Cisco Net Workers - Deploying Interior Gateway Protocols (2007)

TECRST-2021
13881_06_2007_c1 © 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 1
Deploying Interior
Gateway Protocols
TECRST-2021
TECRST-2021
Deploying Interior Gateway Protocols
 Design Theory
 Working with Addressing and Summarization
 Working with Hierarchy
 Working with Topologies
 Working with Redistribution
 Transitioning Routing Protocols
 BGP
TECRST-2021
Design Theory
TECRST-2021
Design Theory
 Design Goals
 Resiliency
 Simplicity
 Functional Separation
 Hiding Reachability
 Hiding Topology
 Virtualization
TECRST-2021
―… a reliable network delivers virtually every packet
accepted by the network, to the right destination,
within a reasonable amount of time…‖
Optimal Routing Design

Cisco Press®
TECRST-2021
Design Goals
 Networks deliver packets! Deliver
Packets
A network is judged on its
ability to support applications
Adjust to Real World Changes
All the other elements of
network design support this
Device Failure Business Changes
single goal
 The three primary goals: Redundancy High Availability Scaling
Resiliency (Reliability)
Reduced Downtime
Simplicity
Fast Recovery Fast Troubleshooting
Functional Separation
Simplicity
TECRST-2021
Design Goals
 Another view of network design is
Network
to determine why networks fail Failure
 Device failure, resolved through:

Resiliency
Device Failure Feedback Loops
High availability techniques
Redundancy High Availability
 Negative feedback loops,
resolved through:
Reduced Downtime
Simplicity
Fast Recovery Fast Troubleshooting
 The Same Goals!
Resiliency Simplicity
Simplicity
Functional Separation Functional Separation
TECRST-2021
Notes on OPEX
 Operational Expenses are directly tied to:

Day to day costs of running the network
The costs of downtime
 Do these network design principles impact

operational expenses?
TECRST-2021
Notes on OPEX
 Resiliency
Manages the costs of downtime
 Simplicity
Manages the costs of monitoring and changing the network
 Functional Separation
Manages the costs of monitoring and changing the network
TECRST-2021
Design Goals
 Provides alternate paths to route
around failures
 Easier to grasp and troubleshoot

 Simplify configurations, reducing
Resiliency
human error
Simplicity  Downtime includes
Functional troubleshooting time
Separation
 Enables simplified configurations
 Allows complexity in one part of
the network to be hidden from
other parts of the network
 Divide and conquer
TECRST-2021
Resiliency
 Resiliency is the ability of the network to adjust

to changing conditions
 Two dimensions
How many packets inserted at the edge of the network
do not make it to their destination?
How long is it between unplanned network failures, and
how long does it take to fix the network when it‘s broken?
 In general: Avoid Brittleness!
TECRST-2021
Resiliency
What Are You Planning For?
Yes Severe Weather with Local Power Failure? No

No Football Playoffs? Yes
Yes Beginning of School? Yes
Yes Spring Break? No
The Worst Case or the Common Case?
TECRST-2021
Resiliency
Statistical Analysis
It‘s Important to Understand:
 Mean Time Between Failures (MTBF)
How long the device or system runs before failing
 Mean Time To Repair (MTTR)

How long it takes to repair the device or system after a failure
 Uptime, or Reliability
How many ―9‘s‖
Total Time/(MTBF+MTTR)
TECRST-2021
Resiliency
 Break failure domains apart
 A single failure impacts
less of the network
 Improves Troubleshooting
Troubleshooting is split and test
Splitting the failure domain presplits
the troubleshooting domains
Decreases MTTR
TECRST-2021
Resiliency
Redundancy
 The simplest path to increased
resiliency is adding redundancy... A
 Not so fast!
 Resiliency must be balanced
against simplicity and
functional separation
 Redundancy doesn‘t always
add resiliency B
10.1.1.0/24
TECRST-2021
Resiliency
 There are other resilient techniques besides redundancy

High availability
Fast convergence
TECRST-2021
―Could I explain this at 2AM to a TAC Engineer
who lives halfway across the world?‖
The 2AM Rule of Thumb
TECRST-2021
Simplicity
Simplicity Encompasses:
 Network Design
Covered throughout the remainder of this presentation
 Management Simplicity
 Configuration Simplicity
TECRST-2021
Simplicity
Configuration Simplicity
 Choose the simplest configuration that will do the job
 Choose the easier configuration to change in the future
 Choose the configuration that contains the intent
 Examples
Use prefix lists for route filtering, rather than access lists
Use tags for filtering redistributed routes, rather than
building a long list of networks
TECRST-2021
Simplicity
 OSPF Network hub_router#show run
....
 Install new router... interface s0/0
ip address 10.1.1.100 255.255.255.0
Examine configuration ....
of hub router
Examine configuration spoke_router#show run
of existing spoke router ....
interface s0/0
Configure new router ip address 10.1.1.200 255.255.255.0
Connect to network ....
Network breaks!
new_router#show run
Why? ....
interface s0/0
ip address 10.1.1.80 255.255.255.0
....
TECRST-2021
Simplicity
 Why were the interface IP hub_router#show run
....
addresses set up this way? interface s0/0
The interface isn‘t a point-to- ip address 10.1.1.100 255.255.255.0
point, so it must be a multipoint ....
The DR must be the spoke_router#show run

hub router... ....
interface s0/0
What ensures this? The
ip address 10.1.1.200 255.255.255.0
interface IP addresses! ....
 This is not obvious!
new_router#show run
A specific control is
....
buried under a normal interface s0/0
looking configuration ip address 10.1.1.80 255.255.255.0
....
TECRST-2021
Simplicity
 What if we use the OSPF hub_router#show run
....
interface priority, instead? interface s0/0
The reason for the ip address 10.1.1.100 255.255.255.0
ip ospf priority 240
configuration directly
....
relates to what the
configuration does spoke_router#show run
This makes network ....
maintenance simpler interface s0/0
ip address 10.1.1.200 255.255.255.0
 Rules of thumb: ip ospf priority 0
....
Apply the most obvious
configuration possible
new_router#show run
Apply the configuration as ....
interface s0/0
close to the point of control ip address 10.1.1.80 255.255.255.0
as possible ip ospf priority 0
....
TECRST-2021
 Allows us to hide information
 Allows us to break the network into multiple failure domains
The amount of separation between the failure domains depends on
the the strength of the separation
Watch out for fate sharing (should cover this later in the presentation)
 Two Types:
Hierarchy
Virtualization
 Can be mixed/blended
 Many grey areas between these
TECRST-2021
 Going back to our design goals

 Redundancy (Resiliency)
Breaking the network up into smaller pieces allows us
to design, understand, and troubleshoot smaller pieces
This adds to the resiliency of the network
 Simplicity
Breaking the network up into smaller pieces allows us
to break a single large problem into a number of smaller,
simpler problems
TECRST-2021
What Do We Gain by Hiding Information?

 Improved Stability
 Improved Convergence
A tradeoff
Some types of information hiding cost more, in processing time,
than the cost of computing across the information in the first place
Essentially, try to hide the right amounts of information in the
right places...
 Apparent Simplicity
A tradeoff
Sometimes, the cost of overall complexity is higher than the offsets
in increased simplicity in one specific area or topology
TECRST-2021
Two Directions
Topological
 Divide the network along
topological ―choke points‖
 Aggregate reachability Distribution Core
information Aggregation
 Aggregate topology
information
Access
 Aggregate traffic flows
TECRST-2021
Two Directions
Logical
 Divide the network into
multiple topologies
 Divide topology information
between topologies
 Leak minimal information
between topologies
 The most common
implementation
Split ―outside routes‖ from ―next
hop routes‖
Advertise in two different routing
protocols, an EGP and an IGP
TECRST-2021
Hiding Reachability
 IP addressing is built around A .2
the concept of summarizing .1
reachability information .3
192.168.1.0/29
192.168.1.1
 A doesn‘t advertise each of 192.168.1.2
.4
the host addresses attached 192.168.1.3

192.168.1.4 .5
to its interface, but rather a 192.168.1.5
192.168.1.6 .6
range of addresses, or a
network address
192.168.1.0/29
TECRST-2021
Hiding Reachability
 In the same way, summarizing .2
multiple networks into one .1
advertisement just increases .3
the scope of reachable hosts
192.168.1.0/29
.4
 192.168.1.0/29 and .5
192.168.1.8/29 can be
.6
aggregated (summarized)
192.168.1.0/28
to one advertisement,
192.168.1.0/28
.2
.1
 To routers and devices .3
beyond the summarization
192.168.1.8/29
point, all the hosts from .4
192.168.1.0 through A .5
192.168.1.15 are
.6
reachable through A
TECRST-2021
Hiding Reachability
 Seen from the binary
24 bits
perspective, as you make 28 destinations
the prefix length shorter,
(192.168).00000001.00000000
you move the network/host
separation line to the left (192.168).00000010.00000000
 As you move the red line to
the left, you encompass more (192.168).00000011.00000000
reachable destinations in the

same advertisement, but you
have fewer advertisements
210 destinations
(192.168).00000000.00000000
22 bits
TECRST-2021
Hiding Reachability
 192.168.1.0/24,
192.168.2.0/24, and 192.168.0.0/22
192.168.3.0/24 can 1 network
be advertised as 1024 addresses
192.168.0.0/22
3 networks
 Rather than three 255 addresses each
networks, each with
255 addresses (253
hosts), A advertises
a single network,
with 1024 addresses 192.168.1.0/24
192.168.2.0/24
192.168.3.0/24
253 hosts
TECRST-2021
Hiding Reachability
 Address summarization also Summary doesn‘t
hides changes in the network change!
 Even if the link between A and 192.168.0.0/22

C fails, A can still advertise the
192.168.0.0/22 address space
(as long as 192.168.2.0/24 isn‘t A
reachable via some other path)

 Routers beyond A don‘t need to
know about the reachability or D
topology change C
B 192.168.1.0/24
192.168.2.0/24
192.168.3.0/24
TECRST-2021
Hiding Reachability
Assessing the Impact
 One way of looking at hierarchical design is to
determine the difference summarization makes
statistically
 If we know the rate at which prefixes change state
within a network, we can predict how many state
changes any given router will need to adjust to in a
given time period
 For instance suppose we know the average prefix will
change once every month. What impact will this have
on a large network?
TECRST-2021
Hiding Reachability
 1000 routes each failing
once/month means 4100/30
= 136.7 state changes per day
1000 routes 1000 routes
in the core of this network
 Summarizing each 1000 route
area into 100 routes reduces
4000+100 routes
the core to 500, rather than
400+100 routes
4100, routes
 Summarization hides individual
route changes, so we are 1000 routes 1000 routes
down to 100/30 = 3.3 state
changes per day
TECRST-2021
Hiding Topology
 Topology information A is connected to B
describes how devices A is connected to C
B is connected to D
are interconnected in C is connected to D
the network D is connected to
10.1.1.0/24
 While topology information C is connected to
10.1.2.0/24
is useful, we‘d like to hide A B is connected to
this information at some 10.1.2.0/24
point in the network B
 Hiding topology information C
reduces the amount of data

routers need to process
when converging
D
10.1.1.0/24
TECRST-2021
Hiding Topology
 Hiding topology information A B
also hides information about
changes in the topology C
Hide C can reach
 C advertises reachability to topology 10.1.1.0/24, and
here I‘m connected to
10.1.1.0/24 C!
If the F to G link fails, C can still
reach 10.1.1.0/24 (although the D
metric might change)
If B can still use C to reach
10.1.1.0/24, does B need to know E F
about the F to G link failure?
No!
G
10.1.1.0/24
TECRST-2021
Virtualization
xxx yyy
 Virtualization is placing two
apparently separate resources
on top of a single resource Silver Gold
If every application stream over

every IP pair over every logical 100 101
subnet had its own physical path, TCP/IP Sessions
there would be no virtualization
Red Blue
 Virtualization is an extremely Virtual Topologies
powerful tool
It allows multiple logical topologies 802.1q VLANs
to reside on a single underlying
topology or network
DWDM over fiber
TECRST-2021
Virtualization
xxx yyy
 Virtualization always
introduces fate sharing
Silver Gold
 If an underlying topology, or
network, fails, all overlaying 100 101
topologies fail as well
TCP/IP Sessions
 This is fate sharing Red Blue
Virtual Topologies
 Fate sharing makes
virtualization complex to
design and troubleshoot 802.1q VLANs
The more ―global‖ the

virtualization, the more DWDM over fiber
added complexity
TECRST-2021
Virtualization
Control Plane Only
EGP (BGP) over IGP (EIGRP,  Separates control plane Fairly simple to implement
OSPF, or IS-IS) information into internal and deploy
and external
Data Plane Only

L3 Tunneling (most  Multiple forwarding tables Moderately simple to
implementations), including with a single routing protocol implement and deploy
L3VPNs database (or instance)
L2VPNs  Multiple virtual Layer 2 Moderately simple to

networks on top of a single implement and deploy
IP network
 Multiple routing and
forwarding tables
Virtual Networks  Such as MTR Difficult to implement
and deploy
 Multiple virtual topologies on
a single IP infrastructure
 Multiple routing and
forwarding tables
TECRST-2021
Working with
Addressing and
Summarization
TECRST-2021
Addressing and Summarization
 Address Allocation
 Summary Metrics
 Aggregation Issues
 Aggregation Techniques
TECRST-2021
Address Allocation
 A hierarchical topology isn‘t
enough to hide reachability
information—the way the
addressing is laid out in the Can‘t
network is also critical I asked summarize here
second!
There are several possible
methods you can use to assign
addresses within a network
 Allocating addresses as
they are requested is a 10.1.2.0/24
common method
This only creates summarization 10.1.3.0/24
points if you happen to get I asked 10.1.1.0/24
address allocation requests first!
that coincide with the topology I asked
of the network third!
TECRST-2021
Address Allocation
 Assigning addresses based
on the political structure Can‘t
of the organization is summarize
another method here
10.1.x.x is marketing
10.2.x.x is sales
 This only creates

summarization points if
the political structure of
the corporation follows
10.2.1.0/24
the logical topology of
the network 10.1.1.0/24
10.2.3.0/24
10.2.2.0/24
10.1.3.0/24
10.1.2.0/24
TECRST-2021
Address Allocation
 Assigning address by the Can‘t
geographic location of summarize here
the device or network is
also common
10.1.0.0/16 is Nevada
10.2.0.0/16 is California
 This only creates Nevada

summarization points
if the topological and
geographical layouts 10.1.1.0/24 10.1.2.0/24 10.2.1.0/24
of the network coincide,
which isn‘t always
the case California
10.2.2.0/24
TECRST-2021
Address Allocation
 Addressing needs to follow
the network topology to
create summarization points
Nevada
 Any scheme will create
summarization points as 10.1.1.0/24 10.1.2.0/24 10.2.1.0/24
long address allocation

happens to follow the California
network topology 10.2.2.0/24
10.2.1.0/24
 But, it‘s best just to use 10.1.1.0/24
topological addressing 10.2.2.0/24
10.2.3.0/24
10.1.3.0/24
from the start 10.1.2.0/24
Creates summarization points

