Documente Academic
Documente Profesional
Documente Cultură
Overview
Building Scalable Cisco Networks (BSCN) is an instructor-led course presented by Cisco Systems, Inc. training partners to their end-user customers. This fiveday course focuses on using Cisco routers connected in local area networks (LANs) and wide area networks (WANs) typically found at medium to large network sites. Upon completion of this training course, you will be able to select and implement the appropriate Cisco IOS services required to build a scalable routed network. This chapter highlights the course prerequisites and course highlights as well as some administrative issues. It includes the following topics:
s s s s s s s s
Course Objectives Course Topics Prerequisites Participant Role General Administration Sources of Information Course Syllabus Graphic Symbols
Course Objectives
This section lists the course objectives.
Course Objectives
Upon completion of this course, you will be able to perform the following tasks:
Given a network specification that calls for simplifying IP address management at branch offices by centralizing addresses, select and configure the appropriate services Given a network specification calling for a scalable routed network that includes link state protocols and redistribution, implement the appropriate technologies
1999, Cisco Systems, Inc.
www.cisco.com
BSCN1-2
Upon completion of this course, you will be able to perform the following highlevel tasks:
s
Select and configure a scalable IP address solution (including route summarization) for a branch office environment, given a list of specifications Select and implement the technologies necessary to redistribute between and to support multiple, advanced, IP routing protocols, given a network specification
www.cisco.com
BSCN1-3
Configure and test edge router connectivity (either single or multi-homed connection) into a BGP network, given a network specification Configure access lists, given a need to control access to devices and to selectively reduce overhead traffic in the network
Introduction
1-3
Given various network specifications calling for multiple routed and routing protocols, implement case studies that reflect a scalable internetwork
www.cisco.com
BSCN1-4
Implement the results of case study discussions in a laboratory environment, given a specification containing multiple routed and routing protocols
Course Topics
This section lists the topics that will be covered in this course.
Course Topics
BGP AS #1 BGP AS #2
Legend
FastEthernet/ Ethernet Primary Secondary
www.cisco.com
BSCN1-5
The figure shows a high-level overview of a network that you should be able to build at the end of this class. To accomplish this course goal, you will be taught how to configure Cisco routers with Ethernet LAN and serial WAN interfaces. You will configure the following on a Cisco device: Transmission Control Protocol/Internet Protocol (TCP/IP) and Internet Protocol (IP) addresses Hierarchical addressing using variable length subnet masking (VLSM) and s route summarization Routing protocols: Enhanced Internet Gateway Routing Protocol (EIGRP), s Open Shortest Path First (OSPF), and Border Gateway Protocol (BGP) Redistribution between different routing protocols s Access lists to control IP traffic and routing updates s Serial WAN connections over interfaces that use High-Level Data Link s Control (HDLC) and Point-to-Point Protocol (PPP) Serial WAN connections over subinterfaces that use Frame Relay s encapsulation Configuration, verification, and troubleshooting are done with Cisco IOS software.
s
Introduction
1-5
Prerequisites
This section lists the courses prerequisites.
Prerequisites
Working knowledge of the OSI reference model and the hierarchical model Understanding of internetworking fundamentals Operating and configuring a Cisco IOS device Working knowledge of the TCP/IP stack and how to configure a routed protocol, such as IP
Understanding distance vector routing protocol operation and configuring RIP and IGRP Determining when to use static and default routes and enabling them on a Cisco router
www.cisco.com
BSCN1-6
To fully benefit from BSCN, you should already possess certain prerequisite skills. The skills are presented in the following figures. These skills can be gained from self-paced/instructor-led training sessions and from work experience. These prerequisites are highlighted in the figures and are outlined on the following pages. The participant should have a working knowledge of:
s s s s s s
Commonly used networking terms, numbering schemes, and topologies The Open System Interconnection (OSI) reference model Operation and configuration of a Cisco router TCP/IP stack and configuration of IP addresses Distance-vector routing protocol (RIP, IGRP) operation and configuration Static and default route usage, implementation, and configuration
Prerequisites
Displaying and interpreting a Cisco routing table Enabling an IP standard and extended access list Enabling a WAN serial connection Configuring Frame Relay PVCs on interfaces and subinterfaces
Verifying router configurations with available tools like show and debug commands
www.cisco.com
BSCN1-7
Contents and interpretation of a Cisco routing table Traffic filtering with standard and extended access lists Verifying router configuration using show and debug command output WAN serial interface configuration using HDLC WAN serial interface configuration using Frame Relay PVCs
Introduction
1-7
Prerequisites
Successful completion of:
Internetworking Technologies Multimedia (ITM) Plus ...
www.cisco.com
BSCN1-8
The participant should already possess certain knowledge and skills gained in a structured learning environment. These skills can be gained from completing the Internetworking Technology Multimedia (ITM) CD-ROM plus a combination of instructor-led training sessions. These courses are highlighted in the figure and are outlined below:
s
Introduction to Cisco Router Configuration (ICRC) contains router configuration basics and Cisco LAN Switch Configuration (CLSC) contains LAN switch configuration basics Cisco Router and LAN Switches (CRLS) contains router and LAN switch configuration basics Interconnecting Cisco Network Devices (ICND) contains router and LAN switch configuration basics
Participant Role
This section discusses your responsibilities as a student.
Participant Role
Student role
Meet prerequisites Introduce yourself Ask/answer questions
www.cisco.com
BSCN1-9
To take full advantage of the information presented in this course, you should meet the prerequisites for this class. Introduce yourself to the instructor and other students who will be working with you during the five days of this course. You are encouraged to ask any questions relevant to the course materials. If you have pertinent questions concerning other Cisco features and products not covered in this course, please bring these topics up during breaks or after class and the instructor will try to answer the questions or direct you to an appropriate information source.
Introduction
1-9
Your name and work location Your job responsibilities Your internetworking experience Your objectives for this week
www.cisco.com
BSCN1-10
Introduce yourself, stating your name and the job function you perform at your work location. Briefly describe what exposure you have with installing and configuring Cisco routers, attending Cisco classes, and how your work experience helped you meet the prerequisites highlighted earlier. You should also state what you expect to learn from this course.
General Administration
This section highlights miscellaneous administrative tasks that must be addressed.
General Administration
Class-related
Sign-in sheet Length and times Participant materials Attire
Facilities-related
Rest rooms Site emergency procedures Break and lunch room locations Communications
www.cisco.com
BSCN1-11
The instructor will discuss the administrative issues in detail so you will know exactly what to expect from both the class and facilities. The following items will be discussed:
s s s s s s s s
Recording your name on a sign-in sheet The starting and anticipated ending time of each class day What materials you can expect to receive during the class The appropriate attire during class attendance Rest room locations What to do in the event of an emergency Class breaks and lunch facilities How to send and receive telephone, email and fax messages
Introduction 1-11
Sources of Information
This section identifies additional sources of information.
Sources of Information
www.cisco.com
BSCN1-12
Most of the information presented in this course can be found on the Cisco Systems Web site or on CD-ROM. These supporting materials are available in HTML format, and as manuals and release notes. To learn more about the subjects covered in this course, feel free to access the following sources of information:
s s s
Cisco Documentation CD-ROM or www.cisco.com ITM CD-ROM or www.cisco.com Cisco IOS 12.0 Configuration Guide and Command Reference Guide
All of these documents can all be found at the following URL: http://www.cisco.com
Course Syllabus
This section discusses the weeks schedule.
Course Syllabus
Module 1
Building Scalable Cisco Networks Introduction
Module 2
Scalable Routing Protocol Overview Configuring OSPF in a Single Area
Module 3
Managing Traffic and Access Configuring IP Access List Optimizing Routing Update Operation Scaling IP Addresses in Your Internetwork Implementing Scalability Features in Your Internetwork
BSCN1-13
Interconnecting Multiple OSPF Areas Configuring Enhanced IGRP Configuring Basic Border Gateway Protocol Implementing BGP in Scalable ISP Networks
Routing Principles
Extending IP Addressess
www.cisco.com
The following schedule reflects the recommended structure for this course. This structure allows enough time for your instructor to present the course information to you and for you to work through the laboratory exercises. The exact timing of the subject materials and labs depends on the pace of your specific class. Module 1, Scalable Internetworks The purpose of the module is to introduce you to the training room and the BSCN network environment. This section describes the characteristics of scalable networks and provides a review of routing fundamentals. You will also be introduced to methods for extending IP addresses, such as VLSM and route summarization. Module 1 includes the following chapters:
s s s s
Chapter 1Building Scalable Cisco Networks Introduction Chapter 2Overview of Scalable Internetworks Chapter 3Routing Principles Chapter 4Extending IP Addresses
Module 2, Scalable Routing Protocols The purpose of the module is to describe the operation and configuration of different, sophisticated, routing protocols. You will learn to configure OSPF, Enhanced IGRP and BGP.
Copyright 1999, Cisco Systems, Inc. Introduction 1-13
Chapter 5Scalable Routing Protocols Overview Chapter 6Configuring OSPF in a Single Area Chapter 7Interconnecting Multiple OSPF Areas Chapter 8Configuring Enhanced IGRP Chapter 9Configuring Basic Border Gateway Protocol Chapter 10Implementing BGP in Scalable ISP Networks
Module 3, Controlling Scalable Internetworks The purpose of the module is to describe ways to control overhead traffic, including routing updates, in a growing network environment. You will also learn how to control network access using access lists. In this section, you will learn about redistributing routes between different routing protocols such as RIP, IGRP, Enhanced IGRP and OSPF. After a discussion on scalable IP address solutions, the module completes with a comprehensive lab implementing most of the scalability features discussed throughout the course. Module 3 includes the following chapters:
s s s s s
Chapter 11Managing Traffic and Access Chapter 12Configuring IP Access Lists Chapter 13Optimizing Routing Update Operation Chapter 14Scaling IP Addresses in Your Internetwork Chapter 15Implementing Scalability Features in Your Internetwork
Graphic Symbols
This section illustrates symbols that are used throughout the course.
Graphic Symbols
Multi-layer Network switch switch
Bridge
Switch
Router
Access server
DSU/CSU
ISDN switch
Personal computer
File Server
Modem
Web Server
WAN cloud
Hub
Ethernet
1999, Cisco Systems, Inc.
Serial Line
These symbols are used in the graphical presentations of this course to represent device or connection types.
The addressing schemes and telephone numbers used in this course are Note reserved and not to be used in the public network. They are used in this course as examples to facilitate learning. When building your network, use only the addresses and telephone numbers assigned by your network designer and service provider.
Introduction 1-15
1-1
Objectives
Upon completion of this chapter, you will be able to perform the following tasks:
Describe the key requirements of a scalable internetwork Select a Cisco IOS feature as a solution for a given internetwork requirement
www.cisco.com
BSCN2-2
Objectives
This chapter defines scalable internetworks and discusses some of the Cisco IOS features that can be used to meet the needs of these networks. Topics include:
s s s s s s
Objectives Scaling Large Internetworks Characterizing Scalable Internetworks Summary Written Exercise: Overview of Scalable Internetworks Answers to Exercise
2-2
Core
Campus Backbone
Distribution Access
Branch Office
www.cisco.com
BSCN2-3
2-3
Distribution
Access
Dial-In Branch Office Workgroups Telecommuter
www.cisco.com
BSCN2-4
Core routers provide services that optimize communication among routes at different sites or in different logical groupings. In addition, core routers provide maximum availability and reliability. Core routers should be able to maintain connectivity when LAN or WAN circuits fail at this layer. Distribution routers control access to resources that are available at the core layer, and must make efficient use of bandwidth. In addition, a distribution router must address the quality of service (QoS) needs for different protocols by implementing policy-based traffic control to isolate backbone and local environments. Access routers control traffic by localizing broadcasts and service requests to the access media. Access routers must also provide connectivity without compromising network integrity. For example, the routers at the access point must be able to detect whether a telecommuter dialing in is legitimate, with minimal authentication steps required by the telecommuter.
2-4
www.cisco.com
BSCN2-5
Reliable and availableThis includes being dependable and available 24 hours, 7 days a week. In addition, failures need to be isolated and recovery must be nonvisible to the end user. ResponsiveThis includes managing the QoS needs for the different protocols being used without affecting response at the desktop. For example, the internetwork must be able to respond to latency issues common for Systems Network Architecture (SNA) traffic, but still allow for the routing of desktop traffic, such as IPX, without compromising QoS requirements. EfficientLarge internetworks must optimize the use of resources, especially bandwidth. Reducing the amount of overhead traffic such as unnecessary broadcasts, service location, and routing updates results in an increase in data throughput without increasing the cost of hardware or the need for additional WAN services. AdaptableThis includes being able to accommodate disparate networks and interconnect independent network clusters (or islands), as well as to integrate legacy technologies, such as those running SNA. Accessible but secureThis includes the ability to enable connections into the internetwork using dedicated, dialup, and switched services while maintaining network integrity.
2-5
www.cisco.com
BSCN2-6
Scalable protocolsIncludes Open Shortest Path First (OSPF) and Enhanced IGRP (EIGRP). These protocols provide the following features:
ReachabilityScalable networks, including those using a hierarchical design, can have a large number of reachable networks or subnetworks. These networks can be subject to reachability problems due to metric limitations of distance vector routing protocols. Scalable routing protocols such as OSPF and EIGRP use metrics that expand the reachability potential for routing updates because they use cost, rather than hop count, as a metric. Fast convergence timeScalable protocols can converge quickly because of the routers ability to detect failure rapidly and because each router maintains a network topology map. Routers also forward network changes quickly to all routers in the network topology.
2-6
Use routing protocols that Use alternate paths Load balance Use dial backup over WANs
1999, Cisco Systems, Inc.
www.cisco.com
BSCN2-7
Alternate pathsScalable protocols, such as EIGRP and OSPF, enable a router to maintain a map of the entire network topology, so when a failure is detected the router can reroute traffic by looking at the network topology and finding another path. Enhanced IGRP is also a feasible solution because it keeps a record of alternate routes in case the preferred route goes away. Load balancingBecause scalable protocols have a map of the entire network topology, and because of how they maintain their routing tables, they are able to transport data across multiple paths to a given location simultaneously.
Dial backupOn WAN connections, you can configure backup links when you need to do the following:
Make the primary WAN connection more reliable by configuring one or more on backup connections. Increase availability by configuring the backup connections to be used when a primary connection is experiencing congestion.
2-7
Optimize bandwidth utilization using Access lists Route summarization Incremental updates
1999, Cisco Systems, Inc.
www.cisco.com
BSCN2-8
Access listsCan be used to permit or drop (deny) protocol update traffic, data traffic, and broadcast traffic. Access lists are available for IP and other protocols and can be tailored to meet the needs for each protocol. For example, an access list can be defined by Transmission Control Protocol (TCP) port or by other criteria, depending on the situation. Reduce the number of routing table entriesYou can reduce the number of router processing cycles by reducing the overall number of routing entries in a routers routing table. This can be done using the following Cisco IOS features:
Route summarizationThe number of entries in a routing table can be reduced by using route aggregation or, as it is more commonly known, route summarization. Summarization of routes occurs at major network boundaries for most routing protocols. Some IP routing protocols, such as OSPF and Enhanced IGRP, allow manual summarization on arbitrary boundaries within the major network. Careful planning and address allocation is required for route summarization to be most effective. Incremental updatesProtocols such as Enhanced IGRP and OSPF make more efficient use of bandwidth than distance vector protocols by only sending topology changes rather than the entire routing table contents at fixed intervals.
2-8
www.cisco.com
BSCN2-9
Dial-on-demand routing (DDR)Connections for infrequent traffic flow can be accomplished using DDR. Active links are created only after interesting traffic is detected by the router. This only as required service replaces dedicated circuits that are charged for even when that link is idle. Switched accessPacket-switched networks such as X.25 and Frame Relay offer the advantage of providing global connectivity through a large number of service providers with established circuits to most major cities. Snapshot routingAllows peer routers to exchange full distance vector routing information upon initial connection, then on a predefined interval. Typically used with ISDN, this feature can reduce WAN costs when using distance vector protocols because routing information is exchanged at an interval you define. Between update exchanges, the routing tables for the distance vector protocols are kept frozen. Compression over WANsSeveral compression techniques can be used to reduce traffic that is crossing a WAN connection. Cisco supports TCP/IP header compression and data (payload) compression. In addition, you can configure link compression, which compresses header and data information in packets that cross point-to-point (leased lines) connections. Compression is accomplished in software by the router before the frame is placed on the medium.
2-9
IP
SNA
SNA
www.cisco.com
BSCN2-10
Mixing routable and nonroutable protocolsA network delivering both routable and nonroutable traffic has some unique problems. Most nonroutable protocols lack a mechanism to provide flow control and are sensitive to delays in delivery. Any delays in delivery or packets arriving out of order can result in session loss. Integrating islands of networksMany companies are integrating islands of networks that are typically using different protocols in their hierarchical design. In this case, you can add any protocols used by the network islands to the core layer, or create a tunnel in the backbone that will connect the network islands but not add new protocol traffic to the core backbone. Meeting the varying requirements for each protocol in the internetwork When multiple protocol traffic is present, the network must be balanced between the special needs of each protocol.
In this course, Cisco IOS features that focus on network adaptability are as follows:
s s
EIGRPA routing protocol that supports IP, IPX, and AppleTalk traffic. RedistributionYou can exchange routing information between networks that are using different routing protocols.
2-10
www.cisco.com
BSCN2-11
Dedicated accessCisco routers can be directly connected to basic telephone service or digital services such as T1/E1. This means that you can create a core WAN infrastructure for heavy traffic loads, then use other access services for sporadic traffic requirements. Switched accessCisco routers support Frame Relay, X.25, SMDS, and ATM. With this variety of support, you can determine which switched service, or combination of switched services, to use, based on cost, location, and traffic requirements.
Exterior protocol supportCisco IOS supports several exterior protocols including Exterior Gateway Protocol (EGP) and Border Gateway Protocol (BGP). BGP, which is discussed in this course, is often used by Internet Service Providers (ISPs) and by organizations that want to connect to ISPs.
2-11
Secure access to and from each remote site Secure access to devices within a network
1999, Cisco Systems, Inc.
www.cisco.com
BSCN2-12
Access listsAccess lists can be defined to prevent user traffic from accessing portions of the network. Access lists can also assist in providing security because when they block user traffic effectively, the users themselves are being denied access to sensitive areas of the network. Authentication protocolsOn WAN connections using PPP, you can configure authentication protocols such as Password Authentication Protocol (PAP) or Challenge Handshake Authentication Protocol (CHAP).
For a complete discussion of how Cisco supports security, and how to make Note your network secure using Cisco products, refer to the Managing Cisco Network Security course.
2-12
Summary
Scalable internetworks must be reliable, responsive, efficient, adaptable, and accessible Routers can be specialized based on their location in the internetwork Cisco IOS features can be used to meet the requirements of today's scalable internetworks
www.cisco.com
BSCN2-13
Summary
Key points from this chapter include the following:
s
Scalable internetworks must meet several requirements, as listed in the graphic. Note that these requirements are more or less critical to meet at each layer of the three-layer hierarchy presented. Remember that routers should be configured based on the key functions they need to perform at a given layer of the hierarchy. The Cisco IOS provides a large number of features, but not all features should be configured on a router. Only those features that meet the desired network requirements should be enabled on the router.
2-13
Assigning each network problem one of the five requirements listed below. _____ Reliable and available _____ Responsive _____ Efficient _____ Adaptable _____ Accessible but secure
Listing one or more Cisco IOS features that can be used to correct each network problem.
Network Problem Connectivity restrictions Single paths available to all networks Too much broadcast traffic Convergence problems with metric limitations Competition for bandwidth Illegal access to services on the internetwork Single WAN links available to each remote site Expensive tariffs on WAN links that do not get much use Very large routing tables Integrate networks using legacy protocols Key Requirement Cisco IOS Feature(s)
2-14
Answers to Exercise
1999, Cisco Systems, Inc.
www.cisco.com
1-15
Answers to Exercise
2-15
Dedicated and switched access technologies BGP support Scalable protocols Dial backup Access lists Scalable protocols Scalable protocols Access lists Snapshot routing Compression over WANs Generic Traffic Shaping Access lists (not an end-all solution) Authentication protocols Lock and Key Security Dial backup Switched access technologies Route summarization Incremental updates Bridging mechanisms
s s
Efficient
s s
s s s s s
s s
Single WAN links available to each remote site Expensive tariffs on WAN links that do not get much use Very large routing tables
Responsive Efficient
s s
Efficient
s s
Adaptable
2-16
Routing Principles
Overview
This chapter covers concepts related to logical Internet Protocol (IP) network addresses and the usage of network masks to make routing decisions. The mechanisms by which Cisco routers learn and maintain knowledge of the network topology is also discussed. It includes the following topics:
s s s s s
IP Address Overview Subnetting Overview Distance-Vector Operation Link-State Operation Routing Table Analysis
Objectives
This section lists the chapters objectives.
Objectives
Upon completion of this chapter, you will be able to perform the following tasks:
List the key information routers need to route data Describe classful and classless routing protocols Compare distance vector and link-state protocol operation Describe the use of the fields in a routing table Given a pre-configured laboratory network, discover the topology, analyze the routing table, and test connectivity using accepted troubleshooting techniques
1999, Cisco Systems, Inc.
www.cisco.com
BSCN4-2
Objectives
This chapter covers a review of IP addressing and routing principles. The difference between distance vector and link-state routing protocol behavior is explained and an example of each is presented in a Case Study. Convergence issues surrounding the most commonly used interior routing protocols (RIP, IGRP, Enhanced IGRP and OSPF) are also presented. Upon completion of this chapter, you will be able to perform the following tasks:
s
List the major classes of IP addresses and describe the default mask associated with each Describe the requirements for subnetting a classful network Compare and contrast the two major functions performed by a router Describe, in detail, the functionality of each field in a routing table entry Explain the convergence steps used by the following routing protocols Routing Information Protocol (RIP) Interior Gateway Routing Protocol (IGRP) Enhanced IGRP Open Shortest Path First (OSPF)
s s s s
IP Addressing Review
This section contains review information related to IP addressing and subnetting concepts. Section topics are as follows:
s s s s
Classes of IP Addresses Default Routing Masks Creating Subnets by Extending the Mask Subnetting Examples
Routing Principles
3-3
IP Address Overview
32 bits
Network
Host
Once the network portion of the address is defined, all devices on the network will share the same binary pattern in the network portion
1999, Cisco Systems, Inc.
www.cisco.com
BSCN4-4
IP Address Overview
IP addresses are composed of 32 binary bits and uniquely identify devices within the Transmission Control Protocol/Internet Protocol (TCP/IP) domain. The TCP/IP domain includes all device connected to the Internet using the World Wide Web (WWW). An IP address contains two parts: a network part and a host part. The boundary between the two parts of the IP address is defined by another 32-bit field, referred to as a routing mask. There is a bit-for-bit alignment between the IP address and the routing mask. The routing mask contains a field of all ones and a field of all zeros. The routing mask contains contiguous ones starting at the left and moving to the right. The routing mask also contains a field of contiguous zeros starting at the right and moving to the left. Where the contiguous ones stop indicates the boundary between the network part and the host part of the IP address. The network boundary can occur at any place after the eighth bit position from the left. Once the boundary between the network part and the host part of the IP address is known, all devices addressed in that network will have a common binary pattern in the network part that identifies the device as belonging to the specified network.
IP Address Classes
IP address and associated mask are represented in 32-bit dotted decimal
Other formats are commonly used
Decimal value in the first octet determines the Class of the address
001 - 126 = Class A 128 - 191 = Class B 192 - 223 = Class C 224 - 239 = Class D 240 - 254 = Class E
1999, Cisco Systems, Inc.
www.cisco.com
BSCN4-5
IP Address Classes
Both the IP address and the associated routing mask contain 32 bits. Routing devices are similar to computers in that they both use the binary numbering scheme to represent addresses. Working with 32-bit binary numbers is the standard operational mode for a routing device. However, network administrators do not use binary numbers on a daily basis and have therefore adopted other formats to represent 32-bit IP addresses. Some common formats include decimal (base 10) and hexadecimal (base 16) notation. The generally accepted method of representing IP addresses and routing masks is to break the 32-bit field into four groups of eight bits and to represent those eightbit fields in a decimal format separated by decimal points. Hence the reference to IP addresses and routing masks being represented in 32-bit dotted decimal notation. Although the dotted decimal notation is commonly accepted, that notation means nothing to the routing device because the device internally uses the 32-bit binary string as an address identifier. All routing decisions are based on the 32-bit binary field. IP addresses belong to classes defined by the decimal value represented in the first eight bits (octet). The decimal number ranges are strictly dictated by the binary weights of the ones and zeros patterns within the octet. The class definition is referred to the First Octet Rule. Classes A through E are defined, but only Class A, B and C addresses are used to identify devices connected to the Internet. The two remaining classes are used for special or testing purposes.
Routing Principles
3-5
A bit for bit alignment exists between an IP address and its associated mask
www.cisco.com
BSCN4-6
201.
222. Network
5.
12 Host
Default Mask
255.
255.
255.
www.cisco.com
BSCN4-7
Routing Principles
3-7
Subnetting Overview
Moving the network boundary to the right creates additional subnetworks at the expense of fewer hosts on each segment The new network mask will contain additional contiguous ones indicating by how many bits the network portion has been extended The formula 2n, where n equals the number of extended bits, indicates the maximum number of subnets created
www.cisco.com
BSCN4-8
Subnetting Overview
When additional contiguous ones are added to the default routing mask, the allones field is longer and that extends the definition of the network part of an IP address. Adding bits to the network part of an address is responsible for decreasing the number of bits in the host part. Creating additional network binary patterns is done at the expense of the number of host devices that can occupy each network segment. The number of bits added to the point where the default routing mask ended creates a counting range. This binary range counts sub networks. Each count is a unique binary pattern and defines a location within the master network address space. The remaining bits not allocated as the network part or the subnetwork part form a counting range for hosts. Host addresses are selected from these remaining bits and must also be numerically unique from all other hosts on this network.
Creating Subnets
Extending the mask creates subnets
201. 222. 5. 0 Network 255. 255. 255. 224 Mask
Subnet Number
Host Number
128 64 32 16 8 4 2 1 1 1 1 0 0 0 0 0 S S S HH H H H
0 0 0 0 1 1 1 1
0 0 1 1 0 0 1 1
0 1 0 1 0 1 0 1
0 1 2 3 4 5 6 7
** Special usage
1999, Cisco Systems, Inc.
0 0 0 0 0 . . . 1 1
0 0 0 0 0 . . . 1 1
0 0 0 0 0 1 0 1 1 0 . . . . . . . . . 1 1 1 1
0 1 0 1 0 . . . 0 1
0 ** 1 2 3 4 . . . 30 31 **
BSCN4-9
www.cisco.com
Creating Subnets
In the example above, the network part has been extended and is indicated by the new mask of 255.255.255.224, which is three bits longer than the default mask of 255.255.255.0. Once the default routing mask has been extended, in this case by three bits, it creates a counting range to represent subnetworks. For the sample network of 201.222.5.0, the fourth octet now contains two counting ranges; a three-bit field for counting subnetworks and a five-bit field for counting hosts. Each counting range is displayed with individual binary weights assigned to the bit positions. As is true for eight-bit binary fields discussed earlier, the least significant bit (LSB) has a binary weight of one and is always located at the right side of the field. Each count is an assignment for a subnetwork or a discrete host. Reminder: The count of all zeros and of all ones in the host range is reserved for special usage. The count of all zeros represents the segment identifier and the count of all ones represents a broadcast address used to contact all hosts on that segment. Reminder: The count of all zeros in the subnetwork range must be explicitly allowed. The count of all ones has no special significance in the subnetwork range and identifies a location within the major network. Only after all of the binary counts have been performed, can the 32 binary bits be broken into four eight-bit fields and represented as a dotted decimal value. Only after the binary bits have been represented in dotted decimal notation does the IP address have significance to the network administrator. An example of the dotted decimal notation for the counting ranges is shown on the following page.
Routing Principles
3-9
Subnet Addressing
Before Before subnetting subnetting 201.222.5.0 255.255.255.0 201.222.5.0
Hosts/Seg. 254
30 30 . . . . . . . 30 210
BSCN4-10
www.cisco.com
Subnet Addressing
In the upper portion of the graphic, the Class C network of 201.222.5.0 is shown with all host addresses belonging to a single segment. This major network is associated with the default routing mask of 255.255.255.0. In the lower portion of the graphic, the default routing mask for network 201.222.5.0 has been extended by three bits, as indicated by the subnet mask of 255.255.255.224. The mask extension creates a three-bit counting range, which, using the 2n formula, generates eight possible counts. The seven counts which do not require additional configuration statements on the Cisco router are shown above. Subnetwork zero must be explicitly allowed using configuration commands in Cisco IOS releases prior to 12.0. In Cisco IOS Release 12.0 and later, subnet zero is enabled by default. Once each unique count is determined in the subnetwork range, the valid counts from the host range are added to it. The resulting decimal values represent a range of valid host addresses for each location (subnetwork) within the network address space. The function of extending the network mask (subnetting) creates additional unique locations within the network at the expense of fewer hosts on each segment. There is a small loss of usable host addresses due to the special usage of some bits within the host range. This loss of usable host addresses can be minimized by good network design with an eye toward address utilization on a per segment basis.
