DORA (Discover, Offer, Request, Ack).
Address Allocation
1) Discover (DHCPDISCOVER)
Client broadcasts (FF:FF:FF:FF:FF:FF) DHCP Discover message on
the same subnet.
2) Offer (DHCPOFFER)
Server receives Discover message then broadcasts a DHCP Offer
message over the subnet with network configuration information.
Configuration Information
Client IP Address
Subnet Mask
Default Gateway
DNS IP Address
Lease Time (Option 51)
DHCP Server IP Address
3) Request (DHCPREQUEST)
Client receives Offer message it broadcasts a DHCP Request
message requesting network configuration data.
If multiple servers exist on same subnet, it selects one and enters
that servers IP address in the DHCP Server Identifier (Option 54)
field of the Request message.
4) Ack (DHCPACK)
Once server receives Request message, it checks Option 54 to see
it it's the correct server.
If it's the correct, the server broadcasts an DHCP Ack ensuring
client can receive the message and transfers the network
configuration information.
Address Renewal
1) Half way through the lease time, client sends a DHCP Request
message to the server to renew its lease. Unicast message.
2) Server replies with a DHCP Ack that includes network
configuration information. Unicast message.
Address Release
2) Client send DHCP Release message to the server. Unicast
message.
3.2a
Unicast Address Types
Global Unicast
 Routable on the public Internet.
 Begin with 2000::/3.
 First 3-bits of the address are the same (001).
 2000::/3 to 3FFF::/3.
Link Local
 Unique to a link but not necessary to a router.
 Not routable.
 fe80::/64.
Unspecified
 Never assigned to an interface.
 Used as source address in the absence of an IPv6
address.
 ::/128.
Loopback
 Used when a host talks to itself over IPv6.
 ::1/128.
Unique Local Address (ULA)
 Reserved for home/organizational environments.
 Not part of the public address space.
 fc00::/7.
3.2b
EUI-64
 Stands for 64-bit Extended Unique Identifier (EUI-64).
 Allows an interface to assign itself an address.
 7th Bit
The Universal/Local bit.
Tells us if the address is universally unique or just locally
unique.
Since MAC address is assumed universally unique, the U/L bit
is set to 1.
 Operation
1) Take 48-bit MAC address and split the address in half.
2) Insert 0xFFFE in the middle of the MAC address.
3) Flip the 7th bit.
3.2c
ND Packet Types
 Router Solicitation (RS)
 ICMPv6 with Type 133.
 Sent by host that wants to receive an RA without
waiting.
 If host as an IPv6 address, source address of the RS
is the host address.
 If host has no IPv6 address, the unspecified
address (::/128) is used.
 Multicast is FF02::2 (all routers).
 Router Advertisement (RA)
 Each router periodically multicasts an RA packet advertising its
availability. RA could also be sent in response to an RS message.
 ICMPv6 with Type 134.
 Source address is link-local address of outgoing interface.
 Destination is either source address of received RS message or
multicast FF02::1 (all nodes).
 Hop limit is 255. If hop limit is less than 255, the packet is deemed
to be invalid.
 Contains M Flag (managed address configuration).
 Contains O Flag (other stateful configuration).
 May also contain
Source link-layer address
MTU
Prefix information
 Neighbor Solicitation (NS)
 Sent to obtain link-layer addresses of the neighbor and to verify
reachability to the neighbors.
 Messages are multicast when resolving and unicast when verifying
neighbor reachability.
 ICMPv6 with Type 135.
 Source address either outgoing interface or unspecified address.
 Destination address is either the solicited-node multicast (FF02::1)
of the unicast of neighbor.
 Source link-layer may be included.
 Neighbor Advertisement (NA)
 Sent in response to a NS message or unsolicited to propagate new
information (such as a node's link-layer address).
 ICMPv6 with Type 136.
 Source address is outgoing interface.
 Destination address is source address of NS message or all-nodes
multicast (FF02::1).
 May include target link-layer address.
 Redirect
Address Resolution
1) If neighbor cache has no entry for neighbor, sender creates an
entry marked as incomplete and sends an NS message to FF02::1.
 2) Neighbor responds with link-layer address using an NA message.
3) Neighbor cache is updated with details and marked as
reachable.
Duplicate Address Detection (DAD)
All nodes perform DAD before assigning an unicast IP address to its
interface.
Performed regardless is the address is assigned via stateful,
stateless, or manual configuration.
Address is "tentative" while DAD is in progress.
Operation
1) Node sends NS message with tentative IP address as target.
Source address is the unspecified address and destination address
is the tentative addresses solicited node address.
2) Any neighbor that's already assigned the address will be reply
with an NA message.
3) If NA contains same IPv6 address, host knows a duplicate exists.
3.2d
Information
 Devices can get IPv6 addresses without administration assistance.
 RA's are sent on the local link. Messages include:
One or more prefixes
Prefix lifetime
Flag information
Default router information
 Advertised prefixes ae 64-bits long with the remaining 64-bits
being generated through EUI-64 or a random sequence of bits.
 Can't track address assignment.
Configuration
(config-if)# ipv6 address autoconfig [default]
[default] causes a default route to b installed using the
default router sending the RA's
3.2e
Information
Types
Stateless
Supplies additional parameters that already have an IPv6
address.
Server does not retain information about the clients.
Addresses configured using SLAAC.
Sets O flag in RA.
RA link-local address still used as default router address.
Statefull
Host will learn the prefix and host address from the
server.
Server will retain information about the clients.
RA uses M flag to tell hosts to get addressing and
other information only from a DHCPv6 server.
M flag tells host to disregard prefixes in the RA.
Default router address is still the RA link-local address.
Configuration
Stateless
Server(config)# ipv6 dhcp pool STATELESS
Server(config-dhcpv6)# ... <dhcp-parameters> ...
Server(config-if)# ipv6 dhcp server STATELESS
Server(config-if)# ipv6 nd other-config-flag
Stateful
Server(config)# ipv6 dhcp pool STATEFUL
Server(config-dhcpv6)# address prefix <prefix/length>
Server(config-dhcpv6)# ... <dhcp-parameters> ...
 Server(config-if)# ipv6 dhcp server STATEFUL
Server(config-if)# ipv6 nd managed-config-flag
ipv6 nd prefix <prefix/length> <lifetime> no-autoconfig
Tells the hosts not to use stateless configuration
Relay Agent
(config-if)# ipv6 dhcp relay destination <ipv6-address>
[interface-type interface-number]
Verification
 debug ipv6 dhcp
 show ipv6 dhcp pool
 show ipv6 dhcp interface <interface>
3.2f
DHCPv6 Protocol Operation
Four Message Types
S = Solicit
A = Advertise
R = Request
R = Reply
Flags
M Flag = Managed Address Configuration and is used with
Stateful DHCPv6.
 O Flag = Other Configuration and is used with Stateless
DHCPv6.
A Flag = Address Configuration and uses SLAAC with EUI-64.
Operation
1) Client sends a SOLICIT message to find a server and
request assignment. Message is sent to all-DHCP-agents
using multicast address FF02::1:2. Message sent to servers
and relays.
2) If server can meet clients request, it will send an
ADVERTISE message back to the client.
 3) Client chooses a server and sends a REQUEST message to
the server to confirm address and other configuration
information.
4) Server responds to client with a REPLY message that
contains confirmed addresses and configuration information.
Renew Lease
Client can renew a lease by sending a RENEW message to the
server.
3.3
Static Routing
Static
 If combined with dynamic routing and redistribution,
static routes can behave in unexpected ways.
 Basic Components
Prefix: IP Address, Mask
Next Hop: Interface, IP Address
AD: Default of 1
  Configuration
(config)# ip route <prefix> <mask> {interface | next-hop}
(config)# ipv6 route <prefix>/<length> {interface | next-hop}
Floating
 Has an AD higher than the primary static route.
 Object tracker (IP SLA) needs time to kick in to take
original route out of routing table.