Allows flexibility in moving 10.1.2.0/24
sections of a network from
10.1.3.0/24
one place to another (moving 10.1.1.0/24
connections to network regions)
TECRST-2021
Address Allocation
 Start with a very large
address space
Summarization always
wastes address; this is a
natural consequence of 10.1.0.0/16
hiding reachablity 10.3.0.0/16
You could use private 10.2.0.0/16

address space
It might be possible to gain
huge summarizable address
spaces by deploying IPv6 in 10.1.1.0/24
the future
10.1.2.0/24
 Try to balance between 10.3.1.0/24
Conserving address space 10.2.1.0/24
10.3.2.0/24
Providing room to grow without 10.2.2.0/24
breaking summarization
TECRST-2021
Address Allocation
/31 on point-
 Several techniques can be to-point
used to conserve address
space, where needed
 Use /31‘s on point-to-point
10.1.0.0/16
links to conserve 10.3.0.0/16
address space 10.2.0.0/16
Avoid IP unnumbered, for
management reasons—you
can‘t reach the remote
device if the remote link fails
10.1.1.0/24
 Don‘t be frightened of
10.1.2.0/24
odd length masks where
10.3.1.0/24
it makes sense  10.2.1.0/24
10.3.2.0/24
10.2.2.0/24
TECRST-2021
Summary Metrics
 In all interior gateway 10.1.0.0/23
Cost 20
protocols, the summary A
10.2.0.0/23
metric is dependant on Cost 20
the metrics of the components
 The metric of the highest or
lowest cost component route is
B
chosen as the summary metric C
Cost 10
Cost 20
10.1.0.0/24
10.1.1.0/24
Cost 10
Cost 20
10.2.1.0/24
10.2.0.0/24
TECRST-2021
Summary Metrics
 If the component the metric 10.1.0.0/23
Cost 10
20
was taken from flaps, the A
10.2.0.0/23
summary flaps as well! Cost 20
 You‘re using the summary to

hide reachability information,
but it‘s passing metric
B
information through, and the C
routers beyond the summary
are still working to keep up
Cost 10
Cost 20
10.1.0.0/24
10.1.1.0/24
with the changes
Cost 10
Cost 20
10.2.1.0/24
10.2.0.0/24
TECRST-2021
Summary Metrics
 EIGRP takes its summary metric from the component

route with the smallest metric
 OSPF takes its summary cost from the component
route with the smallest metric
If no compatible rfc1583 is configured, in which case the cost
from the component with the largest cost is used
 IS-IS takes its summary cost from the component route

with the largest cost
TECRST-2021
Summary Metrics
 Use a loopback interface 10.1.0.0/23
A
to force the metric to Cost 10
remain constant
Create a loopback interface
within the summary address
range with a higher or lower 10.1.0.0/23
metric than any other component B
The summary will use the metric
of the loopback, which doesn‘t
ever go down
Cost 10
Cost 20
10.1.0.0/24
10.1.1.0/24
 A static route to null0 on the
summarizing router can also
be used
 You can sometimes use a route loopback 0
ip address 10.1.1.1 255.255.255.255
map to force the summary‘s ip ospf cost 10
metric to always be the same
TECRST-2021
Aggregation Issues
Summary Suboptimal Routing
 B and C are advertising A
10.1.0.0/23 to A with a
metric of 30
10.1.0.0/23 (30)
10.1.0.0/23 (30)
10 20
 A has two routes to 10.1.0.0/23
B with a cost of 30
C with a cost of 40
 A forwards traffic to 10.1.1.1 B C

to B (40), although this is
not the optimal route to reach 10 10
10.1.1.0/24 (30) 20
D E
 Summarization hides
information, so the best path
may not always be chosen 10.1.0.0/24 10.1.1.0/24
TECRST-2021
Aggregation Issues
 When summarizing down
the hierarchy in OSPF, we 10.1.0.0/24 10.1.1.0/24
can use manual summaries
instead of stub areas A B
Area border
 Always prefer to summarize
10 10
more information rather
C 20 D
than less
10.1.1.0/24
10.1.0.0/23
10.1.0.0/23
area 1 range 10.1.0.0 255.255.254.0 20 10
area 1 range 10.1.0.0 255.255.254.0

area 1 range 10.1.1.0 255.255.255.0 E
no discard-route
TECRST-2021
Aggregation Issues
 It‘s also possible to use
LSA type 3 filtering to solve 10.1.0.0/24 10.1.1.0/24
this problem
A B
Area border
 Permit only a default plus
some number of longer 0.0.0.0/0
10 10
prefix routes to allow optimal
C 20 D
routing to those destinations
0.0.0.0/0
10.1.1.0/24
0.0.0.0/0
ip prefix-list AREA_1_OUT seq 10 permit 0.0.0.0
!
router ospf 1000 20 10
area 1 filter-list prefix AREA_1_OUT out
ip prefix-list AREA_1_OUT seq 10 permit 0.0.0.0/0

ip prefix-list AREA_1_OUT seq 20 permit 10.1.1.0/24 E
!
router ospf 1000
area 1 filter-list prefix AREA_1_OUT out
TECRST-2021
Aggregation Issues
 IS-IS automatically summarizes
down the hierarchy 10.1.0.0/24 10.1.1.0/24
 You can use route leaking to A B
L1/L2 border
leak more specific routes when
optimal routing towards the
10 10
core is important
C 20 D
0.0.0.0/0
10.1.1.0/24
0.0.0.0/0
20 10
access-list 100 permit ip 10.1.1.0 0.0.0.255
!
router isis
redistribute isis ip level-2 into level-1 distribute-list 100
metric-style wide
E
TECRST-2021
Aggregation Issues
 EIGRP always requires either
summarization or filtering to 10.1.0.0/24 10.1.1.0/24
reduce routing information from
the core towards the edge A B
 There are several techniques we

can use to summarize routing 10 10
information towards the edge and C D
20
allow more specific information to
leak to prevent suboptimal routing
 As with all the other protocols,
you need to carefully weigh the
20 10
gains in network stability and
scaling against the gains from
optimal routing!
E
TECRST-2021
Aggregation Issues
 Rather than summarizing,
redistributed static routes 10.1.0.0/24 10.1.1.0/24
paired with distribute lists
can be used A B
10 10
ip route 10.1.0.0 255.255.254.0 null0
!
C 20 D
access-list 10 permit 10.1.0.0 0.0.1.255
!
router eigrp 100
10.1.1.0/24
10.1.0.0/23
10.1.0.0/23
redistribute static
default-metric 1000 1 255 1 1500
distribute-list 10 out serial 0/0
20 10
ip route 10.1.0.0 255.255.254.0 null0
!
! E
router eigrp 100
redistribute static
distribute-list 10 out serial 0/0
TECRST-2021
Aggregation Issues
 Another option is to
create a pair of summaries 10.1.0.0/24 10.1.1.0/24
containing the more and
less specific routes A B
 EIGRP also allows

10 10
leaking more specifics
C 20 D
past a summary
0.0.0.0/0
0.0.0.0/0
10.1.1.0/24
interface serial 0/0
ip summary-address 10.1.1.0 255.255.255.0 250 20 10
ip summary-address 0.0.0.0 0.0.0.0

ip summary-address 10.1.1.0 255.255.255.0 250
ip summary-address 0.0.0.0 0.0.0.0
E
TECRST-2021
Aggregation Issues
Distance Vector Summary Black Holes
 Routers B and C are A
summarizing 10.1.0.0/24
and 10.1.1.0/24 into a single
advertisement, 10.1.0.0/23,
towards A
 Routers B and C are also 10.1.0.0/23 10.1.0.0/23
advertising a default route only

towards each other through B 0.0.0.0/0 C
10.1.0.0/24 and 10.1.1.0/24
10.1.0.0/24
10.1.1.0/24
TECRST-2021
Aggregation Issues
 If Router B loses its link to A
10.1.0.0/24, what happens?
10.1.1.0/24 isn‘t
 Router B isn‘t learning about learned from A
10.1.0.0/24 through C, since
C is only advertising a default
route—so B no longer knows 10.1.0.0/23 10.1.0.0/23
how to get there

B 0.0.0.0/0 C
 The routes advertised by B
and C to A look the same
before and after the failure
10.1.0.0/24
10.1.1.0/24
TECRST-2021
Aggregation Issues
 A could still forward traffic 10.1.0.1 A
destined to 10.1.0.1 to B
 We have a summarization
black hole
If A is load sharing per packet,
10.1.0.0/23 10.1.0.0/23
every other packet will be dropped
If A is load sharing per session,
then some hosts will be able to B C
reach destinations on 10.1.0.0/24,
and others won‘t
10.1.0.0/24
10.1.1.0/24
TECRST-2021
Aggregation Issues
 One way to solve this problem A
is to always have at least one Don‘t
summarize up
unsummarized link between the and down
summarizing routers
Summarization
The summarizing routers always
have someplace to send the traffic if 10.1.0.0/23 10.1.0.0/23
they lose connectivity to the link
No
 Another option is not to B C
summarize both up the hierarchy 0.0.0.0/0
and down the hierarchy
This reduces network scaling! 10.1.0.0/24
10.1.1.0/24
TECRST-2021
Aggregation Issues
Link State Summary Suboptimal Routing
 Routers E and F are not
intended to transit traffic A
between C and D
 Routers C and D issue B
summaries containing 10.1.0.0/16
10.1.1.0/24
C D
 Router A chooses D as its
best path to the summary
 The link from Router D to 10.1.1.0/24
Router E fails
 How can we prevent E
Router D from using the F
link through F to reach 10.1.1.0/24
10.1.1.0/24? 10.1.2.0/24
TECRST-2021
Aggregation Issues
Link State Summary Suboptimal Routing
 Place a link between C and
D within the same area as E A
and F
New link
 The link cost between C and B
D should be lower than the 10.1.0.0/16
link cost through F, causing D
to route through this new link C D
10.1.1.0/24
E
F
10.1.1.0/24
10.1.2.0/24
TECRST-2021
Aggregation Techniques
Leaking More Specifics
 In this network, it appears 10.1.1.0/24
10.2.1.0/24
almost impossible to 10.1.2.0/24
10.2.4.0/24
summarize at any point 10.1.3.0/24
A
because of the addressing 10.2.2.0/24
10.1.4.0/24
10.2.3.0/24
 Summarize anyway! 10.1.5.0/24
10.2.4.0/24
Router B can advertise
10.1.0.0/22
Routes which don‘t fall B
within this summary range C
will be leaked through to
Router A
10.1.3.0/24
10.2.4.0/24
10.2.1.0/24
10.1.2.0/24
10.1.1.0/24
10.2.5.0/24
10.1.4.0/24
10.1.5.0/24
10.2.3.0/24
10.2.2.0/24
TECRST-2021
 Summarizing to 10.1.0.0/22 10.1.0.0/22
on Router B will reduce the 10.2.1.0/24

10.2.4.0/24
number of routes at Router 10.2.2.0/24
A
A by two 10.1.4.0/24
10.2.3.0/24
10.1.5.0/24
10.2.5.0/24
B
C
10.1.3.0/24
10.2.4.0/24
10.2.1.0/24
10.1.2.0/24
10.1.1.0/24
10.2.5.0/24
10.1.4.0/24
10.1.5.0/24
10.2.3.0/24
10.2.2.0/24
TECRST-2021
 We can do the same thing 10.1.0.0/22
10.2.1.0/24
with the 10.2.0.0 networks 10.2.4.0/24
10.2.0.0/21
on Router C, with 10.1.4.0/24
A
10.2.0.0/21, dropping the 10.1.5.0/24
number of routes on
Router A by two more
 The more specific
information is still leaked B
through the summary, so C
routing still works
10.1.3.0/24
10.2.4.0/24
10.2.1.0/24
10.1.2.0/24
10.1.1.0/24
10.2.5.0/24
10.1.4.0/24
10.1.5.0/24
10.2.3.0/24
10.2.2.0/24
TECRST-2021
 If one of the networks 10.1.0.0/22
10.2.1.0/24
behind Router B fails, traffic 10.2.4.0/24
10.2.0.0/21
for that network will be 10.1.4.0/24
A
forwarded to Router C 10.1.5.0/24
 At C, it will be discarded
Packets
because of the NULL0 dropped to
route automatically created null 0
with the summary B
C
 The only danger here is
that the link from A to C
10.1.3.0/24
10.2.4.0/24
10.2.1.0/24
10.1.2.0/24
10.1.1.0/24
may be overwhelmed with
10.2.5.0/24
10.1.4.0/24
10.1.5.0/24
10.2.3.0/24
10.2.2.0/24
the extra traffic
TECRST-2021
 It‘s also useful to leak more
specifics along with (or 10.1.0.0/16
through) an aggregate
C should receive as few
routes as possible
But still optimally route to 10.1.1.0/24 10.1.2.0/24
10.1.1.0/24 and 10.1.2.0/24
dynamically
A B
 There are several ways to
accomplish this
10.1.0.0/16
10.1.0.0/16
Redistributed static routes
and route filters
Overlapping Aggregates
Route Leaking (EIGRP)
C
TECRST-2021
router eigrp 100
redistribute static route-map aggroutes
distribute-list 20 out serial0/0 10.1.0.0/16
!
ip route 10.1.0.0 255.255.0.0 null0
!
route-map agg-routes permit 10
match ip address 10
match interface serial 0/0 10.1.1.0/24 10.1.2.0/24
!
A B
router eigrp 100
redistribute static route-map aggroutes
distribute-list 20 out serial0/0
10.1.0.0/16
10.1.0.0/16
!
ip route 10.1.0.0 255.255.0.0 null0
!
10.1.1.0/24
10.1.2.0/24
route-map agg-routes permit 10
match ip address 10
match interface serial 0/0
!
access-list 10 permit 10.1.0.0 0.0.255.255 C
TECRST-2021
 EIGRP allows overlapping 10.1.0.0/16
summaries
 Set the administrative
distance on the longer 10.1.1.0/24 10.1.2.0/24
prefix so it‘s not installed...
A B
10.1.0.0/16
10.1.0.0/16
....
10.1.1.0/24
10.1.2.0/24
ip summary-address eigrp 1 10.1.0.0 255.255.0.0
ip summary-address eigrp 1 10.1.1.0 255.255.255.0 255
Interface serial 0/0

C
....
ip summary-address eigrp 1 10.1.0.0 255.255.0.0
ip summary-address eigrp 1 10.1.2.0 255.255.255.0 255
TECRST-2021
 EIGRP can leak more specific 10.1.0.0/16
routes through a summary,
as well
CSCed01736, 12.3(11.01)T
10.1.1.0/24 10.1.2.0/24
route-map LeakList permit 10 A B

match ip address 1
!
access-list 1 permit 10.1.1.0
!
10.1.0.0/16
10.1.0.0/16
interface Serial0/0
ip summary-address eigrp 1
10.1.1.0/24
10.1.2.0/24
10.1.0.0 255.255.0.0 leak-map LeakList
route-map LeakList permit 10

match ip address 1
! C
access-list 1 permit 10.1.2.0
!
interface Serial0/0
10.1.0.0 255.255.0.0 leak-map LeakList
TECRST-2021
Smaller Aggregates
 We can also get some gains by 10.1.1.0/24
10.2.1.0/24
trying to do less, and using 10.1.2.0/23
10.2.4.0/24
smaller summary blocks
A
10.2.2.0/23
Router B can advertise 10.1.2.0/23,
saving one route 10.1.4.0/23
10.2.4.0/24
Router C can advertise 10.1.4.0/23
Router C can advertise 10.2.2.0/23
 The gains might seem small, B

C
but with enough work, they can
build up into significant savings
10.1.3.0/24
10.2.4.0/24
10.2.1.0/24
10.1.2.0/24
10.1.1.0/24
10.2.5.0/24
10.1.4.0/24
10.1.5.0/24
10.2.3.0/24
10.2.2.0/24
TECRST-2021
Smaller Aggregates
 We can combine the 10.1.0.0/22
10.2.1.0/24
larger summaries with 10.2.4.0/24
A
the smaller summaries
10.2.0.0/21
to have the most impact
10.1.4.0/23
 These are two very
effective tools if
used together, with B
a little planning C
10.1.3.0/24
10.2.4.0/24
10.2.1.0/24
10.1.2.0/24
10.1.1.0/24
10.2.5.0/24
10.1.5.0/24
10.1.4.0/24
10.2.3.0/24
10.2.2.0/24
TECRST-2021
Smaller Aggregates
 Balance this sort of 10.1.0.0/22
10.2.1.0/24
optimization with the 10.2.4.0/24
A
maintenance work it
10.2.0.0/21
produces in the network
10.1.4.0/23
 Leaking routes through
summaries means
checking what adding a B
new route will do to the C
summaries and the routing
10.1.3.0/24
10.2.4.0/24
10.2.1.0/24
10.1.2.0/24
10.1.1.0/24
 Summarizing on small
10.2.5.0/24
10.1.5.0/24
10.1.4.0/24
10.2.3.0/24
10.2.2.0/24
blocks means considering
the summaries when
moving a set of addresses
TECRST-2021
Hiding Topology
TECRST-2021
Hiding Topology
Distance Vector
 Topology information is
naturally hidden in I can reach
distance vector protocols, 10.1.1.0/24 A I can reach
10.1.1.0/24
beyond the next hop
 C and D only advertise
that they can reach
10.1.1.0/24, not that they B C
are connected to D, which
is then connected to
10.1.1.0/24
I can reach D I can reach
10.1.1.0/24 10.1.1.0/24
10.1.1.0/24
TECRST-2021
Hiding Topology
Distance Vector
 Distance vector protocols can still
have too much topology information A
 Multiple parallel links can slow
down convergence because of
overwhelming topology information
General EIGRP rule of thumb: There
should be no more paths in the topology
table than are allowed to be installed in
the routing table B
(show ip eigrp topology all vs.
maximum paths)
10.1.1.0/24
TECRST-2021
Hiding Topology
Link State Flooding Domains
 In link state protocols, A B
routers flood information
about the state of their links C
to all other routers, carrying Border
topology information to all
the routers in the network
Connected to
D C, E, and F
 All the routers receiving the
flooded link state information Connected to
D and G
are said to be in the same
flooding domain E F
Connected
 We summarize topology to D and G
information into reachability
Connected to E, F,
information at a flooding and 10.1.1.0/24
G
domain border
10.1.1.0/24
TECRST-2021
Hiding Topology
 OSPF Redistributed
Flooding Domain == Area 10.1.2.0/24
10.1.1.0/24
Flooding Domain Border
== Area Border Router 10.1.3.0/24  C
A
 Link State Summary == Type 3 Area 0 B
border
Contains only reachability and C
Area
cost information, no topology 10.1.2.0/24 external  A
A B
 External == Type 5 BA
B  10.1.1.0/24
Contains only reachability and BC
cost information, no topology D CB
 Autonomous System Border ==