Routing Fundamentals
This section discusses the components that make up a routing decision. The different methods of learning and the mechanisms for maintaining the routers awareness of the network topology are covered in detail. These topics are consolidated into a discussion of how to read and understand the contents of a routing table display. Section topics are as follows:
s s s s
What is routing? Routing requirements Router functions Distance vector routing protocols
Operation Comparison
Operation Comparison
s s
What is Routing?
Routing is the process of forwarding an item from one location to another Routers forward traffic to a logical destination in a computer network Routers perform two major functions:
Routing
Learning the logical topology of the network
Switching
Forwarding packets from an inbound interface to an outbound interface
www.cisco.com
BSCN4-12
What is Routing?
What is routing? Routing is a relay system by which items are forwarded from one location to another. In computer networks, user generated traffic, such as electronic mail or graphic/text documents, is forwarded from a logical source to a logical destination. Each device in the network has a logical address so it can be reached individually or in some cases as part of a larger group of devices. For a router to act as an effective relay device, it must be able to understand the logical topology of the network and to communicate with its neighboring devices. The router understands several different logical addressing schemes and regularly exchanges topology information with other devices in the network. The mechanism of learning and maintaining awareness of the network topology is considered to be the routing function. The actual movement of transient traffic through the router is a separate function and is considered to be the switching function. Routing devices must perform both a routing and a switching function to be an effective relay device.
Routing Requirements
Is the protocol suite active on this device? Is the destination network known to this device?
Is there an entry in the routing table? Is the route currently available?
www.cisco.com
BSCN4-13
Routing Requirements
There are three major decisions that have to be made in order to make a routing decision. First and foremost, can the routing device understand the logical destination address? For a logical address understanding to exist within the router, the protocol suite that uses that logical addressing scheme must be enabled and currently active. Some examples of common aprotocol suites are TCP/IP, IPX, DECnet, and others. Secondly, once the router can understand the addressing scheme, does the destination logical network exist within the current routing table as a valid destination. If the destination logical network does not exist in the routing table, routing devices are programmed to discard the packet and to generate an Internet Control Message Protocol (ICMP) message to notify the sender of the event. Some network managers have successfully reduced the size of their networks routing tables by including only a few destination networks and manually specifying a default route entry. If specified, a default route will be followed if the destination logical network, as indicated by the packet header, is not included as part of this devices routing table. Lastly, if the destination network is in the routing table, through which outbound interface will the packet be forwarded? The routing table should contain only the best path to any given destination logical network. The best path to a destination network has been associated with a particular outbound interface by the routing protocol process. Routing protocols use a metric scheme to determine the best path to a destination. A smaller metric indicates a preferred path and if two or more paths have an equal lowest metric, then all of those paths will be equally shared. Sharing packet traffic across multiple paths is referred to as load balancing to the destination. Once the outbound interface is known, the router must also have an encapsulation solution to forward with. An encapsulation method (framing) is required to forward the packet to the next-hop logical device in the relay path.
Copyright 1999, Cisco Systems, Inc. Routing Principles 3-13
Routing Information
Most of the necessary information is contained in the routing table
II 172.16.8.0 172.16.8.0
I 172.16.8.0 [100 /118654] via 172.16.7.9 00:00:23 Serial0
[100/118654] via 172.16.7.9, 00:00:23, Serial0 [100/118654] via 172.16.7.9, 00:00:23, Serial0
-------How the route was learned (IGRP) Destination logical network/subnet Administrative distance (prioritization factor) Metric value (reachability) Next hop logical address (next router) Age of entry (in hours:minutes:seconds) Interface through which route was learned and through which the packet will leave
www.cisco.com
BSCN4-14
Routing Information
Most of the information required to perform the routing operation is included in the routing table on a per-entry basis. Each entry is created by the routing protocol process and indicates the following:
s
By which mechanism the was route learned. Learning methods can be either dynamic or manual entries. Logical destination address, expressed either as a major network or as a subnetwork of a major network. In isolated cases, host addresses can be contained in the routing table. Administrative distance; a measure of the trustworthiness of the learning mechanism. Metric; a measure of the aggregate path cost specified in a format consistent with the metric used by that routing protocol. Address of the next relay device (router) in the path to the destination. How current is the route information? This field indicates the amount of time the information has been in the routing table. Entry information is refreshed periodically to ensure it is current. The interface associated with reaching the destination network. This is the port through which the packet will leave the router, being forwarded to the next-hop relay device.
s s
Administrative Distance
Administrative Distance is a prioritization method for IP routing protocols The lower the administrative distance, the more trusted the learning mechanism
Manually entered routes are preferred to dynamically learned routes Routing protocols with sophisticated metrics are preferred over protocols with simple metric structures
1999, Cisco Systems, Inc.
www.cisco.com
BSCN4-15
Administrative Distance
The routing process is responsible for selecting the best path to any destination network. The concept of an administrative distance is required to handle the case when there are multiple inputs on the same route. More than one learning mechanism can exist inside the router at any given time. The routing process has been programmed to prefer lower values rather than higher values when comparing administrative distances. In general, administrative distances have been assigned in a fashion to prefer manual entries over dynamically learned entries and to prefer routing protocols with more sophisticated metrics over routing protocols with simple metrics. A comparison chart of administrative distances is located on the following page.
Connected Interface Static Route out an Interface Static Route to a Next Hop Enhanced IGRP Summary Route External BGP Internal Enhanced IGRP IGRP OSPF IS-IS RIP v1, v2 EGP External Enhanced IGRP Internal BGP Unknown
1999, Cisco Systems, Inc.
www.cisco.com
Routing Decisions
Routing protocols maintain a loop-free, single path to each destination network Routes are advertised with a reachability factor referred as a metric The path to the destination network is represented by the sum of the metrics associated with all intermediate links The routing process uses the metric value to select a preferred path to each destination Multiple paths can be used if metric values are equal
1999, Cisco Systems, Inc.
www.cisco.com
BSCN4-17
Routing Decisions
In a routed network, the routing process relies on the routing protocol to maintain a loop-free topology. In addition to maintaining a loop-free topology, the routing process must locate the best path to every destination network. The concept of what is the best path to any destination is what distinguishes different routing protocols in the TCP/IP environment. Each routing protocol uses a different measurement as to what is best. Routers advertise the path to any network in terms of a metric value. Some common examples of metrics are: hop count (how many routers to pass through), cost (based on bandwidth) and composite (using several parameters in their calculation). If the destination network is not local to this router, then the path is represented by the total of metric values defined for all of the links that must be traversed to reach that network. Once the routing process knows the metric values associated with the different paths (assuming that multiple paths exist), then the routing decision can be made. The routing process will select the path that has the smallest metric value. In Cisco routers, if multiple, lowest, equal metric paths exist in an IP environment, then, load sharing (also known as load balancing) will be in effect across the multiple paths. Cisco supports up to six equal metric paths to a common destination network.
TR
FDDI 10.0
www.cisco.com
BSCN4-18
TR
FDDI 10.0
C 5.0 dir conn Eth0 C 4.0 dir conn Ser0 I 10.0 [100/327684] via 5.4, Eth0
www.cisco.com
BSCN4-19
Routers forward traffic to the destination network by passing packets to the next-hop logical device (router) in the delivery path
1999, Cisco Systems, Inc.
www.cisco.com
BSCN4-20
Check framing and buffer packet Associate destination logical address with next-hop logical device and outbound interface Associate next-hop logical device with physical address to create frame header Create framing and forward packet
www.cisco.com
Inbound interface
Routing table
Outbound interface
* Manual entries available
BSCN4-21
A packet transiting the router will be accepted into the router if the frame (in which the packet resides) header contains the MAC address of one of the routers NIC cards. If properly addressed, once the framing is checked, the frame and its content (the packet) will be buffered pending further processing. The buffering occurs in main memory or some other specialized memory location. The switching process checks the destination logical network portion of the packet header against the network/subnetwork entries in the routing table. If the search is successful, the switching process associates the destination network with a next-hop logical device and an outbound interface. Once the next-hop logical device address is known, a lookup is performed to locate a physical address for the next device in the relay chain. The lookup is performed in an Address Resolution Protocol (ARP) table for local-area network (LAN) interfaces or a map table for wide-area network (WAN) interfaces. The contents of these tables can be created either by dynamic means or by manual entries. Once the physical address of the next delivery device is known, an overwrite of the frame header occurs in the memory locations where the frame (and packet) is buffered. After the frame header is created, the frame is programmatically moved to the outbound interface for transmission onto the media. As the frame is placed on the media, the outbound interface adds the CRC character and ending delimiters to the frame. These characters will need to be validated at the arriving interface on the next-hop relay device.
Routing Principles 3-21
www.cisco.com
BSCN4-22
Share the same routing mask as the advertising device If the routing mask does not match, this device must summarize the received route a classful boundary and send the default routing mask in its own advertisements.
Classful Routes
Subnetwork routes are shared by devices within the same network Summary routes are exchanged between foreign networks Summary routes are automatically created at major network boundaries
www.cisco.com
BSCN4-23
Classful Routes
Classful routing protocols, such as RIPv1 and IGRP, exchange routes to subnetworks within the same network. This is possible because all of the subntworks in the major network will have the same routing mask. This consistency is enforced by administrative controls invoked by the network administrators. When routes are exchanged with foreign (networks whose network portion does not match ours) networks, subnetwork information from this network cannot be included because the routing mask of the other network is not known. As a result, the subnetwork information from this network must be summarized to a classful boundary using a default routing mask prior to inclusion in the routing update. The creation of a classful summary route at major network boundaries is handled automatically by classful routing protocols. Summarization at other points within the major network address is not allowed by classful routing protocols.
201.222.5.33 /27
All router interfaces in the network must have the same subnet mask This approach may not fully utilize available allocation of host addresses
1999, Cisco Systems, Inc.
www.cisco.com
BSCN4-24
All Routes
In a distance vector environment, routing updates are propagated only to directlyconnected neighbors
1999, Cisco Systems, Inc.
www.cisco.com
BSCN4-25
EIGRP**
X X X X X DUAL Comp 100 Large
www.cisco.com
BSCN4-26
2. Which of the following statements are true for all distance vector routing protocols? Indicate your selection by placing a T in the blank area in front of each statement. _______ Routing updates contain all routes in the routing table
_______
_______
_______
_______
Class C Class C
Token Ring
Token Ring
Class C
www.cisco.com
BSCN4-28
Distance vector routing protocols are commonly deployed in small to medium sized networks. These protocols are popular, well understood, and straightforward to configure. Although distance vector protocols, such as RIP and IGRP, are widely deployed there are still some operational guidelines that must be adhered to. Some operational concepts that require consideration include:
s s s s s
Topology considerations Metric limitations Routing update traffic Convergence Ease of configuration and management
Routing updates triggered by topology changes Summary routes manually controlled at any point within the network
1999, Cisco Systems, Inc.
www.cisco.com
BSCN4-29
201.222.5.33 /27
Router interfaces within the same network can have different subnet masks
Variable length subnet masking (VLSM) is supported
www.cisco.com
BSCN4-30
One Route
In a link-state environment, link-state announcements are propagated to all devices in the routing domain
Hierarchical design can limit the requirement to notify all devices
1999, Cisco Systems, Inc.
www.cisco.com
BSCN4-31
OSPF IS-IS
X X X X X X X X X X
EIGRP**
X X X X X X X DUAL Comp 100 Large
www.cisco.com
BSCN4-32
2. Which of the following statements are true for all link-state routing protocols? Indicate your selection by placing a T in the blank area in front of each statement. _______ Routing updates contain only the affected routes in the routing table
_______
_______
_______
_______
Area
Hi-speed Core
DR
BDR
FDDI
Token Ring
www.cisco.com
BSCN4-34
Link state routing protocols are commonly deployed in medium to large-scale networks. Implementation of these protocols requires that sound design principles be followed with an eye towards a hierarchical topology. A hierarchical structure is important for both router functionality and for address allocation. Some operational concepts that require consideration include:
s s s s s
Topology considerations Metric limitations Routing update traffic Convergence Ease of configuration and management
Convergence
Convergence is the time that it takes for all routers to agree on the network topology after a change New routes being added Existing routes changing state Convergence time is effected by: Update mechanism (hold-down timers) Size of the topology table Route calculation algorithm
1999, Cisco Systems, Inc.
www.cisco.com
BSCN4-35
Convergence
In a routed network, the routing process in each router must maintain a loop-free, single path to each possible destination logical network. When all of the routing tables are synchronized and each contains a usable route to each destination network, the network is described as being converged. Convergence is the activity associated with making the routing tables synchronized after a topology change occurs. Convergence efforts are different within different routing protocols and the default timers used within the same routing protocol can vary by vendor implementation. Convergence time can vary within any network. One of the critical questions to be answered when measuring convergence time is how was the link change detected? Using the OSI reference model terminology as a guideline, there are at least two different detection methods. First, when the NIC (at the Physical/Data Link layer) fails to receive three consecutive keepalives, the link is considered to be down. Second, when the routing protocol (at the Network/Transport Layer) fails to receive three consecutive Hello messages (or routing updates, etc.), the link is considered to be down. Once the detection method is understood, factors associated with routing protocol operation come into play. Most routing protocols have timers that prevent topological loops from forming during periods of link transition. For example, when a route is suspect, it is placed in hold-down and no new routing information about that route will be accepted until the hold-down timer expires. This approach gives the network topology an opportunity to stabilize before new route calculations are performed. Unfortunately, a network cannot converge more rapidly than the duration of the hold-down timer. The concept of a hold-down timer is primarily associated with distance vector routing protocols. In addition to timer values, other factors such as the size of internet, the efficiency of the routing algorithm and how the failure information is radiated all affect convergence time. Some examples are shown on the following pages.
Copyright 1999, Cisco Systems, Inc. Routing Principles 3-35
RIP Convergence
S1 S0 F E D E0 C E1 E0 B S0 S0 A
Steps of convergence:
1. C detects link failure; sends flash update, goes to D and B
- Route is poisoned to B and D; removed from Cs routing table
2. C sends a request to neighbors for alternate path - Broadcast for v1, multicast for v2 3. D reports no alternate path; B reports route with weaker metric
- Route via B immediately placed in routing table
www.cisco.com
BSCN4-36
RIP Convergence
The sequence of events for RIP convergence is as follows: 1. Router C detects the link failure between A and C, C sends a flash update with a poisoned route to B and D. D creates a new flash update and sends it to E. E creates a new flash update and sends it to F. C purges the entry for the down link and removes all routes associated with that link from the routing table. 2. Router C sends a query to its neighbors on 255.255.255.255 (v1) and 224.0.0.9 (v2). D responds with a poisoned route and B responds with a route with a weaker metric. The route from B is immediately installed in the routing table. 3. Router C does not go into hold-down because the entry was already purged. 4. Router D is in hold-down for the failed route. When C makes its periodic advertisement that the route is available with a weaker metric, D ignores the route because it is in hold-down. D continues to send a poisoned route to C in Ds updates. 5. As routers D, E, and F come out of hold-down, the new route announced by C will cause their routing table entries to be updated. From Fs perspective, convergence time is the total of detection time, plus holddown time, plus two update times (D to E and E to F), plus one partial or full update time. The actual time to converge at F could exceed 240 seconds or approximately four minutes.
IGRP Convergence
S1 S0 F E D E0 C E1 E0 B S0 S0 A
Steps of convergence:
1) C detects link failure; sends flash update, goes to D and B
- Route is poisoned to B and D; removed from Cs routing table
2) C sends query to neighbors for alternate route - Broadcast on all interfaces 3) C receives route with weaker metric from B; no route from D
- Route via B placed in routing table
www.cisco.com
BSCN4-37
IGRP Convergence
The sequence of events for IGRP convergence is as follows: 1. Router C detects the link failure between A and C, C sends a flash update with a poisoned route to B and D. D creates a new flash update and sends it to E. E creates a new flash update and sends it to F. C purges the entry for the down link and removes all routes associated with that link from the routing table. 2. Router C sends a query to its neighbors on 255.255.255.255 using all interfaces including the one that is down. D responds with a poisoned route and C sends (out all interfaces) a flash update without the failed link entry. 3. B responds with a route with a weaker metric. The route from B is immediately installed in the routing table. Router C does not go into holddown because the entry was already purged. C sends a flash update with the new route information out all interfaces. 4. Router D is in hold-down for the failed route. When C makes its flash advertisement that the route is available with a weaker metric, D ignores the route because it is in hold-down. D continues to send a poisoned route to C in Ds updates. 5. As routers D, E, and F come out of hold-down, the new route announced by C will cause their routing table entries to be updated. From Fs perspective, convergence time is the total of detection time, plus holddown time, plus two update times (D to E and E to F), plus one partial or full update time. The actual time to converge at F could exceed 490 seconds or approximately six minutes.
EIGRP Convergence
S1 S0 F E D E0 C E1 E0 B S0 S0 A
Steps of convergence:
1) C detects link failure; has no FS, goes into active convergence
- No successor candidates present in topology database
3) 4) 5) 6)
Ds response indicates no logical successor Bs response indicates FS with higher feasible distance C accepts new path and distance, adds route via B to table Sends flash update about higher metric, goes to D and B
- Only higher metric propagated in triggered update
www.cisco.com
BSCN4-38
OSPF Convergence
S1 S0 F E D E0 C E1 E0 B S0 S0 A
Steps of convergence:
1) C detects link failure; sends link-state advertisement, goes to D and B
- Topology change is detected, traffic forwarding suspended
2) All routers update topology database; copy LSA and flood to neighbors
- All devices have topological awareness
www.cisco.com
BSCN4-39
OSPF Convergence
The sequence of events for OSPF convergence is as follows: 1. Router C detects the link failure between A and C and tries to perform a DR election process on the LAN interface, but fails to reach any neighbors. C deletes the route from the routing table, builds a router LSA and sends it out all other interfaces. 2. Upon receipt of the LSA, routers B and D copy the advertisement and forward (flood) the LSA packet out all interfaces other than the one upon which it arrived. 3. All routers, including router C, wait five seconds after receiving the LSA and run the shortest path first (Dijkstra) algorithm. After running the algorithm, router C adds the new route to the routing table, and routers D, E and F update the metric in the routing table. After approximately 30 seconds, A sends an LSA after aging out the topology entry from router C about the failed link. After five seconds, all routers run the SPF algorithm again and update their routing tables to reflect that B is the path to the failed link. From Fs perspective, convergence time is the total of detection time, plus LSA flooding time, plus five seconds. The actual time to converge at F is very rapid, approximately six seconds and could be longer depending on the size of the topology table. If As LSA about aging out of the topology entry is also considered in Fs convergence, approximately another 30 - 40 seconds could be added before the network is again stable.
Routing Updates
Different ways to send route information
Routing Table Distance vector Approach Full Table
Routing Table
www.cisco.com
BSCN4-40
Routing Updates
There are two basic ways to send routing updates: the distance vector approach and the link-state approach. These approaches are being described after the initial learning mechanisms have completed. Distance-vector protocols use a routine, periodic announcement that contains the entire contents of the routing table. These announcements are usually broadcasts and are propagated only to directly-connected devices. This approach allows the router to view the network from the neighbors perspective and facilitates the addition of the routers metric to the distance already stated by the neighboring router. The downside of this approach is that considerable bandwidth is consumed at regular intervals on each link even if there are no topology changes to report. Link-state protocols use a triggered-update type of announcement. These announcements are generated only when there is a topology change within the network. The link-state announcements only contain information about the link that changed (such as a single route) and are propagated to all devices in the network. The flooding of the announcement is required because link-state devices all make their route calculations independently but those calculations are based upon a common understanding of the network topology. This approach saves bandwidth on each link because the announcements contain less information, as well as, only being sent when there is a topology change. In some link-state protocols, a periodic announcement (every 30 minutes for OSPF) is required to ensure that the topology database is synchronized among all routing devices.
Routing Tables
Entries are listed in binary descending order
Simplifies the search mechanism
Displayed by the show ip route command Entries can be refreshed by clear ip route command
Specify a single entry, use network number Specify all entries, use * as a wildcard character
1999, Cisco Systems, Inc.
www.cisco.com
BSCN4-41
Routing Tables
The entries in a routing table represent each possible logical destination network that is known to this router. The entries for major networks are listed in ascending order and, most commonly, within each major network the subnetworks are listed in descending order. The order of the entries may at times look like a random pattern, but the order is optimized by bit patterns to facilitate the lookup process based upon length of subnet mask. The routing process must maintain a single, loop-free path to each destination network. If equal, lowest metric paths exist to a destination, all paths (up to a maximum of six) will be listed in the routing table. The IP routing process will attempt to load share traffic across equal metric paths. An IP routing table display can be requested with the privileged EXEC command show ip route. If the information that is displayed is not trusted, an update can be obtained from the neighboring devices with the clear ip route command. An optional keyword, either an individual network/subnetwork route or the * (wildcard for all) character, can be used to further identify the route(s) to be refreshed.
www.cisco.com
BSCN4-42
s s s
Analyze the contents of the routing table Verify connectivity to all other pods Using the addresses assigned to your pod, determine
Summary
This section summaries the tasks you learned to complete in this chapter
Summary
After completing this chapter, you should be able to perform the following tasks:
List the key information routers need to route data Describe classful and classless routing protocols Compare distance vector and link-state protocol operation Describe the use of the fields in a routing table
1999, Cisco Systems, Inc.
www.cisco.com
BSCN4-44
Answers to Exercises
Answers to Exercises
1999, Cisco Systems, Inc.
www.cisco.com
4-45
Answers to Exercises
Written Exercise: Comparing Distance Vector Routing Protocols Objective: Describe the operating characteristics of different distance vector routing protocols. 1. Complete the following table by indicating which protocol(s) demonstrate the characteristic shown in the right-hand column. Indicate your choice(s) in the left-hand column by entering one or more of the following distance vector routing protocols: RIPv1, RIPv2, IGRP, EIGRP Protocol RIPv1, RIPv2 RIPv1, IGRP IGRP RIPv1, RIPv2, IGRP, EIGRP IGRP, EIGRP RIPv1, RIPv2 IGRP, EIGRP RIPv2, EIGRP RIPv1 Characteristic Has a hop count limitation of 15 hops Uses broadcast packets to propagate routing updates Has an administrative distance of 100 Supports split horizon to avoid routing loops Uses a composite metric to determine best path Employs a count to infinity concept to avoid routing loops Can select preferred path based upon bandwidth consideration Supports variable length subnet masks (VLSM) Is supported by all vendors of routing equipment
2. Which of the following statements are true for all distance vector routing protocols? Indicate your selection by placing a T in the blank area in front of each statement. _______ Routing updates contain all routes in the routing table
___T___
___T___
_______
_______
Written Exercise: Comparing Link State Routing Protocols Objective: Describe the operating characteristics of link-state routing protocols 1. Complete the following table by indicating which protocol(s) demonstrate the characteristic shown in the right-hand column. Indicate your choice(s) in the left-hand column by entering one or more of the following distance vector routing protocols: OSPF, IS-IS, EIGRP Protocol OSPF, IS-IS, EIGRP None IS-IS OSPF OSPF, IS-IS OSPF. IS-IS, EIGRP OSPF, EIGRP OSPF, IS-IS, EIGRP OSPF Characteristic Maintains additional tables to assist in rapid convergence Uses broadcast packets to propagate topology updates Has an administrative distance of 115 Supports flooding of updates to avoid routing loops Requires a hierarchical design to operate correctly Allows manual route summarization at any location Can select preferred path based upon bandwidth consideration Supports variable length subnet masks (VLSM) Is supported by all vendors of routing equipment
2. Which of the following statements are true for all link-state routing protocols? Indicate your selection by placing a T in the blank area in front of each statement. ___T___ Routing updates contain only the affected routes in the routing table
___T___
_______
___T___
_______
Extending IP Addresses
Overview
This chapter discusses various aspects if IP addressing. This chapter includes the following topics:
s s s s s s s s s s s s
Objectives Issues with IP Addressing IP Addressing Solutions Hierarchical Addressing Variable-Length Subnet Masks Written Exercise: Calculating VLSMs Route Summarization Written Exercise: Using Route Summarization Classless Inter-domain Routing Case Study: Introduction to Course Case Studies Summary Review Questions
Objectives
This section lists the chapters objectives.
Objectives
Upon completion of this chapter, you will be able to perform the following tasks:
Given an IP address, use VLSMs to extend the use of the IP address Given a network plan that includes IP addressing, explain if route summarization is or is not possible
www.cisco.com
BSCN4-2
Upon completion of this chapter, you will be able to perform the following tasks:
s s
Given an IP address, use VLSMs to extend the use of the IP address. Given a network plan that includes IP addressing, explain if route summarization is or is not possible.
Internet
UNIVERSITY
www.cisco.com
BSCN4-4
When IP addressing was first defined, in 1981, it was a 32-bit number that had two components: a network address and a node (host) address. Classes of addresses were also definedclass A, B, and C and later classes D and E. Since then, the growth of the Internet has been incredible. Two addressing issues have resulted from this explosion:
s
IP address exhaustionThis has largely been due to the random allocation of IP addresses by the NIC. It is also due to the fact that subnetting with one subnet mask may not be suitable for a typical network topology, as you will see later in this chapter. Routing table growth and manageabilityOne source indicates that in 1990 only about 5000 routes were tracked in order to use the Internet. This number had grown to 74,000 routes by 1999. In addition to the exponential growth of the Internet, the random assignment of IP addresses throughout the world has also contributed to the exponential growth of routing tables.
Next-generation IP (IP version 6) tries to respond to these problems by introducing a 128-bit address. In the meantime Internet Request For Comments (RFCs), have been introduced to enable the current IP addressing scheme to continue to be useful.
IP Addressing Solutions
This section identifies solutions to IP addressing issues.
IP Addressing Solutions
Subnet Masking, RFC 1812 Address Allocation for Private Internets, RFC 1918 Network Address Translation, RFC 1631 Hierarchical Addressing Variable-Length Subnet Masks, RFC 1812 Route Summarization, RFC 1518 Classless Inter-Domain Routing, RFCs 1518, 1519
1999, Cisco Systems, Inc.
www.cisco.com
BSCN4-5
Since the 1980s, solutions have been developed to slow the depletion of IP addresses and to reduce the number of Internet route table entries by enabling more hierarchical layers in an IP address. These solutions include:
s
Subnet MaskingRFCs 950 (1985), 1812 (1995)Developed to add another level of hierarchy to an IP address. This additional level allows for extending the number of network addresses derived from a single IP address. (Subnet masking is discussed in chapter 3 of this course and in detail in the Interconnecting Cisco Network Devices [ICND] course.) Address Allocation for Private InternetsRFC 1918 (1996)Developed for organizations that do not need much access to the Internet. The only reason to have a NIC-assigned IP address is to interconnect to the Internet. Any and all companies can use the privately assigned IP addresses within their organization, rather than using a NIC-assigned IP address unnecessarily. (Private addresses are discussed in chapter 14 of this course and in the Building Cisco Remote Access Networks [BCRAN] course). Network Address Translation (NAT)RFC 1631 (1994)Developed for those companies that use private addressing or use non-NIC-assigned IP addresses. This strategy enables an organization to access the Internet with a NIC-assigned address, without having to reassign the private or illegal addresses that are already in place. (NAT is discussed in chapter 14 of this course and in the BCRAN course). Hierarchical Addressing Applying a structure to addressing such that multiple addresses share the same leftmost bits. Hierarchical addressing is discussed later in this chapter.
Copyright 1999, Cisco Systems, Inc.
Variable-Length Subnet Masks (VLSMs)RFC 1812 (1995)Developed to allow multiple levels of subnetworked IP addresses within a single network. This strategy can only be used when it is supported by the routing protocol in use, such as OSPF and EIGRP. VLSMs are discussed later in this chapter. Route SummarizationRFC 1518 (1993)A way of having a single IP address represent a collection of IP addresses when you employ a hierarchical addressing plan. Route summarization is discussed later in this chapter. Classless Inter-Domain Routing (CIDR)RFCs 1518, 1519 (1993), 2050 (1996)Developed for ISPs. This strategy suggests that the remaining IP addresses be allocated to ISPs in contiguous blocks, with geography being a consideration. CIDR is discussed later in this chapter.