(config)# ip route <prefix> <mask> {interface | next-hop} <AD>
Interface Next Hops
 Information
 Requires L3 to L2 resolution
 ARP request for each destination address
 Potential for thousands of ARP requests.
 Can use interface as next hop but if interface goes down, the route
will be removed.
 When route comes back up, the route will return.
 Use permanent keyword as if interface goes down, route will stay
in routing table.
 Verification
show ip route
show ipv6 route
3.4
Default Routing
Information
A default route is a route a router will use if there is no specific
route to a destination.
Referred to as a Gateway of Last Resort.
Can be configured with static routes or advertised in routing
protocols.
Configuration
Static Default Routes
ip route 0.0.0.0 0.0.0.0 {interface|next-hop}
ipv6 route ::/0 {interface|next-hop}
EIGRP
Use summary address if you only want to advertise the default route
ip summary-address eigrp <asn> 0.0.0.0 0.0.0.0
Redistribute a static default route
1. (config)# ip route 0.0.0.0 0.0.0.0 {interface|next-hop}
2. (config-router)# redistribute static
 3. (config-router)# network 0.0.0.0
Configure default network
1. Flag classful network for default route and advertise
with network command
2. (config)# ip default-network <network-number>
OSPF
Use stub areas
Use default-information originate
Use on ASBR
Route will inject as E2 (metric 20) with type 5 LSA
Default route must be in routing table
default-information originate [always] [metric <value>] [metric-
type <type-value>] [route-map <map-name>]
always will advertise the default even if it is in not in the routing
table
BGP
Advertise via network command
Default route must be in routing table
network 0.0.0.0
Redistribute
Default route must be in routing table and learned
(config-router)# redistribute <protocol>
Use default-originate
Route must be in routing table
Globally, use default-information originate
Per neighbor use
neighbor <ip-address> default-originate
RIP
(config)# router rip
(config-router)# default-information originate

The default-information originate command only works if you have a

default route in your own routing table. This could be a static default
route or a default route learned from another routing protocol.
3.5
Protocol Types
Distance Vector
EIGRP/RIP
Direction (vector) and distance (link cost or hop count)
Does not know topology of network
Slow convergence but can use hold-timers to manipulate
process
Can cause routing loops
Link State
OSPF/IS-IS
Uses SPF algorithm
Has complete map of network topology
All routers have identical "map" of network
Use link-state updates (LSUs) when a topology change occurs
Path Vector
BGP
Exchanges information about destination networks
and the path on how to reach the destination
Path information used to determine best path to prevent
routing loops
If router see's itself in the path of an incoming
advertisement, it will reject it as it's not loop free
3.6
Administrative Distance
 Path with lowest AD will be installed into the routing table
 Prevents routing loops by only installing the most preferred route
 Common AD
Connected - 0
Static - 1
EIGRP Summary - 5
eBGP - 20
EIGRP - 90
OSPF - 110
 RIP - 120
External EIGRP - 170
iBGP - 200
NHRP - 250
Unreachable - 255
Commands
(config-router)# distance <AD>
show ip route
3.7
Passive Interfaces
Information
Can control which interfaces form adjacencies and send/receive
updates.
RIP
Disables sending multicast updates but will allow listening to
incoming interfaces.
EIGRP
Stops sending Hello packets and stops both outgoing and
incoming routing updates.
 OSPF
Stops sending and receiving OSPF Hello packets on the
selected interface.
Configuration
Single Interface
(config-router)# passive-interface <interface>
All Interfaces
(config-router)# passive-interface default
(config-router)# no passive-interface <interface>
Verification
show ip {rip|ospf|eigrp} interfaces
show ip protocols
3.8
Information
 Contains
Virtual IP routing table
Virtual IP forwarding table
Member interfaces or subinterfaces
 Isolated from global routing and forwarding table
 Can isolate networks without having additional routers
 VLANS isolate broadcast domains and VRF isolates L3 routing
domains
 After using ip forwarding, need to add IP address on
interface
  Increases
Network functionality by allowing paths to be
completely segmented
Network security because traffic is automatically
segmented
 VRF-lite is the deployment of VRF without MPLS
 Allows an SP to support two or more VPNs with overlapping IP
addresses using one interface
Configuration
Static Route
(config)# ip route vrf <vrf-name> <network><mask> {interface|next-hop}
Create VRF Instance
(config)# ip vrf <vrf-name>
Assign to Interface
(config-if)# ip vrf forwarding <vrf-name>
Routing Protocol
RIP
(config)# router rip
(config-router)# address-family ipv4 <vrf-name>
(config-router-af)# network <network>
EIGRP
(config)# router eigrp <asn>
(config-router)# address-family ipv4 vrf <vrf-name> autonomous-
system <asn>
(config-router-af)# network <network>
 OSPF
(config)# router ospf <process-id> vrf <vrf-name>
Verification
ping <vrf-name> <address>
traceroute <vrf-name> <address>
show ip vrf <vrf-name>
show ip route vrf <vrf-name>
show ip protocols vrf <vrf-name>
3.9
Route Filtering
Distribute Lists
Allows ACLs to be applied to routing updates
Can control routing updates no matter what source is
Can be filtered based on three factors:
1. Incoming interface
2. Outgoing interface
3. Redistribution from another routing protocol
ACL's configured globally then associated with a distribute
list under the routing protocol
Two directions
In: Going into interface specified, into the routing protocol
under which it's configured
Out: Going out of interface /protocol specified into routing
process under which it's configured
BGP
In: Prevents updates entering BGP neighbor
Out: Prevent BGP routes being advertised to neighbor
When using with OSPF, routes are placed in the LSDB and not the
routing table
Configuration
(config-router)# distribute-list [ACL] out [interface-type/number]
[routing-process | ASN]
(config-router)# distribute-list [ACL] in [interface-type/number]
BGP
config-router)# neighbor <ip-address> distribute-list [ACL] [in | out]
Prefix Lists
Limited to route filtering
Uses tree structure
First line that matches a permit/deny will be passed
 If no match, implicit deny
Advantages:
Friendlier CLI
Faster processing
Sequence numbers for incremental modifications
Greater flexibility
Configuration
(config)# ip prefix-list {list-name|list-number} [seq] {deny|permit}
{prefix/length} {ge le}
(config-router)# distribute-list prefix <list-name|list-number>
{in|out} <protocol> <process-id/AS>
Verification
show ip prefix-list [detail|summary] [prefix-list-name]
Default sequence numbers are increments of 5
Name is case sensitive
If ge or le not used, prefix list will use the exact match of the
length specified
Route Maps
Covered in 3.14
3.10
Route Redistribution
Basics
 No auto-redistribution between multiple processes on the same
router
 Multiple routing protocol solutions
1. Summarisation
2. Redistribution
3. Route Filtering
 Always performed outbound as router doing redistribution does
not change its own routing table
 Must use subnets command for classless
redistribution
 Should redistribute summarised routes
 Seed Metrics
 To prevent suboptimal routing, set initial seed
metric to value larger than the largest in receiving
AS
 Directly connected routes use initial seed metric
that's derived from that interfaces characteristics.