Type 4
10.1.2.0/24 external  A
How to reach a router injecting 10.1.3.0/24 A C
reachability information from 10.1.1.0/24  C
outside OSPF (type 5‘s)
TECRST-2021
Hiding Topology
 Decoding OSPF Stub Areas Redistributed
10.1.2.0/24
―Stub‖ == no link state
10.1.1.0/24
summaries (type 3)
―Totally‖ == no external A 10.1.3.0/24  C
information (type 4 or 5) Area 0 B
border
―Not so‖ == Externals injected C
Area
10.1.2.0/24 external  A
as type 7‘s and translated at A B
the border BA
Stub Area B  10.1.1.0/24
 Stub area receives external BC
D CB
routing information from
outside the area only (no
redistribution within the area) 10.1.2.0/24 external  A
10.1.3.0/24 A C
default  C
No information about
10.1.1.0/24
TECRST-2021
Hiding Topology
 Totally stubby areas receive no Redistributed
information about reachability to 10.1.2.0/24
external or internal destinations 10.1.1.0/24
 In a ―Not So Stubby Area A 10.1.3.0/24  C

(NSSA),‖ or a ―Totally Not So Area 0 B
Stubby Area (Totally NSSA),‖
border
C
Area
D could originate information 10.1.2.0/24 external  A
A B
about destinations external BA
to OSPF Totally Stub B  10.1.1.0/24
BC
 You should use stub areas D CB
by default
Supply minimal information
where possible Default  C
10.1.3.0/24
Consider suboptimal routing
when necessary
No information about
10.1.1.0/24 or
10.1.2.0/24
TECRST-2021
Hiding Topology
Considering SPF run time 350
for a link state protocol,
convergence times vary 300
around the number of routers
and the number of routes: 250
Milliseconds
 1000 routers: 90 to 100 ms
 2000 routers: 130 to 140 ms 200
 3000 routers: 195 to 205 ms

150
 4000 routers: 285 to 300 ms
100
50
5000
10000
20000
25000
15000
TECRST-2021
Hiding Topology
 Changing the number of 350
routes can make up to a
10 ms
10 millisecond difference 300
in SPF run time
200 ms
 Changing the number of 250
Milliseconds
routers can make up to a
200 millisecond difference 200
in SPF run time

150
 The number of routers is
the primary determinant in
100
SPF run time
50
5000
10000
20000
25000
15000
TECRST-2021
Hiding Topology
 This isn‘t always the case 350
 The primary cost in 10 ms

300
convergence is route
installation time 200 ms
250
Varies platform to platform,
Milliseconds
and Cisco IOS® to Cisco IOS
200
150
100
50
5000
10000
20000
25000
15000
TECRST-2021
Working with
Hierarchy
TECRST-2021
Working with Hierarchy
 Hierarchical Design
 Two Layer Hierarchy
 Three Layer Hierarchy
TECRST-2021
Hierarchical Design
Basic Concepts
Zones
 Zones (or Nodes)
A topologically defined part
of the network
Attached to other parts of the
network through choke points
 Choke Points
Places where zones or nodes
are connected together
Choke Points
TECRST-2021
Hierarchical Design
Basic Concepts
 Each zone represents a failure domain
 Choke points provide:
A place to aggregate reachability information
A place to aggregate topology information
A place to aggregate traffic flows
A place to apply traffic policy
TECRST-2021
Hierarchical Design
How Many Layers?
 There are two basic designs:
Two layer
Three layer
 Which one is right for

a specific network?
 Rule of Thumb:
Balance simplicity,
optimal routing, and
functional separation
TECRST-2021
Hierarchical Design
How Many Layers?
 Geography
Networks contained in smaller spaces lend themselves to
two layers
Networks with more ―reach‖ lend themselves to three layers
 Topology Depth
The maximum number of hops from one edge to another
The greater the depth, the more layering will help the design
TECRST-2021
Hierarchical Design
How Many Layers?
 Topology Design
The more complex the design, the more splitting the network
up into zones will help the design
 Policy Implementation
Traffic engineering tends to prefer two layer designs
Resource restriction policies tend to prefer three layer designs
TECRST-2021
Hierarchical Design
Creating Choke Points
 Moving the boundary
between two pieces of No
summarization Logical
the network may create a boundary
choke point which didn‘t points
exist before
 With the logical boundary
point behind the lower
routers, based on the
divisional structure, there‘s
10.1.1.0/24
10.1.3.0/24
10.1.0.0/24
10.1.2.0/24
no place to summarize
10.2.1.0/24
10.2.3.0/24
10.2.0.0/24
10.2.2.0/24
Sales Logistics
Marketing Engineering
TECRST-2021
Hierarchical Design
What happens if we move Logical
the logical boundary point boundary
10.1.0.0/22 point
up one layer? 10.2.0.0/22
 The logical network structure
no longer follows the
corporate departments
 We now have a point at which
we can summarize routes!
10.1.1.0/24
10.1.3.0/24
10.1.0.0/24
10.1.2.0/24
10.2.1.0/24
10.2.3.0/24
10.2.0.0/24
10.2.2.0/24
Sales Logistics
Marketing Engineering
TECRST-2021
Hierarchical Design
Logical
 In this case, moving the boundary
logical boundary point down point
one layer can be used to
improve summarization
 With EIGRP, it‘s just a
matter of configuring
summaries in the best
possible place
 With OSPF and IS-IS, some
restructuring of the area or
10.2.1.0/24
10.2.3.0/24
10.1.0.0/24
10.1.2.0/24
routing domain borders may
10.2.2.0/24
10.2.0.0/24
10.1.3.0/24
10.1.1.0/24
be needed to change where
summarization takes place
TECRST-2021
Hierarchical Design
 Sometimes, you need
to change the topology
to build a choke point
 A full mesh is just a
hierarchical network
in disguise!
TECRST-2021
Hierarchical Design
 Separating complexity from
complexity through choke
points amplifies the benefits
of hierarchy
 Sometimes, logical or
physical topology changes
are needed to separate
complexity from complexity
TECRST-2021
Two Layer Hierarchy
Basic Concepts
 The core gets traffic from
one topological area of the
Core
network to another
 High Speed Switching Aggregation
is the focus
 Within the core, avoid
Policy (the more complex
the more to avoid it) within
the core
Reachability and topology
aggregation
TECRST-2021
Two Layer Hierarchy
Basic Concepts
 Core routers should summarize Policy
routing information towards the
Core
aggregation layer
 Typically, the fewer number of Aggregation Summary
routes advertised towards the
edge, the better
 Routing policy may also be
implemented at the core edge
How many and what routes
will be accepted from each
aggregation area, etc.
TECRST-2021
Two Layer Hierarchy
Basic Concepts
 The aggregation layer provides
user attachment points
Core
 Information about the edge
should be hidden from the core Aggregation Summarize
using summarization and
topology hiding techniques
TECRST-2021
Two Layer Hierarchy
Basic Concepts
 Policy should be placed at
the edge of the network
Core
Traffic acceptance (based
on load and traffic type)
Aggregation
Filtering unwanted traffic
Security policy
Policy
 Layer 2 and Layer 3 filters
apply at the edge
TECRST-2021
Two Layer Hierarchy
Basic Concepts
Small and medium scale
campus networks are
often modeled as two
layer networks
 A moderate number of routers
are attached to the network
 The network doesn‘t have a
large wide area component Core
 Distances are small, and all
links are similar in speed
TECRST-2021
Two Layer Hierarchy
Basic Concepts
 ISP networks are often
modeled on a two layer
hierarchy as well POP
 The core is often mesh or

a set of rings, with each POP
POP modeled as a ring Core
or a two layer hierarchy POP
 Topology information
is summarized between
POP
the POPs and the
network core POP
 Address summarization
is generally from the core Customers
towards the POPs
TECRST-2021
Two Layer Hierarchy
EIGRP
 In an EIGRP network, the
hierarchy is created through
summarization, rather than
through some protocol
defined boundary
 There are no ―areas‖ or other
ways of dividing a network
built into EIGRP itself, since
topology information is
hidden at each hop in the
network anyway
TECRST-2021
Two Layer Hierarchy
EIGRP
 Summarization from the
edge towards the core
hides details about the user
access points from the core
 Summarization towards
the core can cause routing Summarization
black holes, however
TECRST-2021
Two Layer Hierarchy
EIGRP
 Summarization from the
core towards the edge
Summarization
can hide details about the
core from the edge routers,
as well
 This type of summarization
can cause suboptimal
routing, however
TECRST-2021
Two Layer Hierarchy
OSPF
 OSPF creates edges Area Border
through areas, using Area
Border Routers (ABRs)
 Typically, with a two level
hierarchy, the ABRs are
at the edge of the core
 The core is area 0
TECRST-2021
Two Layer Hierarchy
OSPF
 Summarization is configured
at the ABR, on the edge of
the edge/aggregation areas
Summarization
and the core
Area 0
 Summarization can also be
configured to reduce the
amount of reachability
information carried into
the areas
TECRST-2021
Two Layer Hierarchy
OSPF
 To remove virtually all network .... area 1 stub
reachability information
into the areas, declare them network .... area 2 stub nosummary
totally stub or not so totally
stub areas
 Use totally stub areas when Area 0
there is a single area border,
or when suboptimal routing
of traffic exiting the area isn‘t
an issue
 Use stub areas when there is
more than one area border,
and optimal routing of traffic
leaving the area is important
TECRST-2021
Three Layer Hierarchy
Basic Concepts
 The core gets traffic from one
topological area of the network to
another: High Speed Switching Core
 Within the core, avoid

Distribution
Policy (the more complex the
more to avoid it) within the core
Aggregation
Access
TECRST-2021
Basic Concepts
 Address summarization
Traffic aggregation
and aggregation occur at
the distribution layer Core
 Address Summarization
Distribution
Within the distribution layer
At the edge of the distribution
Summary
layer and the core
Access
At the edge of the distribution
layer and the access layer
At both edges of the
distribution layer
 Traffic Aggregation
High to low speed link transitions
TECRST-2021
Basic Concepts
 The distribution layer is where
most of the policy in a three
layer network should reside Core
 Routing Policy
Distribution
Routes accepted from the
Policy
access layer
Routes will be passed from
the core into the access layer Access
 Traffic Engineering
Directing traffic into the
best core entry point
Access layer failover
Traffic filters
 This should take all the policy

load off the network core
TECRST-2021
Basic Concepts
 Summarization should be
No summarization!
avoided between distribution
layer routers! Core
 This can cause a lot of odd and

Distribution
hard to troubleshoot problems
within the network
 Focus summarization and Access
policy up and down the layers,
rather than along the layers
TECRST-2021
Basic Concepts
 The access layer provides ports
for the users to plug in to
Core
 Traffic filtering and packet
policies are implemented here
Distribution
Traffic acceptance (based
on load and traffic type)
Filtering unwanted traffic
at Layer 2 and Layer 3 Access
Policy
Security policy
TECRST-2021
EIGRP
 Deeper hierarchy doesn‘t
change EIGRP‘s fundamental Core
design concepts
 The distribution layer should
be the blocking point for
EIGRP queries
Distribution
Provide minimal information Summarize
toward the core
Access
Provide minimal information
toward the access
 Access layer routers should be

considered for configuration as
EIGRP stubs
We discuss EIGRP stubs more in hub
Consider stubs
and spoke topology considerations
TECRST-2021
OSPF
 For OSPF, the question is
whether to place the area
borders in the distribution
layer, or in the core
Core
 The answer to this question
is, as always, ―it depends‖
 There are two rules of thumb Distribution
we can work with, though:
Separate complexity
from complexity
Access
Place area borders
to reduce suboptimal
routing and to increase
summarization
TECRST-2021
OSPF
 Complex areas include
Full mesh topologies
Highly parallel
Large scale hub and spoke data center
Highly redundant topologies
 Try to separate complex Full mesh core

topologies from one another
with an area border
 You can vary the location of Large scale
hub and
the area borders placing them spoke
Highly
in the distribution or access redundant
layers, depending on the campus
network design
TECRST-2021
OSPF Two Layer Hierarchy
network .... area 1 stub
 To remove virtually all
reachability information into the
areas, declare them totally stub Highly parallel
data center
or not so totally stub areas
 Use totally stub areas when
Full mesh core
there is a single area border, or
when suboptimal routing of traffic
exiting the area isn‘t an issue
Large scale
 Use stub areas when there is hub and
more than one area border, and spoke
Highly
optimal routing of traffic leaving redundant
campus
the area is important
network .... area 2 stub nosummary
TECRST-2021
Working with
Topologies
TECRST-2021
Working with Topologies
 Link State Point-to-Point Broadcast

 Controlling Physical Parallelism
 Hub and Spoke
 Full Mesh
 Link State Border Connections
TECRST-2021
Link State Point-to-Point Broadcast
 Normally, if a set of routers are
connected over a broadcast link,
each router would form a neighbor A
relationship with every other router
on the link
This can cause a large amount B C
of flooding over the single
broadcast network
 To reduce flooding and apparent

network complexity, link state
protocols elect one router to
control flooding D E
OSPF: Designated Router
IS-IS: Designated Intermediate System
TECRST-2021
 To reduce flooding:
In OSPF, a router that receives
new information floods it to the DR, A
which then refloods it to the other
connected routers
In IS-IS, the first router to receive
new information floods it, and the DIS B C
coordinates database synchronization
between the routers
 To reduce apparent complexity:

Each connected router advertises
a link to the DR/DIS
D E
The DR/DIS advertises a 0 cost
link to each connected router
This converts the full mesh to a
set of point-to-point links
TECRST-2021
 If there are only two routers on
the broadcast link the DR/DIS
adds complexity, rather than A
removing it
Point-to-point high speed Ethernet
segments used in campus
B
environments, data centers, etc.
What could be advertised as a point-
to-point is actually advertised as two
point-to-points to the DR/DIS
 We could reduce the apparent

complexity, again, by treating the
D
link as a point-to-point link, rather
than as a broadcast link
TECRST-2021
 draft-ietf-isis-igp-p2p-over-lan
describes a method for OSPF
and IS-IS to treat a broadcast A
link with only two devices

attached as a point-to-point link
 Implemented in IS-IS with B
CSCdu51410, using the isis
network interface command
 Implemented in OSPF as
well, using the ip ospf
network interface command
D
interface FastEthernet 0
isis network point-to-point
ip ospf network point-to-point
....
TECRST-2021
Controlling Physical Parallelism
 More redundancy is
better, right?
 Not always...
 There are 64 paths
between these two
hosts, 26
TECRST-2021
There Are Several Reasons for Redundancy in a Network:

 To provide multiple attachment points for servers
and hosts in case of a link or device failure
 To provide alternate links through the network in
case of link or device failure
 To provide optimal routing to services
 To provide load sharing in heavily utilized areas
TECRST-2021
Server Farm Example
 It‘s common to build networks
with back-to-back routers HSRP Peers
for redundancy
 The routing protocol sees
each of these links as a
possible transit path, so each
link adds another set of paths
the routing protocol must
consider when calculating
the best path
 You want to route to these RP Transit
Paths
links, not through them
TECRST-2021
Server Farm Example
 The solution to this is
passive-interface
 Configuring an interface as
passive in EIGRP, OSPF,
or IS-IS will cause it not to
form neighbor relationships
across the link
 These networks will still
be advertised as reachable
destinations, but they will
never be advertised as
transit links
router ospf 100
passive-interface fastethernet 0/0
router ospf 100 passive-interface fastethernet 0/1
passive-interface default -or- passive-interface fastethernet 0/2
no passive-interface fastethernet 1/0 passive-interface fastethernet 0/3
.... ....
TECRST-2021
 It‘s common to build out alternate
links in a network
Adds network resiliency
Can provide optimal routing
to resources
Adds additional bandwidth in
congested areas of the network
 The second link also adds Backup path

moderate complexity, and more
information, into the network
Additional bandwidth
Optimal routing
TECRST-2021
 Adding a third link almost
always approaches the point
of diminishing returns, and adds
much more network complexity
 When considering adding more
redundancy, always balance the
increased resiliency against the
added complexity
Increased network
convergence times
Increased management effort
Increased troubleshooting times
TECRST-2021
 The impact of greater 2.5
levels of redundancy on
convergence times can be
Seconds
seen in routing protocol
scalability testing
 Using EIGRP, with a single
backup path, it takes about
1.3 seconds for a router with
10000 routes to converge 0 Routes 10000
when the best path fails
Feasible successor
Best path
fails
TECRST-2021
 Adding the third path 2.5
increases convergence
time to 2 seconds
Seconds
 Adding the fourth path
increases convergence
time to 2.25 seconds
0 Routes 10000
Best path
fails
TECRST-2021
 High availability studies also 100.00
show the impact of adding the
99.90
third link is not all that great
Reliability
Adding a second link will 99.80
increase reliability significantly
99.70
Adding a third link approaches
the point of diminishing returns 99.60
 Combined with the impact 99.50

1 link 2 links 3 links 4 links
of slower convergence times,
higher management costs,
and slower troubleshooting,
the total downtime in a network
may actually increase with
the addition of large amounts
of redundancy
TECRST-2021
If you‘re adding more links to
increase the available bandwidth
in a specific place in the network
 Try to hide this complexity from other
parts of the network, if possible
 Summarize just the parallel links into a
single advertisement at both sides if Summary
you‘re using a distance vector protocol
Summary
TECRST-2021
 Layer 2 bundling (such
MLPPP or EtherChannel®)
may be useful to reduce the
Layer 3 complexity when
using multiple links to build
required bandwidth
 But be careful of issues
with processor utilization Link bundle
due to bundling overhead,
troubleshooting
complexity, etc.
TECRST-2021
 Consider using High
Availability (HA)
techniques to reduce
overlapping redundancy
 Stateful Switchover/
NonStop Forwarding with
redundant hardware in
the same box may be
able to replace redundant
connections to network
connected devices
Single high
availability device
TECRST-2021
 Balance between complexity and resiliency

 Hide the additional complexity created by
redundant links where possible
Summarization
Link bundling (but balance against overhead)
 Consider High Availability techniques to

reduce heavy redundancy for resiliency
TECRST-2021
Hub and Spoke
Basic Design
 Hub and spoke networks interface s0/0
ip address 10.1.1.1 255.255.255.0
are often built over point-
to-multipoint networks
Packets transmitted
 If the hub is configured to treat here are received by
all spokes
the entire point-to-multipoint
network as a single interface,
it can transmit multicast and
broadcast packets which are
received by all spoke routers
 Layer 3 on the hub router will
not notice a single circuit failure
Packets transmitted
here are received
only by the hub router
TECRST-2021
Hub and Spoke
Basic Design
interface s0/0.1 point-to-point
 The hub router can also be ip address 10.1.1.0 255.255.255.254
....
configured to treat each spoke‘s interface s0/0.2 point-to-point
ip address 10.1.1.2 255.255.255.254
circuit as an individual point-to- ....
point circuit on a subinterface ip address 10.1.1.4 255.255.255.254
 If end-to-end signaling is in
Packets
use, a failed circuit will cause transmitted
the subinterface to fail here are received
by one spoke
Packets transmitted
here are received
only by the hub router
interface s0.1 point-to-point
ip address 10.1.1.x 255.255.255.254
....
TECRST-2021
Hub and Spoke
Basic Design
In single homed hub and spoke
networks, the hub router, spoke
routers, and the links themselves
are all single points of failure
 You can mitigate the single point of failure in Highly
the routers using high availability techniques available
TECRST-2021
Hub and Spoke
Basic Design
access-list 10 deny 192.168.0.0 0.0.0.255
 Summarize towards the core access-list 10 permit any
....
Number the remote links out router eigrp 100
distribute-list 10 out
of the same address space as
the remote networks, if possible
Use /31‘s to conserve address Summary
space for point-to-points only
 Send the remotes a default only 0.0.0.0/0
 If you can‘t address the links out

of the summary address space,
then use a distribute list to filter
them from being advertised back
into the core of the network
192.168.1.0/24
192.168.2.0/24
192.168.2.0/24
TECRST-2021
Hub and Spoke
Basic Design
 All the same principles apply
to dual homed hub and
spoke networks Summary
Summarize or filter the links only
to the remotes
0.0.0.0/0
Use /31‘s on point-to-points
to conserve address space
 Provide as little information

as possible to the remotes
Something more than a default
route may be required to provide
optimal routing
192.168.1.0/24
 Avoid Summary Black Holes! 192.168.2.0/24
192.168.2.0/24
TECRST-2021
Hub and Spoke
Basic Design: Administrative Distance
 How do we limit the amount of D
information passed down to the External
Internet
default
remote sites? route
 You can summarize at A and B EIGRP

towards the remote routers
The summary will generate a
local route with an administrative
distance of five
A B
The external default route learned
from D will have an administrative
distance of 170
What happens?
C
0.0.0.0 0.0.0.0
D* 0.0.0.0/0 is a summary, 00:08:41, Null0
TECRST-2021
Hub and Spoke
Basic Design: Administrative Distance
 If two routing protocols router#show ip eigrp topology
P 10.0.1.0/24, 1 successors, FD is 2681856
provide a route to the same via 10.1.1.1 (2681856/2169856)
destination, how do we
choose between them? The EIGRP distance 90
route wins
Their metrics are not comparable
An administrative distance is router(config)#ip route 10.0.1.0
added to each route learned 255.255.255.0 null0
based on the protocol installing
the route The static distance 1
route wins
 Static routes can be
configured with a distance router(config)#ip route 10.0.1.0
255.255.255.0 null0 200
This can create a floating static
The route will not be used unless distance 200
the dynamic protocols have no
route to that destination
TECRST-2021
Basic Hub and Spoke Design
Basic Design: The Discard Route
 The route generated by ip summary-address eigrp 1 10.0.0.0
the summary is called a 255.0.0.0
discard route 10.2.1.0/24
10.1.2.1
 What would happen if this
10.1.0.0/16
route isn‘t created?
A
Configure two routers back to
back with overlapping summaries
10.0.0.0/8
Generate a packet towards B
10.1.2.1 from either router
At A, the best path is through
10.1.0.0/16 to B
10.1.1.0/24
At B, the best path is through
10.0.0.0/8 to A ip summary-address eigrp 1 10.1.0.0
255.255.0.0
Routing Loop
TECRST-2021
Hub and Spoke
 In this case, the locally D
generated discard route wins External
Internet
default
The route learned from D will not route
be installed in the local table
EIGRP
Hosts behind C will not be able to
reach destinations on the Internet
 There are ways to prevent this

discard route from being A B
installed, but we need to be
careful with the design
Routing Loops
Routing Black Holes
C
There is enough rope
here to hang yourself! ip summary-address eigrp 1
0.0.0.0 0.0.0.0
D* 0.0.0.0/0 is a summary, 00:08:41, Null0

TECRST-2021
Hub and Spoke
 To remove the discard route D
External
In EIGRP, add an administrative Internet
default
distance after the ip summary route
address command
In OSPF, use the command no EIGRP
discard-route under the routing process
 What happens if A
loses its path to D?
A B
C will now prefer the internal learned
through A over the external learned
trough B
We have a black hole
D* 0.0.0.0/0 [90/409600] via <A> C
[90/409600] via <A>
ip summary-address eigrp 1 0.0.0.0
0.0.0.0 200
D* 0.0.0.0/0 [170/409600] via <A>
[170/409600] via <A>
TECRST-2021
Hub and Spoke
Basic Design: Summary Black Hole
 You can also use floating access-list 10 permit host 0.0.0.0
access-list 20 deny host 0.0.0.0
static routes at the two hub access-list 20 permit any
....
routers and redistribute them ip route 0.0.0.0 0.0.0.0 null0 250
into the routing protocol ....
router eigrp 100
Distribute list 10 only allows redistribute static
distribute-list 10 out <remote 1>
the default route to be
distribute-list 10 out <remote 2>
advertised to the remotes distribute-list 10 out <remote 3>
distribute-list 20 out <core>
Distribute list 20 prevents a
default route from being
leaked back into the core
 This has the same problem if A B

a single link back towards the
core and the injected external
route both fail
There are other situations
C
under which this also fails
TECRST-2021
Basic Hub and Spoke Design
Basic Design: Summary Black Hole
 One solution is to have a link D
between the summarizing routers External
Internet
default
across which they share full route
routing information
EIGRP
 Conditional advertisement of
routing information is another
possible solution
OSPF can conditionally generate a A B
default route
EIGRP has conditional advertisement
as a planned feature
Full routing information
TECRST-2021
Hub and Spoke
EIGRP
 EIGRP can run over either a Single multipoint
or several
multipoint interface at the hub point-to-points
router or point-to-point Summary
only
subinterfaces
A single multipoint interface is 0.0.0.0/0
easier to configure but it can be
harder to troubleshoot
 Use summarization at the hub

routers to reduce information
into the network core
 Provide as little information
to the remotes as possible 192.168.1.0/24
Declare the remote 192.168.2.0/24
routers as stubs 192.168.2.0/24
router eigrp 100
eigrp stub connected
....
TECRST-2021
Hub and Spoke
EIGRP Scaling
 Multiple Interfaces
Processor/Process Scalability is the primary limiting factor
 Same Interface
Queue Congestion/Drops bottleneck is the primary
limiting factor
 Theoretical Limitations
EIGRP has a limitation of 2000 peers per interface, currently
TECRST-2021
Hub and Spoke
EIGRP Scaling
 The blue line shows the rate at which the convergence time increases
as EIGRP neighbors are added to hub routers and does not pass 500
 The red line shows the convergence time if the neighbors added are
all configured as EIGRP stub routers and scales to over 1000 peers
 Measure initial bring up convergence until all neighbors are established
and queues empty
 Dual Homed Remotes, NPE-G1 with 1G RAM, 3000 prefixes advertised
to each spoke
9
Time (minutes)
Non-Stub
EIGRP Stub
Test performed with 12.3(14)T1
2
0 500 1000 1500
Number of Neighbors
TECRST-2021
Hub and Spoke
EIGRP Scaling
 The blue line with the steep slope shows the rate at which the failover convergence
time increases as EIGRP neighbors are added to a single hub router
 The red line shows the failover convergence time if the neighbors added are all
configured as EIGRP stub routers and is extremely linear in behavior
 Primary Hub failed, time measured for EIGRP to complete failover convergence
 Dual Homed Remotes, NPE-G1 with 1G RAM, 3000 prefixes advertised to
each spoke
60
Time (minutes)
Non-Stub

15
1
EIGRP Stub
0
0 200 400 600 800 1000 1200 1400 1600
Number of Neighbors
TECRST-2021
Hub and Spoke
EIGRP Scaling
 Most EIGRP Neighbors Seen
800 deployed in live, working networks
1400 is the largest number ever tested in a lab environment
 Key Strategy for achieving scalability is design!

Stub for EIGRP hub and spoke environments is a must
Minimize advertisements to spokes
TECRST-2021
Hub and Spoke
OSPF
interface s0/0
OSPF can treat a multipoint ip address 10.1.1. 255.255.255.0
link as a broadcast network, but ip ospf priority 200
we need to be careful about ....
interface s0
designated router (DR) issues ip ospf priority 0
....
 B and D don‘t receive C‘s packets, ―C is DR‖
so they think A has the highest IP
A
address, and elect A as DR
 C elects itself as DR
 Flooding will fail miserably
in this situation
B C D
―A is DR‖ ―C is DR‖ ―A is DR‖
TECRST-2021
Hub and Spoke
OSPF
interface s0/0
 Set the OSPF DR priorities ip address 10.1.1. 255.255.255.0
so the hub router is always ip ospf priority 200
elected DR ....
interface s0
Set the spokes to 0 so they don‘t ip ospf priority 0
participate in DR election ....
―C is DR‖
 The remote sites won‘t be A
able to reach each other
without some special
considerations, either
Maps pointing each remote‘s B C D
address to A‘s circuit can
solve this
―A is DR‖ ―C is DR‖ ―A is DR‖
TECRST-2021
Hub and Spoke
OSPF
 OSPF can treat a multipoint link interface s0/0
ip ospf network non-broadcast
as a non-broadcast network ....
router ospf 100
Each spoke router must be neighbor 10.1.1.2
manually configured as neighbor 10.1.1.3
a neighbor neighbor 10.1.1.4
In a large hub and spoke A

environment, this would be
very difficult to maintain
 The remote sites can‘t reach

each other using this method
B C D
Circuit maps pointing each
remote to each other remote
can be used to resolve this
interface s0
ip ospf network non-broadcast
....
router ospf 100
neighbor 10.1.1.1
TECRST-2021
Hub and Spoke
OSPF
 You can also configure the serial
interface s0/0
interface at the hub router as a ip address 10.1.1.1 255.255.255.0
point-to-multipoint type ip ospf network point-to-multipoint
All the remotes are in

a single IP subnet
10.1.1.2/32
OSPF treats each remote A 10.1.1.3/32
as a separate point-to-point 10.1.1.4/32
link for flooding ...
 OSPF will advertise a host route

to the IP address of each spoke
router to provide connectivity B C D
interface s0
ip address 10.1.1.x 255.255.255.0
ip ospf network point-to-point
TECRST-2021
Hub and Spoke
OSPF
 OSPF can also use point- ip address 10.1.1.0 255.255.255.254
....
to-point subinterfaces, interface s0/0.2 point-to-point
treating each one as a ip address 10.1.1.2 255.255.255.254
....
separate point-to-point link interface s0/0.3 point-to-point
ip address 10.1.1.4 255.255.255.254
 These uses more address
space, and requires more
administration on the router
Use /31 addresses for
these point to point links
interface s0.1 point-to-point

ip address 10.1.1.x 255.255.255.254
....
TECRST-2021
Hub and Spoke
OSPF
Network Type Advantages Disadvantages
Manual configuration of
Single interface at the hub treated as
each spoke with the correct
an OSPF broadcast network Single IP subnet
OSPF priority
ip ospf network-type Fewer nodes in the SPF tree
broadcast Remote-to-remote
connectivity difficult
Manual configuration of the
Single interface at the hub treated as
hub and spokes with correct
an OSPF nonbroadcast network Single IP subnet
unicast neighbors
ip ospf network-type Fewer nodes in the SPF tree
nonbroadcast Remote-to-remote
connectivity difficult
Additional host routes inserted
Single interface at the hub treated as Single IP subnet
in the OSPF database and
an OSPF point-to-multipoint network No configuration per spoke
routing table
Individual point-to-point interface at
Lost IP address space
the hub for each spoke Can take advantage of end-to-
end signaling for down state More routes in the OSPF
ip ospf network-type point-
database and routing table
to-point
TECRST-2021
Hub and Spoke
OSPF
router ospf 100
The areas the spokes are area 1 stub no-summary
placed in should always be ....
the ―most stubby‖ you can router ospf 100

get away with area 1 nssa no-summary
....
 If possible, make them
totally stubby
 If there is redistribution
at the spokes, make the Area 1
area totally not-so-stubby
router ospf 100

redistribute rip metric 10
....
TECRST-2021
Hub and Spoke
OSPF
 If you need to leak some ip prefix-list 10 permit 10.1.1.0/24 ge 25
routing information from area ip prefix-list 10 deny all
....
0 into the spoke areas, use router ospf 100
type 3 LSA filtering at the area 1 filter-list prefix-list 10 in
border to remove as much
information as possible
 OSPF Hub and Spoke
Areas, currently in Area 1
development, would allow
an area where the spoke
routers only receive the
default route
TECRST-2021
Hub and Spoke
OSPF
 Once you‘ve determined
how to configure the hub‘s
interface, you need to
decide how to divide the
remote sites among
flooding domains
 If the hub and spoke
section of the network is
small, and fits well within
some other area structure,
then the entire hub and
spoke can be placed in this
single flooding domain
TECRST-2021
Hub and Spoke
OSPF
If the hub and spoke is
large enough, you‘ll want
to split it off as its own
flooding domain
 Remember each spoke router
receives all the topology
information from all the other
spoke routers
TECRST-2021
Hub and Spoke
OSPF
 Low speed links and large
numbers of spoke may require
multiple flooding domains
 Balance the number of
flooding domains on the hub
against the number of spokes
in each flooding domain
 The link speeds and the
amount of information being
passed through the network
determine the right balance
TECRST-2021
Hub and Spoke
OSPF
 Dual homed remotes make
the division of flooding
domains significantly
more difficult
 If all the spoke routers will
fit, put both the hubs and
all the spokes in a single
flooding domain
TECRST-2021
Hub and Spoke
OSPF
If all the spokes will not fit into a
single flooding domain, split the
hub and spoke up into multiple
areas or flooding domains
 You should build links between the
hub routers within each flooding
domain in some way to prevent
routing black holes
 Put two links between the area
borders, one in each area or
flooding domain
Two links, one in each flooding domain
TECRST-2021
Hub and Spoke
OSPF Scaling
 The blue line shows the rate at which the startup convergence time increases as
OSPF neighbors are added to the hub routers and peaks at the 700 router mark
 The red line starts and ends below the green line showing the startup convergence
time if the neighbors added are all configured as OSPF neighbors are added to a
Totally Stubby area
 Measure initial bring up convergence until all neighbors are established and
queues empty, SPF completes
each spoke
400
Convergence Time (seconds)
350
Totally Stubby Area
300
250
Single Area
200
150
100
50
0
0 100 200 300 400 500 600 700 800
TECRST-2021 Number of Spokes