Hierarchical Addressing
This section discusses what hierarchical addressing is and the benefits of using it.
Local Office
Alexandria
Does a telephone switch in California know how to reach a specific phone (1-703-555-1212) in Virginia?
1999, Cisco Systems, Inc.
www.cisco.com
BSCN4-11
What is an addressing hierarchy, and why do you want to have it? Perhaps the best known addressing hierarchy is the telephone network. The telephone network uses a hierarchical numbering scheme that includes country codes, area code, and local exchange numbers. For example, if you are in San Jose, California and call someone else in San Jose, then you dial the San Jose local exchange number, 528, and the persons telephone number, 7777. The central office, upon seeing the number 528, recognizes that the destination telephone is within its area so it looks for number 7777 and transfers the call. To call Aunt Judy in Alexandria, Virginia from San Jose, dial 1, then the area code, 703, the Alexandria prefix, 555, then Aunt Judys local number, 1212. The central office first sees the number 1, indicating a remote call, then looks up the number 703. The central office immediately routes the call to a central office in Alexandria. The San Jose central office does not know exactly where 555-1212 is in Alexandria, nor does it have to. It only needs to know the area codes, which summarize the local telephone numbers within an area. If there were no hierarchical structure, every central office would need to have every telephone number, worldwide, in its locator table. Instead, the central offices have summary numbers, such as area codes and country codes. A summary number (address) represents a group of numbers. For example, an area code such as 408 is a summary number for the San Jose area. That is, if you dial 1- 408 from anywhere in the United States, then a seven-digit telephone number, the central office will route the call to a San Jose central office. This is the kind of addressing
strategy that the Internet gurus are trying to work toward, and that you as a network administrator should implement in your own internetwork.
www.cisco.com
BSCN4-12
Reduced number of routing table entriesWhether it is with your Internet routers, or your internal routers, you should try to keep your routing tables as small as possible by using route summarization. Route summarization is a way of having a single IP address represent a collection of IP addresses when you employ a hierarchical addressing plan. By summarizing routes, you can keep your routing table entries manageable, which means: More efficient routing. Reduced number of CPU cycles when recalculating a routing table, or sorting through the routing table entries to find a match. Reduced router memory requirements. Faster convergence after a change in the network. Easier troubleshooting
Efficient allocation of addressesHierarchical addressing enables you to take advantage of all possible addresses because you group them contiguously. With random address assignment, you may end up wasting groups of addresses because of addressing conflicts. For example, recall that classful routing protocols automatically create summary routes at a network boundary. These protocols therefore do not support discontiguous addressing (as you will see later in this chapter), so some addresses would be unusable if not assigned contiguously.
17 2.
16 .1
4. 1
172.16.14. 64/27
172.1
6.14. 1
0 36/30
32 /3
2. 17
. .1 16
2 0/
172.16.14.96/27
.14.14 172.16
0/30
HQ 1 72
.16 .2.
172.16.0.0/16
0/2 4
www.cisco.com
BSCN4-16
VLSMs provide the ability to include more than one subnet mask within a network, and the ability to subnet an already subnetted network address. The benefits of VLSMs include:
s
Even more efficient use of IP addressesWithout the use of VLSMs, companies are locked into implementing a single subnet mask within an entire class A, B or C network number. For example, consider the 172.16.0.0/16 network address divided into subnets using /24 masking, and one of the subnetworks in this range, 172.16.14.0/24, further divided into smaller subnets with the /27 masking, as shown in the graphic. These smaller subnets range from 172.16.14.0/27 to 172.16.14.224/27. In the graphic, one of these smaller subnets, 172.16.14.128, is further divided with the /30 prefix, creating subnets with only two hosts, to be used on the WAN links.
Greater capability to use route summarizationVLSMs allow for more hierarchical levels within your addressing plan, and thus allow for better route summarization within routing tables. For example, in the graphic, subnet 172.16.14.0/24 summarizes all of the addresses that are further subnets of 172.16.14.0, including those from subnet 172.16.14.0/27 and from 172.16.14.128/30. Route summarization is discussed in more detail later in this chapter.
192.168.5.0/24 C
OSPF Network
172.16.2.0/24 A 172.16.2.0/24 172.16.1.0/24 B 172.16.2.0/24 172.16.1.0/24
1999, Cisco Systems, Inc.
192.168.5.0/24 C
www.cisco.com
BSCN4-20
VLSMs can be used when the routing protocol sends a subnet mask along with each network address. As discussed in chapter 3, routing protocols that include a subnet mask are known as classless routing protocols; they include RIPv2, OSPF, EIGRP, BGP, and ISIS. As also discussed in chapter 3, routing protocols that do not send subnet mask information along with each network address are known as classful routing protocols. RIPv1 and IGRP are classful routing protocols and therefore do not support VLSMs. RIPv1 and IGRP networks support only one subnet mask per network address because routing updates do not include a subnet mask field. As a result, upon receiving a packet, the router does one of the following to determine the network portion of the destination address:
s
If the routing update information is about the same network number as configured on the receiving interface, the router applies the subnet mask that is configured on the receiving interface. If the routing update information is about a network address that is not the same as the one configured on the receiving interface, the router will apply the default (by class) subnet mask.
For example, in the graphic the RIPv1 network Router B is attached to network 172.16.1.0/24. Therefore, if Router B learns about any network on this interface that is also a subnet of the 172.16.0.0 network, it will apply the subnet mask configured on its receiving interface (/24) to that learned network. But, notice how Router C, which is attached to Router B via the 192.168.5.0/24 network, handles routing information about network 172.16.0.0. Rather than using the subnet mask that Router B knows about (/24), Router C applies the default (classful) subnet mask for a class B address (/16) when it receives information about 172.16.0.0. (Also notice that Router B summarized the routing information about the 172.16.0.0 network when sending it to Router C, because it was sent over an interface in a different network.)
4-10 Building Scalable Cisco Networks Copyright 1999, Cisco Systems, Inc.
It is impossible in this kind of environment to further subnet already subnetted IP addresses without causing confusion. Instead VLSMs can be used only when the routing protocol sends subnet mask information along with the network address. To contrast, in the lower graphic the OSPF network Router B passed the subnet and subnet mask information to Router C; Router C put the subnet details into its routing table. Router C did not have to use any default masks for the received routing information.
Calculating VLSMs
Subnetted Address: 172.16.32.0/20 In Binary 10101100. 00010000.00100000.00000000 VLSM Address: 172.16.32.0/26 In Binary 10101100. 00010000.00100000.00000000
1st Subnet: 2nd Subnet: 3rd Subnet: 4th Subnet: 5th Subnet:
. 00010000 .0010 0000.00 000000=172.16.32.0 . 16 .0010 0000.01 000000=172.16.32.64 . 16 .0010 0000.10 000000=172.16.32.128 . 16 .0010 0000.11 000000=172.16.32.192 . 16 .0010 0001.00 000000=172.16.33.0 Subnet VLSM Subnet
. . .
www.cisco.com
Network
. . .
1999, Cisco Systems, Inc.
Host
. . .
BSCN4-24
. . .
. . .
As already discussed, VLSMs allow you to subnet an already subnetted address. Consider, for example, that you have a subnet address 172.16.32.0/20 and you need to assign addresses to a network that has ten hosts. With this subnet address, however, you have over 4000 (212-2=4094) host addresses, so you would be wasting over 4000 IP addresses. With VLSMs you can further subnet the address 172.16.32.0/20 to give you more network addresses and fewer hosts per network, which would probably work better in this network topology. If, for example, you subnet 172.16.32.0/20 to 172.16.32.0/26, you gain 64(=26) subnets, each of which could support 62 (=26-2) hosts. To further subnet 172.16.32.0/20 to 172.16.32.0/26 do the following: 1. Write 172.16.32.0 in binary form. 2. Draw a vertical line between the 20th and 21st bits, as shown in the graphic. 3. Draw a vertical line between the 26th and 27th bits, as shown in the graphic. 4. Calculate the 64 subnet addresses using the bits between the two vertical lines, from lowest to highest in value. The graphic shows the first five subnets available. If necessary, refer to the Job Aid: Binary Decimal Conversion Chart in Appendix A.
172.16.33.4/30
172.16.33.8/30
172.16.32.128/26
www.cisco.com
BSCN4-28
VLSMs are commonly used to maximize the number of possible addresses available for a network. For example, because point-to-point serial lines require only two host addresses, you want to use a subnetted address that will not waste scarce subnet numbers. In the graphic, the addresses used on the ethernets are those generated on the previous page, Calculating VLSMs. This graphic illustrates where the addresses can be applied, depending on the number of hosts anticipated at each layer. For example, the WAN links use addresses with a prefix of /30. This prefix allows for only 2 hostsjust enough hosts for a point-to-point connection between a pair of routers. To calculate the addresses used on the WAN links, further subnet one of the unused subnets. In this case, we further subnetted 172.16.33.0/26 with a prefix of /30. This provides 4 more subnet bits and therefore 24 = 16 subnets for the WANs.
It is important to remember that only subnets that are unused can be further Note subnetted. In other words, if you use any addresses from a subnet, that subnet cannot be further subnetted. In the example in the graphic, four subnet numbers are used on the LANs. Another, unused, subnet, 172.16.33.0/26, is further subnetted for use on the WANs.
Written Exercise
Using VLSMs, define appropriate subnets for addressing the networks using 192.168.49.0/24. 25 Users
A
25 Users
A B C HQ
B
25 Users
C
25 Users
D D E
25 Users
E
1999, Cisco Systems, Inc.
www.cisco.com
BSCN4-30
_________________________________________________________________ _________________________________________________________________
_________________________________________________________________
_________________________________________________________________
_________________________________________________________________
_________________________________________________________________
Route Summarization
This section describes and gives examples of route summarization, including implementation considerations.
A
172.16.27.0/24
Routing protocols can summarize addresses of several networks into one address
1999, Cisco Systems, Inc.
www.cisco.com
BSCN4-33
In large internetworks hundreds or even thousands of network addresses can exist. In these environments, it is often not desirable for routers to maintain all these routes in their routing table. Route summarization, also called route aggregation or supernetting, can reduce the number of routes that a router must maintain because it is a method of representing a series of network numbers in a single summary address. For example, as the graphic shows, the router can either send three routing update entries, or summarize the addresses into a single network number.
The router in the graphic is saying that it can route to the network 172.16.0.0/16, Note including all subnets of that network. However, if there were other subnets of 172.16.0.0 elsewhere in the network (for example, if 172.16.0.0 was discontiguous), summarizing in this way may not be valid. Discontiguous networks and summarization are discussed later in this chapter.
Another advantage to using route summarization in a large, complex network is that it can isolate topology changes from other routers. That is, if a specific link in the 172.16.27.0/24 domain was flapping, the summary route would not change, so no router external to the domain would need to keep modifying its routing table due to this flapping activity. Route summarization is most effective within a subnetted environment when the network addresses are in contiguous blocks in powers of two. For example, 4, 16, or 512 addresses can be represented by a single routing entry because summary
Copyright 1999, Cisco Systems, Inc. Extending IP Addresses 4-15
masks are binary masksjust like subnet masksso summarization must take place on binary boundaries (powers of two). Routing protocols summarize or aggregate routes based on shared network numbers within the network. Classless routing protocolsRIPv2, OSPF, and Enhanced IGRPsupport route summarization based on subnet addresses, including VLSM addressing. Classful routing protocolsRIPv1 and IGRP automatically summarize routes on the class network boundary, and do not support summarization on any other boundaries. Summarization is described in RFC 1518, An Architecture for IP Address Allocation with CIDR.
Noncommon Bits = 11
BSCN4-34
www.cisco.com
The previous graphic illustrated a summary route based on a full octet 172.16.25.0/24, 172.16.26.0/24, and 172.16.27.0/24 could be summarized into 172.16.0.0/16. What if a router received updates for the following routeshow would the router summarize them?
s s s s s s
To determine the summary route, the router determines the number of highestorder number of bits that match in all of the addresses. Referring to the list of IP addresses on this page, 21 bits match in all of the addresses. Therefore the best summary route is 172.16.168.0/21, as shown in the graphic. To allow the router to aggregate the most number of IP addresses into a single route summary, your IP addressing plan should be hierarchical in nature. This approach is particularly important when using VLSMs, as illustrated on the next page. You can summarize when the number of addresses is a power of two. If it is not a power of two you can divide the addresses into groups and summarize the groups separately.
17 2. 16 .1 28 .0
/2 0
Corporate network A
172.16.0.0/16
64 6. .1 72 0 /2 .0
1
172.16.64.0/20 D
www.cisco.com
BSCN4-35
A VLSM design allows for maximum use of IP addresses, as well as more efficient routing update communication when using hierarchical IP addressing. In the graphic, for example, route summarization occurs at two levels:
s
Router C summarizes two routing updates from networks 172.16.32.64/26 and 172.16.32.128/26 into a single update, 172.16.32.0/24. Router A receives three different routing updates, but summarizes them into a single routing update before propagating it to the corporate network.
Implementation Considerations
Multiple IP addresses must have same highest order bits Routing decisions made based on entire address Routing protocols must carry prefix (subnet mask) length
www.cisco.com
BSCN4-36
Route summarization reduces memory use on routers and routing-protocol network traffic. Requirements for summarization to work correctly are as follows:
s s
Multiple IP addresses must share the same high-order bits. Routing protocols must base their routing decisions on a 32-bit IP address and prefix length that can be up to 32 bits. Routing protocols must carry the prefix length (subnet mask) with the 32-bit IP address.
Supports host-specific routes, blocks of networks, default routes Routers use the longest match
www.cisco.com
BSCN4-37
This following discusses the generalities of how Cisco routers handle route summarization. Details about how route summarization operates with a specific protocol are discussed in the specific protocol chapter. For example, route summarization for OSPF is discussed in the Interconnecting Multiple OSPF Areas chapter. Cisco routers manage route summarization in two ways:
s
Sending route summariesRouting information advertised out an interface is automatically summarized at major (classful) network address boundaries by RIP, IGRP, and Enhanced IGRP. Specifically, this automatic summarization occurs for those routes whose classful network address differs from the major network address of the interface to which the advertisement is being sent. For OSPF you must configure summarization. Route summarization is not always a solution. You would not want to use route summarization if you needed to advertise all networks across a boundary, such as when you have discontiguous networks (discussed on the next page). EIGRP and RIPv2 allow you to disable autosummarization.
Selecting routes from route summariesIf more than one entry in the routing table matches a particular destination, the longest prefix match in the routing table is used. Several routes might match one destination, but the longest matching prefix is used. For example, if a routing table has different paths to 172.16.0.0/16 and to 172.16.5.0/24, packets addressed to 172.16.5.99 would be routed through 172.16.5.0/24 path because that address has the longest match with the destination address.
A
RIPv1 will advertise network 172.16.0.0
B
RIPv1 will advertise network 172.16.0.0
RIPv1 and IGRP do not advertise subnets, and therefore cannot support discontiguous subnets OSPF, EIGRP, and RIPv2 can advertise subnets, and therefore can support discontiguous subnets
1999, Cisco Systems, Inc.
www.cisco.com
BSCN4-38
Classful routing protocols summarize automatically at network boundaries. This behavior, which cannot be changed with RIPv1 and IGRP, has important results:
s s
Subnets are not advertised to a different major network. Discontiguous subnets are not visible to each other.
In the example, the 172.16.5.0 255.255.255.0 and 172.16.6.0 255.255.255.0 subnets are not advertised by RIP because RIP cannot advertise subnets; both Router A and Router B advertise 172.16.0.0. This leads to confusion when routing across network 192.168.14.0; for example Router C receives routes about 172.16.0.0 from two different directions so it cannot make a correct routing decision. This situation can be resolved by using RIPv2, OSPF, or Enhanced IGRP and not using summarization, because the subnet routes would be advertised with their actual subnet masks. Advertisements are configurable when using OSPF and Enhanced IGRP. The Cisco IOS software also provides an IP unnumbered feature that permits noncontiguous subnets separated by an unnumbered link.
172.16.9.0/24
EIGRP on both Router A and Router B advertise a summarized route to 172.16.0.0/16 Router C receives two routes to 172.16.0.0/16 Router A (and/or B) should be configured to not summarize
1999, Cisco Systems, Inc.
www.cisco.com
BSCN4-39
Be careful when using route summarization in a network that has discontiguous subnets, or if not all of the summarized subnets are reachable via the advertising router. If a summarized route indicates that certain subnets are reachable via a router, when in fact those subnets are discontiguous and/or are not reachable via that router, the network may have problems similar to those shown in the previous graphic for a RIPv1 network. However, since routers running classless routing protocols use the longest prefix match when selecting a route from the routing table, if the other subnets are advertised without being summarized, then other routers can select the longest prefix match and follow the correct path. For example, in the graphic, if Router A continues to summarize to 172.16.0.0/16 and Router B was configured to not summarize, then Router C would receive explicit routes for 172.16.6.0/24 and 172.16.9.0/24 along with the summarized route to 172.16.0.0/16. All traffic for Router Bs subnets would then be sent to Router B, while all other traffic for the 172.16.0.0 network would be sent to Router A.
Exercise 1
Written Exercise
Exercise 1
172.16.1.192/28 172.16.1.208/28
A
172.16.1.64/28 172.16.1.96/28
B
172.16.1.80/28
172.16.1.112/28
www.cisco.com
BSCN4-41
Exercise 2
G
172.16.1.160/28
172.16.1.176/28
H
172.16.1.48/28
www.cisco.com
BSCN4-42
www.cisco.com
BSCN4-44
Classless Inter-domain Routing (CIDR) is a mechanism developed to help alleviate the problem of exhaustion of IP addresses and growth of routing tables. The idea behind CIDR is that blocks of multiple Class C addresses can be combined, or aggregated, to create a larger (that is, more hosts allowed) classless set of IP addresses. Blocks of Class C network numbers are allocated to each network service provider. Organizations using the network service provider for Internet connectivity are allocated subsets of the service provider's address space as required. These multiple Class C addresses can then be summarized in routing tables, resulting in fewer route advertisements CIDR is described further in RFCs 1518 and 1519. RFC 2050, the Internet Registry IP Allocation Guidelines, specifies guidelines for the allocation of IP addresses.
CIDR Example
192.168.8.0/24
A
19 2.1 68
.8.
192.168.9.0/24
. . .
0/2 4
192.168.8.0/21
HQ
B . . . H
192.1 68.9.0
/24
192.168.15.0/24
6 2.1 19
/24 5 .0 8.1
www.cisco.com
BSCN4-45
The graphic shows an example of CIDR and route summarization. The class C network addresses 192.168.8.0/24 through 192.168.15.0/24 are being used and are being advertised to the HQ router. When the HQ router advertises the networks available, instead of separately advertising the eight class C networks, it can summarize these into one route. By advertising 192.168.8.0/21, the HQ router is saying: I can get to all destination addresses that have the first 21 bits the same as the first 21 bits of the address 192.168.8.0. The mechanism used to calculate the summary route to advertise is the same as shown earlier in the chapter.
JKL Corporation 1 Class B - Public Recently re-designed, optimal OSPF Area 0 - Small, Redundant OSPF Multi-Area, Hierarchical VLSM with Route Summarization
Acquisition B 3 Class C - Public IP RIP Only 500 Devices, out of addr. 6 Hops
Acquisition D 1 Class B - Public 1 Class C - Private Enhanced IGRP AS 400 Discontig. Subnets
www.cisco.com
BSCN4-47
Check numbers with Kip Throughout the rest of this course we will be using a Case Study of JKL Corporation to discuss various aspects of scalable routing. The case studies are used to review key concepts, to discuss critical issues surrounding network operation, and to provide a focus for the lab exercises. JKL is an enterprise that will be making four acquisitions A, B, C and D. JKLs ultimate goal is to integrate the acquisitions networks with its own network. JKL has recently undertaken to redesign their network and now have a robust design using OSPF, VLSM and route summarization. JKL has a class B public address. As we introduce details on various topics throughout the rest of the course we will see the problems that JKL must overcome as it integrates the networks of its acquisitions with its own OSPF network. Acquisition A is using a mixture of routing protocolsRIP, IGRP and OSPF. It has two class C public addresses and uses a class A private address. Acquisition B is using 3 class C public addresses and is using only IP RIP as its routing protocol. It has 500 devices and has run out of IP addresses. Acquisition C has a multi-vendor environment and is using OSPF and 1 class B public address. It is not using summarization. Acquisition D has 1 class B and 1 class C public address and discontiguous subnets. It is using EIGRP as the routing protocol.
Copyright 1999, Cisco Systems, Inc. Extending IP Addresses 4-27
In this course we elaborate on many issues relating to routing protocols and addressing strategies; the JKL case study will provide a mechanism to study a practical application of these concepts.
Summary
This section summaries the tasks you learned to complete in this chapter
Summary
After completing this chapter, you should be able to perform the following tasks:
Given an IP address, use VLSMs to extend the use of the IP address Given a network plan that includes IP addressing, explain if route summarization is or is not possible
www.cisco.com
BSCN4-48
Review Questions
Answer the following questions.
Review Questions
1. What are some of the advantages of using a hierarchical IP addressing model? 2. Given an address with a prefix of /20, how many additional subnets are gained when subnetting with a prefix of /28? 3. When selecting a route, the __________ prefix match is used.
www.cisco.com
BSCN4-49
Objectives
Upon completion of this chapter, you will be able to perform the following tasks:
List the key information routers need to route data Compare distance vector and link-state protocol operation
www.cisco.com
BSCN5-2
Objectives
This chapter discusses the kind of information routers need in order to route traffic and how distance vector and link-state routing protocols operate to get the information. Sections:
s s s s s s
Objectives What Is Routing? Comparing Routing Protocols Written Exercise: Comparing Routing Protocols Summary Answers to Exercises
5-2
What Is Routing?
How do I get this to Hong Kong?
Options
Hong Kong
Regular mail service Two-week ground mail service Overnight air mail service
www.cisco.com
BSCN5-3
What Is Routing?
Routing is the process by which an item gets from one location to another. Many items get routed: for example, mail, telephone calls, and trains. In this class, you have been learning how to configure a router, the device used to route traffic in a computer network. To be able to route anything, a router, or any other entity that performs the routing, needs to know the following key information:
s s s s s
The destination, or address of the item that needs to be routed. From which source it can learn the paths to given destinations. Possible routes, or paths, to intended destinations. The best path(s) to the intended destinations. A way of verifying that the known paths to destinations are the most current.
This information is exactly what a routing protocol provides a router. Further, each routing protocol uses a slightly different mechanism to obtain this information, nevertheless, the goal is the same. The chapters in this module discuss routing protocols in the context of how they operate to provide a router the key information listed. In this way you should be able to better compare routing protocols and their application in your networking environment.
5-3
Destination address Who I can learn routes from Possible routes The best route A way to verify the route is current
Protocol Categories Characteristic Distance Vector Link State Older; for small networks Newer; for large networks Supported Protocols RIP, IGRP, RTMP OSPF, NLSP, IS-IS
www.cisco.com
BSCN5-10
Although the protocols operate slightly differently, the mechanisms they use for learning and selecting paths, for example, have their origin in either distance vector or link-state routing. Distance vector protocols were written first and were designed for use in smaller network environments. Link-state protocols were created as a result of growing networks in order to address the limitations that distance vector protocols have when used in larger internetworks. This subsection summarizes the differences in how each routing protocol category obtains the following key information for a router:
s s s s s
Addressing Identifying neighbors Discovering routes Selecting route Maintaining routing information
5-4
Hierarchical Addressing
172.16.25.0
172.16.27.0
172.16.28.0
www.cisco.com
BSCN5-12
Hierarchical Addressing
In a small networking environment, there is no concern about running out of addresses. In large and growing networking environments, however, the number of addresses can become very limited unless the addresses are structured into a hierarchical framework. A hierarchical addressing framework has at least two key advantagesincreased availability of addresses and reduced need to memorize all addressing entries. Consider, the postal system, which uses the following hierarchy for routing mail in the United States:
s s s s s
This six-layer hierarchical structure enables an unlimited number of addresses to exist. In addition, a postal carrier need not memorize all the streets in Chicago, Illinois, if he or she delivers mail in San Diego, California. All the carrier needs to know is what zip code represents Chicago. That is, the zip code is a single entry that represents all house addresses in a given area. In other words, it is a summary of the addresses in an area. To accommodate large internetworks, a similar type of hierarchical framework must be used. To support hierarchical addressing, this module discusses variable length subnet masking (VLSM), which is specifically used in IP environments, and route summarization.
5-5
Identifying Neighbors
B A A D D C
www.cisco.com
BSCN5-13
Identifying Neighbors
In networks with few routers, routers can converge in a reasonable amount of time, even though a downed router is not detected quickly. However, the delay in detecting a downed router in a large network can be disastrous. To make sure that a downed router is located quickly in a large network, link-state protocols include a process for identifying neighbors and verifying periodically that the neighbors exist. The key differences in how distance vector and link-state protocols identify neighbors is as follows:
Distance Vector Does not have a formal way of learning about neighbors. Link-State Establishes a formal connection (linkstate) with each directly connected neighbor. This is done using the Hello protocol, which is discussed in detail in the Configuring OSPF in a Single Area chapter. Detects when a neighbor is unavailable when a hello is not received in predefined update interval. Typically the interval is 10 seconds.
Detects when a neighbor is unavailable only when the neighbor does not send its routing update during the periodic routing update interval, which can range from 10 to 90 seconds.
5-6
Token Ring
FDDI
www.cisco.com
BSCN5-14
Each router floods the entire internetwork with information about the links it knows about in update packets. Each neighboring router receives the update packet, copies the contents, and continues sending it. Note that the router does not recalculate its routing table before sending the entry to its neighbors.
5-7
B
Token Ring
FDDI
BSCN5-15
5-8
Maintaining Routes
A
C C
D D
Routing Update
Routing Table
Routing Table
Routing Table
Routing Table
www.cisco.com
BSCN5-16
Maintaining Routes
In a small network using a distance vector protocol, neighboring routers exchange their route information at a periodic interval, which is acceptable because a small network does not typically have much route information. In contrast, routers in large networks must manage large amounts of routing information. Exchanging large routing tables periodically could bring down a network and not allow any data traffic to flow. Link-state protocols address this issue. The key differences in how distance vector and link state protocols maintain routes is as follows:
Distance Vector When a router learns about a change in the internetwork, the router updates its routing table with the change and sends its entire routing table to its neighbors. Neighboring routers incorporate the received routing table into their routing table, run the Bellman-Ford algorithm, and forward their updated routing tables. This process continues until all routers converge. If there is no change in the internetwork at a periodic interval (usually 60 seconds), each router sends out its routing table to its neighbors. Link-State When a router learns about a change in the internetwork, it updates its link-state table and sends an update only about changed entries to all routers in the internetwork. Each router receives the update and adds it to the link-state table.
The routers then run the SPF algorithm to select the best paths. If no change occurs in the internetwork, then the routers will send updates only for those route entries that have not been updated periodicallyfrom 30 minutes to 2 hours, depending on the routing protocol.
5-9
Task: In the line to the left of each statement, identify the routing protocol by placing a DV for distance vector or LS for link-state. If a sentence describes more than one routing protocol, identify all protocols that apply. _____________ ____________ ____________ ____________ ____________ ____________ ____________ ____________ 1. Sends periodic updates, even if no network change has occurred. 2. Sends out updates when network changes occur. 3. The simplest routing protocol to configure. 4. RIP and RTMP are examples of this routing protocol. 5. OSPF is an example of this protocol. 6. Learns about neighbors to ensure bidirectional communication. 7. This protocol determines the best path by the lowest hop count. 8. This protocol uses the shortest path first algorithm.
5-10
Summary
A routing protocol learns the following information: Destination address Identified neighbors Paths to destinations Best path Route information maintained Distance vector protocols are designed for smaller networks Link-state protocols are designed for larger networks
1999, Cisco Systems, Inc.
www.cisco.com
BSCN5-18
Summary
5-11
5-12
5-13
Objectives
Upon completion of this chapter, you will be able to perform the following tasks:
Explain why OSPF is better than RIP in a large internetwork Explain how OSPF discovers, chooses, and maintains routes in Multiaccess, Point-to-Point and NBMA networks Configure OSPF for proper operation Verify OSPF operation
www.cisco.com
BSCN 6-2
Objectives
This chapter covers the use, operation, configuration, and verification of OSPF. Sections:
s s s
s s s s s s s
Written Exercise: OSPF Operation Configuring OSPF in a Single Area Verifying OSPF Operation Summary Lab Exercise: Configuring OSPF for a Single Area Answers to Exercises Supplement AOSPF Single Area Configuration Examples
OSPF was written for large and growing networks. It allows you to segregate the Note internetwork into smaller areas. This chapter discusses how OSPF operates within an area and the next chapter, Interconnecting Multiple OSPF Areas, discusses how the areas interoperate with each other.