OSPF: Bandwidth
EIGRP: Bandwidth and Delay
RIP: Hop Count 0
E2: Maintains Initial Metric
 Default Seed Metrics
RIP: 0
EIGRP: 0
OSPF: 20, BGP has default of 1
BGP: IGP metric value
 Configure
(config-router)# default metric
(config-router)# redistribute metric
Will override default-metric command
 Can prevent loops by giving redistributed routes a higher AD
than non-redistributed routes
Use distance command to change AD
 Issues
Routing loops
Incompatible routing information
Inconsistent convergence time
 Mutual Redistribution
A router redistributes between two routing protocols in both
directions
Might introduce routing loops
 RIP
Configure
(config)#router rip
(config-router)#redistribute <protocol> <process-id> [metric]
 EIGRP
IPv4
(config-router)# redistribute <protocol> <process-id> [metric
bw delay reliability load mtu] [route-map]
show ip route eigrp
Can use default-metric command to set default seed
IPv6
Does not automatically include connected routes
Configuration
(config)# ipv6 router eigrp <AS>
(config-router)# redistribute <protocol> <process-id>
[metric bw delay reliability load mtu] [include-
connected]
Verify
show ipv6 route eigrp
 OSPF
IPv4
(config-router)# redistribute <protocol> <process-id>
[metric] [metric-type] [route-map] [subnets]
Type 1 = E1 (metrics that increase as they traverse the
network)
Type 2 = E2 (metrics that do not increase as they
traverse the network)
Verify
show ip route ospf
Default metric = 20
 Default metric-type is 2
LSA type 5 for non NSSA
LSA type 7 for NSSA
E1 preferred over E2
IPv6
Does not automatically include connected routes
Configuration
(config)# ipv6 router ospf <area-id>
(config-router)# redistribute <protocol> <AS>
[include-connected]
 Verify
show ipv6 route ospf
 BGP
Prefix-Lists
0.0.0.0/0 defines any network
(config-router)#neighbor <ip-address> prefix-list <list-
name> {in|out}
show ip prefix-list detail
clear ip prefix-list detail
AS-Path ACL
Uses regular expressions (Regex)
When Regex matches, selection test is true. If no
match, selection test is false.
ACL number 1 - 500
(config)#ip as-path access-list <acl-number>
{permit|deny} <regex>
(config-router)#neighbor <ip-address> filter-list <acl-
number> {in|out}
Route Maps
Can influence route selection
Can match several different types of attributes
a. Origin
b. Next-Hop
c. MED
d. Community
Deny means route is ignored
Permit means route is processes further and applies set
commands
(config-router)#neighbor <ip-address> route-map <map-name>
3.11
Summarisation
OSPF
General Informaton
 Key to stability in OSPF
 ABR summarise Type 3
 ASBR summarise Type 5
 Can cause suboptimal routing
 Directly affects
 Bandwidth
 CPU usage
 Memory utilisation
 Supports VLSM
  Supports discontiguous subnets
Type 3 is added/deleted from the route table and SPF won't run when
this occurs
IOS creates summary route to Null0 when configured manually to
prevent loops
Summarisation on ABR
ABR intercepts prefixes and injects a single type 3 LSA
Describes summary route into the backbone
Summarised metric is equal to lowest cost of all subnets in
summary range
 (config-router)# area <area-id> range <address/mask>
[advertise|not-advertise] [cost <cost>]
Summarisation on ASBR
For external routes
For type 5 LSAs before injecting them into SPF domain
(config-router)# summary-address {{address/mask} |
{prefix/mask}} [not-advertise] [tag <tag>]
OSPFv3
Same summarisation command as OSPF
area <area-id> range
 Summarisation for external routes configured in address
family
summary-prefix

EIGRP
EIGRP
Auto
 Any router van perform summarisation
 Disables by default
 Summarises along classful boundary
 Summary route to Null0 is created
  Will not send a classful summary route to a
neighbor who is advertising a subnet of that
major network
 Can cause connectivity issues where classless
networks are discontiguous
 Verify
o show ip protocol | b EIGRP
 Configuration
o (config-router)# [no] auto-summary
Manual
Must select
1. Correct interface
 2. Correct ASN
3. Summary address
4. Mask
Summary route is advertised only if a more specific component of
the summary route is present in the routing table.
The metric of the summary route equals to the minimum metric of
more specific routes.
Configuration
(config-if)# ip summary-address eigrp <AS> <IP
Address/Mask>
 Verify
show ip route
EIGRP for IPv6
(config-if)# ipv6 summary-address eigrp <AS>
show ipv6 route eigrp
Convert address to partial binary format, identify
common bits
No auto-summarisation
3.12
Information
PBR works alongside the switching processes.
Explicitly sets the outgoing interface and next-hop.
Can make forwarding decisions based on something other than
destination prefix.
If next-hop not reachable, router will fall back to destination-based
routing.
Applied on incoming interface where traffic is received.
Can be used to match
 Source/destination addresses
  Protocol types
 End-user applications
Fast switched PBR or CEF switched PBR.
To drop packet that does not match, use set command to route
packets to Null0.
Configuration
Commands
(config)# route-map <map-tag> [permit|deny] [sequence-number]
If deny and a match, not policy based and normal destination
based routing is performed
If no match, packet is not dropped and normal routing
applies
(config-route-map)# match ip address
matches packets permitted by an ACL
(config-route-map)# match length <min><max>
Based on L3 length
(config-route-map)# set ip next-hop <ip-address>
(config-route-map)# set interface <type number>
(config-if)# ip policy route-map <map-tag>
If default is used, use normal forwarding. If that fails, use
PBR.
Example
(config)# route-map RM_GOTOR2 permit 10
(config-route-map)# set ip next-hop 10.0.23.2
(config-route-map)# set interfaces serial 3/0.302
(config)# interface serial 3/0.302
(config-if)# ip policy route-map RM_GOTOR2
Matching Protocols/Ports
access-list 101 permit tcp any any eq telnet
route-map RM_TCP permit 10
match ip address 101
 set ip next-hop 9.9.9.9
Verification
show ip policy
show route-map [map-name]
debug ip policy
traceroute
ping
3.13
Sub-Optimal Routing
Can occur when there is multiple points of redistribution between
the same two routing protocols
Routing domains have different ADs therefore a redistributed route
may be better than the directly connected route
To solve sub-optimal routing:
Use route-tagging
Change AD of redistributed routes
(config-router)# distance eigrp <internal> <external>
(config-router)# distance <AD> <source-address source-
wildcard-mask> [ACL]
3.14
Route Maps
 Conditions tested against a packet/route using match commands.
If a match, set command used to modify that packet/route.
 Collection of route-map statements that have same route-map
name is considered one route map.
 Statement in route-map correspond to the lines of an ACL.
 Common Applications
o Route filtering during redistribution
o Policy-based routing (PBR)
o BGP
 Sequence numbers if not used:
1. If no entry, default is 10
 2. If only one entry is defined with route-map tag, sequence
number is unchanged (editing entry)
3. If more than one entry is defined with supplied route-map
tag, error message detailing to add sequence number
4. In no route-map <map-tag> is used, whole route-map is
deleted
 If route-map statements are left empty, then all routes will be
allowed without any modifications
 Permit statements cause a route to be allowed if matched by the
match command
 Deny statements filter the route if matched by the match
command.
Configuration
Three Steps
1. Define route-map
(config)# route-map <map-tag> [permit|deny] [seq number]
default for route-map is permit with seq 10
seq defines position
2. Define matching conditions (match) and action to be taken (set)
(config-route-map)# match <condition>
statement without any match statements will be considered a
match
match can contain multiple conditions with only one condition in
the statement being true (OR)
can contain multiple match statements with all statements having
to be considered true for statement to be a match (AND)
Match criteria can be:
IP standard ACL
Extended ACL
Prefix list
(config-route-map)# set <condition>
change or add characteristics such as metrics
3. Apply route-map
Example
(config)# router ospf 10
(config-router)# redistribute eigrp 100 subnets route-map
RM-INTO-OSPF
Verification
show route-map
3.15
Loop Prevention
Tagging/Filtering
Helps with two-way multipoint redistribution as they may
cause loops.
Route-tags must be applied and filtered in both directions.
To verify if tagging is being used
show ip route <network>
Examples:
Tagging External Routes
(config)# route-map E2O permit 10
(config-route-map)# set tag 50
(config)# router ospf 10
(config-router)# redistribute eigrp 100 subnets route-map E2O
Matching External Routes
(config)# route-map O2E deny 10
(config-route-map)# match tag 50
(config)# route-map O2E permit 20
config)# router eigrp 100
(config-router)# redistribute ospf 10 metric 1000 1 255 1 1500
route-map O2E
Split-Horizon
Helps stop loops be telling router not to advertise routes out
same interface from which it was learned
Enabled by default
To disable:
(config-if)# no ip split-horizon
Used with distance vector protocols
To solve split horizon problems:
 Disable split horizon on NBMA networks.