Hub and Spoke
OSPF Scaling
 The blue line, ending above the red line, shows the rate at which the failover
convergence time increases as OSPF neighbors are added to a single hub router
 The red line shows the failover convergence time if the neighbors added are all
configured as OSPF neighbors are added to a Totally Stubby area
 Primary Hub failed, time measured for OSPF to complete failover convergence
each spoke
50
Convergence Time (seconds)
45
Single Area
40
35
Totally Stubby Area
30
25
20
15
10
5
0
0 100 200 300 400 500 600 700 800
Number of Spokes
TECRST-2021
Hub and Spoke
OSPF Scaling
 Most OSPF Neighbors Seen
200 Deployed in live, working networks
600 is the largest number ever tested in a lab environment
 Key Strategy for achieving scalability is design!

Minimize advertisements to spokes
Area placement is the key to summarization, filtering, etc.
Use the most stubby area possible
TECRST-2021
Full Mesh
 Full mesh topologies are complex:
2 routers == 1 link
3 routers == 3 links
...
 Adjacencies == nodes(nodes-1)/2
TECRST-2021
Full Mesh
Scaling Tests
 60 node TEST network
1770 links
NPE-G1, NPE-400s
All devices on same physical Ethernet (via a switch),
full mesh created with GRE Tunnels
 Three tests performed

Initial convergence, measured from interface bring up
Flap a transit link, such that a routing adjacency will reset
Flap a stub network, to measure prefix propagation
 This test does not consider stability, only convergence!
TECRST-2021
Full Mesh
Scaling Tests
EIGRP OSPF Default Timers OSPF Tuned Timers

Initial Convergence 1:13 1:13 1:18
Link Flap 0:51 0:43 0:41
Prefix Flap 0:15 0:09 0:03
TECRST-2021
Full Mesh
OSPF
 Flooding routing information
through a full mesh topology is
also complicated
Each router will, with optimal timing,
receive at least one copy of every
new piece of information from each
neighbor on the full mesh
 There are several techniques

you can use to reduce the
amount of flooding in a full mesh
Mesh groups reduce the flooding
in a full mesh network
Mesh groups are manually
configured ―designated routers‖
New information
TECRST-2021
Full Mesh
OSPF
 Pick one or two routers to flood
into the mesh, and block
flooding on the remainder
 This will reduce the number
of times information is flooded
over a full mesh topology
interface serial x
ip ospf database-filter all out
....
New information
TECRST-2021
Full Mesh
EIGRP
 Routes must be advertised
between every pair of peers
in the mesh so each router
has the correct next hop and
routing information
 Number the links so they can
be summarized to a single
advertisement at the edge
 Number the links so the link
information can be filtered
out at the edge
Summarize
TECRST-2021
Full Mesh
 Consider High Availability
ring topologies, such as SRP,
SONET rings, and others as
an alternative to full mesh high
speed networks in POPs and
other enclosed networks
 This can provide resiliency
against a single failure in the
network, and simplify the
topology from the perspective
of routing dramatically
TECRST-2021
Link State Border Connections
 Be careful with links between 100
B
border routers in OSPF 10 10
and IS-IS
10.1.1.0/24, cost 10
 Traffic prefers to stay within
the flooding domain no matter 100 A
what the actual link costs are
To reach A, we will take the
higher cost link if the border
link is in the backbone 100
B
To reach B, we will take the 10 10
higher cost link if the border
link is in the area or L1 domain 10.1.1.0/24, cost 10
This is because we are removing

topology information at the border, 100 A
and always trust routes with more
explicit topology information
TECRST-2021
Link State Border Connections
 In OSPF, we have to decide 100
B
which traffic we want to 10 10
route optimally
10.1.1.0/24, cost 10
The ability to place a single
link in two areas is under
consideration within the 100 A
OSPF working group
 In IS-IS, we can place the link

in both the L1 and L2 routing 100
domains, and optimally route B
10 10
both ways
10.1.1.0/24, cost 10
100 A
TECRST-2021
Working with
Redistribution
TECRST-2021
Working with Redistribution
 Alternatives to Redistribution
 Single Point of Redistribution
 Multiple Points of Redistribution
TECRST-2021
Alternatives to Redistribution
 When connecting to an ip route 10.2.0.0 255.255.255.0 s0/0
!
outside network, creating router eigrp 100
redistribute state metric 1000 1 255 1 1500
static routes at the edge,
and redistribute those, BigShoes, Inc
instead of redistributing 10.1.0.0/16
live routing information
 This prevents misconfigurations Redistribute
OSPF to EIGRP
and rapid topology changes
in the other network from
Redistribute
impacting you EIGRP to OSPF
 It also prevents someone

from injecting false information MediumSocks, LTD
10.2.0.0/16
to attack your routing system
ip route 10.1.0.0 255.255.255.0 s0/0
!
router ospf 100
redistribute state metric 10
TECRST-2021
 Even if you must have live
routing data, don‘t redistribute
between IGPs to connect to an AS65000
outside network; this opens
serious security holes in routing BigShoes, Inc
 Instead, use eBGP, so you can

do policy based filtering on the Redistribute
OSPF to EIGRP
routes you‘re receiving
eBGP
Redistribute
EIGRP to OSPF
MediumSocks, LTD
AS65001
TECRST-2021
 Use redistribution when
permanently merging two Socks&Shoes, Corp
networks into a single
administrative domain
BigShoes, Inc
 Use redistribution as a
transition strategy when
switching routing protocols Redistribute
OSPF to EIGRP
 Use redistribution to split
off a section of the network Redistribute
EIGRP to OSPF
for security, experimental,
or administrative reasons
MediumSocks, LTD
TECRST-2021
Single Point of Redistribution
 Single points of Single point of failure
redistribution are simple
to manage and control
EIGRP
OSPF
 There is little or no chance
of routing loops or other
problems with single
points of redistribution
 They are also single points
of failure; consider using
high availability methods
to reduce the risk
router ospf 100
redistribute eigrp 100 metric 10
....
!
router eigrp 100
redistribute ospf 100 metric 1000 1 255 1 1500
....
TECRST-2021
Multiple Points of Redistribution
router ospf 100
 Multiple points of redistribute eigrp 100 metric 10
....
redistribution resolve !
router eigrp 100
the single point of failure redistribute ospf 100 metric 1000 1 255 1 1500
....
 The cost is dramatically
increased network
complexity and the
EIGRP
OSPF
possibility of permanent
routing loops
router ospf 100

....
!
router eigrp 100
redistribute ospf 100 metric 1000 1 255 1 1500
....
TECRST-2021
 A route is injected into
EIGRP as an external;
this route is redistributed Metric 25
A
Metric 2560256
through B into OSPF
EIGRP
Metric
OSPF
 The route is transmitted 2688000
to A through OSPF, and
redistributed into EIGRP Metric 10 Metric 2816000
B
 The metric is set manually
in redistribution at A to
something lower than the 10.1.1.0/24
original external injected Metric 2560256
into EIGRP
 B prefers this route, building
a routing loop
TECRST-2021
There Are Three Ways to Prevent This Routing Loop:

 Only redistributing live routing information in one direction
 Filtering routes based on the network advertised to prevent
feedback
 Filtering routes using routing tags to prevent feedback
TECRST-2021
Single Redistribution Direction
 If live routing data is
only needed in one 10.1.2.0/24 10.1.1.0/24
direction (normally, A
this is true), redistribute
a static in one direction,
EIGRP
OSPF
and between protocols
in the other direction
B
ip route 10.2.1.0 255.255.255.0 serial 0/0

....
router ospf 100
....
router eigrp 100
redistribute static 100 metric 1000 1 255 1 1500
....
TECRST-2021
Filtering Based on Prefixes
 To filter based on prefixes,
configure access lists which 10.1.2.0/24 10.1.1.0/24
match the address ranges A
used by each section of
the network
EIGRP
OSPF
 Use these access lists to
filter routes redistributed
between protocols B

....
router ospf 100
redistribute eigrp 100 metric 10 distribute-list 10
....
router eigrp 100
redistribute ospf 100 metric 1000 1 255 1 1500 distribute-list 20
....
TECRST-2021
 EIGRP and OSPF can set
tags on their external routes 10.1.2.0/24 10.1.1.0/24
A
 Set the tag when
redistributing between
EIGRP
OSPF
the protocols; deny
tagged routes at the
redistribution point
B
route-map usetags deny 10

match tag 1000
route-map usetags permit 20
set tag 1000
....
router ospf 100
redistribute eigrp 100 metric 10 route-map usetags
....
router eigrp 100
redistribute ospf 100 metric 1000 1 255 1 1500 route-map usetags
....
TECRST-2021
Transitioning
Protocols
TECRST-2021
Transitioning Routing Protocols
 Basics
 Cutover At Once
 Splitting the Problem
 Using Redistribution
 Using Administrative Distance
TECRST-2021
Basics
 There is a quick and easy way to transition from one
protocol another without any network downtime
Perhaps—If you discover it, let me know
 It‘s impossible to transition from one routing protocol

to another in a really large network
It‘s almost always difficult, but never impossible
TECRST-2021
Basics
It‘s never worth the trouble of switching routing protocols
That depends...
 Would the cost benefits outweigh the transition costs?
Differentials in overall equipment costs in the future
Convergence speeds on specific network topologies
Other factors
 You sometimes don‘t have a choice, such as when merging two networks
TECRST-2021
Basics
What reasons have we heard in the field for switching
routing protocols?
 ―We want faster convergence...‖
Generally convergence is a matter of design, rather than protocol
 ―Our network design is hub and spoke, so it fits better for EIGRP...‖
Can‘t argue with this one… 
 ―We want a standards based protocol…‖

What, so you can install some ―other‖ vendor‘s equipment?
Are you insane???? 
 ―We‘re all studying for our CCIEs, and need exposure to

other protocols…‖
TECRST-2021
Cutover at Once
Don‘t count on routed Configure Remove

reachability while you are routing routing
switching the routing protocol Telnet
 Start from one end of the network Configure Remove

routing routing
 Telnet to the other end hop by hop,
removing routing at each step Telnet
 Apply new routing protocol at the

Configure Remove
router farthest away routing routing
 Back out, applying new routing Telnet

protocol hop by hop
Configure Remove
routing routing
TECRST-2021
Cutover at Once
 If the network destabilizes, Configure Remove
take a break routing routing
Wait for
 At each router, wait until convergence Telnet
the network has converged Configure
before moving to the routing Remove
routing
next router Wait for
convergence
When you configure routing on a Telnet
given router, wait until the routing Configure
routing
protocol is quiescent Remove
Wait for routing
For instance, for EIGRP, look at show convergence
ip eigrp neighbors, and wait until
the Q Count is 0 on all interfaces Configure Telnet
routing
 This technique should be used Wait for
Remove
routing
whether converting manually or convergence
when using a script
TECRST-2021
Cutover at Once
 If the process stalls or fails, each device should

be left completely in a known state
There should be no chance of partial configurations
 Only one of three states should be possible

The old routing protocol is completely configured
No routing is configured
The new routing protocol is completely configured
TECRST-2021
Cutover at Once
Make the Process Atomic
 Create each new routing host#telnet <a>
configuration in a locally router-a#telnet <b>
accessible file host#<edit config b>
router-b(config)#no router xxxx

Remember not to count on
reaching a server (Text editor)
router xxxx
 At each router network xx.xx.xx.xx
....
Open file with new routing
protocol configuration commands <Copy>
no router xxxx to remove <Paste>

the old routing protocol router-b(config)#router xxxx
router-b(config-rtr)#....
config t A
router-b(config-rtr)#exit
(Copy/paste) router-b#copy run start
router-b#reload
copy run start
B
reload
TECRST-2021
Cutover at Once
 Create each new routing host#telnet <a>
configuration router-a#telnet <b>

router-b(config)#no router xxxx
 Copy the configuration into a file
on the local flash of each device router-b(config)#exit
router-b#copy slot0:newconfig run
router-b#copy run start
 To convert router-b#reload
Telnet to each router ....
Remove routing router-b>
<ctrl>+<shift>+6
no router xxxx x
router-a#copy slot0:newconfig run
Copy the local file from flash to the router-a#copy run start
startup configuration router-a#reload
copy <file> run
Reload the router A
 You can also copy the new

configuration directly to the
startup configuration and B
reload, rather than to the
running configuration
TECRST-2021
Cutover at Once
Failure Point Result
Router can be reached through old

Before the old routing protocol is removed routing protocol or direct connections
(interface addresses are not removed)
Router can be reached through

After the old routing protocol is removed
direct connections
After the new routing protocol Router can be reached through new
is configured routing protocol or direct connections
After the new routing protocol is

Router can be reached through new
configured and saved, and router
routing protocol or direct connections
is reloaded
TECRST-2021
Splitting the Problem
 In really large networks, you might have to split

the problem into pieces
Consider the network as a set of smaller networks,
and convert each part separately
 Where can you split a network?