6-2
OSPF Overview
This section provides an overview of OSPF
What Is OSPF?
Has fast convergence Supports VLSM Has no hop count limitation Processes updates efficiently Selects paths based on bandwidth Supports equal-cost multipath
www.cisco.com
BSCN 6-4
What Is OSPF?
OSPF is a link-state technology, as opposed to a distance vector technology such as RIP. The OSPF protocol performs the two basic primary function of every routing protocol algorithm: path selection and path switching . OSPF was developed by the Internet Engineering Task Force (IETF) in 1988. The most recent version, known as OSPF version 2, is described in RFC 2328. OSPF is an Interior Gateway Protocol (IGP) which means that it distributes routing information between routers belonging to the same Autonomous System. OSPF was written to address the needs of large, scalable internetworks that RIP could not. The issues it addresses are as follows: s Speed of convergenceIn large networks, RIP convergence can take several minutes as the routing algorithm goes through a holddown and route-aging period. With OSPF, convergence is faster than with RIP because routing changes are flooded immediately and computed in parallel. s Support for Variable-Length Subnet Masks (VLSMs)RIP1 does not support VLSMs. OSPF supports subnet masking and VLSMs. (Note that RIP2 supports VLSMs.) s Network reachabilityA RIP network that spans more than 15 hops (15 routers) is considered unreachable. OSPF has virtually no reachability limitations. s Use of bandwidthRIP broadcasts full routing tables to all neighbors every 30 seconds, which is especially problematical over slow WAN links. OSPF multicasts link state updates and only sends the updates when there is a change in the network.
6-3
Method for path selectionRIP has no concept of network delays and link costs. Routing decisions are based purely on hop count, which could lead to suboptimal path selection in cases where a longer path (in terms of hop count) has a higher aggregate link bandwidth and shorter delays. OSPF uses a cost value, which is based on the speed of the connection. As with RIP and IGRP, OSPF also provides support for equal-cost multipath. Note that although OSPF was written for large networks, implementing it requires proper design and planning, which is especially important if your network has more than 50 routers.
s
6-4
OSPF Terminology
Autonomous System
Neighbors
Interfaces
DR
Area 1
Cost=1785
Cost=10
Token Ring
Area 0
BDR
Cost=6
www.cisco.com
BSCN 6-13
OSPF Terminology
This page introduces you to a variety of terms related to link-state technology and OSPF. The following are basic terms to get you started:
s
InterfaceThe connection between the router and one of its attached networks. An interface is sometimes referred to as a link in OSPF literature. Link stateThe status of a link between two routers, that is a routers interface and its relationship to its neighboring routers. CostThe value assigned to a link. Rather than hops, link-state protocols assign a cost to a link that is based on the speed of the media. A cost is associated with the output side of each router interface, referred to as Interface Output Cost. Autonomous SystemA group of routers exchanging routing information using a common routing protocol. AreaA collection of networks and routers that have the same area identification. Each router within an area has the same link-state information. A router within an area is an internal router. NeighborTwo routers that have interfaces on a common network. Neighbor relationship are usually discovered and maintained by the Hello protocol. HelloProtocol used by OSPF to establish and maintain neighbor relationship. Designated router (DR) and backup designated router (BDR)A router that is elected by all other routers on the same LAN to represent all the routers. Each network has a DR and BDR. These routers have special responsibilities that are discussed later in this chapter.
6-5
Neighborship list A listing of all the neighbors to which a router has established bi-directional communication. Not every pair of neighboring routers become adjacent. Link-state database, also known as a topological databaseA list of link-state entries of all other routers in the internetwork. It shows the internetwork topology. All routers within an area have identical link-state databases. The link-state database is pieced together from LSAs generated by routers Routing tableThe routing table (also known as forwarding database) generated when an algorithm is run on the link-state database. Each routers routing table is unique.
6-6
OSPF Operation
The following section discusses the operation of OSPF.
OSPF Topologies
Broadcast Multiaccess
Point-to-Point
NBMA
X.25
Frame Relay
www.cisco.com
BSCN 6-15
OSPF Topologies
OSPF can run over multi-access networks or over non-broadcast networks. The topology of a network has an impact on how adjacencies are created. Following are the different topologies found in OSPF and covered in this chapter.
Broadcast Multi-access networksNetworks supporting many (more than two) attached routers, together with the capability to address a single physical message to all of the attached routers (broadcast). An Ethernet segment is an example of a broadcast network. Point-to-point networksA network that joins a single pair of routers. A T1 dedicated serial line is an example of a point-to-point network. Non-broadcast Multi-access networksNetworks supporting many (more than two) routers, but having no broadcast capability. Frame Relay and X.25 are example of Non-Broadcast Multiaccess Networks (NBMA)
6-7
Neighborship
D E Hello
A
afadjfjorqpoeru 39547439070713
Hello
Router ID Hello/Dead Intervals Neighbors Area-ID Router Priority DR IP Address BDR IP Address Authentication Password Stub Area Flag
www.cisco.com
BSCN 6-17
Neighborship
Because OSPF routing is dependent on the status of a link between two routers, neighbor routers must recognize each other on the network before they can share information. This process is done using the Hello protocol. The Hello Protocol is responsible for establishing and maintaining neighbor relationships.. It ensures that the communication between neighbors is bi-directional, where a router sees itself listed in the Hello packet it received from a neighbor. Hello packets are sent periodically out of each interface participating in OSPF using IP multicast address 224.0.0.5. The information contained in a Hello packet is as follows: Router IDA 32-bit number which uniquely identifies the router within an Autonomous System. The highest IP address on an active interface is chosen by default, for example, IP address 131.108.13.5 would be chosen over 128.11.4.1. This identification is important in establishing neighbor relationships and coordinating messages between copies of the SPF algorithm running in the network. Also, the router ID is used to break ties during the DR and BDR election processes if the priority values are equal. (DR and BDR are discussed later.) Hello and dead intervalsThe hello interval specifies the frequency in seconds that a router sends hellos (ten-second default on multi-access
Copyright 1999, Cisco Systems, Inc. Configuring OSPF in a Single Area 6-8
networks). The dead interval is the time in seconds that a router waits to hear from a neighbor before declaring the neighbor router down (four times the hello interval by default). These timers must be the same on neighboring routers.
6-9
Neighborship (cont.)
D E Hello
A
afadjfjorqpoeru 39547439070713
Hello
Router ID Hello/Dead Intervals Neighbors Area-ID Router Priority DR IP Address BDR IP Address Authentication Password Stub Area Flag
www.cisco.com
BSCN 6-18
Neighborship (cont.)
NeighborsThe neighbors to which a bi-directional communication has been established. Bi-directional communication is indicated when the router sees itself listed in the neighbor's Hello Packet. (At this point, this field is empty.) Area-IDTo communicate, two routers must share a common segment and have their interfaces belong to the same area on that segment (also same subnet and mask). These routers will all have the same link-state information. Router Priority An 8-bit number that indicates the priority of this router when selecting a designated DR and BDR. DR and BDRIf known, the IP addresses of the DR and BDR for the specific network(covered in next section). Authentication passwordIf authentication is enabled, two routers must exchange the same password. Authentication does not have to be set, but if it is set, all peer routers must have the same password. Stub area flagA stub area is a special area that will be discussed in the next chapter. Two routers must agree on the stub area flag in the hello packets.
6-10
Neighborship (cont.)
A
172.68.5.1/24 E0 172.68.5.2/24 E1
Down State
Router B Neighbors List 172.68.5.1/24, int E1 I am router ID 172.68.5.2, and I see 172.68.5.1 Router A Neighbors List 172.68.5.2/24, int E0
Two-Way State
www.cisco.com
BSCN 6-22
Neighborship (cont.)
The exchange process, using the hello protocol, when all routers are coming up on the network at the same time, is as follows: 1. Router A is enabled on the LAN and is in a down state because it has not exchanged information with any other router. It begins by sending a hello packet through each of its interfaces participating in OSPF, even though it does not know the identity of the DR or of any other routers. The Hello packet is sent out using multicast address 224.0.0.5. 2. All routers running OSPF receive the hello packet from router A and add router A to their list of neighbors. This is the Init state. 3. All routers that received the packet send a unicast reply hello packet to router A with their corresponding information, as listed in step 1. The neighbor field includes all other neighboring routers, including router A. 4. When router A receives these packets, it adds all the routers that had its (router As) router ID in their packet to its own neighborship database. This is referred to as the two-way state. At this point, all routers that have each other in their list of neighbors have established bi-directional communication. 5. The routers determine who the DR and BDR will be. The DR and BDR election process is described in the next subsection, Electing the DR and BDR. This process must occur before routers can begin exchanging link-state information. Link-state exchanges are discussed in the Discovering Routes subsection. 6. Periodically (ten seconds by default) the routers within a network exchange hello packets to ensure communication is still working. The hello updates include the DR/BDR and the list of routers whose hello packets have been received by the router. Remember that received means that the receiving router saw its name as one of the entries in the received hello packet.
6-11 Building Scalable Cisco Networks Copyright 1999, Cisco Systems, Inc.
Establishing Adjacency
DR BDR
Hellos elect DR and BDR Each router forms adjacency with DR and BDR
www.cisco.com
BSCN 6-23
Establishing Adjacency
Adjacency refers to the relationship, which exists between a router and its DR/BDR. Adjacency is based upon the use of a common media segment, example, two routers connected on the same Ethernet segment. But prior to establishing a preferred When routers first come up on a network, they perform the hello process, as discussed in the previous sub-section. A router will then attempt to form adjacencies with some of its newly acquired neighbors. Routers must elect a DR and BDR to represent the network. The DR and BDR add value to the network in the following ways:
s
Reducing routing update trafficThe DR and BDR act as a central point of contact for link-state information exchange on a given network, therefore, each router must establish an adjacency with the DR/BDR. Instead of each router exchanging link-state information with every other router on the segment, each router sends the link-state information to the DR and BDR. The DR represents the multiaccess network in the sense that it sends each routers link-state information to all other routers in the network. This flooding process significantly reduces the router-related traffic on a segment. Manage link-state synchronizationThe DR and BDR assure that the other routers on the network have the same link-state information about the internetwork. In this way, the number of routing errors is reduced.
The BDR does not perform any DR functions when the DR is operating. Instead, it receives all information, but allows the DR to performs the forwarding and synchronization tasks. The BDR performs DR tasks only if the DR fails.
Once a DR/BDR is elected, then any router added to the network will go through Note the establishing adjacencies process only with the DR and BDR.
Copyright 1999, Cisco Systems, Inc. Configuring OSPF in a Single Area 6-12
DR
BDR
Hello
P=1
P=1
P=0
Hello packets exchanged via IP multicast Router with highest OSPF priority elected
1999, Cisco Systems, Inc.
www.cisco.com
BSCN 6-24
The router with the highest priority value is the DR. The router with the second highest priority value is the BDR. The default for the interface OSPF priority is 1. In case of a tie, the routers router ID is used. A router with a priority set to 0 is ineligible to become DR or BDR. If a router with a higher priority value gets added to the network, the DR and BDR do NOT change. The only time a DR or BDR will change is if one goes down. If the DR goes down, then the BDR takes over as the DR and a new BDR is elected. If the BDR goes down, a new BDR is elected. To determine if the DR is down, the BDR sets a timer. This is a reliability feature. If the BDR does not hear the DR forwarding link-state advertisements (LSAs) before the timer expires, then the BDR assumes the DR is out of service.
s s
In a multiaccess environment, each network segment will have its own DR and BDR. Therefore a router that is connected to multiple networks can be a DR on one segment and a regular router on another segment. How neighbors are perceived in other network topologies is discussed later on in this chapter.
6-13
Discovering Routes
E0 172.68.5.1
afadjfj orqpoeru 39547439070713
DR E0 172.68.5.3
Exstart State
Hello
Hello
afadjfj orqpoeru 39547439070713
DBD
DBD
1999, Cisco Systems, Inc.
Discovering Routes
Once the DR and BDR have been elected, the routers are considered to be in the Exstart state and are ready to discover the link-state information about the internetwork and create their link-state databases. The process used to discover the network routes is called the Exchange protocol, and is performed to get the routers to a Full state of communication. Once adjacent routers are in a Full state, they do not redo the exchange protocol unless the Full state changes. The exchange protocol operates as follows: 1. In the Exstart state, the DR and BDR establish adjacencies with each router in the network. During this process, a master-slave relationship is created between each router and its adjacent DR/BDR. The router that has the higher router ID acts as the master. Note that link-state information is exchanged and synchronized only between the DR/BDR and the routers to which they have established adjacencies because having the DR represent the network in this capacity reduces the amount of routing update traffic. 2. The master and slave routers exchange one or more database description packets (DBDs or DDPs), which is referred to as the Exchange state. A DBD includes the LSA entries that appear in the master routers link-state database. The entries can be about a link or about a network. Each LSA entry includes such things as a link-state type, the address of the advertising router, the cost of the link, and the sequence number. The sequence number is a routers way of determining the newness of the received link-state information. The sequence number used by the adjacent routers is the one defined by the master.
6-14
E0 172.68.5.3
afadjfj orqpoeru 39547439070713
LSAck
afadjfj orqpoeru 39547439070713
LSAck
LSR
LSU
www.cisco.com
BSCN 6-29
6-15
Choosing Routes
1.1.1.0/24 A
Token Ring
2.2.2.0/24 B
FDDI
3.3.3.0/24 C
www.cisco.com
BSCN 6-30
Choosing Routes
Once a router has a complete link-state database, it is ready to create its routing table so it can route traffic. Recall that distance vector protocols such as RIP select the best route to a destination based on a hop count metric. The Bellman-Ford algorithm is run to determine the routes with the lowest hop count. Link-state protocols use a cost metric to determine the best path to a destination. The default cost metric is based on media bandwidth. For example, 10-Mbps Ethernet has a lower cost than a 56kbps line because it is faster. To calculate the lowest cost to a destination, link-state protocols such as OSPF use the Dijkstra algorithm. Using its link-state database as input, a router runs the Dijkstra Algorithm, thus building its routing table step by step. In simple terms, the algorithm adds up the total costs between the local router (the root) and each destination network. If there are multiple paths to a destination, the lowest-cost path is preferred. But note that OSPF keeps up to six equal cost route entries in the routing table for load balancing. Sometimes a link, such as a serial line, will go up and down rapidly (called flapping), or a link-state change may affect another series of links. In these situations, a series of LSUs could be generated, which would cause routers to repeatedly recompute a new routing table. This flapping could be so serious that the routers would never converge. To minimize this problem, each time an LSU is received the router waits for a period of time before recalculating its routing table. The spf holdtime command was added to the Cisco IOS software to prevent routers from computing a new routing table after fewer than 10 seconds (default). Refer to the OSPF version 2 RFC 2328 for a detailed description of the Dijkstra algorithm.
6-16
Link-State Change
LSU
DR
A New Router
3
LSU
New router tells all OSPF DRs on 224.0.0.6 DR tells others on 224.0.0.5
1999, Cisco Systems, Inc.
www.cisco.com
BSCN 6-34
6-17
In a Cisco router, if a route already exists, the routing table is used simultaneously Note as the SPF is calculating. But if the SPF is calculating a new route, the use of the routing table occurs after the SPF calculation is complete.
6-18
Yes
Yes
Send LSAck to DR
Go to A
End
1999, Cisco Systems, Inc.
If the entry already exists and the received LSU has the same information, it ignores the LSA entry. If the entry already exists but the LSU includes new information, it sends an LSAck to the DR, adds the entry to its link state database, and updates its routing table. If the entry already exists but the LSU includes older information, it sends an LSU with its information.
Remember that there are different types of LSAs. In this chapter, the LSAs Note discussed are the router link LSA, which is an LSA about a link and its status, and the network LSA, which the DR sends out. The network LSA describes all the routers attached to a multiaccess segment. The next chapter will discuss other LSA types.
6-19
Point-to-Point Neighborship
Router dynamically detects its neighboring router using the Hello protocol No election: adjacency is automatic as soon as the two routers can communicate OSPF packets are always sent as multicast 224.0.0.5
1999, Cisco Systems, Inc.
www.cisco.com
BSCN 6-40
Point-to-Point Neighborship
A Point-to-point network joins a single pair of routers. A T1 serial line is an example of a point-to-point network. On point-to-point networks, the router dynamically detects its neighboring routers by sending its Hello packets to the multicast address AllSPFRouters, 224.0.0.0.5. On physical point-to-point networks, neighboring routers become adjacent whenever they can communicate directly. No election is performed. On physical point-to-point networks, the IP destination is always set to the multicast address AllSPFRouters, 224.0.0.5. On all other network types, the majority of OSPF packets are sent as unicasts, i.e., sent directly to the other end of the adjacency, sent as unicasts to the DR and BDR. It is possible to use IP unnumbered with OSPF. Usually, the IP source address is set to the address of the outgoing interface. Interfaces to unnumbered point-topoint networks have no associated IP address. On these interfaces, the IP source will be set to any of the other IP addresses belonging to the router.
6-20
NBMA Network
X.25
Frame Relay
Single interface interconnects multiple sites NBMA support multiple routers but without broadcasting capabilities
www.cisco.com
BSCN 6-42
NBMA Networks
When a single interface is used to interconnect multiple sites, you may have reachability issues because of the nonbroadcast multiaccess (NBMA) nature of Frame Relay and X.25. With Frame Relay running multiple PVCs over a single interface, the primary issue is with split horizon. NBMA networks are those networks that support many (more than two) routers, but have no broadcast capability, such as Frame Relay. For the purpose of our NBMA presentation, we will work with a Frame Relay environment. By default, a Frame Relay network provides NBMA connectivity between remote sites. NBMA connectivity means that although all locations can reach each other, depending on the topology, routing update broadcasts received by one router cannot be forwarded to all locations because Frame Relay networks use split horizon to reduce the number of routing loops.
6-21
Point-to-Multipoint
(Partial Mesh)
Point-to-Point
(Star (Hub and Spoke))
Reachability issues ?
1999, Cisco Systems, Inc.
www.cisco.com
BSCN 6-43
A star topology, also known as a hub-and-spoke configuration, is the most popular Frame Relay network topology. In this topology, remote sites are connected to a central site that generally provides a service or application. This is the least expensive topology because it requires the least number of PVCs. In this scenario, the central router provides a multipoint connection because it is typically using a single interface to interconnect multiple PVCs. In a full-mesh topology, all routers have virtual circuits to all other destinations. This method, although costly, provides direct connections from each site to all other sites and allows for redundancy. When one link goes down, a router at site A can reroute traffic through site C, for example. As the number of nodes in the full-mesh topology increases, the topology becomes increasingly more expensive. In a partial-mesh topology, not all sites have direct access to a central site.
6-22
Split-horizon
R1
Update
DLCI 51
S0 Central R2
DLCI 52 Split-Horizon
R3
DLCI 53
Routing updates are prevented from exiting the router interface through which the update was first learned
1999, Cisco Systems, Inc.
www.cisco.com
BSCN 6-44
Split-Horizon in NBMA
Split horizon reduces the number of routing loops by not allowing a routing update received on one interface to be forwarded through the same interface. As shown above, central routers interface S0 receives a routing update from router R1. Central router is connecting through three PVCs over a single interface. Split Horizon forbids Central router to send out updates via the same interface that it received them. Therefore, routers R2 and R3 will never receive the update.
6-23
www.cisco.com
BSCN 6-45
Nonbroadcast multiaccess (NBMA) - Simulates the operation of OSPF in a broadcast network. That is, the routers exchange update traffic to identify their neighbors and elect a designated router (DR)/ backup designated router (BDR). This configuration is usually seen in a fully meshed network. Some configuring is necessary on the router for this mode to work properly, which we will see later on in this chapter. The neighbor will have to be statically defined or they are broadcast.
Broadcasting is implemented by multiplicating packets in routers and individually sent to destination. This process is CPU and bandwidth intensive.
Point-to-multipoint - Treats the non- broadcast network as a collection of point-to-point links. Non-broadcast networks are referred to as NBMA networks or point-to-multipoint networks, depending on OSPF's mode of operation over the network. In this environment, the routers identify their neighbors but do not elect a DR/BDR. This configuration is used typically with partially meshed networks.
The OSPF point-to-multipoint mode is a numbered Point to point interface. This configuration is treated just like any other point to point physical interface. It can be either done under the serial interface itself (typically a point to point interface) or under a point to point subinterface. These point-to-point links operate as if you had a large number of leased lines. Remember though that each point-to-point links must be on its own separate subnet for IP addresses.
6-24
The choice of mode of operation between NBMA mode and point-to-multipoint mode, determines the way that the Hello protocol and flooding work over the nonbroadcast network.
6-25
Fully-meshed network Stability of network DR/BDR elected if more than two routers on the Frame Relay network RFC 2328 compliant
www.cisco.com
BSCN 6-46
Full Mesh: Requires all routers attached to the NBMA network to be able to communicate directly with each other. This restriction may be met on some non-broadcast networks, such as an ATM subnet utilizing SVCs, or Frame Relay, when using subinterfaces, but it is not met in fully-meshed Frame Relay networks. In Fully meshed (and to certain extent partially meshed) Frame Relay networks, the split horizon rule is used, therefore, anything received on a PVC over a given interface, cannot be sent out the same interface on which it was received, even if it is over another PVC, as explained earlier in this chapter. Stability of the network: Link-state routing protocols require that, for a multiaccess environment, neighbor adjacencies has been defined in order for routing updates to be exchanged. In OSPF, the designated router (DR) and backup designated router (BDR), assure that all the routers on the have the same link-state information regarding the internetwork. If the network is not
Configuring OSPF in a Single Area 6-26
stable, anytime a connection is compromised, routers noticing the link state change, multicast an update to the DR/BDR. DR will acknowledged the update and floods it to other routers. Further, any changes made to the link state database, will require the forwarding database to be recalculated, and thus burdening the router CPU. DR and BDR are elected when there are multiple devices (more than two) on the same segment. The intent is to prevent the segment from being overwhelmed with broadcast updates from all of the devices on that same segment. It does not, however, mean that broadcasts are limited to those devices. When a modification occurs the DR and BDR handle the change for that segment. The change is then flooded out into the area, which you will see in the next chapter. It is possible for the frame relay cloud to be its own area, therefore isolating its link state changes from the rest of the network. This however is not a rule and depends on the customers network and their provider. If you are using a single PVC on an interface, and that PVC goes down, the interface goes down. This means that a link failure would be recognized. If running OSPF over subinterfaces, however, if a subinterface goes down, the interface remains up, and therefore, the router does not reflect that there is a connectivity problem. On non-broadcast networks where not all routers can communicate directly, you can break the non-broadcast network into logical subnets, with the routers on each subnet being able to communicate directly. Then, each separate subnet can be run as an NBMA network or a point to point network if each virtual circuit is defined as a separate logical subnet. However, this setting requires quite a bit of administrative overhead, and is prone to misconfiguration. It is probably better to run such a non- broadcast network in point-to-multipoint mode.
6-27
Fully-meshed or partially meshed Static neighbor statement Unique IP subnet Duplicate LSA packets RFC 2328 compliant
www.cisco.com
BSCN 6-47
Does not require fully-meshed network - This environment allows for routing between two routers that are not directly connected, but are connected through a router that has virtual circuits to each. The router that interconnects the non-adjacent neighbors is the one configured for point-to-multipoint. The other routers, assuming that they only have connections to the target router, should be configured for point-to-point. If, however, a spoke router was interconnected to the hub router and another spoke router, then it would be configured as point-to-multipoint as well. Requires static neighbor configuration- In a broadcast network, a multicasted hello packet is used to identify the routers neighbors. In a pointto- multipoint, you must statically define neighbors using the neighbor command, particularly since not all routers are adjacent.
Using the neighbors command, you specify the neighbor by its IP address-number and modify, if necessary, the cost of the link to the neighbor. In a broadcast network, the cost of the link to each neighbor is
Configuring OSPF in a Single Area 6-28
equal, but in a point-to-multipoint, the cost can be statically configured to reflect the different bandwidths of each link.
s
Uses unique IP subnets - When using subinterfaces, it requires a unique subnet for each point-to-point connection- can use ip unnumbered for this. Duplicates LSA packet - When flooding out a non-broadcast interface (when either in NBMA or point-to- multipoint mode) the LSA update or LSA ACK packet is replicated in order to be sent to each of the interface's neighbors, as defined in the neighbors table.
6-29
www.cisco.com
BSCN 6-48
6-30
Adjacencies creation
Point-to-Point interfaces coming up: No election
%LINK-3-UPDOWN: Interface Serial1, changed state to up OSPF: Interface Serial1 going Up OSPF: Rcv hello from 192.168.0.11 area 0 from Serial1 10.1.1.2 OSPF: End of hello processing OSPF: Build router LSA for area 0, router ID 192.168.0.10 OSPF: Rcv DBD from 192.168.0.11 on Serial1 seq 0x20C4 opt 0x2 flag 0x7 len 32 state INIT OSPF: 2 Way Communication to 192.168.0.11 on Serial1, state 2WAY OSPF: Send DBD to 192.168.0.11 on Serial1 seq 0x167F opt 0x2 flag 0x7 len 32 OSPF: NBR Negotiation Done. We are the SLAVE OSPF: Send DBD to 192.168.0.11 on Serial1 seq 0x20C4 opt 0x2 flag 0x2 len 72
www.cisco.com
BSCN 6-49
Adjacencies creation
On this two debug output screen, you can see how no election is performed on a point-to-point network. The DBD are exchanged as soon as the two routers can communicate. On a Ethernet segment, an election takes place prior to any routing exchanges.
6-31
Cisco
Any
Cisco
www.cisco.com
BSCN 6-50
6-32
Written Exercise: OSPF Operation Objective: Explain why OSPF is better than RIP in a large internetwork. Objective: Explain how OSPF discovers, chooses, and maintains routes. Task: Answer the following questions. 1 List three reasons why OSPF operates better than RIP in a large internetwork. ______________________________________________________________ ______________________________________________________________ ______________________________________________________________
Identify when the exchange protocol and the flooding protocol are used, and describe how each operates. ______________________________________________________________ ______________________________________________________________ ______________________________________________________________ ______________________________________________________________
Write a brief description of the following: Internal router _________________________________________________ LSU ________________________________________________________
Match the term with the statement most closely describing it. Write the letter of the description next to the term. ____area ____Full state ____DR A) The router responsible for route synchronization. B) Indicates routers can route information. C) Indicates routers can discover link state information.
Name the two RFC-compliant modes for OSPF over Non-broadcast Multiaccess network:. ______________________________________________________________
6-33
______________________________________________________________ Name the two additional Cisco modes for OSPF over NBMA: ______________________________________________________________ ______________________________________________________________
6-34
Point-to-Point Network B
S0 10.2.1.2 10. 2.1.1 S1
<Output Omitted> interface Ethernet0 ip address 10.64.0.1 255.255.255.0 ! <Output Omitted> router ospf 1 network 10.0.0.0 0.255.255.255 area 0
<Output Omitted> interface Ethernet0 ip address 10.64.0.2 255.255.255.0 ! interface Serial0 ip address 10.2.1.2 255.255.255.0 <Output Omitted> router ospf 50 network 10.2.1.2 0.0.0.0 area 0 network 10.64.0.2 0.0.0.0 area 0
www.cisco.com
BSCN 6-53
process-idAn internally used number to identify if you have multiple OSPF processes running within a single router. The process-id need not match process-ids on other routers. Running multiple OSPF processes on the same router is not recommended because it creates multiple database instances that add extra overhead.
Step 2
Identify which IP networks on the router are part of the OSPF network. For each network, you must identify to what area the networks belong. The network value can vary in that it can be the network address supported by the router, or the specific interface addresses configured. The router knows how to interpret the address by comparing the address to the wildcard mask.
router(config-router)#network address wildcard-mask area area-id
Description Can be the network address, subnet, or the address of the interface. Instructs router to know which links to advertise, which links to listen to advertisements on, and what networks to advertise. An inverse mask used to determine how to read the address. The mask has wildcard bits where 0 is a match and 1 is dont care; for example, 0.0.255.255 indicates a match in the first two bytes.
Copyright 1999, Cisco Systems, Inc.
wildcard-mask
6-35
area area-id
If specifying the interface address, use mask 0.0.0.0. Specifies the area to be associated with the address. Can be a number or can be similar to an IP address A.B.C.D. For a single area, the ID must equal 0.