Use sub-interfaces.
Route Poisoning
If a directly connected route fails, the router will advertise a failed
route with an infinite metric.
Routers that receive infinite metric will drop the route from its
routing table.
Infinite metrics:
RIP is 16
EIGRP is infinite
OSPF is LSA age metric of 3600 seconds
3.16
Features
UDP port 520
Multicast is 224.0.0.9
Updates every 30 seconds
AD of 120
Implements split horizon and poison reverse
Metric is hop count (max 16)
16 considered unreachable
Auto-summarisation
 Updates every 30 seconds and topology changes
Version 2 uses Multicast and Version 1 uses Broadcast.
Configuration
1. (config)# router rip
2. (config-router)# version 2
3. (config-router)# network x.x.x.x
4. (config-router)# no auto-summary
Enable/disable split-horizon
(config-if)# [no] ip split-horizon
Auto-summarisation advertises classful networks
To summarise interface under specific interface, use
ip summary-address rip X.X.X.X/X
Authentication
(config)# key chain <key-name>
(config-keychain)# key <key-id>
(config-keychain-key)# key-string <string>
Plain Text
(config-if)# ip rip authentication key-chain <key-name>
MD5
(config-if)# ip rip authentication mode md5
(config-if)# ip rip authentication key-chain <key-name)
Show Commands
# show ip route
# show ip rip database
3.17
Features
UDP port 521
Multicast is FF02::9
No auto-summarisation
Link-local next hops
Updates every 30 seconds
AD of 120
Implements split horizon and poison reverse
Metric is hop count (max 16)
 16 considered unreachable
Updates every 30 seconds and topology changes
Configuration
No network command
1. (config)# ipv6 unicast-routing
2. (config)# ipv6 router rip <name>
3. (config-if)# ipv6 rip <name> enable
Name must be unique on local router
For manual summarisation
(config-if)# ipv6 rip summary-address
 To share default route
(config-if)# ipv6 rip <name> default-information originate |
only
originate: announce dynamic and default routes
only: announce only default routes (will override originate
command)
Show commands
1. # show ipv6 route
2. # show ipv6 route rip
3. # show ipv6 protocols
4. # show ipv6 rip
5. # show ipv6 rip next-hops
6. # show ipv6 rip database
7. # debug ipv6 rip
3.18
Fundamentals
 Routes only shared with adjacent neighbors
 IP/88
 Multicast 224.0.0.10
 Uses reliable transport protocol (RTP) to ensure unicast/multicast
packets are sent in order
 Administrative Distance
o Internal (within AS) = 90
o External (redistributed into AS) = 170
 Diffusing Update Algorithm (DUAL)
Find shortest loop-free path to destination prefix
 Only know about adjacent neighbors routes
When query is sent to neighbor it must reply in 3 minutes
(active timer)
States
Active state: While cost is being calculated
Passive state: Once DUAL has converged on a final cost
metric
If route fails and no feasible successor is available, DUAL will send
queries to working neighbor. If neighbor has a loop-free route, it
sends back a reply message.
Three Tables
Neighbor
All directly connected neighbors
Next-hop router
Interface
Topology
Learned routes from EIGRP neighbors
Destination
Metric
 Routing
Best routes from topology table (successors)
Terminology
Feasible Distance (FD) is the local routers composite metric for the
best route to reach a subnet
Reported Distance/Advertised Distance (RD/AD) is the next-hop
routers best composite metric for the same subnet
Successor is the route with the best metric and placed into the
routing table
Feasible Successor is any route that meets the feasibility condition.
Stored in topology table and will become Successor if the original
successor fails.
 Feasibility Condition
If a non-successor route's RD is less than the FD, the
route will be a feasible successor route
Values must match for adjacency to occur
1. K-values
2. Primary subnet
3. AS number
4. Authentication
5. Passive-interface not configured
Leak Maps
Route Map used for leaking prefix information through a summary
or stub,
Example configuration
(config)# access-list 10 permit 10.10.77.0 /24
(config)# route-map RM-LEAKMAP permit 10
(config-route-map)# match ip address 10
Summary Application
(config-if)# ip summary-address eigrp 100 10.0.0.0 255.0.0.0
leak-map RM-LEAKMAP
 Stub Application
(config-router)# eigrp stub leak-map RM-LEAKMAP
Packet Types
Hello
Discovers neighbors using multicast 224.0.0.10
Unreliable multicast send every 5 seconds. In NBMA
networks, unicast sent every 60 seconds.
Hold-time value tells neighbors how often to expect Hellos
and defaults to 3 x Hello interval.
 Timers do not need to match
router(config-if)# ip hello-interval eigrp <asn> <interval>
router(config-if)# ip hold-time eigrp <asn> <interval>
Update
Convey routing prefix and metric information
Features
Non-periodic meaning they're not sent at defined
intervals
Partial updates as only changed routing information is
sent
Only routers that require updates will receive them
 Uses RTP
Acknowledgement
Unicast Hello packets with no data.
Uses RTP.
Query
Will be sent to all destinations marked as active (meaning
that route has failed) and no feasible successor.
If neighbor does not have alternative route, it will query its
own neighbors
Will be looking for exact prefix in reply.
Uses RTP.
Reply
If neighbor receives a query and has a loop-free route, a
reply packet will be sent back.
Once a reply is received, the originating router will add the
loop-free route as a successor.
If no reply, the prefix will be removed from topology table.
Stuck in Active (SIA)
When route goes active a query is initiated and waits to receive a
reply from every query it sent.
If no reply to query is received with the set time (3 minutes
default), it will go into the SIA state.
 Once active timer expires, neighbor relationship is reset.
EIGRP DUAL-3-SIA messages will be received when in this state
Packets
When active timer is half way through (90 seconds default),
an SIA Query packet is sent to its neighbors.
Each neighbor then must respond with an SIA Reply to
confirm its still searching for a replacement route.
If SIA Reply is received, the neighbor relationship will not be
terminated.
Can limit using stubs or summarization.
3.19
Authentication
IPv4
Only supports MD5
Key chain can consist of one or more authentication keys
Key name doesn't have to match, but key ID does
Configuration
(config)# key chain <name>
(config-keychain)# key <key ID>
(config-keychain-key)# key-string <passcode>
(config-keychain-key)# accept-lifetime <start> <stop>
(config-keychain-key)# send-lifetime <start> <end>
(config)# interface <interface>
(config-if)# ip authentication key-chain eigrp <AS>
<name>
(config-if)# ip authentication mode eigrp <AS> md5
Time based options configured under (config-
keychain-key)#
Accept-lifetime
Period in which the key can be received
Send-lifetime
 Period in which the key can be sent
Verification
show ip eigrp <AS> interface detail <interface>
show key chain
debug eigrp packet terse
IPv6
Configuration almost identical to ipv4 except for the use of
ipv6 instead of ip
Configuration
(config)# router eigrp <AS>
 (config-router)# eigrp router-id <RID>
(config-router)# network <ip-address [wildcard-mask]>
Verification
show ip eigrp neighbors [detail]
H = Order peering was formed
Address = IP address of peer
Interface = Interface peer is connected
Hold = Time to wait to hear from its neighbor before
declaring it unreachable
Uptime = Time since neighborship formed
 SRTT = Time required for router to send packet to neighbor
and receive acknowledgment
RTO = Retransmission timeout
Q = Number of packets waiting to be sent
Can indicate network congestion
show ip eigrp interface [detail]
show ip protocols
show ip eigrp topology
3.20
Stub
Stub options include
Summary route
Static route
Leak-map
Limits propagation of EIGRP queries
Good for slow, unreliable links
Avoids routes getting SIA
 By default, stub routers to not advertise updates received from its
peers
By default, will only advertise connected and summary routes
When router is configured as a stub, EIGRP adjacency needs to be
reestablished
Configuration
(config-router)# eigrp stub ?