Hierarchical division points
Aggregation points
TECRST-2021
Hierarchical Division Points
 In a two layer hierarchy,
the only real choice is to
core
split the network along the
core/aggregation divide
aggregation
 Each ―lobe‖ within the
aggregation layer can
be converted separately
 The network core can
be converted separately
TECRST-2021
 In a three layer hierarchy,
the split points are going
to depend on the size of core
each ―lobe‖ and ―layer‖
in the network distribution
 Each access layer ―lobe‖

can be converted separately
access
 The core can be converted
as one unit
 The distribution layer can
either be converted with the
core, with the access layer,
or separately, in ―lobes,‖ etc.
TECRST-2021
 Which part should you
convert first?
Core Out?
Edge in?
Start at the edge and work in?
Start at the core and work out?
 This question applies to both
Converting individual pieces
of the network
The order in which to convert
network pieces
TECRST-2021
 Typically, it‘s easier to work
from the edge in…
Core Out?
Edge in?
This tends to work with
aggregation and network
design, rather than against it
Provides a set of ―lower
risk‖ areas to work in,
and perfect techniques
 But… in some cases, core out
might be easier
I‘ve just never seen a network
where it is…
TECRST-2021
Aggregation Points
 Another good place to
divide the network is at
aggregation points
 This will often be
along hierarchical
boundaries, anyway…
 If you choose different
aggregates in the new
protocol, both protocols
can run at the same time,
along the edges
 This allows you to convert
one section of the network
at a time
TECRST-2021
Using Redistribution
 Once you‘ve split the
network up into pieces router ospf 100
network 0.0.0.0 0.0.0.0 area 0
to convert, how do you A
actually convert each
piece, and still have a
working network? router ospf 100
network 0.0.0.0 0.0.0.0 area 0
 One ―easy‖ answer area 0 range 10.1.0.0 0.0.255.255
....
is redistribution… B router eigrp 100
network 0.0.0.0
Redistribute here?
router eigrp 100
network 0.0.0.0
C
TECRST-2021
 Redistribution is probably one of the most ―counted on‖

tools to convert from one routing protocol to another
 But, it‘s a lot like playing with fire…
 You can cook a really nice omelet, or you can get
really burnt!
TECRST-2021
 In a simple network design,
it‘s easy to move redistribution New protocol New protocol
around as you convert

 How many networks have New protocol
simple linear topologies like Redistribution New Protocol
this one, though? Old protocol
New protocol
Old protocol Redistribution
Old protocol
Old protocol Old protocol
TECRST-2021
 The more complex a
New Protocol
network‘s topology is, the
more places redistribution Redistribution
is required to convert from
one protocol to another
 More points of
redistribution means:
More complexity in moving
the protocol conversion over
at each step
More chances for human
error in configurations
More complex problems if the
network fails during conversion Old Protocol
etc.
TECRST-2021
Using Administrative Distance
Distance Vector to Link State
When converting from a A
Distance Vector to Link
State protocol…
 Create the new protocol on all the
routers B router ospf 100
network 0.0.0.0 0.0.0.0 area 0
 Set the administrative distance so distance 200
the new protocol never wins

 Take the old protocol off
C
no router rip
10.1.1.0/24
TECRST-2021
 Add OSPF to all routers A
 At B, remove RIP
no router rip
 Does this work?
B router ospf 100
A has a route to 10.1.1.0/24 network 0.0.0.0 0.0.0.0 area 0
through OSPF distance 200
B has a route to 10.1.1.0/24

through OSPF
C
C has a route to 10.1.1.0/24
through RIP
D has a connected route
to 10.1.1.0/24
D
 This works…
10.1.1.0/24
TECRST-2021
Best path to 10.1.2.1 is through B
 Things can get harder
around aggregation points
and area borders RIP
 Suboptimal routing Area 0

is the rule rather
than the exception
 In some cases,
suboptimal routing
can become extreme Area 1
Totally Stub
Throw traffic to 10.1.2.1
away through the discard
route
ip summary-address 10.1.0.0 255.255.0.0 10.1.1.0/24
Only path to 10.1.2.1 is through C
TECRST-2021
Distance Vector to Distance Vector
 Add EIGRP to all routers A
 Remove RIP from B

no router rip
D advertises 10.1.1.0/24
through RIP and EIGRP B router eigrp 100
network 0.0.0.0 0.0.0.0
C receives 10.1.1.0/24 distance eigrp 190 200
in both RIP and EIGRP,

but doesn‘t advertise it
through EIGRP because C
the RIP route is installed
in the routing table
B has no route to 10.1.1.0/24
D
 This doesn‘t work!
10.1.1.0/24
TECRST-2021
Distance Vector to Distance Vector
 Note B is the first router A
that doesn‘t have a route
to 10.1.1.0/24 no router rip
 This technique won‘t work B router eigrp 100

in the general case, then, network 0.0.0.0 0.0.0.0
distance eigrp 190 200
but it is useful in some
cases, even with distance
vector protocols C
B is the first router without a

route to 10.1.1.0/24
10.1.1.0/24
TECRST-2021
Combined with a Cutover
 You can use the administrative Configure Remove
distance to your advantage routing routing
when using a ―cutover at Wait for
convergence
once‖ technique Telnet
Configure
 Rather than removing the old routing Remove
routing
routing protocol at each step, Wait for
then installing the new one… convergence
Telnet
Configure
Configure the new routing protocol routing
at each router, making certain the Remove
new protocol doesn‘t take routing over Wait for routing
convergence
To convert the network, walk through
Configure Telnet
the each router, changing one of the routing
two protocol‘s administrative distance Remove
to make the new protocol win, and the Wait for routing
convergence
old protocol lose
TECRST-2021
Combined with a Cutover
If you use this technique…
 Watch for unpredictable routing as you‘re converting, especially
if you‘re converting from a distance vector protocol to a link
state protocol
 Be careful not to rely on routing to modify routing
Never count on a routed path to reach a router that you‘re working on
Always telnet hop by hop when converting
 Don‘t be too hasty to back out, if things start

looking wrong
Troubleshoot the problem
Make certain it doesn‘t relate to both protocols running at the same time
TECRST-2021
Warning
 For protocols that rely on the administrative distance
to sort routes…
EIGRP
BGP
 Do not reverse the administrative distance

of their routes
Don‘t make external EIGRP routes preferred over internal
EIGRP routes
 This is a certain path to routing loops and major

network failures
TECRST-2021
BGP
TECRST-2021
BGP
 BGP Basics
 Route Reflectors
 BGP Cores
 Outside Connections
 BGP/IGP Interaction
TECRST-2021
BGP Basics
 Interior Gateway Protocols:

Automatic discovery
Generally trust your IGP neighbors
Routes go to all IGP neighbors
 Exterior Gateway Protocols

Specifically configured peers
Connecting with outside networks
Set administrative boundaries
TECRST-2021
BGP Basics
 Autonomous System: A network(s) sharing the same

routing policy
Possibly multiple IGPs
Usually under single administrative control
 Contiguous internal connectivity

 Numbering range from 1 to 65,535—globally unique—
―AS Number‖
Private range: 64512–65535
TECRST-2021
BGP Basics
 Learns multiple paths via internal and external

BGP speakers
 Picks THE bestpath, installs it in the IP forwarding
table, forwards to EBGP neighbors (not IBGP)
 Policies applied by influencing the bestpath selection
TECRST-2021
BGP Basics
Summary of Peering Operation:

 TCP connection established (port 179)
 Both peers attempt to connect—there is an algorithm to resolve
―connection collisions‖
 Exchange messages to open and confirm the connection
parameters
 Initial exchange of entire table
 Incremental updates after initial exchange
 Keepalive messages exchanged when there no updates
TECRST-2021
BGP Basics
Peering
 External (eBGP) connections BGP core
are to BGP peers in other
autonomous systems A
 Internal (iBGP) peers are iBGP
to BGP peers in the same session
autonomous system
B
eBGP
router bgp 65000
session
neighbor 10.1.1.1 remote-as 65000
C
router bgp 65000
router bgp 65001 IGP Area

TECRST-2021
BGP Basics
Peering
 When B learns a route from C BGP AS
through eBGP, it sets the next
Next hop
hop towards the destination to C remains C A
 When it advertises this route to
A, through iBGP, it does not reset
the next hop Next hop is
B
set to C
 A need to learn how to reach
C through some other method A needs to learn eBGP
than BGP how to reach C session
 An IGP needs to underlie BGP C
BGP AS
TECRST-2021
BGP Basics
Peering
 Routes learned from eBGP BGP AS
peers are readvertised to
iBGP peers iBGP session A
 Routes learned from iBGP Don‘t readvertise
iBGP
iBGP routes to
peers are not readvertised iBGP peers
session
to other iBGP peers
B
 iBGP peers have to be
Readvertise
fully meshed, or some eBGP routes to iBGP
other technique needs iBGP peers session
to be used to distribute
C
iBGP routes through
an autonomous system eBGP
Learn eBGP routes session
TECRST-2021
Route Reflectors
Basics
We know that iBGP doesn‘t
guarantee loop free routing A AS65000
through an AS
eBGP
10.1.1.0/24
 B receives 10.1.1.0/24 with an AS
Path of {65000,65001}
 C receives 10.1.1.0/24 with an AS B
Path of {65001,65000}
10.1.1.0/24
 D receives 10.1.1.0/24 with an AS
Path of {65001,65000} 10.1.1.0/24
 B receives the same route with the C
same attributes, setting up a loop! D
10.1.1.0/24
AS65001
TECRST-2021
Route Reflectors
Basics
 What we need is an AS Path to prevent loops within
the AS!
 RFC2796, BGP Route Reflection, defines two BGP
attributes to provide loop detection within an AS
 Originator ID
Set to the ID of the router injecting the route into the AS
 Cluster List
Each route reflector the route passes through adds their ID to
this list
TECRST-2021
Route Reflectors
Basics
 B receives 10.1.1.0/24 with A AS65000
an AS Path of {65000,65001}
eBGP
10.1.1.0/24
 C receives 10.1.1.0/24 with
an AS Path of {65001,65000},
but adds A‘s Router ID as the B
Originator ID 10.1.1.0/24
 C also starts a Cluster List,
and adds its own local Router D C
ID into the list
AS65001
neighbor <B> route-reflector-client
neighbor <D> route-reflector-client

neighbor <C> route-reflector-client
TECRST-2021
Route Reflectors
Basics
 D receives 10.1.1.0/24 with A AS65000
an AS Path of {65001,65000}
and an Originator ID of A
eBGP
10.1.1.0/24
 D adds its own router ID to

the Cluster list B
 Before sending the route to 10.1.1.0/24

A, D compares the Originator 10.1.1.0/24
ID and the Cluster ID list to D C
see if A‘s router ID matches
any ID on either one 10.1.1.0/24
AS65001
 D finds A‘s ID as the
Originator ID, so it doesn‘t neighbor <D> route-reflector-client
send the route to A
TECRST-2021
Route Reflectors
Basics
A AS65000
10.1.1.0/24
eBGP
10.1.1.0/24 AS Path: {65001, 65000}
AS Path: {65001, 65000}
Originator ID: A B
Cluster List: {C,D} 10.1.1.0/24
AS Path: {65001, 65000}
Originator ID: A
Cluster List: {C}
D C
AS65001
neighbor <D> route-reflector-client

TECRST-2021
Route Reflectors
Basics
 A route reflector is an iBGP Route reflectors
speaker that reflects routes
learned from iBGP peers to
other iBGP peers
 Route reflectors add the
Originator ID and the Cluster
List to routes they reflect
 Route reflectors are
designated by configuring
some of their iBGP peers
as route reflector clients
neighbor <X> route-reflector-client

TECRST-2021
Route Reflectors
Basics
 A route reflector client Route reflectors
is just an iBGP speaker
 There is no special
configuration for a
route reflector client
Route reflector client

TECRST-2021
Route Reflectors
Basics
 A cluster is a route reflector Route reflectors
and its clients
 Route reflector clusters
may overlap Cluster

TECRST-2021
Route Reflectors
Basics
 A non-client is any route Route reflectors
reflector iBGP peer that is
not a route reflector client Non-client
 Each route reflector is also a Cluster

non-client of each other route
reflector in this network
 Route reflectors must be
fully iBGP meshed with
non-clients

TECRST-2021
Route Reflectors
Basics
 When reflecting a route, a route reflector always:
Creates a Cluster List if one doesn‘t exist
Adds its router ID (or the configured cluster ID) to the
Cluster List
If no Cluster List exists, adds the router ID of the peer it
received the route from as the Originator ID
 When sending a route, a route reflector always

follows normal BGP processing rules
TECRST-2021
Route Reflectors
Basics
If a route reflector receives a eBGP peer Non-client
route from an eBGP peer:
 Send the route to all clients
 Send the route to all non-clients
Send
Send
Send
Client
Client
TECRST-2021
Route Reflectors
Basics
If a route reflector receives eBGP peer Non-client
a route from a client:
 Reflect the route to all clients Send
 Reflect the route to all non-clients
Reflect
 Send the route to all eBGP peers
Reflect
Client
Client
TECRST-2021
Route Reflectors
Basics
If a route reflector receives a eBGP peer Non-client
route from a non-client:
 Reflect the route to all clients Send
 Send the route to all eBGP peers
Reflect
Reflect
Client
Client
TECRST-2021
Route Reflectors
Basics
 A advertises 10.1.1.0/24 to B
 B sends 10.1.1.0/24 to D
C is a
E
 D sends 10.1.1.0/24 to E client
3 of E
 E reflects 10.1.1.0/24 to C D
B is a
 D chooses the path through B client
(via C) 4 C of D
 C chooses the path through E 2

(via D) B
eBGP
 We have a permanent routing loop! 1
TECRST-2021
Route Reflectors
Basics
 Always configure the reflector
topology to follow the
physical topology C is a
E
client
 No route reflector client 3 of E
should ever peer through a route D
reflector the client isn‘t peered to B is a
client
 C (a client) should not be peered 4 C of D
to E (a reflector) through D (a
2
reflector) without being peering B
to D as well as E
eBGP
 In this case, making C a client 1
of D would resolve the loop
A
TECRST-2021
Route Reflectors
Hierarchical Route Reflectors
 All of the route reflectors
Full iBGP
will need to be fully meshed mesh
Reflectors still follow the between
normal rules of iBGP reflectors
route propagation
between themselves
 This full iBGP mesh

between reflectors can
still contain so many
routers that it presents
a scaling problem
Cluster
Cluster
TECRST-2021
Route Reflectors
 To resolve this, route Client and reflector
reflectors can be
deployed in a hierarchy
 A single router can Cluster
be a reflector client
and a reflector
Cluster
Cluster
TECRST-2021
Hierarchal Route Reflectors
 An unlimited number of tiers that can be used
 The edges of route reflector tiers are a natural place to
reduce the amount of routing information being carried
in the lower tiers
 The same topology rule applies: The reflector topology
must follow the physical topology to prevent loops and
black holes
 Suboptimal routing can actually be worse, and harder
to figure out
TECRST-2021
Route Reflectors
Deployment
 Use the divide con conquer approach to convert from
a full iBGP mesh to route reflectors
 Divide network into multiple clusters, using the
physical topology as a guide to the logical divisions
 Pick out one router to act as the reflector in each
cluster, making certain reflection follows the physical
topology
 Remove redundant iBGP sessions as you configure
reflectors in each cluster
TECRST-2021
Route Reflectors
Deployment
 If you‘re going to use hierarchal route reflectors, do the
outer edge first, leaving the core full mesh iBGP until
the outer edge is done
 Continue using a single IGP—the next-hop is
unmodified by reflectors unless set via an explicit
route-map
TECRST-2021
Route Reflectors
Deployment
 A client may peer with more than one reflector,
in different clusters
A client that peers to only one reflector has a single point
of failure
Clients should peer to at least two reflectors to provide
redundancy
 How many reflectors should a single route reflector