6-36
Router ID:
Number by which the router is known to OSPF Default: The largest IP address on an active interface at the moment of OSPF process startup Can be overridden by a loopback interface: highest
IP address of any active loopback interface
1999, Cisco Systems, Inc.
www.cisco.com
BSCN 6-54
The highest IP address used as the router ID can be overridden by configuring an IP address on a loopback interface. OSPF is more reliable if a loopback interface is configured because it is always active and cannot go down like a real interface. So it is recommended that you use the loopback address on all key routers, at least. If you plan to publish your loopback address with the network area command, make sure you use a private IP address. Note that a loopback address requires a different subnet for each router. Pros and cons exist in using a made-up or bogus address as opposed to using real subnet addresses. In addition to reliability, a bogus address saves on real IP addresses, but the address does not appear in the OSPF table, so it cannot be pinged. This decision represents a trade-off between the ease of debugging the network and conservation of address space. To determine the router ID of a router, type show ip ospf interface.
s
Modifying router priorityChanging the OSPF priority on an interface is done using the following interface command:
router(config-if)#ip ospf priority number (from 0 to 255)
6-37
Cisco
Router(config-if)#
Non-Cisco
Assigns a cost to an outgoing interface May be required for interoperability Use default cost between Cisco devices
www.cisco.com
BSCN 6-55
Modifying the link costOverride the default cost value assigned to an OSPF interface.
router(config-if)#ip ospf cost cost
costA number from 1 to 65535 that indicates the metric assigned to the interface. Path cost is the total of the costs assigned to all interfaces that forward traffic along the path to the destination. Ciscos OSPF default cost assignment is based on the bandwidth of the link. Other vendors might use a different mechanism to assign OSPF cost to a link, so you may have to change the default cost because all interfaces connected to the same link must agree on the links cost. In general, the path cost in Cisco routers is calculated using the formula:108/Bandwidth. Using this formula, the following are some example default costs: 56-kbps serial linkDefault cost is 1785 T1 (1.544-Mbps serial link)Default cost is 64 EthernetDefault cost is 10 16-Mbps Token RingDefault cost is 6
On serial lines, the default bandwidth is 1.544 Mbps. If the line is a slower speed, Note use the bandwidth command to specify the real link speed. The cost of the link will then change to correspond to the bandwidth you configured.
6-38
www.cisco.com
BSCN 6-56
Non-broadcast mode (RFC compliant) Point-to-Multipoint mode (RFC compliant) Broadcast mode (additional Cisco mode) Point-to-point mode (this mode is achieved through the subinterface point-to-point configuration) (additional Cisco mode)
The following command is used to specify the ospf network configuration (not necessarily the physical configuration): router(config-if)#ip ospf network {non-broadcast | point-tomultipoint | broadcast}
Ip ospf network Command Non-broadcast Point-to-multipoint Broadcast Description Sets the network type to non-broadcast Sets the network type to point-to-multipoint Sets the network type to broadcast
6-39
Non-broadcast mode by default, so no need for this command Neighbor statements necessary www.cisco.com
BSCN 6-57
Neighbor Command
Description Interface IP address of the neighbor (Optional) 8-bit number indicating the router priority value of the nonbroadcast neighbor associated with the IP address specified. The default is 0. This keyword does not apply to point-to-multipoint interfaces.
Ip address
Priority
Poll-interval
(Optional) Unsigned integer value reflecting the poll interval. RFC 1247 recommends that this value be much larger than the hello interval. The
Configuring OSPF in a Single Area 6-40
Cost
default is 120 seconds (2 minutes). This keyword does not apply to point-to-multipoint interfaces. (Optional) Assigns a cost to the neighbor, in the form of an integer from 1 to 65535. Neighbors with no specific cost configured will assume the cost of the interface, based on the ip ospf cost command. On point-to-multipoint interfaces, this is the only keyword and argument that make sense. This keyword does not apply to NBMA networks.
6-41
No need for DR and neighbor statements OSPF exchanges additional LSUs Can be done with Star topology
1999, Cisco Systems, Inc.
www.cisco.com
BSCN 6-58
6-42
www.cisco.com
BSCN 6-59
6-43
www.cisco.com
BSCN 6-60
multipoint point-to-point
6-44
show ip protocol
show ip route
BSCN 6-62
6-45
show ip ospf
www.cisco.com
BSCN 6-64
6-46
clear ip route *
debug ip ospf
Displays router interaction during the hello, exchange, and flooding processes
www.cisco.com
BSCN 6-69
6-47
R2#sh ip ospf int e0 Ethernet0 is up, line protocol is up Internet Address 192.168.0.12/24, Area 0 Process ID 1, Router ID 192.168.0.12, Network Type BROADCAST, Cost: 10 Transmit Delay is 1 sec, State DROTHER, Priority 1 Designated Router (ID) 192.168.0.11, Interface address 192.168.0.11 Backup Designated router (ID) 192.168.0.13, Interface address 192.168.0.13 Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 Hello due in 00:00:04 Neighbor Count is 3, Adjacent neighbor count is 2 Adjacent with neighbor 192.168.0.13 (Backup Designated Router) Adjacent with neighbor 192.168.0.11 (Designated Router) Suppress hello for 0 neighbor(s)
www.cisco.com
BSCN 6-63
Type Number
6-48
Neighbor ID 192.168.0.11
Interface Serial1
www.cisco.com
BSCN 6-65
Description
(optional) Interface type (Optional) Interface number (Optional) Neighbors ID. (Optional) Displays all neighbors given in detail (list all neighbors).
6-49
Pri State Dead Time Address 1 FULL/DROTHER 0:01:56 10.1.1.2 0 FULL/DROTHER 0:01:34 10.1.1.3 1 FULL/BDR 0:01:56 10.1.1.1
OSPF over Frame Relay - Non-broadcast mode using the neighbor command
www.cisco.com
BSCN 6-66
6-50
Pri 1 1 1
State Dead Time Address Interface FULL/DR 00:00:30 10.1.1.4 Serial0 FULL/DROTHER 00:00:36 10.1.1.3 Serial0 FULL/DROTHER 00:00:39 10.1.1.2 Serial0
www.cisco.com
BSCN 6-67
6-51
Router Link States (Area 0) Link ID ADV Router 192.168.0.10 192.168.0.10 192.168.0.11 192.168.0.11 192.168.0.12 192.168.0.12 192.168.0.13 192.168.0.13 192.168.0.14 192.168.0.14 Age 817 817 816 816 817 Seq# Checksum Link count 0x80000003 0xFF56 1 0x80000003 0xFD55 1 0x80000003 0xFB54 1 0x80000003 0xF953 1 0x80000003 0xD990 1
Net Link States (Area 0) Link ID ADV Router Age 192.168.0.14 192.168.0.14 812 Seq# Checksum 0x80000002 0x4AC8
www.cisco.com
BSCN 6-68
6-52
www.cisco.com
BSCN 6-70
6-53
Summary
OSPF is a scalable, standards-based linkstate routing protocol Link-state protocol OSPF benefits include:
No hop count limit Mulitcasts routing updates Faster convergence Better path selection
www.cisco.com
BSCN 6-71
Summary
6-54
Process ID = 109
Area 0
Area 0 Process ID = 31 Frame Relay Area 0 Process ID = 63
Point-to-Point
PID = 16
PID = 19
www.cisco.com
BSCN 6-73
Which router should be the DR/BDR? Should I use the priority command? For NBMA, what would be the advantages and disadvantages of each of the following mode in terms of IP subnet addresses and how would the adjacency be done:
If my router is running two separate OSPF Process, do I wish to redistribute the routes learned on one ID to the next Process ID? (Redistribution will be discussed later in the course).
6-55
Match the term with the statement most closely describing it. Write the letter of the description next to the term. ___D ___B ___A area Full state DR A) The router responsible for route synchronization. B) Indicates routers can route information. C) Indicates routers can discover link state information.
Configuring OSPF in a Single Area 6-56
___C
Name the two RFC-compliant modes for OSPF over Non-broadcast Multiaccess network:. Non-broadcast Point-to-Multipoint Name the two additional Cisco modes for OSPF over NBMA: Broadcast Point-to-point
6-57
6-58
Objectives
Upon completion of this chapter, you will be able to perform the following tasks:
Describe the issues with interconnecting multiple areas and how OSPF addresses each Explain the differences between the possible types of areas, routers, and LSAs Configure a multiarea OSPF network Configure area as Stubby, Totally Stubby and Not-so-stubby-area Verify OSPF operation
1999, Cisco Systems, Inc.
www.cisco.com
BSCN7-2
Objectives
This chapter covers the use, operation, configuration, and verification of OSPF. Sections:
s s s s s s s s s s s s
Objectives Creating Multiple OSPF Areas OSPF Operation across Multiple Areas Written Exercise: OSPF Operation across Multiple Areas Using and Configuring OSPF Multiarea Components Verifying OSPF Operation Summary Lab Exercise: Configuring a Multiarea Network Answers to Exercises Supplement AOSPF Multiarea Configuration Examples Supplement BVirtual Links Overview Supplement CNot-So-Stubby Areas (NSSA) Overview
7-2
www.cisco.com
BSCN7-4
Frequent SPF calculationsWith such a large network, network changes are inevitable, so the routers would have to spend many more CPU cycles recalculating the routing table. Large routing tableEach router would need to maintain at least one entry for every network, that is, at least 400 networks. And assuming that there were multiple paths to 25 percent of the networks, then that is another 100 entries. Large link-state tableBecause the link-state table includes the complete topology of the network, each router would need to maintain an entry for every network in the area, even of the routes not selected for the routing table.
It is because of these kinds of issues that OSPF was written to allow large areas to be separated into smaller, more manageable areas that can still exchange routing information.
7-3
Area 1
Area 2
Autonomous System
www.cisco.com
BSCN7-5
Reduced frequency of SPF calculationsBecause detailed route information is kept within each area, it is not necessary to flood all link-state changes to all other areas. Thus, not all routers need to run the SPF calculation, only those affected by the change. Smaller routing tablesWhen using multiple areas, detailed route entries for specific networks within an area are kept in the area. Instead of advertising these explicit routes outside the area, you can have the routes summarized into one or more summary addresses. Advertising these summaries reduces the amount of LSAs propagated between areas, but keeps all networks reachable. Reduced LSU overheadLSUs can contain a variety of LSA types, including link-state information and summary information. Rather than send an LSU about each network within an area, you can advertise a single or fewer summarized routes between areas to reduce the overhead associated with linkstate updates when they are crossing areas.
7-4
Area 0 I am a backbone.
Internal
Type 1
afadjfjorqpoeru 39547439070713
Type 2
Area 1 I am standard.
ABR
afadjfjorqpoeru 39547439070713
Type 3/4
Area 2 I am a stub.
ASBR
afadjfjorqpoeru 39547439070713
Type 5
Backbone
1999, Cisco Systems, Inc.
www.cisco.com
BSCN7-6
7-5
Internal Routers ASBR and Backbone Router ABR and Backbone Router
External AS
www.cisco.com
BSCN7-11
Internal routerAs already discussed, routers that have all interfaces in the same area are internal routers. Internal routers within the same area have identical link-state databases and run a single copy of the routing algorithm. Backbone routersRouters that sit on the perimeter of the backbone area. They have at least one interface connected to area 0.These routers maintain OSPF routing information using the same procedures and algorithms as internal routers. Area Border Router (ABR)Routers that have interfaces attached to multiple areas. These routers maintain separate link-state databases for each area to which they are connected, and route traffic destined for or arriving from other areas. ABRs are exit points for the area, which means routing information destined for another area can only get there via the local areas ABR. ABRs summarize information from their link-state databases of their attached areas and distribute the information into the backbone. The backbone ABRs then forward the information to all other connected areas. An area can have one or more ABR. Autonomous System Boundary Router (ASBR)Routers that have at least one interface into an external internetwork (another autonomous system), such as a non-OSPF network. These routers can import (referred to as redistribution) non-OSPF network information to the OSPF network, and visa versa.
A router can be more than one router type. For example, if a router interconnects to area 0 and area 1, as well as to a non-OSPF network, it would be both an ABR and ASBR.
Copyright 1999, Cisco Systems, Inc.
7-6
A router has a separate link-state database for each area it is connected to. Therefore, a ABR would have a link-state database for Area 0 and another linkstate database for the other area it participates to. Two routers belonging to the same area have, for that one area, identical area link-state databases. Also, remember that Link-state databases are synchronized between pairs of adjacent routers, meaning that it is synchronized between a router and its DR/BDR
7-7
Area 0
Network Router
ABR
External
ASBR
External AS
Summary
p1r3#show ip ospf database OSPF Router with ID (10.64.0.1) (Process ID 1) Router Link States (Area 1) ADV Router Age Seq# Checksum Link count 10.1.2.1 651 0x80000005 0xD482 4 Net Link States (Area 1) ADV Router Age 10.64.0.1 538
Link ID 10.1.2.1
Link ID 10.64.0.1
Link ID 10.2.1.0
1999, Cisco Systems, Inc.
Summary Net Link States (Area 1) ADV Router Age Seq# Checksum 10.2.1.2 439 0x80000002 0xE6F8
www.cisco.com
BSCN7-12
7-8
LSA Type 1
Name
Description
Generated by each router for each area it belongs to. It describes the states of the router's link to the area. These are only flooded within a particular area. The link status and cost are two of the descriptors provided. Generated by DRs in multiaccess networks. They describe the set of routers attached to a particular network. Flooded within the area that contains the network only. Originated by ABRs. Describes the links between the ABR and the internal routers of a local area. These entries are flooded throughout the backbone area to the other ABRs. Type-3 describes routes to networks within the local area and are sent to the backbone area. Type-4 describes reachability to ASBRs. These link entries are not flooded through totally stubby areas. Originated by the ASBR. Describes routes to destinations external to the autonomous system. Flooded throughout an OSPF autonomous system except for stub and totally stubby areas.
3 or 4
Autonomous system external link entry (E1-OSPF external type-1) (E2-OSPF external type-2)
All LSA types, except the AS-external-LSAs (LS type = 5), are flooded throughout Note a single area only.
7-9
Area 0
E1
R5
10
R4
10
R3
E1
10
R1
1785 1785 R 5s Cost to: AS1 (E1) via R1 = 1815 AS1 (E1) via R3 = 1805 AS1 R 3s Cost to: AS1 (E1) via R1 = 1795 AS1 (E1) via R3 = 1785
www.cisco.com
BSCN7-14
Calculating the cost for summary routes The cost of a summary route is the smallest cost of a given interarea route that appears in the summary plus the cost of the ABR link to the backbone. So if the ABR link to the backbone was 50, and the summary router had two interarea routes, one at cost 49 and the other at cost 50, the total cost associated with the summary route would be 99. This calculation is done automatically for each summary route.
Calculating the cost of external routes The cost of an external route differs depending on the external type configured on the ASBR. You configure the router to generate one of the following external packet types: Type-1 (E1)If a packet is an E1, then the metric is calculated by adding the external cost to the internal cost of each link the packet crosses. Use this packet type when you have multiple ASBRs advertise a route to the same autonomous system. Type-2 (E2)(The default.) If a packet is an E2, then the packet will always have the external cost assigned, no matter where in the area it crosses. Use this packet type if only one router is advertising a route to the autonomous system. Type-2 routes are preferred over type-1 routes unless two same-cost routes exist to the destination.
When different routing protocols exchange routing information, it is referred to as Note redistribution. Redistribution is discussed in the Optimizing Routing Update Operation chapter.
7-10
Types of Areas
Stub Area Backbone Area 0 Totally Stubby Area
Types of Areas
The characteristics you assign an area controls the type of route information that it can receive. The area types possible are as follows:
s
Standard areaAn area that operates as discussed in the Configuring OSPF chapter. This area can accept link updates and route summaries. Backbone area (transit area)When interconnecting multiple areas, the backbone area is the central entity to which all other areas connect. The backbone area is always labeled 0. All other areas must connect to this area in order to exchange and route information. The OSPF backbone has all of the properties of a standard OSPF area. Stub areaRefers to an area that does not accept information about routes external to the autonomous system (that is, the OSPF internetwork) such as routes from non-OSPF sources. If routers need to route to networks outside the autonomous system, they use a default route. A default route is noted as 0.0.0.0. Totally stubby areaAn area that does not accept external autonomous system (AS) routes and summary routes from other areas internal to the autonomous system. Instead, if the router needs to send a packet to a network external to the area, it sends it using a default route.
The following page shows example routing tables for some of the area types listed.
7-11
7-12
Area 0
ABR2 Internal
Data
To Destination Network
To ABR1
To Backbone To ABR2
www.cisco.com
BSCN7-21
If the packet is destined for a network within an area, then it is forwarded from the internal router, through the area to the destination internal router. If the packet is destined for a network outside the area, it must go through the following path: The packet goes from the source network to an ABR. The ABR sends the packet through the backbone area to the ABR of the destination network. All packets must cross the backbone when being forwarded from one area to another.
7-13
The destination ABR then forwards the packet through the area to the destination network.
7-14
Type 1
Type 3
Type 3
Type 5
Ty
pe 5
Default
www.cisco.com
BSCN7-24
Area 1
Area 0
Area 1
RIP
www.cisco.com
BSCN7-25
7-16
Virtual Link
Area 1 Area 2
Area 3
Transit Area
Backbone center of communication Virtual links provide path to backbone Avoid configuring virtual links if possible
1999, Cisco Systems, Inc.
www.cisco.com
BSCN7-27
It must be established between two routers that share a common area. One of these two routers must be connected to the backbone.
When virtual links are used, they require special processing during the SPF calculation. That is, the real next hop router must be determined so the true cost to get to a destination across the backbone can be calculated.
7-17
Transit Area
Area 2
Area 0 Area 3
Area 0
www.cisco.com
BSCN7-28
Linking an area that does not have a physical connection to the backbone. This linking could occur when two organizations merge, for example. Patching the backbone in case discontinuity of area 0 occurs.
The graphic illustrates the second purpose. Discontinuity of the backbone might occur if, for example, two companies, each running OSPF, are trying to merge the two separate networks into one with a common area 0. The alternative would be to redesign the entire OSPF network and create a unified backbone. Another reason for creating a virtual link is to add redundancy in cases where a router failure causes the backbone to be split into two. In the graphic, the disconnected area 0s are linked via a virtual link through the common area 3. If a common area does not already exist, one can be created to become the transit area. For adjacency purposes, OSPF treats two routers joined by a virtual-links if they were connected by an unnumbered point-to-point backbone network.
7-18
Describe the path a packet must take in order to get from one area to another. ______________________________________________________________ ______________________________________________________________
7-19
ABR B
S0 10.2.1.2
Area 1
10. 2.1.1 S1
<Output Omitted> interface Ethernet0 ip address 10.64.0.1 255.255.255.0 ! <Output Omitted> router ospf 77 network 10.0.0.0 0.255.255.255 area 0
<Output Omitted> interface Ethernet0 ip address 10.64.0.2 255.255.255.0 ! interface Serial0 ip address 10.2.1.2 255.255.255.0 <Output Omitted> router ospf 50 network 10.2.1.2 0.0.0.0 area 1 network 10.64.0.2 0.0.0.0 area 0
www.cisco.com
BSCN7-31
Step 2
Identify which IP networks on the router are part of the OSPF network. For each network, you must identify what area the network belongs to. When configuring multiple OSPF areas, make sure to associate the correct network addresses with the desired area ID, as shown in the graphic.
router(config-router)#network address wildcard-mask area area-id
Step 3
(Optional) If the router has at least one interface connected into a nonOSPF network, perform the proper configuration steps. At this point the router will be acting as an ASBR. How the router exchanges (redistributes) non-OSPF route information with the other OSPF routers is discussed in the Optimizing Routing Update Operation chapter.
7-20
Refer to the Configuring OSPF for a Single Area chapter for details about basic Note OSPF configuration commands.
7-21
ABR1
ASBR
BBone
ABR2
Internal
Summary
Summary
Summary
Default
afadjfj orqpoeru 39547439070713
Default
External
External
Default
www.cisco.com
BSCN7-32
Configuring a stub area reduces the size of the link-state database inside an area and as a result reduces the memory requirements of routers inside that area. External networks (type-5 LSAs), such as those redistributed from other protocols into OSPF, are not allowed to be flooded into a stub area. Routing from these areas to the outside world is based on a default route (0.0.0.0). A default route means that if a packet is addressed to a network that is NOT in an internal routers route table, the router automatically forwards the packet to the ABR that sent a 0.0.0.0 LSA, which allows routers within the stub to reduce the size of their routing tables because a single default route replaces the many external routes. A stub area is typically created when you have a hub and spoke topology, with the spoke being the stub area, such as a branch office. In this case, the branch office does not need to know about every network at the headquarters site, instead it can use a default route to get there.
To further reduce the number of routes in a table, you can create a totally stubby area, which is a Cisco-specific feature. A totally stubby area is a stub area that blocks external type-5 LSAs and summary (type 3/4) LSAs (interarea routes) from going into the area. This way, intra-area routes and the default of 0.0.0.0 are the only routes known to the stub area. ABRs inject the default summary link 0.0.0.0 into the totally stubby area. Each router picks the closest ABR as a gateway to everything outside the area. Totally stubby areas further minimize routing information (as compared to stub areas) and increase stability and scalability of OSPF internetworks. This
7-22
is typically a better solution than creating stub areas, unless the target area uses a mix of Cisco and non-Cisco routers.
7-23
X
External AS
Typically single exit point into area, if multiple exit points, suboptimal paths may be selected An ASBR cannot be internal to stub Area is not the backbone Area 0
1999, Cisco Systems, Inc.
www.cisco.com
BSCN7-33
There is a single exit point from that area, or if there are multiple exits (ABRs), routing to outside of the area does not have to take an optimal path. If the area has multiple exits, one or more ABR will inject a default into the stub area. In this situation, routing to other areas or autonomous systems could take a suboptimal path in reaching the destination by going out of the area via an exit point that is farther to the destination than other exit points. All OSPF routers inside the stub area (ABRs and internal routers) are configured as stub routers so that they will become neighbors and exchange routing information. The configuration commands for creating stub networks are covered later in this chapter. The area is not needed as a transit area for virtual links. (Virtual links are discussed in Supplement B at the end of this chapter.) No ASBR is internal to the stub area. The area is not the backbone area (area 0).
s s
These restrictions are made because a stub/totally stubby area is mainly configured not to carry external routes, and any of the situations described cause external links to be injected in that area.
7-24
www.cisco.com
BSCN7-34
Configure OSPF, as described in the Configuring OSPF ABRs section. Define an area as stub/totally stubby by adding this command to ALL routers within the area:
router(config-router)#area area-id stub [no summary]
Description Identifier for the stub/totally stubby area. The identifier can be either a decimal value or an IP address. (Only for ABRs connected to totally stubby areas.) Prevents an ABR from sending summary link advertisements into the stub area. Use this option for creating a totally stubby area.
no-summary
Step 3
(Optional. for ABRs only) Define the cost of the default route that is injected in the stub/totally stubby area.
7-25
192.168.15.1 S0 192.168.15.2 S0
R4
Area 0
Stub Area 2
R3# interface Ethernet 0 ip address 192.168.14.1 255.255.255.0 interface Serial 0 ip address 192.168.15.1 255.255.255.252 router ospf 100 network 192.168.14.0 0.0.0.255 area 0 network 192.168.15.0 0.0.0.255 area 2 area 2 stub
1999, Cisco Systems, Inc.
R4# interface Serial 0 ip address 192.168.15.2 255.255.255.252 router ospf 15 network 192.168.15.0 0.0.0.255 area 2 area 2 stub
www.cisco.com
BSCN7-35
Description Identifier for the stub area. The identifier can be either a decimal value or an IP address. Cost for the default summary route used for a stub/totally stubby area. The acceptable value is a 24-bit number. The default cost is 1.
7-26
Area 0
192.168.15.1 S0 192.168.15.2 S0
R4
R3# router ospf 100 network 192.168.14.0 0.0.0.255 area 0 network 192.168.15.0 0.0.0.255 area 2 area 2 stub no-summary
www.cisco.com
BSCN7-36
7-27
NSSA Overview
NSSA 1
4 3
10.10.0.0/16 10.11.0.0/16 20.0.0.0/8
Type-5
10.10.0.0/16 10.11.0.0/16 20.0.0.0/8 RIP or EIGRP 1 10.10.0.0/16 10.11.0.0/16 20.0.0.0/8 Branch Office
Type-7
External AS
A
19.2 kbps 172.19.92.0
www.cisco.com
BSCN7-37
It is at this point that router B could have summarized routes 10.10.0.0/16 and 10.11.0.0/16 as 10.0.0.0/8, or could have filtered one or more of the routes.
Copyright 1999, Cisco Systems, Inc. Interconnecting Multiple OSPF Areas 7-28
Configuring NSSA
router ospf 1 redistribute rip subnets network 172.19.92.0.0.0.255 area 1 area 1 nssa ! router ospf 1 summary-address 10.0.0.0.255.0.0.0 tag 8 network 172.19.89.0.0.0.255 area 0 network 172.19.92.0.0.0.255 area 1 area 1 nssa !
172.19.92.0/24 RIP or EIGRP 10.10.0.0/16 10.11.0.0/16 20.0.0/8 NSSA1 A 19.2kbps 200.0.0.62 Router ID B Backbone Area 0 172.19.88.0/24
200.0.0.63 Router ID
www.cisco.com
BSCN7-38
Configuring NSSA
The steps used to configure OSPF NSSA are as follows:
Step 1
On the ABR connected to the NSSA, configure OSPF, as described in the Configuring OSPF ABRs section. Configure an area as NSSA.
router(config-router)#area area-id nssa
Step 2
Every router within the same area must agree that the area is NSSA, otherwise the routers will not be able to communicate with each other. Therefore, configure this command on every router in the NSSA area.
Step 3
(Optional) Control the summarization or filtering during the translation. The example shows how router B will summarize routes using the following command:
router(config-router)#summary-address address mask prefix mask [notadvertise]
The redistribute command shown in the graphic instructs the router to import RIP Note packets into the OSPF network. Redistribution is discussed in detail in the Optimizing Routing Update Operation chapter.
7-29
www.cisco.com
BSCN7-39
7-30
Area 2 Area 3
www.cisco.com
Area 4
BSCN7-40
7-31
x
Minimizes number of routing table entries Localizes impact of a topology change
www.cisco.com
BSCN7-41
Interarea route summarizationInterarea route summarization is done on ABRs and applies to routes from within each area. It does not apply to external routes injected into OSPF via redistribution. In order to take advantage of summarization, network numbers within areas should be assigned in a contiguous way so as to be able to consolidate these addresses into one range. This graphic illustrates where interarea summarization occurs. External route summarizationExternal route summarization is specific to external routes that are injected into OSPF via redistribution. Here again, it is important to ensure that external address ranges that are being summarized are contiguous. Summarization overlapping ranges from two different routers could cause packets to be sent to the wrong destination. Only ASBRs can summarize external routes. These types of routes cannot be summarized by any other router type.
7-32
Supporting VLSM
Hierarchical Addressing Scheme Efficient Route Summarization Reduces LSAs Save CPU
www.cisco.com
BSCN7-42
Supporting VLSM
Because OSPF supports variable-length subnet masking (VLSM), you can really develop a true hierarchical addressing scheme. This hierarchical addressing results in very efficient summarization of routes throughout the network. The operation and benefits of route summarization have been discussed in a previous chapter. At this point though, you should realize the importance of proper summarization in a network. Not using summarization, every specific-link LSA will be propagated into the OSPF backbone and beyond, causing unnecessary network traffic and router overhead. Whenever an LSA is sent, all affected OSPF routers will have to recompute their LSA database and routes using the SPF algorithm. OSPF will provide some added benefits if you design the network with summarization. For example, only summary-link LSAs will propagate into the backbone (area 0). This is very important because it prevents every router from having to rerun the SPF algorithm, increases the network's stability, and reduces unnecessary traffic. OSPF can carry multiple subnet information for the same major network, but other protocols such as RIP and IGRP cannot. Discontiguous subnets are supported by OSPF because subnets masks are part of the link-state database. If the same major network crosses the boundaries of an OSPF and RIP domain, VLSM information redistributed into RIP or IGRP will be lost and static routes will have to be configured in the RIP or IGRP domains.
7-33
ABR
B
Area 0
C
Interarea (IA) summary link carries mask One entry can represent several subnets
www.cisco.com
BSCN7-43
Refer to the Extending IP Addresses Using VLSMs chapter for details on Note summarization.
7-34
www.cisco.com
BSCN7-44
Configure OSPF as discussed in the Configuring OSPF ABRs section. Instruct the ABR to summarize routes for a specific area before injecting them into a different area.
router(config-router)#area area-id range address mask
Description Identifier of the area about which routes are to be summarized. Summary address designated for a range of addresses. IP subnet mask used for the summary route.
Configure OSPF, as discussed in the Configuring OSPF ABRs section. Instruct the ASBR to summarize external routes before injecting them into the OSPF domain.
router(config-router)#summary-address address mask
Description Summary address designated for a range of addresses. IP subnet mask used for the summary route.