By default, only connected and summary routes are
advertised
connected: Advertises connected routes matched by
network command
receive-only: Router is a receive-only neighbor
leak-map: Allows dynamic prefixes based on a leak
map
static: Advertises static routes
summary: Advertises manual/auto summarised routes
redistributed: Advertises redistributed routes from
other protocols and AS's
Verification
 show ip eigrp neighbors detail
 show ip route
 RT won't change with a stub, but only limits what
information to send to its neighbors
3.21
Information
 CEF supports per-packet and per-destination load balancing
 Equal Cost Load Balancing
o Default value is 4
o Maximum allowed paths generally 32
o Value of 1 disables load-balancing
o Configuration
 (config-router)# maximum-paths <#>
 Unequal Cost Load Balancing
o Disabled by default
o Traffic takes best path plus one or more suboptimal paths
o Only feasible successor routes are considered
 o Variance multiplier works by multiplying the Successor
Route’s RD by the variance. If the feasible successor’s FD is
less than the result, it will be used.
o Configuration
 (config-router)# variance <multiplier>
Verification
show ip protocols
show ip route
show ip eigrp topology
show ip eigrp topology <address/mask>
3.22
Metrics
Information
 By default only K1 and K3 are enabled
 Only K1 and K3 are enabled by default as these are
static values. K2 and K4 are dynamic and change over
time.
 Default: K1 = 1, K2 = 0, K3 = 1, K4 =0, K5 = 0
 Default calculation: metric = 256 * { [(10^7)/
minimum-bandwidth] + [cumulative-delay]}
 EIGRP uses the slowest bandwidth in the path and the
sum of delays.
K1 (Bandwidth)
 Least value of the bandwidth for all links between
local router and destination
 Can be changed using interface command
o (config-if)# bandwidth
 Doesn't change actual bandwidth of the interface, just
influence metric calculation
K2 (Load)
 Worst load on link between source and destination
(based on per-packet rate)
 Txload: Outgoing interface
 Rxload: Incoming interface
 Txload value will be used
  Value between 1 and 255
K3 (Delay)
 Cumulative interface delay of route on all links
between source and destination
 Can be changed using interface command
o (config-if)# delay
 Doesn't change actual delay of the interface, just
influence metric calculation
K4 (Reliability)
 Worst reliability between source and destination
(based on keepalives)
 255/255 is 100% and no issues on link
 If value decreases, link has issues
  Value between 1 and 255
K5 (MTU)
 MTU being exchanged between EIGRP neighbors
 Not used for the metric calculation
 Used when equal cost paths for same destination
exceed the number of allowed paths set from
maximum-paths command
Configuration
(config-if)# bandwidth <value>
(config-if)# delay <value>
(config-router)# metric weights {tos} <k1> <k2> <k3> <k4> <k5>
Verification
show interface <interface>
show ip protocols
3.23
EIGRP for IPv6
 Information
 Multicast is FF02::A
 No network command needed, enabled on individual
interface
 No auto-summarization
 Uses the neighbor’s link-local address as the next-hop
IP address
 Redistribution will not include connected networks
 Not using include-connected command
o Does not redistribute connected prefixes
o Does not affect adjacencies
  Authentication is IPv6 AH/ESP
Configuration
(config)# ipv6 unicast-routing
(config)# no ipv6 unicast-routing
Will remove all IPv6 protocols and routes
(config)# ipv6 router eigrp <AS>
(config-router)# eigrp router-id <rid>
(config-if)# ipv6 eigrp <AS>
 Set link-local
(config-if)# ipv6 address <link-local address> link-local
(config-if)# ipv6 bandwidth-percent eigrp <asn> <bandwidth-
percentage>
(config-if)# ipv6 hello-interval eigrp <asn> <seconds>
Verification
 show ipv6 route eigrp
 show ipv6 protocols
 show ipv6 eigrp neighbors
 show ipv6 eigrp interfaces details
 show ipv6 eigrp topology [all-links]
Named EIGRP
 Gather all EIGRP configuration in one place
 Helps eliminate configuration complexity
 Three Modes
1. Address Family
Configure general settings like RID, stub and network
command (for IPv4). You can configure multiple address-
families under one instance.
2. Address Family Interface
Configure interface settings such as timers, passive
interfaces, authentication and summary
 3. Address Family Topology
Configure settings that impact the topology table such
as variance, redistribution, and metrics
Configuration
IPv4
(config)# router eigrp <virtual-instance-name>
(config-router)# address-family ipv4 [multicast] [unicast] [vrf]
autonomous-system <ASN>
Address Family Mode example
(config-router-af)# network <network-address>
(config-router-af)# af-interface default | shutdown |
summary-address
(config-router-af)# topology base
(config-router-af-interface)# passive-interface
Family Interface Mode example
IPv6
(config-router)# address-family ipv6 [unicast] [vrf] autonomous-
system <ASN>
Verification
show ip|ipv6 eigrp neighbors
show ip|ipv6 eigrp topology
show ip|ipv6 route eigrp
show ip|ipv6 protocols
3.24
 General Theory
o OSPF header is 24-bytes
o Runs the Dijkstra algorithm on the LSDB
o OSPF process ID is locally significant
o IP protocol type 89
o Metric is cumulative cost of outgoing interfaces
o 224.0.0.5 is All Routers
o 224.0.0.6 is All DRs
o States
 Packet type is a 1-byte field in the OSPF header
 OSPF Packet Types
 Type 1 - Hello
 Multicast periodically to 224.0.0.5
  On broadcast/NBMA networks, used to elect
DR/BDR
 Must match for adjacency to form
o Area ID
o HelloInterval
o RouterDeadInterval
o Authentication
 Type 2 - Database Descriptor (DBD)
 Starts when adjacency is formed to synchronize
the LSDB
 Router summarizes LSDB with the DBD carrying
the LSA header
 LSA header contents
o Type of LSA
 o Link State ID
o Advertising router
o LSA sequence number
 If neighbor see the LSA has a more recent LSDB,
it requests the newer LSAs from its neighbor
 Master/slave relationship with the master
initiating the DB packet exchange
o Router with highest RID become master
 Contains outgoing interface MTU
o MTU must match for FULL adjacency to
be reached
 Type 3 - Link State Request (LSR)
 Sent to neighbors to request most recent
version parts of the database
  Contains
o Type of LSA requested
o Link state ID
o RID of requesting router
 Type 4 - Link State Update (LSU)
 Implement flooding of LSAs
 LSAs contained in the LSU
 Describes portion of the OSPF network
 Information in each LSA contains
o Routing
o Metric
o Topology
 Type 5 - Link State Acknowledgment (LSAck)
 Acknowledges the receipt of each LSA
3.25
States
 States (No DR)
 Requirements
o Hello/dead timers must match
o Not passive on connected interface
o Must be in same area
o RIDs are unique
o MTU must match
o Authentication must be passed
1. DOWN: no Hellos received; process not started.
2. INIT: detected Hello from neighbor but hasn't seen its own RID,
called ATTEMPT on on NBMA network.
3. 2-WAY: Route has need its own RID, matching parameters can be
compared, DR/BDR election takes place and end of this state.
4. EXSTART: initial sequence numbers will be decided for exchange,
router with highest RID will become master and will poll slave.
5. EXCHANGE: router will describe its LSDB by sending DBDs, LSA
header contains link-state type, advertising router, link cost, and
sequence number.
6. LOADING: finished information exchange, routers can send LSRs for
missing LSAs, neighbors respond with LSUs.