be peered to?
 Should redundant reflectors be in the same cluster
or should they be in separate clusters?
TECRST-2021
Route Reflectors
Deployment
 How many route reflectors should a
A
single client be peered to?
 Two considerations are important:
Network configuration and management
Router memory and processing requirements
B
 If A is the client of only one reflector,
it only receives one copy of the route
to 10.1.1.0/24
neighbor <a> route-reflector-client 10.1.1.0/24
TECRST-2021
Route Reflectors
Deployment
 E new route reflector A becomes a
A
client of adds more configuration
and management
 Each new route reflector A becomes
a client of adds another path to
10.1.1.0/24 B C D
 This increases the amount of memory
A requires to operate, and also
increases A‘s processing requirements
TECRST-2021
Route Reflectors
Deployment
 Each new client B, C, and D are
A
peered to also increased their
processing requirements
 At some point, the additional
reflectors will stop adding to the
resilience of the network, and B C D
make management and memory
requirements similar to a full
iBGP mesh
TECRST-2021
Route Reflectors
Deployment
 Some redundancy is needed
 Too much burns memory on RRCs because the
client learns the same information from each RR
 Also burns memory on the RRs because they learn
multiple paths for each route introduced by a RRC
 Two or three reflectors peer cluster should be plenty
TECRST-2021
Route Reflectors
Deployment
 Assume A and B have the same
route reflector clients configured A B
 These two reflectors
are redundant
 Should they be configured with
the same cluster ID or different C D
cluster IDs?
E
neighbor <c> route-reflector-client
neighbor <d> route-reflector-client
10.1.1.0/24
neighbor <c> route-reflector-client
neighbor <d> route-reflector-client
TECRST-2021
Route Reflectors
Deployment
192.168.1.0/24
 Assume A and B are using the Cluster: 10.10.10.10
192.168.1.0/24
same cluster ID, 10.10.10.10 A B
 E advertises 192.168.1.0/24 to D
 D sends this route to its reflector, B
 B adds a Cluster List and the
Originator ID, and reflects the C D
route to A and C
192.168.1.0/24
 When A receives this route, it
notes its local cluster ID is already
in the Cluster List (since A and B E
have the same cluster ID), and
rejects the route
192.168.1.0/24
TECRST-2021
Route Reflectors
Deployment
 If the A to D link fails, A won‘t
have any path to 192.168.1.0/24, A B
since it is rejecting the route
from B
 If the B to C link fails, C won‘t
have any path to 192.168.1.0/24,
since A is rejecting the route from C D
B, and won‘t reflect it to C
 This configuration only protects
against some link failures, not all
of them E
192.168.1.0/24
TECRST-2021
Route Reflectors
Deployment
 One way to resolve this problem is
to configure the iBGP sessions A B
between the router‘s loopbacks,
rather than their physical interfaces
 If the A to B link fails, the A to B
iBGP session stays up (through C),
so A maintains connectivity to C D
192.168.1.0/24
 If the B to C link fails, the B to C
iBGP session stays up (through A),
so C maintains connectivity to E
192.168.1.0/24
192.168.1.0/24
TECRST-2021
Route Reflectors
Deployment
192.168.1.0/24
 Another option is to configure A Cluster: 10.10.10.10
192.168.1.0/24
and B with different cluster IDs A B
 Now, when A receives B‘s
reflected route, it will keep the
route, since the cluster ID in the
Cluster List doesn‘t match its
own cluster ID C D
 A will run the BGP bestpath 192.168.1.0/24

algorithm, and advertise either
its path through B or its path
through D to C E
192.168.1.0/24
TECRST-2021
Route Reflectors
Deployment
 If the A to D link fails, A will still
have the path through B to reach A B
192.168.1.0/24
 If the B to C link fails, C will still
have the path through A to reach
192.168.1.0/24
C D
 This provides full redundancy
192.168.1.0/24
TECRST-2021
Route Reflectors
Deployment
 A now also has two routes to
192.168.1.0/24, one through D, A B
and one through B
 Each additional path A must hold
and process adds additional
memory and processor overhead
C D
 This solution is less scalable than
A and B being configured with the
same cluster ID
192.168.1.0/24
TECRST-2021
Route Reflectors
Deployment
Reflector
Administrative Attribute
Redundancy Memory
Factors Combinations
Consumption
100% with Easy to identify

sessions network One path from
Same Cluster ID Medium
between regions based each client
loopbacks on cluster ID
Easy to identify One path from

reflection chain each client and
Different Cluster ID 100% High
based on one path from
Cluster List each reflector
TECRST-2021
BGP Cores
Why Use a BGP Core?
 When the network becomes ―too large‖ for an interior
gateway protocol to manage
 When the core of the network becomes an ―internal
service provider,‖ connecting several large,
independent networks with separate support staffs,
policies, and (possibly) interior gateway protocols
TECRST-2021
BGP Cores
Why Use a BGP Core?
 How do you know your network is too big for a single
interior gateway protocol domain or instance to handle?
When the network fails on a regular basis
When the network never converges (constant churn)
 The upper limit on most interior gateway protocols is

about 5,000 to 10,000 routes
The more complex the network is in terms of available alternate
paths, the fewer routes the IGP will be able to manage
TECRST-2021
BGP Cores
Why Use a BGP Core?
But…
 If you have deployed the scaling techniques we‘ve talked about,
you shouldn‘t hit these limits until the network is truly gigantic!
 BGP cores deployed for scaling are generally a sign the network
design needs to be rethought
 In some cases, however, the network design is just what it is,
and we have to do what we can to make it work
TECRST-2021
BGP Cores
Why Use a BGP Core?
 Some networks are not
networks, but rather
OSPF Core
internetworks
 An internetwork is
made up of multiple
smaller networks, each
one under separate
administrative control Finance
(EIGRP)
 An interior gateway
protocol may work as
a ―core protocol,‖ as
long as the network
isn‘t too large, and the HQ (RIP)
administrators all work Redistribute here
together well
TECRST-2021
BGP Cores
Why Use a BGP Core?
It‘s better to use a policy based
protocol in the core, however:
OSPFCore
BGP Core
 Each administration team can better
control routing information flow
 A major failure in one part of the
network is less likely to impact the
core or other sections of the network
 Less finger pointing means
a smoother running, more Finance
stable network (EIGRP)
HQ (RIP)
Redistribute here
TECRST-2021
BGP Cores
Deployment
Determine where the
boundaries of the core BGP core
should be
 Consider administrative
division points
 Divide up complex areas of the
network as much as possible
 Consider physical and topological
choke points
 Consider places where you could
summarize, if at all possible
Complex
topological areas
TECRST-2021
BGP Cores
Deployment
 Don‘t ever redistribute all the BGP core
routing data from BGP into
the IGP at the edge; routes 0.0.0.0/0
should be injected in a very
controlled manner
10.1.0.0/16
 If possible, inject just the 10.2.0.0/16
default into the IGP
 To provide optimal routing,
you can inject summaries
into the IGP as well, but this
should be limited to one
or two routes
TECRST-2021
BGP Cores
Deployment
 There are several possible Generate or permit a default
ways to manage getting and other routes towards
the IGP area edge BGP core
routes into the IGP from Pass the entire BGP table to
the BGP core the IGP area edge
 The primary factor is Pass no routes to the

IGP area edge
in whether the filtering A
should be done by the
eBGP
administrators of the IGP session
areas, or the BGP core
Redistribute eBGP B
 Don‘t pass full routes to the learned routes into the
IGP area routers unless you IGP
want the filtering done by the Redistribute filtered
eBGP learned routes IGP Area
IGP area administrators into the IGP
Generate a default
and other routes
into the IGP
TECRST-2021
BGP Cores
Deployment
If the core doesn‘t have a default, you router bgp <AS number>
neighbor 10.1.1.1 default-information originate
can generate a default on the edge
router
BGP core
If the core has a default you can pass on ip route 0.0.0.0 0.0.0.0 null0 200
!
through the edge, but you want to make
access-list 10 permit host 0.0.0.0
certain there is always a default route !
supplied to the IGP areas route-map 0-only permit 10
match ip address 10
!
router bgp <AS number>
A
neighbor 10.1.1.1 distribute-list 10 out
redistribute static route-map 0-only
If the core has a default and you want it access-list 10 permit host 0.0.0.0
!
to be dynamically provided to the IGP
areas redistribute eigrp 100 metric 10
neighbor 10.1.1.1 distribute-list 10 out B
IGP Area
Redistribute all eBGP learned routes into the IGP here
TECRST-2021
BGP Cores
Deployment
Pass the more specific access-list 10 permit host 0.0.0.0

into the IGP area into
! BGP core
the core using a router bgp <AS number>
distribute-list to filter neighbor 10.1.1.1 distribute-list 10 out
out all the other routes
Generate it using a !
summary (but
aggregate-address 10.1.0.0 255.255.0.0 summary-only
remember to watch out A
for summary black
holes)
IGP Area
Redistribute all eBGP learned routes into the IGP here
TECRST-2021
BGP Cores
Deployment
 If the IGP area edge router
is receiving full routing
BGP core
information, filtering
redistribution into the
IGP is required
A
Full BGP routing
information

access-list 10 permit host 10.1.0.0 B
!
route-map localin permit 10
match ip address 10
!
router eigrp 100 IGP Area
redistribute bgp <AS number> route-map localin
TECRST-2021
BGP Cores
Deployment
 If the core edge router
isn‘t providing any routing
BGP core
information to the IGP area
edge, a locally generated
default can be created
A
No routing
information
B
OSPF router ospf 100
default-information originate always
EIGRP ip route 0.0.0.0 0.0.0.0 null0 200

!
router eigrp 100
redistribute static metric .... IGP Area
IS-IS router isis
default-information originate
TECRST-2021
BGP Cores
Deployment
 Filter or summarize from the BGP core
IGP areas into the core; be
careful of routing black holes Summarize
and filter
 Be very careful with complex
filtering techniques at the
edge; consider maintenance
requirements carefully
TECRST-2021
BGP Cores
Deployment
 Filter the default route and any routes
learned from BGP when redistributing
BGP core
into BGP at the IGP area edge
Filtering routing information access-list 10 deny host 0.0.0.0
access-list 10 deny host 10.1.0.0
using a list of specific
access-list 10 permit any
prefixes !
route-map nolocalout permit 10
match ip address 10 A
!
redistribute ospf 100 route-map nolocalout
Tagging routes into the IGP, access-list 10 deny host 0.0.0.0

!
and filtering on the tags
route-map tagfilter deny 10
redistributing from the IGP match tag 100
match ip address 10
B
route-map tagfilter permit 20
set tag 100
!
redistribute OSPF route-map tagfilter metric 10
! IGP Area
router ospf 100
redistribute bgp <AS number> route-map tagfilter
TECRST-2021
BGP Cores
Deployment
 What autonomous system numbers should you use
when deploying a BGP core?
 It depends on whether or not the BGP core is going
to be tied into the network‘s connectivity to the outside
networks, including the Internet
TECRST-2021
BGP Cores
Deployment
 If the BGP running in the
core is not going to touch, Internet
Partner
in any way, connections
to outside networks, use
private AS numbers DMZ
throughout, even for the
network core
BGP core
Routes generated at the
edge, rather than passed
through from the core
TECRST-2021
BGP Cores
Deployment
 If routes are passed through
the BGP core, a public AS Internet
Partner
number can be used for
the core
 The IGP areas can be Routing
assigned private AS numbers information
passes through
Advertisements from the IGP the core
areas can be filtered at the edge
towards the outside networks
The routing information can be
BGP core
aggregated at the edge
TECRST-2021
BGP Cores
Deployment
 If each IGP area is considered
a network under separate Internet
Partner
administrative control, the
BGP core can become a ―mini
service provider,‖ offering
various services to the ―client MPLS VPN
networks,‖ even though they between IGP
areas
are all within the same MPLS VPN to a
large organization partner
 For instance, one such service

BGP core
would be the provisioning of
MPLS VPN tunnels through the
core between IGP areas and
outside partners, or between
IGP areas
TECRST-2021
BGP Cores
Deployment
Routes from partner
 The BGP core could also marked for QOS
provide quality of service Internet
service level
Partner
forwarding, using QPPB to
transport quality of service
information to the edges
of the core
 Communities carried in BGP,
along with access lists and
AS path lists, can be used to
classify packets on the edges
BGP core
of the BGP core
 This classification is then used
to modify the way packets are
forwarded through the network
Packets marked based on BGP
transported QOS information
TECRST-2021
BGP Cores
 The BGP core could be
used as a basis for Internet
Internet
providing high quality
connectivity to the Internet
(and partners)
OER steers
 Optimized Exit Routing traffic along the
(OER) can determine the best exit point
best path to given

destinations, and steer
traffic along that path
BGP core
 For more information, attend
the Optimized Edge Routing
(OER) presentation
TECRST-2021
BGP Cores
Deployment
 MPLS VPNs through a BGP Core
http://www.cisco.com/en/US/tech/tk436/tk428/technologies_
configuration_example09186a00800a6c11.shtml
RST-1601, Introduction to MPLS VPNs
RST-2602, Deploying MPLS VPNs
RST-3605, Troubleshooting MPLS VPNs
 Quality of Service BGP Propagation
http://www.cisco.com/en/US/partner/products/hw/routers/ps133/
products_configuration_guide_chapter09186a008007df4f.html#
1015477
 Optimized Exit Routing
RST-4311, Advances in Routing Protocols
TECRST-2021
BGP Cores
Deployment
 A has two paths to 10.0.0.0/8 All traffic
with the same metric down to AS65000 sent through
C to
the router ID A 10.0.0.0/8
 It will mark one of them as the

best path, and send all traffic B C
along the link to that exit point
 iBGP multipath allows A to
load share between these D E
two paths
router-a#sh ip bgp 10.0.0.0 AS65001
65001 10.0.0.0/8
192.168.1.1 from 192.168.1.1
(192.168.1.1)
Origin IGP, metric 0, localpref 100,
valid, internal,
65001
192.168.2.2 from 192.168.2.2
(192.168.2.2)
Origin IGP, metric 0, localpref 100,
valid, internal, best
TECRST-2021
BGP Cores
Deployment
 Flag multiple iBGP paths as ‗multipath‘
Each path must have a unique NEXT_HOP
 Number of multipaths configured are inserted in the

routing table
maximum-paths ibgp <1–6>
 Only the bestpath is advertised to A‘s BGP peers

 http://www.cisco.com/en/US/partner/products/sw/
iosswrel/ps1839/products_feature_guide09186a008008
7b00.html
 http://www.cisco.com/cgi-bin/Support/Bugtool/
onebug.pl?bugid=CSCdp72929
TECRST-2021
BGP Cores
Deployment
router bgp 65000
Traffic is
maximum paths ibgp 2 AS65000 load shared
.... across
A both links
router-a#sh ip bgp 10.0.0.0
65001
192.168.1.1 from 192.168.1.1 (192.168.1.1)
Origin IGP, metric 0, localpref 100, valid, B C
internal, multipath
65001
192.168.2.2 from 192.168.2.2 (192.168.2.2)
Origin IGP, metric 0, localpref 100, valid,
internal, multipath, best D E
....
router-s#sh ip route 10.0.0.0

AS65001
Routing entry for 10.0.0.0/8 10.0.0.0/8
* 192.168.1.1 , from 192.168.1.1 , 00:00:09 ago
Route metric is 0, traffic share count is 1
AS Hops 1
192.168.2.2 , from 192.168.2.2 , 00:00:09 ago
Route metric is 0, traffic share count is 1
AS Hops 1
TECRST-2021
BGP Cores
Deployment
 If two paths are learned from AS65000
different autonomous systems,
it‘s impossible to load share A B
between them
C
AS65001
AS65003 AS65002
Cannot load share
10.0.0/8
router-a#sh ip bgp 10.0.0.0
65001 65002
192.168.1.1 from 192.168.1.1 (192.168.1.1)
Origin IGP, metric 0, localpref 100, valid, internal,
65003 65002
192.168.2.2 from 192.168.2.2 (192.168.2.2)
Origin IGP, metric 0, localpref 100, valid, internal, best
TECRST-2021
BGP Cores
Deployment
 Even when two paths are learned AS65000
from the same AS through eBGP,
BGP won‘t load share between A B
them by default
 But we could get load sharing by
building a single multihop session C
between B and C AS65001
router-a#sh ip bgp 10.0.0.0 D

65001 65002
192.168.1.1 from 192.168.1.1 (192.168.1.1)
AS65003
Origin IGP, metric 0, localpref 100, valid, internal,AS65002
65001 65002 10.0.0/8
192.168.2.2 from 192.168.2.2 (192.168.2.2)
Origin IGP, metric 0, localpref 100, valid, internal, best