Copyright 1999, Cisco Systems, Inc.
172.16.64.1
Area 1
R1# router ospf 100 network 172.16.32.1 0.0.0.0 area 1 network 172.16.96.1 0.0.0.0 area 0 area 0 range 172.16.96.0 255.255.224.0 area 1 range 172.16.32.0 255.255.224.0
Area 2
R2# router ospf 100 network 172.16.64.1 0.0.0.0 area 2 network 172.16.127.1 0.0.0.0 area 0 area 0 range 172.16.96.0 255.255.224.0 area 2 range 172.16.64.0 255.255.224.0
www.cisco.com
BSCN7-45
area 0 range 172.16.96.0 255.255.224.0Identifies area 0 as the area containing the range of networks to be summarized into area 1. The ABR R1 is summarizing the range of subnets from 172.16.96.0 to 172.16.127.0 into one range: 172.16.96.0 255.255.224.0. This summarization is achieved by masking the first three left-most bits of subnet 96 using the mask 255.255.224.0. This summarization was successful because we are summarizing two distinct subnet ranges into the backbone: 32 to 63 and 64 to 95.
area 1 range 172.16.32.0 255.255.224.0Identifies area 1 as the area containing the range of networks to be summarized into area 0. The ABR R1 is summarizing the range of subnets from 172.16.32.0 to 172.16.63.0 into one range: 172.16.32.0 255.255.224.0.
The configuration on the right works exactly the same way. Note that, depending on your network topology, you may not want to summarize area 0 networks. For example, if you have more that one ABR between an area and the backbone area, sending a summary LSA with the explicit network information will ensure that the shortest path is selected. If you summarize the addresses, a suboptimal path selection may occur.
7-36
www.cisco.com
BSCN7-46
Configure OSPF, as described in the Configuring OSPF ABRs section. On each router that will make the virtual link, create the virtual link. The routers that make the links are the ABR that connects the remote area to the transit area and the ABR that connects the transit area to the backbone area.
router(config-router)#area area-id virtual-link router-id
Description Area ID assigned to the transit area for the virtual link (decimal or dotted-decimal format). There is no default. Router ID of the virtual link neighbor.
router-id
If you do not know the neighbors router ID, you can Telnet to it and type the show ip ospf command.
7-37
Area 1
Router ID 10.7.20.123
R1
Token Ring
R2
Area 0
Area 3 R2: router ospf 63 network 10.3.0.0 0.0.0.255 area 1 network 10.7.0.0 0.0.0.255 area 3 area 1 virtual-link 10.3.10.5 R1: router ospf 100 network 10.2.3.0 0.0.0.255 area 0 network 10.3.2.0 0.0.0.255 area 1 area 1 virtual-link 10.7.20.123
www.cisco.com
BSCN7-47
R2: area 1 virtual-link 10.3.10.5With this command, area 1 is defined to be the transit area and the router ID of the other side of the virtual link is configured.
R1: area 1 virtual-link 10.7.20.123With this command, area 1 is defined to be the transit area and the router ID of the other side of the virtual link is configured.
7-38
www.cisco.com
BSCN7-49
show ip ospf border-routersDisplays the internal OSPF routing table entries to an ABR. show ip ospf virtual-linksDisplays parameters about the current state of OSPF virtual links. show ip ospf process-idDisplays information about each area to which the router is connected, and indicates if the router is an ABR, ASBR, or both. show ip ospf databaseDisplays the contents of the topological database maintained by the router. Several keywords can be used with this command to get specific information about links: show ip ospf [process-id area-id] database [network]Displays network link-state information. show ip ospf [process-id area-id] database [summary]Displays summary information about router link states. show ip ospf [process-id area-id] database [asbr-summary]Displays information about ASBR link-states. show ip ospf [process-id area-id] database [external]Displays information about autonomous system external link states.
7-39
show ip ospf [process-id area-id] database [database-summary] Displays database summary information and totals. The Configuring a Mutliarea Network lab exercise covers these commands in more detail.
7-40
Summary
OSPF components that make it useful in a large internetwork include:
Various types of areas including stub, totally stubby, and transit Various types of routers including ABRs and ASBRs Various types of link-state advertisements
www.cisco.com
BSCN7-50
Summary
7-41
Case Study
Following is a case study related to OSPF.
FDDI
Area 16
www.cisco.com
BSCN7-52
Hierarchical topology: Core Router, Distribution router, Access Router. The benefits of hierarchical network include:
Route summarization
Be sure that your network addressing scheme is configured so that the range of subnets assigned within an area is contiguous. Create an address space that will permit you to split areas easily as your network grows.
7-42
Plan ahead for the addition of new routers to your OSPF environment
DR/BDR functionality: Any device running OSPF is eligible to become the DR or BDR. NBMA issues: Due to the lack of broadcast capability, some configuration information may be necessary to aid in the discovery of neighbors Ease of configuration: Simplicity in the topology will translate in simplicity of management
7-43
An internal router will receive type-5 LSAs if it is what type of area? If it is an area that is NOT configured for stubby or totally stubby.
What area types are connected to the backbone area? All area types are connected to the backbone.
The backbone must be configured as what area? The backbone area must always be area 0.
LSA Type 1
Generated by each router for each area it belongs to. It describes the states of the routers link to the area. These are only flooded within a particular area. The link status and cost are two of the descriptors provided. Generated by DRs in multiaccess networks. They describe the set of routers attached to a particular network. Flooded within the area that contains the network only. Originated by ABRs. Describes the links between the ABR and the internal routers of a local area. These entries are flooded throughout the backbone area to the other ABRs. Type-3 describes routes to networks within the local area that are sent to the backbone area. Type-4 describes routes from the ABR to the ASBR. These link entries are not flooded through totally stubby areas. Originated by the ASBR. Describes routes to destinations external to the autonomous system. Flooded throughout an OSPF autonomous system except for stub and totally stubby areas.
3 or 4
Autonomous system external link entry (E1-OSPF external type-1) (E2-OSPF external type-2)
7-44
Describe the path a packet must take in order to get from one area to another. The packet must go through the interarea, through the ABR, through the backbone area, through the next ABR, and then through the internal routers to its final destination.
When is a default route injected into an area? When the area is configured for stub or totally stubby.
7-45
Configuring EIGRP
Objectives
Objectives
Upon completion of this chapter, you will be able to perform the following tasks:
Describe Enhanced IGRP features and operation Configure Enhanced IGRP Describe Enhanced IGRPs usage in scalable internetworks Verify Enhanced IGRP operation
www.cisco.com
BSCN8-2
Objectives
This chapter presents Enhanced IGRP configuration. Sections:
s s s s s s s s s s s
Objectives Enhanced IGRP Overview Enhanced IGRP Operation Written Exercise: EIGRP Overview Configuring EIGRP Using EIGRP in Scalable Internetworks Verifying Enhanced IGRP Operation Summary Case Study Enhanced IGRP Lab Exercise: Configuring EIGRP Answers to Exercises
Configuring EIGRP
8-2
8-3
8-3
www.cisco.com
BSCN8-4
Rapid convergenceEIGRP uses the Diffusing Update Algorithm (DUAL) to achieve rapid convergence. A router running Enhanced IGRP stores backup routes, when available, for destinations so it can quickly adapt to alternate routes. If no appropriate route or backup route exists in the local routing table, EIGRP queries its neighbors to discover an alternative route. These queries are propagated until an alternate route is found. Reduced bandwidth usageEIGRP does not make periodic updates. Instead, it sends partial updates about a route when the path changes or the metric for that route changes. When path information changes, the DUAL algorithm sends an update about that link only, rather than the entire table. In addition, the information is sent only to the routers that need it, in contrast to link-state protocol operation, which sends a change update to all routers within an area. Multiple network-layer supportEIGRP supports AppleTalk, IP, and Novell NetWare through the use of protocol dependent modules (PDMs). These modules are responsible for network-layer-specific protocol requirements.
Only TCP/IP implementations of Enhanced IGRP will be covered in this class.
Note
Configuring EIGRP
8-4
EIGRP Features
Advanced distance vector 100% loop free Fast convergence Easy configuration Less network design constraints than OSPF
www.cisco.com
BSCN8-5
EIGRP Features
EIGRP has its roots as a distance vector routing protocol and, as such, is predictable in its behavior. Like its predecessor IGRP, EIGRP is easy to configure and is adaptable to a wide variety of network topologies. What makes EIGRP an advanced distance vector protocol is its addition of several link-state features, such as dynamic neighbor discovery. EIGRP offers superior performance over IGRP because of its rapid convergence and its guarantee of a loop-free topology at all times. These improvements are the key to the name Enhanced IGRP.
8-5
www.cisco.com
BSCN8-6
Configuring EIGRP
8-6
Advantages of EIGRP
Uses multicast instead of broadcast Utilize link bandwidth and delay
EIGRP Metric = IGRP Metric x 256 (32 bit Vs. 24 bit)
www.cisco.com
BSCN8-7
Advantages of EIGRP
EIGRP offers many advantages over traditional distance vector routing protocols. One of the most significant advantages is in the area of bandwidth utilization. EIGRPs operational traffic is primarily multicast rather than broadcast in nature. As a result, end stations are unaffected by routing updates and requests for topology information. Enhanced IGRP uses the same algorithm for metric calculation as does IGRP, but the value is represented in 32-bit format to give it additional granularity when selecting routes to destination networks. EIGRP supports unequal metric load balancing that allows administrators to more fully distribute traffic flow in their networks. Some of EIGRPs operational characteristics are borrowed from link-state protocols. For example, EIGRP allows administrators to create summary routes anywhere within the network rather than the traditional distance vector approach of performing classful summarization only at major network boundaries. In addition, EIGRP supports bi-directional route redistribution from other routing domains at the process level.
8-7
S0
C
Frame Relay
S1
www.cisco.com
BSCN8-8
Configuring EIGRP
8-8
World /24
/30
/27
www.cisco.com
BSCN8-9
8-9
172.16.0.0 /16
www.cisco.com
BSCN8-10
Configuring EIGRP
8-10
EIGRP Terminology
Neighbor TableAppleTalk Neighbor TableIPX Destination Next Hop Neighbor Next Hop DestinationTableIP Router Next Hop Router Interface Router Topology TableAppleTalk Destination TableIPX Topology 1 Next Router 1/Cost Topology Destination 1TableIP Destination 1Next Router 1/Cost Next Router 1/Cost Destination Successor Destination 11 Next Router 1/Cost Destination 1 Feasible Successor Routing TableAppleTalk Routing TableIPX Destination 1 Next Router X Routing 1 Next Router X Destination 1 Next Router X Destination TableIP Destination Next Router Destination 1 1 Successor X
1999, Cisco Systems, Inc.
www.cisco.com
BSCN8-15
EIGRP Terminology
This section introduces you to a variety of terms related to EIGRP used throughout this chapter:
s
Neighbor tableEach EIGRP router maintains a neighbor table that lists adjacent routers. This table is comparable to the adjacencies database used by OSPF. It serves the same purpose, to ensure bi-directional communication between each of the directly connected neighbors. There is a neighbor table for each protocol that EIGRP supports. Topology tableEach EIGRP router maintains a topology table for each configured routing protocol. This table includes route entries for all destinations that the router has learned. All learned routes to a destination are maintained in the topology table. Routing tableEIGRP chooses the best (successor) routes to a destination from the topology table and places these routes in the routing table. The router maintains one routing table for each network protocol. SuccessorA route selected as the primary route to use to reach a destination. Successors are the entries kept in the routing table. Feasible successorA backup route. These routes are selected at the same time the successors are identified, but they are kept in a topology table, discussed later on this page. Multiple feasible successors for a destination can be retained.
8-11
www.cisco.com
8-16
Configuring EIGRP
8-12
EIGRP Packets
Hello: Establish neighbor relationships Update: Send routing updates Query: Ask neighbors about routing information Reply: Response to query about routing information Ack: Acknowledgement of a reliable packet
www.cisco.com
BSCN8-17
EIGRP Packets
EIGRP supports five generic packet types. Hello: Hello packets are used for neighbor discovery. They are sent as multicasts and carry a zero acknowledgment number. Update: An Update is sent to communicate the routes that a particular router has converged on. These are sent as multicasts when a new route is discovered, or when convergence has completed (and the route is Passive). They are also sent as unicasts when neighbors start up in order to synchronize the topology tables (since Updates are not sent periodically as in IGRP). Queries: When a router is performing route computation, and it does not have a feasible successor, it will send a Query packet to its neighbors asking if they have a feasible successor for the destination. Queries are always multicast. Replies: A Reply packet is sent in response to a Query packet. Replies are unicast to the originator of the Query. ACK: The ACK is used for acknowledging other types of packets described below. ACKs are Hello packets that are sent as unicasts, and contain a non-zero acknowledgment number.
8-13
www.cisco.com
BSCN8-18
Configuring EIGRP
8-14
Neighbor declared dead when no EIGRP packets are received within hold interval
Not only Hello can reset the hold timer
www.cisco.com
BSCN8-19
8-15
www.cisco.com
BSCN8-20
Configuring EIGRP
8-16
p2r2#show ip eigrp neighbors IP-EIGRP neighbors for process 400 H Address Interface Hold Uptime SRTT (sec) (ms) 1 172.68.2.2 To0 13 02:15:30 8 0 172.68.16.2 Se1 10 02:38:29 29
www.cisco.com
BSCN8-21
Neighbor addressThe network-layer address of the neighbor. QueueIndicates the number of packets waiting in queue to be sent. If this value is constantly higher than zero, then there may be a congestion problem. A zero means that there are no EIGRP packets in the queue. Smooth Round Trip TimerIndicates the average time it takes to send and receive packets from a neighbor. This timer is used to determine the retransmit interval (RTO). Hold TimeThe interval to wait without receiving anything from a neighbor before considering the link unavailable. Originally, the expected packet was a hello packet, but in current Cisco IOS software releases, any EIGRP packets received after the first hello will reset the timer.
8-17
EIGRP unreliable packets are packets that do not require explicit acknowledgement:
Hello Ack
1999, Cisco Systems, Inc.
www.cisco.com
BSCN8-22
Configuring EIGRP
8-18
www.cisco.com
BSCN8-23
8-19
Solution: The nonacknowledged multicast packet will be retransmitted as a unicast to the slow neighbor
1999, Cisco Systems, Inc.
www.cisco.com
BSCN8-24
Configuring EIGRP
8-20
Discovering Routes
A 1
Hello
B
I am router A, who is on the link?
Update
4
Topology Table
3 5
Ack
Ack
Converged
1999, Cisco Systems, Inc.
www.cisco.com
BSCN8-30
Discovering Routes
The neighbor establishment and discovering routes processes occur at the same time in EIGRP. A high-level description of the process is as follows: 1. A new router (router A) comes up on the link and sends out a hello through all interfaces. 2. Routers receiving the hello reply with update packets that contain all the routes they have in their routing table, except those learned through that interface (split horizon). In addition, these update packets have the Init bit set, indicating that this is the initialization process. An Update packet includes information about the routes a neighbor is aware of, including the metric that the neighbor is advertising for each destination. 3. Router A replies to each neighbor with an Ack packet, indicating that it received the update information. 4. Router A ports all update packets in its topology table. The topology table includes all destinations advertised by neighboring (adjacent) routers. It is organized such that each destination is listed, along with all the neighbors that can get to the destination, and their associated metric. 5. Router A then exchanges update packets with each of its neighbors. 6. Upon receiving the update packets, each router sends an Ack packet to router A. When all updates are received, the router is ready to choose the primary and backup routes to keep in the topology table.
8-21
AppleTalk IPX
www.cisco.com
BSCN8-31
EIGRP selects primary and backup routes that are kept in the topology table (up to six per destination). The primary routes are then moved to a routing table. Like OSPF, EIGRP supports several types of routes: internal, external (that is, non-EIGRP), and summary routes.
EIGRP uses the same composite metric as IGRP to determine the best path. The metric can be based on five criteria. The default criteria used are: BandwidthThe smallest bandwidth between source and destination DelayCumulative interface delay along the path Additional criteria that can be used follow. These criteria are not recommended for use because they typically result in frequent recalculation of the topology table. ReliabilityWorst reliability between source and destination based on keepalives LoadingWorst load on a link between source and destination based on bits per second MTUSmallest MTU in path
EIGRP uses the DUAL algorithm to calculate the best route to a destination. DUAL selects routes based on the composite metric and assures that the selected routes are loop-free.
Configuring EIGRP
8-22
Delay is sum of all the delays of the link along the paths
Delay = Delay/10
www.cisco.com
BSCN8-32
8-23
Choosing Routes
Network 7 (20)
H
(10)
G C
(10)
B
(1)
FDDI
(100)
40 31 230
(100)
30 21 220
(10)
Topology Table
7 7 7
H B D
B is current successor (lowest FD) H is the feasible successor (AD < FD) D is not a feasible successor (AD > FD)
1999, Cisco Systems, Inc.
www.cisco.com
BSCN8-35
Choosing Routes
EIGRP uses the following process to determine what routes to keep in the topology and route tables: 1. DUAL is run on the topology table to determine the best and loop-free primary and backup routes to each destination. Best is the lowest cost route that is calculated by adding the cost between the next-hop router and the destination (referred to as advertised distance) to the cost between the local router and the next-hop router (referred to as feasible distance). For example, in the graphic, from router A, the advertised distance to network 7 using router B is 21, and the feasible distance is 31 because of the additional link cost between routers A and B, which is 10. The next-hop router(s) selected as the best path is referred to as the successor. Multiple successors can exist, if they have the same feasible distance and use different next-hop routers. All successors are added to the route table. In the graphic, router B is the successor for network 7. The next-hop router(s) for the backup path is referred to as the feasible successor. If the successors route is no longer valid and a suitable feasible successor exists, this feasible successor replaces an invalid successor in the routing table without a recomputation. More than one feasible successor can be kept at one time. These routes need not have the same feasible distance, but their advertised distance must be less than the feasible distance of the successor route. 2. The successors and feasible successors are kept in the topology table, along with all other routes, referred to as possible successors. The only routes removed are those that have a metric of infinity (unreachable).
Configuring EIGRP
8-24
(10)
G C
(10)
B
(1)
FDDI
A
Topology Table
(10)
D
(100) 40 31
(100)
Advert. Dist.
F Neighbor State
7 7
30 21
H B
P P
www.cisco.com
BSCN8-36
8-25
(10) (10)
A
Topology Table at A
(100)
(100)
Advert. Dist.
Neighbor
State
7 A
40
30
2
At the same time Topology Table at D
Query
Advert. Dist.
Neighbor
State
7 D
40
30
2
1999, Cisco Systems, Inc.
Query
Configuring EIGRP
8-26
Topology Table at E
7 7
120 140
20 40
Here is a successor to network 7.
F D E
Reply
P P
Topology Table at D
Advert. Dist.
Neighbor
State
220
Here is a successor to network 7.
120 D
Reply
4
State
Topology Table at A
Advert. Dist.
Neighbor
230
220
www.cisco.com
BSCN8-38
If none of the replies includes a successor or feasible successor, the querying router removes the active route from its topology and routing tables. In addition, the router console receives a message indicating that no route was found.
In the graphic, Router D receives a reply from router E about an alternate path to network 7 and goes from active to passive on network 7. Router D sends a unicast reply to A indicating an alternate path and A updates its topology table by moving the route from an active to passive state.
8-27
Removing Routes
Net 7 (10)
D E F G
(10)
(100)
L
(100)
M
(10)
N
(100)
(100)
Query
2
I have no route to network 7.
Reply
Query
Reply
3
Topology Table at A
State
www.cisco.com
BSCN8-39
Removing Routes
If one or more routers to which a query is sent do not respond with a reply within the active time of 180 seconds, EIGRP tears down the neighbor relationship with this rogue router and puts routes that used the rogue router into an active state. Then the querying router generates queries for the route(s) it lost through the rogue router. The reason for these additional queries is that other valid routes (in addition to the route that was just lost) may be reachible through the rogue router and path information about those routes must be relearned. In the graphic, when the link at router D fails, router A goes active on the route to network 7 and queries router L. Router L has no other route to network 7 and generates a query to router M. Router M has no other route to network 7 and generates a query to router N. Each router replies that no additional route to network 7 is available. Router L and router D reply to A indicating no additional path to network 7 is available. As a result, router A removes the entry for network 7 from its topology table.
Configuring EIGRP
8-28
EIGRP DUAL
Diffusing update algorithm (DUAL) Finite-State-Machine
Tracks all routes advertised by neighbors Select loop-free path using a successor and remembers any feasible successors If successor lost Use feasible successor If no feasible successor Query neighbors and recompute new successor
1999, Cisco Systems, Inc.
www.cisco.com
BSCN8-40
EIGRP DUAL
The DUAL finite state machine embodies the decision process for all route computations. It tracks all routes advertised by all neighbors. The distance information, known as a metric, is used by DUAL to select efficient loop-free paths. DUAL selects routes to be inserted into a routing table based on feasible successors. A successor is a neighboring router used for packet forwarding that has a least cost path to a destination that is guaranteed not to be part of a routing loop. When there are no feasible successors but there are neighbors advertising the destination, a recompilation must occur. This is the process where a new successor is determined. The amount of time it takes to recalculate the route affects the convergence time. Even though the recompilation is not processor-intensive, try to avoid recompilation if it is not necessary. When a topology change occurs, DUAL tests for feasible successors. If there are feasible successors, it uses any it finds in order to avoid any unnecessary recompilation.
8-29
C
(a)
EIGRP Topology Cost (3) via B Cost (3/1) via D Cost (4/2) via E Cost (4/3)
(1) B (1) D
D
(a)
EIGRP Topology Cost (2) (fd) via B Cost (2/1) (Successor) via C Cost (5/3) EIGRP Topology Cost (3) (fd) via D Cost (3/2) (Successor) via C Cost (4/3)
(2) C
(2) (1)
(1) E
E
(a)
www.cisco.com
BSCN8-41
Configuring EIGRP
8-30
DUAL Example
(a) C EIGRP Topology (a) Cost (3) (fd) via B Cost (3/1) (Successor) via D Cost (4/2) (fs) via E Cost (4/3)
(1) B (1)
D
(a) D
X
(1)
EIGRP Topology Cost (2) (fd) via B Cost (2/1) (Successor) via C Cost (5/3) EIGRP Topology Cost (3) (fd) via D Cost (3/2) (Successor) via C Cost (4/3)
(2) C
(2) (1)
E
(a) E
www.cisco.com
BSCN8-42
DUAL Example
Routers B and D detect the link failure. Upon being notified of the link failure, DUAL performs the following steps in the graphic: At D: Marks the path to (a) through B as unusable
8-31
DUAL Example
(a) C EIGRP Topology (a) Cost (3) (fd) via B Cost (3/1) (Successor) via D via E Cost (4/3)
D EIGRP Topology (a) **ACTIVE** Cost (-1) (fd) **ACTIVE** (fd) **ACTIVE** (fd) via E (q) via C Cost (5/3) (q) E
EIGRP Topology Cost (3) (fd) via D Cost (3/2) (Successor) via C Cost (4/3)
(2) C
(1) Q E
(a)
www.cisco.com
BSCN8-43
DUAL Example
The following steps occur in the graphic: At D: Has no feasible successor to (a) Sets the metric to (a) as unreachable (-1 is unreachable) Goes active on (a) Sends query to C and E for alternate path Marks C and E as having a query pending (q) At E: Marks the path to (a) through D as unusable
Configuring EIGRP
8-32
DUAL Example
(a) C EIGRP Topology (a) Cost (3) (fd) via B Cost (3/1) (Successor) via D via E
D R
D EIGRP Topology (a) **ACTIVE** Cost (-1) (fd) **ACTIVE** **ACTIVE** via E (q) via C Cost (5/3) E EIGRP Topology (a) **ACTIVE** Cost (-1) (fd) **ACTIVE** **ACTIVE** via D via C Cost (4/3) (q)
BSCN8-44
(2) C
(1) E
www.cisco.com
DUAL Example
The following steps occur in the graphic: At D: Receives reply from C, no change to path to (a) Removes query flag from C Stays active on (a), awaiting reply from E (q) At E: Has no feasible successor to (a) Generates query to C Marks C as query pending (q)
8-33
DUAL Example
(a) C EIGRP Topology (a) Cost (3) (fd) via B Cost (3/1) (Successor) via D via E
D EIGRP Topology (a) **ACTIVE** Cost (-1) (fd) **ACTIVE** **ACTIVE** via E (q) via C Cost (5/3) E
(a) EIGRP Topology Cost (4) (fd) via C Cost (4/3) (Successor) via D
(2) C
(1) E
www.cisco.com
BSCN8-45
DUAL Example
The following steps occur in the graphic: At D: At E: Stays active on (a), awaiting reply from E (q) Receives reply from C Removes query flag from C Calculates new fd and installs new successor route in table
Configuring EIGRP
8-34
DUAL Example
(a) C EIGRP Topology (a) Cost (3) (fd) via B Cost (3/1) (Successor) via D via E
D
(a)
EIGRP Topology Cost (5) (fd) via C Cost (5/3) (Successor) via E Cost (5/4) (Successor) EIGRP Topology Cost (4) (fd) via C Cost (4/3) (Successor) via D
E
(a)
www.cisco.com
BSCN8-46
DUAL Example
The following steps occur in the graphic: At D: Receives reply from E Removes query flag from E Calculates new fd Installs new successor routes in table. Two routes match the fd and both are marked as successor.
8-35
DUAL Example
(a) C EIGRP Topology (a) Cost (3) (fd) via B Cost (3/1) (Successor) via D via E
D
(a)
EIGRP Topology Cost (5) (fd) via C Cost (5/3) (Successor) via E Cost (5/4) (Successor) EIGRP Topology Cost (4) (fd) via C Cost (4/3) (Successor) via D
(2) C
(1) E
E
(a)
www.cisco.com
BSCN8-47
DUAL Example
The following steps occur in the graphic: At D: Two successor routes in the topology table for (a). Both successor routes should be listed in the routing table and equal cost load balancing should be in effect.
Configuring EIGRP
8-36
C
(a)
EIGRP Topology Cost (3) via B Cost (3/1) via D Cost (4/2) via E Cost (4/3)
(1) B (1) D
D
(a)
EIGRP Topology Cost (2) (fd) via B Cost (2/1) (Successor) via C Cost (5/3) EIGRP Topology Cost (3) (fd) via D Cost (3/2) (Successor) via C Cost (4/3)
(2) C
(2) (1)
(1) E
E
(a)
www.cisco.com
BSCN8-48
8-37
C
(a)
EIGRP Topology Cost (3) (fd) via B Cost (3/1) (Successor) via D via E EIGRP Topology Cost (5) (fd) via C Cost (5/3) (Successor) via E Cost (5/4) (Successor) EIGRP Topology Cost (4) (fd) via C Cost (4/3) (Successor) via D
D
(a)
(2) C
(1) E
E
(a)
www.cisco.com
BSCN8-49
Configuring EIGRP
8-38
Term _____ _____ _____ _____ _____ _____ _____ _____ 1. Successor 2. Feasible successor 3. Hello 4. Topology table 5. IP 6. Update 7. AppleTalk 8. Routing table
Statement A) A network protocol that EIGRP supports. B) A table that contains feasible successor information. C) Administrative distance determines routing information that is included in this table. D) A neighbor router that has the best path to a destination. E) A neighbor router that has the best alternative path to a destination. F) An algorithm used by EIGRP that assures fast convergence. G) A multicast packet used to discover neighbors. H) A packet sent by EIGRP routers when a new neighbor is discovered and when a change occurs.
_____ _____
8-39
Configuring EIGRP
Configuring EIGRP
www.cisco.com
8-51
Configuring EIGRP
Configuring EIGRP
8-40
Token Ring
1.4.0.0 2.7.0.0
2.6.0.0
E
T0
A
S1 S2
2.5.0.0 2.2.0.0
D
S0
2.1.0.0
1.2.0.0
2.3.0.0
Token Ring
2.4.0.0
Network 3.0.0.0 is not configured on router A because it is not directly connected to router A
1999, Cisco Systems, Inc.
www.cisco.com
BSCN8-52
autonomous-system-numberThe number that identifies the autonomous system, it is used to indicate all routers that belong within the internetwork. This value must match on all routers within the internetwork.
Step 2
network-numberThe network number determines which interfaces of the router are participating in EIGRP, and which networks are advertised by the router.