7. FULL: LSDB are identical and adjacencies have been formed.
 States (With DR)
 Overall process is similar as no DR
 Routers will exchange LSDB with DR/BDR only
  Router will be in FULL state with DR and 2-WAY state
with non-DR neighbors
Configuration
OSPF can be configured in the router process or on the interface
directly
Router Process Config
(config-if)# ip address <IP Address / Subnet>
(config)# router ospf <process ID>
(config-router)# network <IP Address / Subnet> area <area ID>
Interface Config
(config-if)# ip address <IP Address / Subnet>
(config-if)# ip ospf <process ID> area <area ID>
Neighbor Verification
show ip ospf neighbor
show ip ospf
show ip ospf database
show ip protocola
debug ip ospf packet
debug ip ospf hello
debug ip ospf adjacency
Authentication
Authenticates the source of each update
Authentication data field added to each OSPF packet
Methods
o Null (no authentication)
o Clear-text
o MD5
1. Configure key-id and keyword
(config-if)# ip ospf message-digest-key <key-id> md5
<keyword>
 2. Enable authentication
(config-if)# ip ospf authentication message-digest
(config-router)# area <area-id> authentication
message-digest
Verification
show ip ospf interface
SHA
Supported since 15.4(1)T
Configuration
Step 1
 # key chain <key-name>
 (keychain)# key <key-id>
 (keychain-key)# key-string <passcode>
 (keychain-key)# cryptographic-algorithm <algorithm>
o sha-1
o sha-256
o sha-384
o sha-512
o md5
Step 2
(config-if)# ip ospf authentication key-chain <key-name>
Verification
show key chain
show ip ospf interfce
show ip ospf nei
Interface settings takes precedence over router process settings
Can use different keys at same time for seamless rollover
OSPF updates will be sent using each key
IPv6
Uses IPsec
Authentication fields removed from header and require AH
and ESP for CIA
To use AH: ipv6 ospf authentication
To use ESP: ipv6 ospf encryption
3.26a
 Point-to-Point
o No DR/BDR election
o H=10, D=40
o Multicast to dynamically discover neighbors
o Default for serial/frame-relay links
o ip ospf network point-to-point
 Broadcast
o DR/BDR election
o H=10, D=40
o Multicast to dynamically discover neighbors
o ip ospf network broadcast
 Nonbroadcast
o More than two routers with no broadcast capability
 o DR/BR election
o H=30, D=120
o Static configuration for neighbors
o Used with ATM/FR neworks
o ip ospf network broadcast
 Point-to-Multipoint
o Logical connection of P2P links
o H=30, D=120
o No DR/BDR election
o Multicast to dynamically discover neighbors
 Point-to-Multipoint Nonbroadcast
o Similar point-to-multipoint but no dynamic neighbor
discovery
o No DR/BDR election
 o H=30, D=120
o ip ospf network point-to-multipoint non-broadcast
 Loopback
o Default type on loopback interfaces
3.26b
 LSA Types
 Intra-area Type
 Type 1 (Router LSA)
 Contains IP prefix of each directly connected
interface
 Four Types
o Point-to-Point
 Link ID: Neighbor RID
o Transit
 Link ID: IP address of DR
o Stub
 Link ID: IP network
 o Virtual Link
 Link ID: Neighbor RID
 Flooded within same area
 show ip ospf database router | self-originate
 Type 2 (Network LSA)
 Created for multi-access networks
 DR generates type 2 and floods to other routers
in same area
 Contains subnets and connected interfaces
 show ip ospf database network
 Interarea Type
 Type 3 (Network Summary)
 Generated by the ABR
 Contains prefixes from interarea routes
  Takes type 1 and 2 LSAs, generate a type 3 and
floods to adjoining areas
 Contains subnets and the cost to reach each
subnet
 show ip ospf database summary
 Type 4 (ASBR Summary)
 Generated by ABR bordering an area that
contains an ASBR
 Tells routers about the router that generated
the type 5 LSA
 Flooded into adjacent areas
 Created when ABR sees a type 1 LSA from an
ASBR with the ASBR bit set
 show ip ospf database asbr-summary
  Type 5 (AS External)
 Generated by ASBR
 Describes external prefix and gateway to reach
it
 Flooded into adjacent areas
 show ip ospf database external
 Type 7 (NSSA External)
 Created by ASBR inside a NSSA
 Flooded only within the NSSA
 Converted to a type 5 LSA when it reaches an ABR
 Area Types
o Backbone
 Area 0
 All areas must connect to the backbone
o Normal
 Non-backbone area
 LSDB can contain internal and external routes
 Can contain LSA types 1 through 5
o Transit
o Stub
 Contain LSAs type 1 and 2 from within same area
 Received type 3 LSAs from other areas
 Has default route to reach external network
 Does not allow type 4 or 5 LSAs
 (config-router)# area <#> stub
o Totally Stub
 Contains only type 1 and 2 LSAs
 ASBR will filter type 3 LSAs
  Does not allow type 3, 4 or 5 LSAs
 ABR injects default summary link 0.0.0.0
 Router picks closest ABR as gateway
 (config-router)# area <#> stub no-smmary
o NSSA
 Injects eternal prefixes into OSPF routing domain
 Allows ASBR to advertise external links to ABR
 Type 5 not allowed in
 ABR converts type 7 LSA to a type 5 LSA and floods to
rest of OSPF area
 ABR won't inject default route into an NSSA unless
told to
 (config-router)# area <#> nssa
o Totally NSSA
 Same a NSSA but has a default route
 (config-router)# area <#> nssa no-summary
3.26c
 Internal Router
o All interfaces are in a single area
 Backbone Router
o At least one interface is connected to the backbone area
 ABR
o Has interfaces connected to at least two different OSPF
areas
o Contains LSDB information for each area
 ASBR
o At least one interface connected to an OSPF area and at
least one interface connected to an external non-OSPF
domain
3.26d
 Virtual Links
 Allows discontiguous area 0s to be connected
 Join an area not directly connected to area 0 to area 0 by crossing
a transit area
 Should not be used as a primary design feature
 Transit area can't be a stub area
 Configured on both ABRs
 Needs a stable underlying intra-area
 DoNotAge (DNA) option is set so LSA does not age out
 Configuration
o (config-router)# area <#> virtual-link <remote rid>
{optional commands}
o Optional commands
 authentication
 message-digest
 null
 hello-interval
 retransmit-interval
 transmit-delay
 dead-interval
 authenticaton-key
 message-digest-key <key-id> md5 <key>
3.27
 Preferred Paths
o Intra-Area (O)
o Inter-Area (O IA)
o External Type 1 (E1)
o NSSA Type 1 (N1)
o External Type 2 (E2)
o NSSA Type 2 (N2)
 Lowest cost path is selected as best path and is calculated
automatically for each intrface
o Cost = Ref BW / Interface BW
o Cost can be between 1 and 65,535
o Default Ref BW is 100Mbps
 Reference BW
 o Not suitable for links faster than Fa
o To adjust ref BW
 (config-router)# auto-cost reference-bandwidth
o Should be consistent across OSPF domain
 Default Costs
o T1 = 64
o Ethernet = 10
o Fa = 1
o Ge = 1
o 10 Ge = 1
 Influencing Cost
o Change ref BW
o For specific interface, use bandwidth command
 Will affect all protocols, not just OSPF
  Verify using show interface command
o Direct change cost on interface
 (config-if)# ip ospf cost <value>
 Will override calculated cost
 Verify using show ip ospf interface brief
 Intra-Area Routes
o For each route, sum up individual interface costs
o Lowest cost selected as best route
o If lowest are same (equal), equal-cost load-balancing is used
 Interarea Route
o Type 3 LSA sent from ABR includes lowest cost to reach a
subnet
o Internal router adds its cost to announced type 3 and selects
route with lowest cost
3.28
DR/BDR
 Makes network convergence faster
 DROthers are routers that are neither DR/BDR
 OSPF interface with priority 1 or greater can participate. Priority 0
will disqualify router from participating.