Only one route is Routing entry for 10.0.0.0/8
installed in the * 192.168.1.1 , from 192.168.1.1 , 00:00:09 ago
routing table Route metric is 0, traffic share count is 1
AS Hops 2
TECRST-2021
BGP Cores
Deployment
The eBGP session is set router bgp 65000
up as a multihop session neighbor 192.168.2.1 ebgp-multihop 2 AS65000
between the loopbacks neighbor 192.168.2.1 update-source
192.168.1.1
! 192.168.1.1
ip route 192.168.2.1 255.255.255.255 10.1.1.1
ip route 192.168.2.1 255.255.255.255 10.1.2.1 A
There are multiple paths
between the loopbacks router-a#sh ip bgp 10.0.0.0
65001
192.168.2.1 from 192.168.2.1 (192.168.1.1)
Origin IGP, valid, internal, best eBGP
10.1.2.1
10.1.1.1
Routing entry for 10.0.0.0/8
192.168.2.1, from 192.168.2.1, 00:00:09 ago
There‘s only one path to Route metric is 0, traffic share count is 1
10.0.0.0/8, but there are AS Hops 1
multiple paths to the next
router-a#show ip route 192.168.2.1
hop; A load shares
Routing entry for 192.168.2.1/32 B
between the two possible * 10.1.1.1 from 0.0.0.0, 00:00:00 ago
paths to the next hop Route metric is 0, traffic share count is 192.168.2.1
1
10.1.2.1 from 0.0.0.0, 00:00:00 ago
Route metric is 0, traffic share count is AS65001
1
TECRST-2021
Outside Connections
Advertising Routes Outside
 If the BGP running in the core
is not going to touch, in any Internet
Partner
way, connections to outside
networks, use private AS
numbers throughout, even DMZ
for the network core
BGP core
Routes generated at the
edge, rather than passed
through from the core
TECRST-2021
Outside Connections
 If routes are passed through
the BGP core, a public AS Internet
Partner
number can be used for
the core
 The IGP areas can be assigned Routing
private AS numbers information
passes
Advertisements from the IGP through the
areas can be filtered at the edge core
towards the outside networks
The routing information can be
BGP core
aggregated at the edge
TECRST-2021
Outside Connections
! permit anything in 10.1.4.0/20 to partner 1
ip prefix-list pl-ptner1 permit 10.1.40.0/20 ge 21 Partner 1
! Internet
! permit anything from private as 65005 to partner 1
ip as-path access-list 100 permit ^.*_65005$
!
! route map putting partner 1’s filters together
route-map rm-ptner1 permit 10 BGP
match ip address prefix-list pl-ptner1 Core
route-map rm-ptner1 permit 20
match as-path 100
route-map rm-ptner1 deny 30
!
! other filters as needed for other partners
!
router bgp <public as number>
! aggregate public address space to the internet
aggregate-address 192.168.40.0 255.255.248.0 summary-only
neighbor <internet> remote-as <isp as>
! build peering with partner 1 and put filters on
neighbor <partner1> remote-as <partner as>
neighbor <partner1> route-map rm-ptner1 out
TECRST-2021
Outside Connections
 You can also use communities
to express filtering from the IGP Partner
areas into outside networks Internet
 Communities are opaque ―route 10.2.2.2

tags‖ which can carry policy on 10.1.1.1 BGP
a per prefix basis in BGP Core
Filter outbound to
 This could be combined with partners based on
communities; aggregate
aggregation, as well, for public towards the Internet
address space advertised into
the Internet
Apply communities
marking routes to be
filtered
TECRST-2021
Outside Connections
route-map to-ptner1 permit 10
match community 10
set community NO_EXPORT
route-map to-ptner1 deny 20
Partner 1
! Internet
route-map to-ptner2 permit 10
match community 20
set community NO_EXPORT
route-map to-ptner2 deny 20
! BGP
router bgp 65000 Core
neighbor <partner 1> route-map to-ptner1 out
neighbor <partner 2> route-map to-ptner2 out
! routes to advertise to partner 1
access-list 10 permit 10.2.8.0/24
! routes to advertise to partner 2
access-list 20 permit 10.2.9.0/24
!
route-map tocore permit 10 ! routes to advertise to partner 1
match ip address 10 access-list 10 permit 10.1.1.0/24
set community 1000 !
route-map tocore permit 20 route-map tocore permit 10
match ip address 20 match ip address 10
set community 2000 set community 1000
! !
router bgp 65004 router bgp 65005
neighbor <bgp core> route-map tocore out neighbor <bgp core> route-map tocore out
TECRST-2021
Outside Connections
 Make use of the NO_EXPORT community to prevent
routes from leaking out of the BGP core
 Make use of the NO_EXPORT community to prevent
routes from leaking out from partner networks to
their peers
 In the future, more interesting filtering capabilities
will be built on BGP communities
NOPEER community for BGP route scope control
http://www.ietf.org/rfc/rfc3765.txt
Controlling the redistribution of BGP routes
http://www.ietf.org/proceedings/03mar/I-D/draft-ietf-
ptomaine-bgp-redistribution-02.txt
TECRST-2021
Outside Connections
Internet Connection Considerations
 Should you run BGP at all to
connect to the Internet?
ISP
 If you are connecting in a single
place, no
 Distribute a default into your
192.168.1.0/24 A
network, and allow the ISP to
originate the routes to your
networks at their edge B
 If you are dual homed to the same 0.0.0.0/0
Enterprise
192.168.1.0/24
ISP in the same physical location, C
there‘s no reason to run BGP
TECRST-2021
Outside Connections
 If you are dual homed to the ISP A
same SP in two different AS65000
locations, you may want to
accept at least partial routes
London Raleigh
at both locations, and use the
MED to route optimally Optimal Closest
path to exit path
 If you always want to take the London to
closest exit point out of your London
network, however, you don‘t London New York

need to run BGP
Enterprise
192.168.1.0/24
TECRST-2021
Outside Connections
 If you are dual homed to
two ISPs, you should run ISP A
AS65000
BGP to advertise routing
information to both of them
ISP B
 This doesn‘t mean you A AS65001
should accept the full
routing table from both
service providers, however 192.168.1.0/24
 You can still originate a 0.0.0.0/0

local default route into your
Enterprise
network, and accept no 192.168.1.0/24
routes from either SP
TECRST-2021
Outside Connections
 Why would you accept partial routes?
 So you can optimally route to destinations connected to
one of the ISP‘s you‘re peering to, while allowing traffic
to more distant destinations to flow along default routes
 Typically, you will accept all of the routes originated by
each ISP, and possibly the routes of each of their
directly connected customers
TECRST-2021
Outside Connections
Match any single AS ISP A

number repeated any AS65000
number of times
Match any AS path starting ISP B

with AS65000 AS65001
ip as-path access-list 100 permit ^65000(_[1-9]*)\1*$

ip as-path access-list 110 permit ^65001(_[1-9]*)\1*$
!
router bgp 65002
neighbor <ISP A> remote-as 65000
neighbor <ISP A> filter-list 100 in
neighbor <ISP B> remote-as 65001 Enterprise
neighbor <ISP B> filter-list 110 in AS65002
TECRST-2021
Outside Connections
 You can also ask the ISP
to filter the routes they are ISP A
AS65000
sending at the edge of their
network, which reduces the
load on your edge router ISP B
AS65001
Filter for connected

customer and
originated routes
Enterprise
Accept all AS65002
advertised
routes
TECRST-2021
Outside Connections
 You could ask the ISP to configure Outbound Route
Filtering, which allows you to configure the filters, but
the ISP router actually filters the routes
http://www.cisco.com/en/US/partner/products/sw/iosswrel/ps18
39/products_feature_guide09186a0080087c26.html
http://www.ietf.org/internet-drafts/draft-ietf-idr-route-filter-10.txt
 This only works for prefix based filters, not for AS Path
filters right now
http://www.ietf.org/internet-drafts/draft-ietf-idr-aspath-orf-06.txt
AS Path ORF support is planned in Cisco IOS
TECRST-2021
Outside Connections
 ISP advertises some
route to AS65002, which then ISP A
AS65000
readvertises the route to ISP B
 ISP B chooses the path 172.18.1.0/24
ISP B
through AS65002 as the best AS65001
path, directing all traffic for Best path for
that destination through the 172.18.1.0/24
customer‘s network
 The customer network has
become a transit
Enterprise
AS65002
TECRST-2021
Outside Connections
 How can you prevent this from happening?
 One common way is to count on lack of synchronization
to prevent routes from being readvertised
Don‘t count on synchronization; at some point it will be off
by default!
 Filtering these routes is simple; a single line AS path

access list will do the right thing
TECRST-2021
Outside Connections
ISP A
AS65000
ISP B
ip as-path access-list 100 permit ^$ AS65001
!
router bgp 65002
neighbor <ISP A> remote-as 65000
neighbor <ISP A> filter-list 100 out
neighbor <ISP B> remote-as 65001
neighbor <ISP B> filter-list 100 out
Enterprise
AS65002
TECRST-2021
Outside Connections
 You dual home to gain diversity ISP C
in your routing path:
If a links fails due to ISP A
AS65000
backhoe fade, you still
have a connection to
the outside
ISP B
If an ISPs fails, you still AS65001
have a connection to
the outside
 What if the two physical links
run through the same conduit?
 What if both ISPs use the
same upstream?
Enterprise
AS65002
TECRST-2021
Outside Connections
 The Problem:
Logical Diversity isn‘t the same as physical diversity
Diversity of any type at one point doesn‘t guarantee diversity
throughout; things may recombine at some point
 The Solution:
When dual homing, try to dual home from and to physically
diverse points
If dual homing from the same physical location, consider using
a single provider, and putting physical diversity in the contract
Try to ensure that your providers aren‘t dependant on each
other, or on a common point behind them
TECRST-2021
BGP/IGP Interaction
BGP Synchronization
 G advertises 10.1.1.0/24 10.1.1.0/24 via B
to F through eBGP; F A
readvertises it to B
G is reachable via D eBGP
through iBGP
 B checks its local routing B
BGP AS
table, and finds that G is 10.1.1.0/24 via G
reachable, so it installs D iBGP E
the route, and advertises
10.1.1.0/24 to A
through eBGP F
eBGP
10.1.1.0/24
TECRST-2021
BGP/IGP Interaction
BGP Synchronization
 A receives a packet for 10.1.1.0/24 via B
10.1.1.1, and forwards it to B A
10.1.1.0/24 via G
 B examines its routing table, G is reachable via D eBGP
and finds the next hop is G,
a recursive route, and find B
BGP AS
the next hop of the recursive
route is D, so it forwards the D iBGP E
packet to D
No route to
 D, since it‘s not running BGP at 10.1.1.0/24!
F
all, has no route to 10.1.1.0/24,
so it drops the packet! eBGP
10.1.1.0/24
TECRST-2021
BGP/IGP Interaction
BGP Synchronization
 Synchronization solves this
by forcing the IGP and BGP A
routing tables to match before No IGP route to eBGP
a route can be advertised to 10.1.1.0/24; don‘t
a peer advertise to
eBGP peers B
BGP AS
 B would not advertise
10.1.1.0/24 to A if the route D iBGP E
isn‘t reachable via some
path other than BGP
F
 Unless you want 150,000
routes in your IGP, this isn‘t eBGP
very useful
G
10.1.1.0/24
TECRST-2021
BGP/IGP Interaction
BGP Synchronization
 The more general solution
is to run BGP on D an E, A
and disable synchronization
eBGP
 This requires running full
mesh iBGP on B, D, E, and Full mesh iBGP B
BGP AS
F, or running route reflectors
in the core D E
eBGP
10.1.1.0/24
TECRST-2021
BGP/IGP Interaction
BGP/IGP Interaction
 Conveys relative preference of entry points
 Lowest MED is best—Default is no MED==0
 Comparable only if paths are from same AS
 Non-transitive—Do not pass MED from one AS to another
 route-map: set metric
set metric-type internal
CITY A CITY A
AS 6 AS 3
AS 1 AS 2
AS 5 AS 4
CITY B
TECRST-2021
BGP/IGP Interaction
Set MED to IGP Metric
AS 6
AS 1 AS 2
B
AS
Configuration:
router bgp 1
neighbor x.x.x.x remote-as 2
neighbor x.x.x.x route-map set_MED out
!
route-map set_MED permit 10
match as-path 2
set metric-type internal
TECRST-2021
BGP/IGP Interaction
Wait for BGP
 E is learning 10.1.1.0/24 through 10.1.1.0/24
iBGP from D with a next hop
of A
C starts and A
 E examines the path to A, and provides a
better path to eBGP
finds an IGP route through D A
to A; it installs this route in the Original
best path
routing table 10 B 20 to A
 C is now inserted into the C D

circuit; after a few seconds,
the IGP has converged, and 10 20
E
E now chooses C as the best Full iBGP
path to A mesh
TECRST-2021
BGP/IGP Interaction
Wait for BGP
 However, BGP takes much 10.1.1.0/24
longer to converge if C is
accepting full routes (about
150,000 routes) from A; at A
least five minutes eBGP
 When E forwards packets

to C for 10.1.1.1, C hasn‘t 10 B 20
finished building its BGP
tables, so it doesn‘t know C D
how to reach this destination
10 20
C has no path E
 C drops the packets to 10.1.1.0/24 full iBGP
mesh
TECRST-2021
BGP/IGP Interaction
Wait for BGP
 Instead, once the IGP has 10.1.1.0/24
converged, C signals its IGP
neighbors that they should
not route this direction A
 The IGP remains in this state eBGP
until BGP notifies the IGP it

has converged 10 B 20
 E will continue using D as its C D

best path to A, even though
a better one is available, 10 20
E
until BGP converges on C Don‘t use me yet! Full iBGP
mesh
TECRST-2021
BGP/IGP Interaction
Wait for BGP
 OSPF uses max-metric router-lsa on-startup wait-for-
bgp to configure this feature
Available in 12.2T
http://www.cisco.com/en/US/partner/products/sw/iosswrel/
ps1839/products_feature_guide09186a0080087c09.html
 IS-IS uses set-overload-bit on-startup wait-for-bgp to

configure this feature
Available in 11.3
http://www.cisco.com/en/US/tech/tk365/tk381/technologies_
tech_note09186a00800a4bb1.shtml
TECRST-2021
Summary
TECRST-2021
Other References
ASIN: 1578701651 ISBN: 0201657732 ISBN: 1587051877
TECRST-2021
Other References
ISBN: 1587050323 ISBN: 1578702208 ISBN: 0201657724
TECRST-2021
Other References
ISBN: 0321127005 ISBN: 1587051095 ISBN: 0201379511
TECRST-2021
Recommended Reading
 Continue your Networkers at
Cisco Live learning experience with
further reading from Cisco Press
 Check the Recommended Reading
flyer for suggested books
Available Onsite at the Cisco Company Store

TECRST-2021
Q and A
TECRST-2021
Complete Your Online
Session Evaluation
 Win fabulous prizes; give us

your feedback
 Receive ten Passport Points
for each session evaluation
you complete
 Go to the Internet stations
located throughout the
Convention Center to complete
your session evaluation
 Winners will be announced
daily at the Internet stations
TECRST-2021
TECRST-2021

Cisco Net Workers - Deploying Interior Gateway Protocols (2007)

Încărcat de

Informații document

Descriere originală:

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Cisco Net Workers - Deploying Interior Gateway Protocols (2007)

Încărcat de

Drepturi de autor:

Formate disponibile

TECRST-2021

Optimal Routing Design

 The three primary goals: Redundancy High Availability Scaling

 Device failure, resolved through:

 Operational Expenses are directly tied to:

 Do these network design principles impact

 Easier to grasp and troubleshoot

 Resiliency is the ability of the network to adjust

 In general: Avoid Brittleness!

Yes Severe Weather with Local Power Failure? No

The Worst Case or the Common Case?

 Mean Time To Repair (MTTR)

 There are other resilient techniques besides redundancy

The 2AM Rule of Thumb

The DR must be the spoke_router#show run

 Going back to our design goals

What Do We Gain by Hiding Information?

the host addresses attached 192.168.1.3

reachable destinations in the

 Even if the link between A and 192.168.0.0/22

reachable via some other path)

reduces the amount of data

If every application stream over

The more ―global‖ the

Data Plane Only

L2VPNs  Multiple virtual Layer 2 Moderately simple to

 This only creates

 This only creates Nevada

long address allocation

network topology 10.2.2.0/24

Creates summarization points

You could use private 10.2.0.0/16

 You‘re using the summary to

 EIGRP takes its summary metric from the component

 IS-IS takes its summary cost from the component route

 A forwards traffic to 10.1.1.1 B C

area 1 range 10.1.0.0 255.255.254.0

ip prefix-list AREA_1_OUT seq 10 permit 0.0.0.0/0

 You can use route leaking to A B

 There are several techniques we

 EIGRP also allows

interface serial 0/0

advertising a default route only

how to get there

on Router B will reduce the 10.2.1.0/24

Interface serial 0/0

route-map LeakList permit 10 A B

route-map LeakList permit 10

 The gains might seem small, B

 Autonomous System Border ==

 In a ―Not So Stubby Area A 10.1.3.0/24  C

 3000 routers: 195 to 205 ms

in SPF run time

 The primary cost in 10 ms

 Which one is right for

 The core is often mesh or

black holes, however

 Within the core, avoid

 This should take all the policy

 This can cause a lot of odd and

 Access layer routers should be

 Try to separate complex Full mesh core

network .... area 2 stub nosummary