Step 3
If using serial and HDLC links, especially for Frame Relay or SMDS, elect the interface to have the bandwidth used for routing updates changed. If you do not change the bandwidth for these interfaces, EIGRP assumes that the bandwidth on the link is of T1 speed. If the link is slower, the router may not be able to converge, or routing updates might become lost. Define bandwidth of a link for the purposes of sending routing update traffic on the link.
router(config-if)#bandwidth kilobits
Step 4
kilobitsIntended bandwidth in kilobits per second. For generic serial interfaces (PPP or HDLC) set the bandwidth to the line speed. For Frame Relay on point-to-point, set it to the CIR, or for multipoint connections set it to the sum of all CIRs.
Copyright 1999, Cisco Systems, Inc.
8-41
150.150.0.0/16
www.cisco.com
BSCN8-53
Configuring EIGRP
8-42
www.cisco.com
BSCN8-54
8-43
Configuring Summarization
(config-router)#
no auto-summary
www.cisco.com
BSCN8-55
Configuring Summarization
EIGRP automatically summarizes routes at the classful boundary. In some cases, however, you may not want autosummarization to occur. For example, if you have discontiguous networks, you need to turn off summarization to minimize router confusion. To turn off automatic summarization, initiate the following command:
router(config-router)#no auto-summary
Use the ip summary-address command to manually create a summary route at an arbitrary network boundary within an EIGRP domain. ip summary-address eigrp Command Description as-number address Autonomous system number of the network being summarized. The IP address being advertised as the summary address. This address does not need to be aligned on Class A, B, or C boundaries. The IP mask being used to create the summary address.
mask
Configuring EIGRP
8-44
10.0.0.0
C
S0 World
172.16.2.0
router eigrp 1 network 10.0.0.0 network 192.168.4.0 ! int s0 ip address 192.168.4.2 255.255.255.0 ip summary-address eigrp 1 172.16.0.0 255.255.0.0
www.cisco.com
BSCN8-57
Select the interface that will propagate the route summary. Specify the format of the route summary and the autonomous system into which it needs to be injected.
Note that, for manual summarization, the summary is advertised only if a component (an entry that is represented in the summary) of the summary is present in the routing table.
8-45
www.cisco.com
BSCN8-58
Configuring EIGRP
8-46
Variance allows the router to include routes with a metric smaller than multiplier times the minimum metric route to that destination
Multiplier is the number specified by the variance command
www.cisco.com
BSCN8-59
8-47
Variance Example
20 10 E
(config)#
10 10 A Network Z
20
25
variance 2 D
Router E will choose router C to get to network Z because FD=20 With variance of 2, router E will also choose router B to get to network Z (20 + 10) < (2 x [FD]) Router D will not be used to get to network Z (45 > 40)
1999, Cisco Systems, Inc.
www.cisco.com
BSCN8-60
Variance Example
In the graphic, router E will use router C as the successor because its feasible distance is lowest (20). With the variance command applied to router A, the path through router B meets the criteria for load balancing. In this case, the feasible distance through B is less than twice the feasible distance for the successor (C). Router D will not considered for load balancing because the feasible distance through D is greater than twice the feasible distance for the successor (C). Another Example: If there were four paths to a given destination, and the metrics for these paths were: Path 1: 1100 Path 2: 1100 Path 3: 2000 Path 4: 4000 The router would, by default, place traffic on both paths 1 and 2. Using EIGRP, you can use the variance command to instruct the router to also place traffic onto paths 3 and 4. Traffic will be placed on any link that has a metric less than the best path multiplied by the variance. To load balance over paths 1, 2, and 3, you would use variance 2, because 1100 x 2 = 2200, which is greater than the metric through path 3. Similarly, to also add path 4, you would issue variance 4 under the router eigrp process in configuration mode.
Configuring EIGRP
8-48
www.cisco.com
BSCN8-61
8-49
Specifies what percentage of bandwidth EIGRP packets will be able to utilize on this interface Uses up to 50% of the link bandwidth for EIGRP packets, by default
Used for greater EIGRP load control
1999, Cisco Systems, Inc.
www.cisco.com
BSCN8-62
In the above commands, nnn is the percentage of the configured bandwidth that EIGRP is allowed to use. Note that this can be set to greater than 100. This is useful if the bandwidth is configured artificially low for routing policy reasons. For example,
interface serial0 bandwidth 20 ip bandwidth-percent eigrp 1 200
This configuration would allow EIGRP to use 40Kbps (200% of the configured bandwidth) on the interface. It is essential to make sure that the line is provisioned handle the configured capacity.
Configuring EIGRP
8-50
www.cisco.com
BSCN8-63
8-51
Bandwidth over multipoint Frame Relay, ATM, SMDS, and ISDN PRI:
EIGRP uses the bandwidth on the main interface divided by the number of neighbors on that interface to get the bandwidth information per neighbor
1999, Cisco Systems, Inc.
www.cisco.com
BSCN8-64
Configuring EIGRP
8-52
www.cisco.com
BSCN8-65
8-53
S0
T1 CIR 56
Frame Relay
CIR 56
CIR 56 CIR 56
E F G
www.cisco.com
BSCN8-66
Configuring EIGRP
8-54
S0
T1 CIR 256 BW 224 CIR 256 BW 224 E F
Frame Relay
www.cisco.com
BSCN8-67
8-55
S0
T1 CIR 256 BW 256 CIR 256 BW 256 E F
Frame Relay
Configure lowest CIR VC as point-to-point, specify BW = CIR Configure higher CIR VCs as multipoint, combine CIRs
1999, Cisco Systems, Inc.
www.cisco.com
BSCN8-68
Configuring EIGRP
8-56
S0
256
Frame Relay
CIR 56 BW 25 CIR 56 BW 25
E F G
Configure each VC as point-to-point, specify BW = 1/10 of link capacity Increase EIGRP utilization to 50% of actual VC capacity
1999, Cisco Systems, Inc.
www.cisco.com
BSCN8-69
8-57
www.cisco.com
BSCN8-70
Configuring EIGRP
8-58
Selects interfaces to participate in the EIGRP process Allows for supernetted interfaces Provides more granular control of interfaces
Uses a wildcard mask to determine matching bit strings
www.cisco.com
BSCN8-71
8-59
OSPF Domain
www.cisco.com
BSCN8-72
Configuring EIGRP
8-60
Neighbor Control
(config-router)#
neighbor ip-address
Permits explicit definition of neighbors Provides supports non-broadcast media (Classical IP on ATM)
1999, Cisco Systems, Inc.
www.cisco.com
BSCN8-73
Neighbor Control
In the past, EIGRP would allow you to define neighbor statements; they just didnt actually do anything! Now you will be able to define explicit neighbors for testing and security, and will now allow you to run EIGRP over networks that dont support broadcasts/multicasts, such as Classical IP over ATM. Also, by being able to select neighbors on multiaccess interfaces, this command provides additional security and screening from external routes.
8-61
D 10.4.17.7
www.cisco.com
BSCN8-74
Configuring EIGRP
8-62
Stub Routers
(config-router)#
Defines how router participates in route advertisements Defined on remote routers Restricts route advertisement to connected, static, summary, or none Queries are not propagated to stub routers
www.cisco.com
BSCN8-75
Stub Routers
EIGRP stub support will allow you simply define your remote routers to advertised only as connected, static, summary, or none (depending on the configuration) back to the distribution layer. This will eliminate the problem with routes reflecting through the remote routers as if they were intended to be transit. This problem is especially prevalent in redundant topologies. This would take the place of defining the distribute-list out on the remote routers advertising only local routes. Additionally, the distribution layer router will see in the received hello that the remote is a stub, so it will not send a query to the remote about any route loss in the remainder of the network. This is a major improvement, since there has not been any way up to now to stop queries from flowing to the remotes!
8-63
Remote Sites
Queries Replies
X
B
D A E
www.cisco.com
BSCN8-76
Configuring EIGRP
8-64
Remote Sites
X
B
D A E
Remote Routers (Router C, D, and E) Are All Defined as Stub Routers
1999, Cisco Systems, Inc.
www.cisco.com
8-65
www.cisco.com
8-78
Configuring EIGRP
8-66
www.cisco.com
BSCN8-79
8-67
www.cisco.com
BSCN8-80
Configuring EIGRP
8-68
www.cisco.com
BSCN8-81
8-69
A AS 2 Query for X
B AS 1 Reply for X
Network X
X
1
Query for X
3
1999, Cisco Systems, Inc.
2
www.cisco.com
BSCN8-82
Configuring EIGRP
8-70
1
Query for 130.130.1.0/24
BSCN8-83
2
www.cisco.com
8-71
www.cisco.com
BSCN8-84
Configuring EIGRP
8-72
Limiting Updates/QueriesExample
Distribution Layer
Queries Replies
10.1.8.0/24
Remote Sites
B D A E
www.cisco.com
BSCN8-85
8-73
Limiting Updates/QueriesReality
Remote routers are fully involved in convergence
Most remotes are never intended to be transit Convergence complicated through lack of information hiding
www.cisco.com
BSCN8-86
Configuring EIGRP
8-74
Limiting Updates/QueriesBetter
Distribution Layer
Queries Replies
10.1.8.0/24
Remote Sites
B D A
ip summary-address eigrp 1 10.0.0.0 255.0.0.0 on all outbound interfaces to remotes
1999, Cisco Systems, Inc.
www.cisco.com
BSCN8-87
8-75
Limiting Updates/QueriesBest
Distribution Layer Queries Replies
10.1.80/24
Remote Sites
X
B
D A E
Remote Routers (Router C, D, and E) Are All Defined as Stub Routers
1999, Cisco Systems, Inc.
www.cisco.com
Configuring EIGRP
8-76
www.cisco.com
BSCN8-89
8-77
www.cisco.com
BSCN8-90
Configuring EIGRP
8-78
Nonscalable NetworkExample
Core
1.1.1.0 1.1.2.0 2.2.3.0 3.3.4.0 2.2.1.0 3.3.2.0 3.3.3.0 1.1.4.0
1.1.1.0 3.3.4.0
Token Ring
2.2.1.0
1.1.4.0
Token Ring
3.3.1.0
Token Ring
1.1.2.0
2.2.3.0 2.2.2.0
1.1.3.0
Token Ring
3.3.4.0 3.3.3.0
www.cisco.com
BSCN8-91
8-79
Scalable NetworkExample
Core 1.0.0.0 2.0.0.0
1.1.1.0 1.1.4.0
Token Ring Token Ring
3.0.0.0
3.3.1.0 2.2.1.0
Token Ring Token Ring
3.3.4.0
Token Ring
1.1.2.0
1.1.3.0 2.2.2.0
2.2.3.0
Token Ring
3.3.4.0 3.3.3.0
www.cisco.com
BSCN8-92
Configuring EIGRP
8-80
Summarized Routes
Access Layer
1999, Cisco Systems, Inc.
www.cisco.com
BSCN8-93
8-81
Proper configuration of the bandwidth statement over WAN interfaces, especially over Frame Relay Avoid blind mutual redistribution between two routing protocols or two EIGRP processes
www.cisco.com
BSCN8-94
Configuring EIGRP
8-82
www.cisco.com
8-95
8-83
Displays the neighbors discovered by IP Enhanced IGRP Displays the IP Enhanced IGRP topology table Displays current Enhanced IGRP entries in the routing table Displays the parameters and current state of the active routing protocol process Displays the number of IP Enhanced IGRP packets sent and received
show ip protocols
Router#
www.cisco.com
BSCN8-96
The lab exercise Configuring EIGRP enables you to practice using some of these commands.
Configuring EIGRP
8-84
Summary
Summary
Enhanced IGRP is an advanced routing protocol that uses the DUAL algorithm Enhanced IGRP has the following features:
Converges rapidly Incremental updates Routes IP, IPX, and AppleTalk Summarizes routes
www.cisco.com
BSCN8-97
Summary
8-85
Case Study
www.cisco.com
8-98
Configuring EIGRP
8-86
Class C
Redundant PVCs to each
www.cisco.com
BSCN8-99
Only routers within the same AS exchange route information Support for VLSM and discontiguous subnets Automatic route summarization at major network boundaries Manual route summarization at arbitrary network boundaries Support for various WAN topologies, including NBMA Efficient bandwidth utilization for overhead routing operations Support for hierarchical designs
8-87
Lab Exercise
www.cisco.com
8-100
Configuring EIGRP
8-88
Answers to Exercises
1999, Cisco Systems, Inc.
www.cisco.com
8-101
Answers to Exercises
8-89
Configuring EIGRP
8-90
Overview
This chapter introduces the Border Gateway Protocol (BGP), including the fundamentals of BGP operation This chapter includes the following topics:
s s s s s s s s s s
Objectives BGP Overview When Not To Use BGP BGP Terminology BGP Operation Written Exercise: BGP Operation Configuring BGP Verifying BGP Summary Review questions
Objectives
This section lists the chapters objectives.
Objectives
Upon completion of this chapter, you will be able to perform the following tasks:
Describe BGP features and operation Describe how to connect to another AS using an alternative to BGP, static routes Explain how BGP policy-based routing functions within an AS Explain how BGP peering functions Describe and configure External and Internal BGP Describe BGP synchronization Given a set of network requirements, configure a BGP environment and verify proper operation (within described guidelines) of your routers
1999, Cisco Systems, Inc.
www.cisco.com
BSCN9-2
Upon completion of this chapter, you will be able to perform the following tasks:
s s
Describe BGP features and operation Describe how to connect to another Autonomous System (AS) using an alternative to BGP, static routes Explain how BGP policy-based routing functions within an Autonomous System Explain how BGP peering functions Describe and configure External and Internal BGP Describe BGP synchronization Given a set of network requirements, configure a BGP environment and verify proper operation (within described guidelines) of your routers
s s s s
Notes to reviewers: Compared to the Design Document, topics in this chapter have been significantly re-ordered Note and new topics have been added, in order that for all of the concepts required be explained, and the contents flow better. The objective and contents from chapter 10 on static routes was moved to this chapter as it fits better here.
BGP Overview
This section provides an overview of BGP. Understanding BGP first requires an understanding of autonomous systems.
Autonomous Systems
IGPs: RIP, IGRP, OSPF, EIGRP EGPs: BGP
An autonomous system (AS) is a collection of networks under a a single technical administration IGPs operate within an autonomous system EGPs connect different autonomous systems
1999, Cisco Systems, Inc.
www.cisco.com
BSCN9-4
One way to categorize routing protocols is by whether they are interior or exterior:
s
Interior gateway protocols (IGPs)Routing protocols used to exchange routing information within an autonomous system. RIP, IGRP, OSPF and EIGRP are examples of IGPs. Exterior gateway protocols (EGPs)used to connect between autonomous systems. Border Gateway Protocol (BGP) is an example of an EGP.
BGP is an inter-domain routing protocol, also known as an EGP. All of the routing protocols we have seen so far in this course are interior routing protocols, also known as IGPs. BGP version 4, BGP-4, is the latest version of BGP and is defined in RFC 1771. As noted in this RFC, the classic definition of an autonomous system is a set of routers under a single technical administration, using an interior gateway protocol and common metrics to route packets within the AS, and using an exterior gateway protocol to route packets to other ASs. Nowadays, ASs may use more than one IGP, with potentially several sets of metrics. The important characteristic of an AS from the BGP point of view is that the AS appears to other ASs to have a single coherent interior routing plan and presents a consistent picture of what destinations are reachable through it. All parts of the AS must be connected to each other. The Internet Assigned Numbers Authority (IANA) is the umbrella responsible for allocating autonomous system numbers. Specifically, the American Registry for
Copyright 1999, Cisco Systems, Inc. Configuring Basic Border Gateway Protocol 9-3
Internet Numbers (ARIN) has the jurisdiction for assigning numbers for the Americas, Caribbean, and Africa. Reseaux IP Europeennes-Network Information Center (RIPE-NIC) administers the numbers for Europe, and the Asia Pacific-NIC (AP-NIC) administers the autonomous system numbers for the Asia-Pacific region. This autonomous system designator is a 16-bit number, with a range of 1 to 655535. RFC 1930 provides guidelines for the use of AS numbers. A range of AS numbers, 64512 through 65530, is reserved for private use, much like the private IP addresses discussed in chapter 4.
Using the IANA-assigned autonomous system number rather than some other Note number is only needed if your organization plans to use an EGP such as BGP.
AS 200
BGP
A
AS 400
BGP
D
AS 300
BGP is used between autonomous systems Guarantees exchange of loop-free routing information
1999, Cisco Systems, Inc.
www.cisco.com
BSCN9-5
The main goal of BGP is to provide an inter-domain routing system that guarantees the loop-free exchange of routing information between autonomous systems. Routers exchange information about paths to destination networks. BGP is a successor of EGP, the Exterior Gateway Protocol. (Note the reuse of the EGP acronym). The EGP protocol was developed to isolate networks from each other, as the beginnings of the Internet grew. There are many RFCs relating to BGP-4, including: 1771, 1772, 1773, 1774, 1863, 1930, 1965, 1966, 1997, 1998, 2042, 2283, 2385, and 2439. BGP-4 has many enhancements over earlier protocols. It is used extensively in the Internet today to connect ISPs and to connect enterprises to ISPs.
www.cisco.com
BSCN9-6
BGP was designed to allow Internet Service Providers (ISPs) to communicate and exchange packets. These ISPs have multiple connections to one another, and have agreements to exchange updates. BGP is the protocol that is used to implement these agreements between two or more ASs. BGP, if not properly controlled and filtered, has the potential to allow an outside AS to affect your routing decisions. This chapter and the next will focus on how BGP operates and how to configure it properly, so you can prevent this from happening.
www.cisco.com
BSCN9-7
BGP is not always the appropriate solution to interconnect ASs. For example, if only one path exists, a default route would be appropriate. Using BGP would not accomplish anything except to use router CPU resources and memory. If the routing policy that will be implemented in an AS is consistent with policy implemented in the ISP AS, it is not necessary or even desirable to configure BGP in that AS. The use of static routes to connect to another AS is reviewed in the next few pages.
www.cisco.com
BSCN9-8
Use the ip route command to define a static route entry in the IP routing table. ip route Command prefix mask address interface distance Description IP route prefix and mask for the destination to be entered into the IP routing table. IP address of the next hop that can be used to reach the destination network. Identifies the local router outbound interface to be used to reach the destination network. Administrative distance.
As discussed in an earlier chapter, if there is more than one route to a destination, the administrative distance determines which one will be put in the routing table, with the lower administrative distance preferred. By default, the administrative distance of a static route specified with the address parameter is set to 1. The default administrative distance of a static route specified with the interface parameter is set to 0. You can establish a floating static route by using an administrative distance larger than the default distance used by the dynamic routing protocol. A floating static route is a statically configured route that can be overridden by dynamically learned routing information. Thus, a floating static route can be used to create a path of last resort that is used only when no dynamic information is available.
10.1.1.0
RIP 172.16.0.0
A SO 10.1.1.1 10.1.1.2
www.cisco.com
BSCN9-9
The route 0.0.0.0 is a default route in the IP routing table. If there is no matching route for the destination IP address in the routing table, then the 0.0.0.0 will match the address and cause the packet to be routed out interface serial 0.
OSPF Example
10.1.1.0
OSPF 172.16.0.0
A SO 10.1.1.1 10.1.1.2
ip route 0.0.0.0 0.0.0.0 S0 ! router ospf 111 network 172.16.0.0 0.0.255.255 area 0 default-information originate always
www.cisco.com
BSCN9-10
The default-information originate always command in OSPF propagates a default route into the OSPF routing domain. The configuration in this example has an effect similar to the previous RIP example. The always keyword causes the default route to always be advertised, whether or not the router has a default route. This ensures that the default route will get advertised into OSPF.
BGP Terminology
BGP has a lot of concepts that become clearer if you understand the terminology. This section discusses BGP characteristics, the concepts of BGP neighbors, internal and external BGP, policy-based routing, and BGP attributes.
BGP Characteristics
BGP is a distance-vector protocol with enhancements:
Reliable updates - BGP runs on top of TCP (port 179) Incremental, triggered updates only Periodic keepalives to verify TCP connectivity Rich metrics (called path vectors or attributes) Designed to scale to huge internetworks
www.cisco.com
BSCN9-11
What type of protocol is BGP? In an earlier chapter we discussed the characteristics of distance vector, link state and hybrid routing protocols. BGP is a distance vector protocol, but is has many differences to the likes of RIP. BGP uses TCP as its transport protocol, which provides connection-oriented reliable delivery. In this way, BGP assumes that its communication is reliable and therefore it doesnt have to implement any retransmission or error recovery mechanisms. BGP uses TCP port 179. Two routers speaking BGP form a TCP connection with one another and exchange messages to open and confirm the connection parameters. These two routers are called peer routers or neighbors. Once the connection is made, full routing tables are exchanged. However since the connection is reliable, BGP routers need only send changes (incremental updates) after that. Periodic routing updates are also not required on a reliable link, so triggered updates are used. BGP sends keepalive messages, similar to the hello messages sent by OSPF and EIGRP. BGP routers exchange network reachability information, called path vectors, made up of path attributes, including a list of the full path (of BGP AS numbers) that a route should take in order to reach a destination network. This path information is used in constructing a graph of ASs that is loop free and where routing policies can be applied in order to enforce some restrictions on the routing behavior. The path is loop free because a router running BGP will not accept a routing update that already includes its AS number in the path list, since this would mean that the
Copyright 1999, Cisco Systems, Inc. Configuring Basic Border Gateway Protocol 9-11
update has already passed through its AS, and accepting it again would result in a routing loop.
Tables
IGP Routing Protocol IP BGP BGP Routing Protocol
BGP has its own table, in addition to the IGP Routing Table Information can be exchanged between the two tables
1999, Cisco Systems, Inc.
www.cisco.com
BSCN9-12
BGP keeps its own table, for storing BGP information received from and sent to other routers. This table is separate from the IP routing table in the router. The router can be configured to share information between the two tables.
Peers = Neighbors
neighbors
AS 200
B C
neighbors A
AS 100
Any two routers that have formed a TCP connection in order to exchange BGP routing information are called peers or neighbors.
1999, Cisco Systems, Inc.
www.cisco.com
BSCN9-14
As mentioned, BGP peers are routers with which a router has established a BGP connection. BGP peers are also known as neighbors and can be either internal to the AS or external to the AS.
AS 200
B C
neighbors A
AS 100
When BGP neighbors belong to the same AS Neighbors do not have to be directly connected
1999, Cisco Systems, Inc.
www.cisco.com
BSCN9-15
When BGP is running between routers within one AS it is termed internal BGP (IBGP). IBGP is run within an AS in order to exchange BGP information within the AS, so that it can be passed to other autonomous systems. Routers running IBGP do not have to be directly connected to each other, so long as they can reach each other (usually because an IGP is running within the AS).
AS 200
B C
EBGP neighbors A
AS 100
When BGP neighbors belong to different ASs Neighbors should be directly connected
1999, Cisco Systems, Inc.
www.cisco.com
BSCN9-16
When BGP is running between routers in different ASs it is termed external BGP (EBGP). Routers running EBGP are usually directly connected to each other.
Policy-Based Routing
BGP allows administrators to define policies, or rules, for how data will flow through the ASs BGP and associated tools cannot express all routing policies
BGP does not enable one AS to send traffic to a neighbor AS intending that the traffic take a different route from that taken by traffic originating in the neighbor AS
However, BGP can support any policy conforming to (i.e. implementable by) the hop-by-hop routing paradigm
1999, Cisco Systems, Inc.
www.cisco.com
BSCN9-17
BGP allows policy decisions at the AS level to be enforced. This setting of policies, or rules, for routing is known as policy-based routing. BGP specifies that a BGP router can advertise to its peers in neighboring ASs only those routes that it itself uses. This rule reflects the "hop-by-hop" routing paradigm generally used throughout the current Internet. Some policies cannot be supported by the "hop-by-hop" routing paradigm and thus require techniques such as source routing to enforce. For example, BGP does not enable one AS to send traffic to a neighboring AS, intending that the traffic take a different route from that taken by traffic originating in the neighboring AS. On the other hand, BGP can support any policy conforming to the "hop-by-hop" routing paradigm. Since the current Internet uses only the "hop-by-hop" routing paradigm and since BGP can support any policy that conforms to that paradigm, BGP is highly applicable as an inter-AS routing protocol for the current Internet.
BGP Attributes
BGP metrics are called path attributes. Characteristics of attributes include: Well-known versus optional Mandatory versus discretionary Transitive versus non-transitive Partial
www.cisco.com
BSCN9-18
Routers send BGP update messages about destination networks. These update messages include information called attributes. Some terms define how these attributes are implemented: An attribute is either well-known or optional, mandatory or discretionary, transitive or non-transitive. An attribute may also be partial. Not all combinations of these characteristics are valid. In fact, path attributes fall into four separate categories: 1. Well-known mandatory 2. Well-known discretionary 3. Optional transitive 4. Optional non-transitive Only optional transitive attributes may be marked as partial. These characteristics are described on the following pages.
Well-known Attributes
Well-known attributes
must be recognized by all compliant BGP implementations are propagated to other neighbors HQ
www.cisco.com
BSCN9-19
A well-known attribute is one that all BGP implementations must recognize. These attributes are propagated to BGP neighbors. A mandatory attribute must appear in the description of a route. A discretionary attribute does not need to appear.
Optional Attributes
Optional attributes
recognized by some implementations (could be private), expected not to be recognized by everyone recognized optional attributes are propagated to other neighbors based on their meaning
www.cisco.com
BSCN9-20
An optional attribute need not be supported by all BGP implementations. If it is supported it may be propagated to BGP neighbors. A transitive attribute that is not implemented in a router can be passed to other BGP routers untouched. In this case, the attribute is marked as partial. A nontransitive attribute must be deleted by a router that has not implemented the attribute.
BGP Attributes
BGP Attributes include:
AS-path Next-hop Local preference MED Origin
www.cisco.com
BSCN9-21
The attributes defined by BGP include: Well-known mandatory attributes: AS-path Next-hop Origin Well-known discretionary attributes: Local preference Atomic aggregate Optional transitive attributes: Aggregator Communities Optional non-transitive attribute: Multi-Exit-Discriminator (MED) In addition, Cisco has defined a Weight attribute for BGP. Each of the attributes shown on the graphic is expanded upon in the following pages. The other attributes are explained in later sections in this chapter or in the following chapter.
AS-Path Attribute
AS 100 192.168.1.0
A B
AS 200 192.168.2.0
AS 300 192.168.3.0
www.cisco.com
BSCN9-22
The AS-path attribute is a well-known mandatory attribute. Whenever a route update passes through an AS, the AS number is prepended to that update. The ASpath attribute is actually the list of AS numbers that a route has traversed in order to reach a destination. The components of this list can be AS-SEQUENCEs, which are ordered lists, or AS-SETs, which are unordered sets. An AS-SEQUENCE is an ordered mathematical set of all the ASs that have been traversed. The need for AS-SETs is discussed in the CIDR and Aggregate Addresses section later in this chapter. In the graphic, network 192.168.1.0 is advertised by Router A in AS 100. When that route traverses AS 300, Router C will prepend its own AS number to it. So when 192.168.1.0 reaches Router B, it will have two AS numbers attached to it. From Router Bs perspective the path to reach 192.168.1.0 is (300,100). The same applies for 192.168.2.0 and 192.168.3.0. Router As path to 192.168.2.0 will be (300,200) i.e. traverse AS 300 and then AS 200. Router C will have to traverse path (200) in order to reach 192.168.2.0 and path (100) in order to reach 192.168.1.0.
Next-Hop Attribute
172.20.0.0 172.20.10.1
AS
B 200 10.10.10.1
172.20.10.2 C
10.10.10.2 A
172.16.0.0
AS 100
www.cisco.com
BSCN9-23
The BGP next-hop attribute is a well-known mandatory attribute that indicates the next hop IP address that is to be used to reach a destination. For EBGP, the next hop is the IP address of the neighbor specified who sent the update. In the graphic, Router A will advertise 172.16.0.0 to Router B, with a next hop of 10.10.10.2 and Router B will advertise 172.20.0.0 to Router A with a next hop of 10.10.10.1. For IBGP, the protocol states that the next hop advertised by EBGP should be carried into IBGP. Because of that rule, Router B will advertise 172.16.0.0 to its IBGP peer Router C, with a next hop of 10.10.10.2 (Router As address). Therefore Router C knows the next hop to reach 172.16.0.0 is 10.10.10.2, not 172.20.10.1 as you might expect. It is therefore very important that Router C knows how to reach the 10.10.10.0 subnet, either via an IGP or a static route; otherwise it will drop packets destined to 172.16.0.0 because it would not be able to get to the next hop address for that network.