 DR/BDR election
 Highest interface priority
 If priority tie, highest RID
 Boot order can affect DR/BDR election
RID Selection
1. RID command
 2. Highest address on active loopback
3. Highest address on interface
Sequence numbers
If same: ignore LSA
If lower: ignore update, send LSU
If higher: add LSA to LSDB, send LSAck, flood LSA
3.29
General
Defined in RFC5340
Periodic reflooding every 30 minutes
RID is in IPv4 format
Same timers, network types, and neighbor states
Uses IPsec for authentication
For NBMA networks, must specify the peer
(config-if)# ipv6 ospf neighbor <neighbor-link-local>
With address-family option, adjacencies established for each family
 Passive interface peer address family
Can control load-balancing in IPv6 address family
maximum-paths <number-of-paths>
Enable in global
(config)# ipv6 unicast-routing
LSA Types
Type 1 and 2 don't carry prefixes
Type 3 renamed to inter-area prefix LSA
Type 4 renamed to inter-area router LSA and still generated by the
ASBR
 Type 8 (Link LSA) advertises IPv6 link-local addresses
Type 9 (Intra-area Prefix LSA) carries the prefix information
Multicast Addressing
All OSPF Routers: FF02::5
All DRs: FF02::6
Traditional Config
(config)# ipv6 unicast-routing
(config)# ipv6 router ospf <process-id>
(config-router)# router-id <rid>
(config)# interface <interface-id>
(config-if)# ipv6 ospf <process-id> area <area-id>
Address Family Config
(config)# router ospfv3 <process-id>
(config-router)# router-id
(config-router)# address-family [ipv4|ipv6] unicast
(config)# interface fa0/1
(config-if)#ospfv3 <process-id> ipv4 area <area-id>
(config-if)#ospfv3 <process-id> ipv6 area <area-id>
Verification
show ipv6 route
show ipv6 protocols
show ipv6 ospf
show ipv6 ospf neighbors
show ipv6 ospf database
show ipv6 ospf interfaces [brief]
3.30
 Fundamentals
o TCP/179
o Public AS: 1 to 64,511
o Private AS: 64,512 to 65,534
o Path selection uses both path attributes and locally
significant parameters.
o IGP over incomplete routes.
o Full BGP table only sent once, then incremental updates
afterwards.
o eBGP: AD of 20
o iBGP: AD of 200
o BGP Table
  Keeps a neighbor tables with which it has a BGP
connection.
 Best routes from BGP table put into routing
table.
o Requirements
 eBGP
 Neighbors must be in different AS's
 TCP session must be established
 Neighbors must be directly connected
 Static/default route to each peer
 Authentication must match
 Different RID's
 iBGP
 Neighbors have same AS
  TCP session must be established
 Neighbors must be reachable (can use an IGP
for this)
o Transit AS
 Typically ISP's
 All routers must have complete knowledge of
external routes
o Non-Transit AS
 Generally organisations with multi-homed ISP's
 Don't pass routes between ISP's
 BGP routers in AS still require knowledge of all
BGP routes
o iBGP Information
 TCP can't use multicast or broadcast therefore
BGP can't.
 To prevent loops, routes learned through iBGP
are never propagated to other iBGP peers.
 iBGP neighbors that receive updates don't send
them to other iBGP neighbors.
 Sending iBGP updates is responsibility of router
with first hand knowledge on the network
behind the AS.
 Must be fully meshed networks. If not route
reflectors can be used.
 Path selection uniform across AS.
o BGP Session Reset
 Hard
o clear ip bgp *
o clear ip bgp [neighbor-address]
 Soft
o clear ip bgp {* | neighbor-address} out
o clear ip bgp {* | neighbor-address} in
3.30a
 Peer Group
o Information
 Neighbors with same update policies can be
grouped into peer groups
 Simplified configuration and improved
performance
 Policies of a peer group similar to a template
 Members inherit all peer group configuration
 Options that affect inbound updates can be
overridden
 Updates generated once per peer group
 TCP transmission still done once per neighbor
  IOS assigns peer group leader that will generate
the update
 Scenarios
o iBGP
o ISP with multiple customers
 Configuration
o Configuration can include
 update-source
 next-hop-self
 Authentication
 Filtering
o Configuration example
 (config)# router bgp <asn>
 (config-router)# neighbor <peer-group-name> peer-
group
 (config-router)# neighbor <peer-group-name>
<setting>
 (config-router)# neighbor <peer-group-name> route-
map <route-map> [out|in]
 (config-router)# neighbor <ip-address> peer-group
<peer-group-name>
 (config-router)# neighbor <ip-address> peer-group
<peer-group-name>
 clear ip bgp peer-group <peer-group-name>
3.30b
 Active
 Active router (higher IP) starts new TCP connection with
its peer.
 Passive
 Passive router (lower IP) listens for new connection.
 Configuration
 (config-router)# neighbor <peer-ip-address> transport
connection-mode [active|passive]
3.30c
 Message Types
 Open:
 Sent once TCP 3-way handshake is completed
 Establishes neighborship and allows the exchange
of update, keepalive, and notification messages.
 Open message includes:
o Version (Must Match)
o Senders ASN
o Hold Time
o Local BGP RID
o Optional Parameters
 Keepalive:
 Ensure connection is alive between peers.
 If hold-time is 0, periodic keepalives not sent.
 Every 60 seconds by default.
 Update:
 Advertises feasible routes, withdrawn routes, or
both.
 Path attributes which describe the characteristics
of the advertised path.
 Network Layer Reachability Information (NLRI) that
contains a list of IP address prefixes for advertised
routes.
  Notification:
 Sent when BGP router detects an error condition.
 Contains:
 Error Code
 Error Subcode
 Data Related to Error
 States
 Idle:
 BGP router tries to initiate a TCP connection with a
peer.
 Listens for incoming connection from that peer.
 Also if process in administratively down.
 Connect:
  Wait for TCP connection with peer to be complete
(three-way handshake).
 Router with highest IP address manages the
connection.
 Active:
 Active router (higher IP) starts new TCP connection
with its peer.
 Passive router (lower IP) listens for new
connection.
 Listens for incoming connections in case the
remote BGP neighbor tries to establish a
connection.
 OpenSent:
 Both routers perform sanity checks (incorrect
version numbers, wrong AS number, etc.). Will
respond with a notification message and return to
Idle state.
 If checks don't pass, routers move back to Idle
state.
 BGP waits for an Open message from the remote
BGP neighbor.
 If everything is OK then BGP starts sending
keepalive messages.
 Hold time is negotiated (lowest value is picked).
 OpenConfirm:
 Each router waits to receive a keepalive.
 Keepalive: 60 seconds by default.
 BGP will keep sending keepalive messages.
 If a notification message from the remote BGP
neighbor is received, then fall back to Idle state.
 Established:
 Neighbor adjacency is complete.
 Peers exchange updates.
 If keepalive or update message received, hold
timer will be reset.
 If notification message is received, go back to Idle
state.
 Troubleshooting
 Idle state when neighbor remote-as command
used. If route found, goes to connect state.
 Open message sent to neighbor. If no response in 5
seconds, go to active state. If a response, go to
open confirm state.
 When paths to neighbors have been found, go to
established state.
 If toggle between Idle and Active, ASN may be
misconfigured.
 Idle State
 Ensure neighbor announces route in its local
routing protocol (IGP) for iBGP neighbors.
  Verify correct IP address in neighbor
statment.
 Active State
 Open pack sent but no response.
 Neighbor may have no return route to
source IP address.
 No neighbor statement peering back or peer
has wrong IP address.
 Timers
 Keepalive & Hold-Time
 Keepalive
 Ensure connection is alive between peers.
 If hold-time is 0, periodic keepalives not
sent.
  Every 60 seconds by default.
 Hold-Time
 Advertised in open messages.
 If no message received within hold-time,
BGP connection is dropped.
 3 times the keepalive = 180 seconds.
 BGP hold-time value can be zero and implies
that the speaker does not expect keepalive
messages from its peer to maintain the BGP
session
 Advertisement Interval
 Default advertisement interval is 30 seconds for
eBGP peers and 0 seconds for iBGP peers.
 Helps maintain stable routing table.
3.30
Configuration
eBGP
(config)# router bgp <asn>
(config-router)# neighbor <peer-ip-address> remote-as <peer-asn>
iBGP
(config)# router bgp <asn>
(config-router)# neighbor <peer-ip-address> remote-as <peer-asn>
Verification
show ip bgp summary
show ip bgp neighbor <ip-address>
Authentication
Authenticate the source of each routing update packet received.
MD5 hash stored in TCP option 19.
Same password on both peers.
Can update password on existing session if completed in session
timeout window (default is 180 seconds).
Configuration
(config)# router bgp 65000
(config-router)# neighbor 172.16.12.2 remote-as 65000
(config-router)# neighbor 172.16.12password cisco
Verification
show ip bgp summary
3.31
3.31a
o Information
 Routers are usually directly connected to each other.
 Routers must pass three-way handshake.
 Neighbor must be reachable without using an IGP.
 Only on BGP instance at a time on any router.
 eBGP relationship must span a maximum of one hop by default.
 For session resilience, can use loopback as long as it's in the
routing table.
o Configuration
 Basic
 (config)# router bgp <asn>
  (config-router)# bgp router-id <rid>
 (config-router)# neighbor <ip-address> remote-as
<remote-asn>
o Advertising
 (config-router)# network <ip-address> mask <mask>
 Injects route into BGP table
 Indicates which networks should originate from
this router
 Must include all networks in the AS
 If no mask, classful network will be used
 For exact match, can configure CIDR block towards
Null0
o Next-Hop-Self
 (config-router)# neighbor <ip-address> next-hop-self
  Allows the router to advertise it’s connected
interface as the next hop address for all routes to
the neighbor
 Not enabled by defauly
o Update-Source
 (config-router)# neighbor <ip-address> update-source
<interface>
 Must be used on both routers
 If used with next-hop-self, specified interface will
also use next-hop address
 Common to use loopback as update source
o eBGP Multihop
 (config-router)#neighbor <ip-address> ebgp-multihop
[ttl]
  Use if neighbors aren't directly adjacent
 Increase the default of one hop
 Will allow routes to eBGP loopback address
o Verification
 show ip bgp summary
 Table version increases as BGP table changes
 Routing table has latest version of BGP database
 show ip bgp summary
 Verify that BGP sessions are up and established
 show ip bgp neighbors <ip-address>
 Information about TCP sessions and BGP parameters
 show ip bgp neighbors <ip-address> received-routes
 show ip bgp neighbors <ip-address> routes
 show ip bgp neighbors <ip-address> advertised-routes
3.31b
AS Numbers
0 = Reserved
1-64,495 = Public AS Numbers
64,496–64,511 = Reserved for Documentation
64,512 65,534 = Private AS Numbers
65,535 = Reserved
Information
Public AS Number is required only when an AS is exchanging
routing information with other Autonomous Systems on the public
Internet.
3.31c
Private AS
64,512 65,534 = Private AS Numbers
Information
Should be used if an AS is only required to communicate via Border
Gateway Protocol with a single provider
3.31
 MP-BGP
o IPv6 Extensions Include
 New identifier for IPv6 address family
 Scoped addresses
 Next-hop attribute and NLRI expressed as IPv6
addresses
o Two Separate Protocols
 Carrier protocol
 Passenger protocol
o IPv6 over IPv4
 IPv4 TCP sessions can carry IPv6 routing
information
  Common address families
o IPv4
o IPv6
o VPNv4
o VPNv6
 In IPv6 address family, neighbor needs to be
activated
 network command injects prefix into BGP
database for specified address family
o IPv6 over IPv6
 No IPv4 address configured
 Must manually set RID
o bgp router-id <rid>
o Configuration Example
 router bgp 65000
 address-family ipv6 unicast
 neighbor <address> activate
 network <address/prefix>
o Verification
 show bgp ipv4 unicast [summary]
 show bgp ipv6 unicast [summary]
3.32
o Attribute Information
o Update messages contain NLRI (list of prefixes) and path
attributes.
o Attributes determine best path.
o Attributes contain three fields
 Attribute Type
 1st Bit: optional or well-known
 2nd Bit: optional (transitive or
nontransitive)
 3rd Bit: Transitive (partial or complete)
 Attribute Length
 Attribute Value
o Categories
 Well-Known
 Mandatory
o Must appear in all update
messages
o AS-Path, Next-Hop, Origin
 Discretionary
o Must be recognised but does not
need to be present in update
message
o Local Preference
 Optional
 Transitive
 May or may not be recognised, but
will be passed on
 If not recognised, mark attribute as
partial
 Aggregator, Community
 Nontransitive
 May or may not be recognised, but
not passed on
 If not implemented, will be deleted
 MED
o Attributes
 Next-Hop
 Well-known mandatory
 For eBGP, next-hop changed by
advertising router
 For iBGP, next-hop not changed
 Weight
 Cisco proprietary
 Local to router
 Highest weight preferred
 Not exchanged between BGP routers
 Value from 0 to 65,535
 Default values for local routes is 32,768
  Applies when one router has multiple exit
points
 (config-router)# neighbor <ip-address>
weight <weight>
 Local Preference
 Well-known discretionary
 Used to choose outbound external path
 Sent to all iBGP routers in AS
 Noe exchanged with eBGP
 Default value of 100
 Highest local preference is preferred
 Originate
 Can get a path in BGP table with network
command, aggregation, or redistribution
  Route injected by local router
 Will show next-hop of 0.0.0.0
 AS Path
 Well-known mandatory
 Prefer shortest AS path to destination
 When update passes through an AS, the
ASN is prepended to that update
 Can manipulate using AS path prepending
 If router receives route with own ASN as
a part of the attribute, it won't accept the
route
 Only used by routers advertising to eBGP
neighbors
 Origin Code
 Well-known mandatory
 Prefer lowest origin code
 Three Values
 IGP (i) wll be seen when the
network command is used
 EGP (e) is not support on the
Internet as it only performs classful
routing
 Incomplete (?) where origin is
unknown or learned by other
means such as redistribution
 Multi Exit Discriminator (MED)
 Optional nontransitive
 Also called metric
 Lowest MED is preferred
 Indicates to external neighbors the
preferred path into an AS
 Exchanged between AS's
 Propagated to all routers within neighbor
AS but not to any other AS
 Influences inbound traffic
 eBGP Over iBGP Paths
 Shortest IGP Path to BGP Next-Hop
 Within AS
 Lowest IP metric
 Tie-Breakers
 Oldest path (route that was received first)
 Lowest BGP neighbor RID
 Lowest neighbor IP address
 Communities
 Optional transitive
 One way to filter incoming and outgoing
messages
 Tag routes with an indicator (the
community)
 Used for destinations (routes) that share
common policies
 Communities dropped by default
o Selection Process
 Next-hop is reachable
 Route with highest weight
 Highest local preference
 Originated by local router
 Shortest AS path
 Lowest origin code (IGP < EGP < Incomplete)
 Lowest MED
 External paths over internal paths
 For iBGP, prefer path through closest IGP neighbor
 For eBGP, select oldest route
 Router with lowest neighbor RID
 Router with lowest neighbor IP address
o Path Selection Configuration
 Weight
 Must perform hard/soft reset
 (config-router)# neighbor <ip-address> weight <weight>
 Local Preference
 Must perform hard/soft reset
 Shared within AS
 Default value 100
 Only best path exchanged
 (config-router)# bgp default local-preference <value>
 AS-Path
 Can influence incoming traffic by sending eBGP updates
with extended AS-path attribute
 Configured using route map
 set as-path prepend