AS 200
AS 100
In a multi-access network
Router B will advertise network 172.30.0.0 to Router A in EBGP, with a next hop of 10.10.10.2, not 10.10.10.1 This avoids an unnecessary hop
1999, Cisco Systems, Inc.
www.cisco.com
BSCN9-24
When running BGP over a multi-access network such as ethernet, a BGP router will use the appropriate address as the next-hop address, to avoid inserting additional hops into the network. This feature is sometimes called third party next-hop. For example, in the graphic, assume that Router B and C in AS 200 are running an IGP. Router B can reach network 172.30.0.0 via 10.10.10.2. Router B is running BGP with Router A. When Router B sends a BGP update to Router A regarding 172.30.0.0 it will use as the next hop 10.10.10.2 and not its own IP address (10.10.10.1). This is because the network between the three routers is a multiaccess network and it makes more sense for Router A to use Router C as a next hop to reach 172.30.0.0 rather than making an extra hop via Router B.
AS 200
10.10.10.2 C EBGP
FR
172.16.0.0 A
10.10.10.3
AS 100
In an NBMA network
By default, Router B will advertise network 172.30.0.0 to Router A in EBGP, with a next hop of 10.10.10.2, not 10.10.10.1. Can be overridden
1999, Cisco Systems, Inc.
www.cisco.com
BSCN9-25
If the common media between routers is a NBMA (Non Broadcast Media Access) media, then complications may occur. For example, in the graphic we change the last example so that the three routers are connected by Frame Relay. Router B can still reach network 172.30.0.0 via 10.10.10.2. When Router B sends a BGP update to Router A regarding 172.30.0.0 it will use as the next hop 10.10.10.2 and not its own IP address (10.10.10.1). A problem will arise if Router A and Router C do not know how to communicate directly; i.e. if Routers A and C do not have a map to each other. Router A will not know how to reach the next hop address on Router C. This behavior can be overridden in Router B by configuring it to advertise itself as the next hop address for routes sent to Router A.
Needs to go to 690
AS 666
B Local pref = 150
AS 200
www.cisco.com
BSCN9-26
Local preference is a well-known discretionary attribute that provides an indication to routers in the AS about which path is preferred to exit the AS. A path with a higher local preference is more preferred. The local preference is an attribute that is configured on a router and exchanged only among routers within the same AS. The default value for local preference on a Cisco router is 100. For example, in the graphic AS 200 is receiving updates about network 172.16.0.0 from two directions. Assume the local preference on Router A is set to 200 and the local preference on Router B is set to 150. Since the local preference information is exchanged within AS 200, all traffic in AS 200 addressed to network 172.16.0.0 will be sent to Router A as an exit point from AS 200.
MED Attribute
AS 200
172.20.0.0 B MED = 150 C MED = 200
172.16.0.0
AS 100
Paths with lowest MED (also called the metric) value are most desirable
MED configured on routers MED sent to external BGP neighbors only
1999, Cisco Systems, Inc.
www.cisco.com
BSCN9-27
The Multi-exit-discriminator (MED) attribute, also called the metric, is an optional non-transitive attribute. The MED was known as the Inter-AS attribute in BGP-3. The MED is an indication to external neighbors about the preferred path into an AS. This is a dynamic way to influence another AS on which way it should choose in order to reach a certain route, if there are multiple entry points into an AS. A lower value of a metric is more preferred. Unlike local preference, the MED is exchanged between ASs. The MED is carried into an AS and used there, but is not passed onto the next AS. When the same update is passed on to another AS, the metric will be set back to its default of 0. By default a router will compare the MED attribute only for paths from neighbors in the same AS. For example, in the graphic, Router B has set the MED attribute to 150 and Router C has set the MED attribute to 200. When Router A receives updates from Routers B and C, it will pick Router B as the best next hop because 150 is less than 200.
Origin Attribute
IGP (i)
Network command
EGP (e)
Redistributed from EGP
Incomplete (?)
Redistributed from IGP or static
www.cisco.com
BSCN9-28
The origin is a well-known mandatory attribute that defines the origin of the path information. The origin attribute can be one of three values:
s
IGP: The route is interior to the originating AS. This normally happens when the network command (discussed later in this chapter) is used to advertise the route via BGP. An origin of IGP is indicated with an "i" in the BGP table. EGP: The route is learned via the EGP (Exterior Gateway Protocol). This is indicated with an "e" in the BGP table. Incomplete: The origin of the route is unknown or is learned via some other means. This usually occurs when a route is redistributed into BGP. An incomplete origin is indicated with a "?" in the BGP table.
AS 400
172.20.0.0
AS 300
Weight = 200
Weight = 150
AS 100
www.cisco.com
BSCN9-29
The weight attribute is a Cisco defined attribute, used for the path selection process. The weight is configured locally to a router and is not propagated to any other routers. The weight can have a value from 0 to 65535. Paths that the router originates have a weight of 32768 by default and other paths have a weight of zero by default. Routes with a higher weight are preferred when multiple routes exist to the same destination. In the graphic, Router B and Router C learn about network 172.20.0.0 from AS 400 and will propagate the update to Router A. Router A has two ways to reach 172.20.0.0 and has to decide which way to go. In the example, Router A sets the weight of updates coming from Router B to 200 and the weight of those coming from Router C to 150. Since the weight for Router B is higher than the weight for Router C, we will force Router A to use Router B as a next hop to reach 172.20.0.0.
BGP Synchronization
Synchronization Rule:
Do not advertise a route to an external neighbor until a matching route has been learnt from an IGP
Ensures consistency of information throughout the AS Avoids black holes within the AS Safe to turn off when there is a full IBGP mesh
www.cisco.com
BSCN9-30
The BGP synchronization rule states that a BGP router should not advertise a route to an external neighbor unless that route is local or is learnt from the IGP. If your autonomous system is passing traffic from one AS to another AS, BGP should not advertise a route before all routers in your AS have learned about the route via IGP. BGP will wait until IGP has propagated the route within the AS and then will advertise it to external peers. This is done so that all routers in the AS are synchronized and will be able to route traffic that the AS advertises to other ASs that it is able to route. BGP synchronization is on by default. If all routers in the AS were running BGP, only then would it be safe to turn it off.
AS 10
EBGP
AS 1
E
IBGP B EBGP
AS 2 172.16.0.0
Assume BGP info is not redistributed into AS 10; Routers C and D are not running BGP.
www.cisco.com
BSCN9-31
The synchronization rule also results in other behavior on BGP routers. In the example in the graphic, assume that Routers C and D are not running BGP and do not receive any of the routes that Routers A and B learn from BGP. (Sharing information between routing protocols is called redistribution and is covered in chapter 13). Specifically, they do not know about the network 172.16.0.0 that Router B learns from AS 2. Router B will advertise the route to 172.16.0.0 to Router A using IBGP. By default Router A will not use the route to 172.16.0.0, nor will it advertise that route to Router E in AS 1. Note that Router B will use the route to 172.16.0.0 and will install it in its routing table. If synchronization is turned off in AS 10, Router A can use the route to 172.16.0.0, will install the route in its routing table, and will advertise it to Router E. This is where the problem occurs. Router E now may send traffic destined for network 172.16.0.0. Router E will send the packets to Router A; Router A will forward them to Router C. Router C has not learnt a route to 172.16.0.0 and therefore will drop the packets. If all of the routers in AS 10 were running IBGP, turning off synchronization would not create this problem.
BGP Operation
This section describes the operation of the BGP protocol.
KEEPALIVE UPDATE
information for one single path only (could be to multiple networks) includes path attributes and networks
NOTIFICATION
when error detected BGP connection closed after sent
1999, Cisco Systems, Inc.
www.cisco.com
BSCN9-33
BGP peers will initially exchange their full BGP routing tables. From then on incremental updates are sent as the routing table changes. Keepalive packets are sent to ensure that the connection is alive between the BGP peers, and notification packets are sent in response to errors or special conditions. After a TCP connection is established, the first message sent by each side is an OPEN message. If the OPEN message is acceptable, a KEEPALIVE message confirming the OPEN is sent back. Once the OPEN is confirmed, the BGP connection is established and UPDATE, KEEPALIVE, and NOTIFICATION messages may be exchanged. An OPEN Message includes the following information:
s
Hold time: maximum number of seconds that may elapse between the receipt of successive KEEPALIVE and/or UPDATE messages by the sender. Upon receipt of an OPEN message, the router calculates the value of the Hold Timer to use by using the smaller of its configured Hold Time and the Hold Time received in the OPEN message. BGP Router Identifier (Router ID): This 32-bit field indicates the BGP Identifier of the sender. The BGP Identifier is an IP address assigned to that router and is determined on startup. The BGP router ID is chosen the same way that the OSPF router ID is chosen it is highest active IP address on the router, unless a loopback interface with an IP address exists, in which case it is the highest such loopback IP address.
BGP does not use any transport protocol-based keep-alive mechanism to determine if peers are reachable. Instead, KEEPALIVE messages are exchanged between peers often enough as not to cause the Hold Timer to expire. If the negotiated Hold Time interval is zero, then periodic KEEPALIVE messages will not be sent. KEEPALIVE message consists of only message header. An UPDATE message has information on one single path only; multiple paths require multiple messages. All of the attributes in the message refer to that path, and the networks are those that can be reached through it. An UPDATE message may include the following fields:
s
Withdrawn Routes: A list of IP address prefixes for routes that are being withdrawn from service, if any. Path Attributes: These path attributes are the AS-Path, origin, local preference, etc. discussed earlier in this chapter. Each path attribute includes the attribute type, attribute length, attribute value. The attribute type consists of the attribute flags followed by the attribute type code. Network Layer Reachability Information: This field contains a list of IP address prefixes that can be reached by this path.
A NOTIFICATION message is sent when an error condition is detected. The BGP connection is closed immediately after sending it. Notification messages include an error code, an error subcode, and data related to the error.
www.cisco.com
BSCN9-34
After BGP receives updates about different destinations from different autonomous systems, the protocol decides which path to choose in order to reach a specific destination. BGP will choose only a single path to reach a specific destination. The decision process is based on the attributes discussed earlier in this chapter. When faced with multiple routes to the same destination, BGP chooses the best route for routing traffic toward the destination. The following process summarizes how BGP on a Cisco router chooses the best route. 1. If the path is internal, synchronization is on and route is not synchronized, do not consider it. 2. If the Next-Hop address of a route is not reachable do not consider it. 3. Prefer the route with the highest Weight. (Recall that the weight is Cisco proprietary and is local to the router only). 4. If multiple routes have the same Weight, prefer the route with the highest Local Preference. (Recall that the local preference is used within an AS). 5. If multiple routes have the same Local Preference, prefer the route that was originated by the local router. 6. If multiple routes have the same Local Preference, or if no route was originated by the local router, prefer the route with the shortest AS path. 7. If the AS path length is the same, prefer the lowest origin code (IGP<EGP<Incomplete). 8. If all origin codes are the same, prefer the path with the lowest MED. (Recall that the MED is sent from other ASs). The MED comparison is only done if the neighboring autonomous system is the same for all routes considered, unless the bgp always-compare-med command is enabled.
9-34 Building Scalable Cisco Networks Copyright 1999, Cisco Systems, Inc.
The most recent IETF decision regarding BGP MED assigns a value of infinity to Note the missing MED, making the route lacking the MED variable the least preferred. The default behavior of BGP routers running Cisco IOS software is to treat routes without the MED attribute as having a MED of 0, making the route lacking the MED variable the most preferred. To configure the router to conform to the IETF standard, use the bgp bestpath missing-as-worst command.
9. If the routes have the same MED, prefer external paths (EBGP) over internal paths (IBGP). 10. If IGP synchronization is disabled and only internal paths remain, prefer the path through the closest IGP neighbor. This means the router will prefer the shortest internal path within the AS to reach the destination (the shortest path to the BGP next-hop). 11. Prefer the route with the lowest neighbor BGP Router ID value. The path is put in the routing table and propagated to the routers BGP neighbors.
AS 400
192.168.1.0/24
AS 300
192.168.2.0/24
192.168.0.0/16 A
AS 100
www.cisco.com
BSCN9-35
As discussed in chapter 4, Classless Inter-domain Routing (CIDR) is a mechanism developed to help alleviate the problem of exhaustion of IP addresses and growth of routing tables. The idea behind CIDR is that blocks of multiple Class C addresses can be combined, or aggregated, to create a larger classless set of IP addresses. These multiple Class C addresses can then be summarized in routing tables, resulting in fewer route advertisements. Earlier versions of BGP did not support CIDR; BGP-4 does. Support includes:
s
The BGP UPDATE message includes both the prefix and the prefix length; previous versions only included the prefix, the length was assumed from the address class. Addresses can be aggregated when advertised by a BGP router. The AS-path attribute can include AS-SEQUENCEs, which are ordered lists, and AS-SETs, which are unordered sets. An AS-SEQUENCE is an ordered mathematical set of the ASs that have been traversed. The AS_SET is an unordered set of other ASs, not included in the AS-SEQUENCE, that any of the non-aggregated routes would transverse. The combination of the ASs listed in the both components should be considered to ensure that the route is loopfree.
s s
As an example, in the graphic Router C is advertising network 192.168.2.0/24 and Router D is advertising network 192.168.1.0/24. Router A could pass those advertisements to Router B; however, Router A could reduce the size of the routing tables by aggregating the two routes into one, for example 192.168.0.0/16. There are two BGP attributes related to aggregate addressing. The well-known discretionary attribute atomic aggregate informs the neighbor AS that the originating router has aggregated the routes. The optional transitive attribute aggregator specifies the BGP Router ID and AS number of the router that performed the route aggregation.
Copyright 1999, Cisco Systems, Inc.
By default the aggregate route will be advertised as coming from the autonomous system that did the aggregation and will have the atomic aggregate attribute set to show that information might be missing; the AS numbers in the non-aggregated routes are not listed. The router can be configured to include the AS-SET, the list of all ASs contained in all paths that are being summarized. In the example in the graphic, by default the aggregated route 192.168.0.0/16 would have an AS-path attribute of (100). If Router A was configured to include the AS-SET, it would include the AS-SET of {300, 400} as well as (100) in the AS-path attribute.
In the example, the aggregate route that Router A is sending covers more that the Note two routes from Routers C and D. The example assumes that Router A also has jurisdiction over all of the other routes covered by this aggregate route.
Describe BGP features and operation. Explain how BGP policy-based routing functions within an Autonomous System. Explain how BGP peering functions. Describe External and Internal BGP. Describe BGP synchronization.
s s s
Task: Answer the following questions. 1. What protocol does BGP us as its transport protocol? What port number does BGP use? _________________________________________________________________ 2. Any two routers that have formed a BGP connection are called BGP ________ or BGP _________. 3. Write a brief description of the following: Internal BGP _______________________________________ External BGP ______________________________________ Well-known attributes _______________________________ Transitive attributes __________________________________ BGP synchronization _____________________________________ 4. For an external update advertised by IBGP, where does the value for the nexthop attribute of an update come from? _________________________________________________________________ 5. Describe the complication that an NBMA network can cause for the next-hop attribute of an update. _________________________________________________________________ _________________________________________________________________ _________________________________________________________________ _________________________________________________________________ 6. Complete the table to answer the following questions about these BGP attributes: Which order are the attributes preferred in (1, 2 or 3)? For the attribute, is the highest or lowest value preferred? Which other routers if any is the attribute sent to? Attribute Order Preferred Highest or Lowest value Sent to which other routers?
preferred?
Configuring BGP
This section covers the commands used to configure the BGP features discussed in this chapter.
Router(config)#
www.cisco.com
BSCN9-39
The syntax of these commands is similar to the syntax for configuring internal routing protocols; however, there are significant differences in the way that an external protocol functions. Use the router bgp command to activate the BGP protocol and identify the local autonomous system. router bgp Command autonomous-system Description Identifies the local autonomous system.
Activates a BGP session with another router, used for either IBGP or EBGP
Router(config-router)#
Allows BGP to advertise an IGP route if it is already in the IP table Does not activate the protocol on an interface
1999, Cisco Systems, Inc.
www.cisco.com
BSCN9-40
Use the neighbor remote-as command to identify a peer router with which the local router will establish a session. neighbor remote-as CommandDescription ip address peer-group-name autonomous-system Identifies the peer router. Name of a BGP peer group (peer groups are covered in the next chapter). Identifies the autonomous system of the peer router.
The value placed in the autonomous system field of the neighbor command determines whether the communication with the neighbor is an EBGP or an IBGP session. If the autonomous system field configured in the router bgp command is identical to the field in the neighbor remote-as command, then BGP will initiate an internal session. If the field values are different, then BGP will initiate an external session. Use the network command to permit BGP to advertise a network if it is present in the IP routing table. network Command network-number network-mask Description Identifies an IP network to be advertised by BGP. Identifies the subnet mask to be advertised by BGP
The network command controls which networks are originated by this router. This is a different concept from what you are used to when configuring IGPs. The network command does not start up BGP on certain interfaces; rather it indicates to BGP which networks it should originate from this router. The mask portion is used because BGP-4 can handle subnetting and supernetting. The list of network commands must include all networks in your AS that you want to advertise, not just those locally connected to your router.
Copyright 1999, Cisco Systems, Inc. Configuring Basic Border Gateway Protocol 9-41
Prior to Cisco IOS Release 12.0, there was a limit of 200 network commands per BGP router; this limit has now been removed. The routers resources, such as the configured NVRAM or RAM determine the maximum number of network commands you can now use.
BGP Example #1
AS 109
B 172.16.0.0 A 10.1.1.2 10.1.1.1
AS 110
172.17.0.0
RtrA(config)#router bgp 109 RtrA(config-router)# neighbor 10.1.1.1 remote-as 110 RtrA(config-router)# network 172.16.0.0
RtrB(config)#router bgp 110 RtrB(config-router)# neighbor 10.1.1.2 remote-as 109 RtrB(config-router)# network 172.17.0.0
www.cisco.com
BSCN9-41
The graphic shows an example of BGP configuration. Routers A and B define each other as BGP neighbors, and will start an EBGP session. Router A will advertise the network 172.16.0.0/16 while Router B will advertise the network 172.17.0.0/16.
Next-hop-self
Router(config-router)#
Forces all updates for this neighbor to be advertised with this router as the next hop
www.cisco.com
BSCN9-42
As mentioned earlier, it is sometimes necessary, for example in an NBMA environment, to override the default behavior of a router and force it to advertise itself as the next hop address for routes sent to a neighbor. The neighbor next-hop-self command is used to force BGP to use its own IP address as the next hop rather than letting the protocol choose the next hop address to use. neighbor next-hop-self Command ip address Description Identifies the peer router to which advertisements will be sent with this router identified as the next hop. Name of a BGP peer group (peer groups are covered in the next chapter).
peer-group-name
no synchronization
Disables BGP synchronization so that a router will advertise routes in BGP before learning them in IGP
www.cisco.com
BSCN9-43
As discussed earlier, there are some cases when you do not need BGP synchronization. If you will not be passing traffic from a different autonomous system through your AS, or if all routers in your AS will be running BGP, you can disable synchronization. Disabling this feature can allow you to carry fewer routes in your IGP and allow BGP to converge more quickly. Use synchronization if there are routers in the AS that are not running BGP. Synchronization is on by default. Use the no synchronization command to disable it.
Creates an aggregate (summary) entry in the BGP table Use the summary-only option to only advertise the summary and not the specific routes Add the as-set option to include an AS-SET attribute that aggregates the ASs in all of the paths
1999, Cisco Systems, Inc.
www.cisco.com
BSCN9-44
The aggregate-address command is used to create an aggregate, or summary, entry in the BGP table. aggregate-address Command Description ip address mask The aggregate address to be created. The mask of the aggregate address to be created.
The aggregate-address command has some optional parameters, including summary-only Causes the router to advertise only the aggregated route; the default is to advertise both the aggregate and the more specific routes Generates AS-SET path information with the aggregate route to include all of the AS numbers listed in all of the paths of the more specific routes. The default for the aggregate route is to list only the AS number of the router that generated the aggregate route.
as-set
When you use this command, the aggregate route will be advertised as coming from your autonomous system and will have the atomic aggregate attribute set to show that information might be missing. (By default, the atomic aggregate attribute is set unless you specify the as-set keyword.)
Resetting BGP
Router#
www.cisco.com
BSCN9-45
Use the clear ip bgp command to remove entries from the BGP routing table and reset BGP sessions. Use this command after every configuration change to ensure that the change is activated and that peer routers are informed. clear ip bgp Command * address soft in | out Description Clear all. Identifies a specific network to be removed from the BGP table. Soft reconfiguration. Triggers inbound or outbound soft reconfiguration. If the in or out option is not specified, both inbound and outbound soft reconfiguration are triggered.
If you specify BGP soft reconfiguration, by including the soft keyword, the sessions are not reset and the router sends all routing updates again. To generate new inbound updates without resetting the BGP session, the local BGP speaker would have to store all received updates without modification regardless of whether it is accepted by the inbound policy, using the neighbor softreconfiguration command. This process is memory intensive and should be avoided if possible. Outbound BGP soft configuration does not have any memory overhead. You can trigger an outbound reconfiguration on the other side of the BGP session to make the new inbound policy take effect.
BGP Example #2
AS 200
172.16.10.0 192.168.1.49 B 10.1.1.1 172.16.20.0 192.168.1.50 C 172.16.0.0/16 10.1.1.2
AS 100
A 192.168.2.0
www.cisco.com
BSCN9-46
The graphic shows another BGP example. The configuration for Router B is shown on the next page.
www.cisco.com
BSCN9-47
The first three commands establish that Router B has two BGP neighbors Router A in AS 100 and Router C in AS 200. The next two commands allow Router B to advertise networks 172.16.10.0 and 192.168.1.0 to its BGP neighbors. Assuming Router C is advertising 172.16.20.0 in BGP, Router B would get that route but would not pass it to Router A until the no synchronization command (the sixth command) is added to both Router B and C, since we are not running an IGP in this example. This command can be used here since all of the routers in the AS are running BGP. The clear ip bgp * command would be required on Routers B and C in order to reset the BGP sessions after the synchronization has been turned off. By default Router B will pass the BGP advertisement from Router A about network 192.168.2.0 to Router C with the next hop address left as 10.1.1.2. Router C does not know how to get to 10.1.1.2 though, so it will not install the route. The neighbor 192.168.1.50 next-hop-self command will force Router B to send advertisements to Router C with its own (Router B) address as the next hop address. Router C will then be able to reach 192.168.2.0. Router A will learn about both subnets 172.16.10.0 and 172.16.20.0. However once the aggregate-address 172.16.0.0 255.255.0.0 summary-only command is added to Router B, Router B will summarize the subnets and send only the 172.16.0.0/16 route to Router A.
Verifying BGP
Verifying BGP
show ip bgp show ip bgp summary show ip bgp neighbors debug ip bgp
www.cisco.com
BSCN9-49
Verifying BGP operation can be accomplished using the following show commands:
s
show ip bgpDisplays entries in the BGP routing table. Specify a network number to get more specific information about a particular network. show ip bgp summaryDisplays the status on all BGP connections. show ip bgp neighborsDisplays information about the TCP and BGP connections to neighbors.
s s
Other BGP show commands can be found in the BGP documentation on Ciscos web site or on the Documentation CD-ROM. Debug commands display events as they are happening on the router. For BGP, the debug ip bgp command has the following options:
s s s s
Show ip bgp
RTRA#show ip bgp BGP table version is 5, local router ID is 192.168.2.1 Status codes:s suppressed,d damped,h history,* valid,> best,i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network *> 172.16.0.0 *> 192.168.1.0 *> 192.168.2.0 Next Hop 10.1.1.1 10.1.1.1 0.0.0.0 Metric LocPrf Weight Path 0 200 i 0 0 200 i 0 32768 i
www.cisco.com
BSCN9-50
This example output is taken from Router A in BGP Example #2. The status codes are shown at the beginning of each line of output and the origin codes are shown at the end of each line of output. From the example output, we can see that Router A learnt about two networks from 10.1.1.1. The path it will use to get to these networks is via AS 200, and the routes have origin codes of IGP.
RTRA#show ip bgp sum BGP table version is 5, main routing table version 5 3 network entries and 3 paths using 363 bytes of memory 3 BGP path attribute entries using 372 bytes of memory BGP activity 3/0 prefixes, 3/0 paths 0 prefixes revised. Neighbor 10.1.1.1 V AS MsgRcvd MsgSent 14 13 TblVer 5 InQ OutQ Up/Down 0 0 00:08:03 State/PfxRcd 2
4 200
www.cisco.com
BSCN9-51
This example output is taken from Router A in BGP Example #2. Router A has one neighbor, 10.1.1.1. It speaks BGP version 4 with that neighbor, who is in AS 200. Router A has received 14 messages from and sent 13 messages to 10.1.1.1. The TblVer is the last version of the BGP database that was sent to that neighbor. There are no messages in either the input or output queue. The BGP session has been established for 8 minutes and 3 seconds. Router A has received two prefixes from neighbor 10.1.1.1.
www.cisco.com
BSCN9-52
This example output is taken from Router A in BGP Example #2. This command is used to display information about the BGP connections to neighbors. In the example, the BGP state is Established which means that the neighbors have established a TCP connection and the two peers have agreed speak BGP with each other.
Debug ip bgp
RTRA#debug ip bgp updates BGP updates debugging is on RTRA#clear ip bgp * 3w5d: BGP: 10.1.1.1 computing updates, neighbor version 0, table version 1, starting at 0.0.0.0 3w5d: BGP: 10.1.1.1 update run completed, ran for 0ms, neighbor version 0, start version 1, throttled to 1, check point net 0.0.0.0 3w5d: BGP: 10.1.1.1 rcv UPDATE w/ attr: nexthop 10.1.1.1, origin i, aggregated by 200 172.16.10.1, path 200 3w5d: BGP: 10.1.1.1 rcv UPDATE about 172.16.0.0/16 3w5d: BGP: nettable_walker 172.16.0.0/16 calling revise_route 3w5d: BGP: revise route installing 172.16.0.0/16 -> 10.1.1.1 3w5d: BGP: 10.1.1.1 rcv UPDATE w/ attr: nexthop 10.1.1.1, origin i, metric 0, path 200 3w5d: BGP: 10.1.1.1 rcv UPDATE about 192.168.1.0/24 3w5d: BGP: nettable_walker 192.168.1.0/24 calling revise_route 3w5d: BGP: revise route installing 192.168.1.0/24 -> 10.1.1.1
www.cisco.com
BSCN9-53
This example output is taken from Router A in BGP Example #2. The output in the graphic shows update messages being received from neighbor 10.1.1.1. Further output after that displayed in the graphic is provided below, showing Router A sending updates to its neighbor. RTRA# 3w5d: BGP: 10.1.1.1 computing updates, neighbor version 1, table version 3, starting at 0.0.0.0 3w5d: BGP: 10.1.1.1 update run completed, ran for 0ms, neighbor version 1, start version 3, throttled to 3, check point net 0.0.0.0 3w5d: BGP: nettable_walker 192.168.2.0/24 route sourced locally 3w5d: BGP: 10.1.1.1 computing updates, neighbor version 3, table version 4, starting at 0.0.0.0 3w5d: BGP: 10.1.1.1 send UPDATE 192.168.2.0/24, next 10.1.1.2, metric 0, path 100 3w5d: BGP: 10.1.1.1 1 updates enqueued (average=52, maximum=52) 3w5d: BGP: 10.1.1.1 update run completed, ran for 0ms, neighbor version 3, start version 4, throttled to 4, check point net 0.0.0.0
Summary
This section summaries the tasks you learned to complete in this chapter
Summary
After completing this chapter, you should be able to perform the following tasks:
Describe BGP features and operation Describe how to connect to another AS using an alternative to BGP, static routes Explain how BGP policy-based routing functions within an Autonomous System Explain how BGP peering functions
www.cisco.com
BSCN9-55
Summary (contd)
After completing this chapter, you should be able to perform the following tasks:
Describe BGP synchronization Given a set of network requirements, configure a BGP environment and verify proper operation (within described guidelines) of your routers
www.cisco.com
BSCN9-56
Review Questions
Answer the following questions.
Review Questions
1. Describe the BGP synchronization rule. What command disables synchronization? 2. What are the four BGP message types? 3. How does BGP-4 support CIDR? 4. What command is used to activate a BGP session with another router? 5. What command is used to display information about the BGP connections to neighbors?
1999, Cisco Systems, Inc.
www.cisco.com
BSCN9-57
10
Overview
This chapter starts with a discussion of problems that may occur when scaling IBGP. Various solutions, including route reflectors, policy control using prefix lists, communities, and Ciscos peer groups are explained. Connecting an AS with more than one BGP connection is known as multi-homing, and different ways to accomplish this are explored. Configuration of all of these BGP features is included in this chapter. This chapter includes the following topics:
s s s s s s s s s s s s
Objectives Scalability problems with IBGP Route Reflectors Policy Control Written Exercise: BGP Route Reflectors and Policy Control Route Maps Communities Peer groups Multi-homing Redistribution with IGPs Case Study: Multi-homed BGP Summary
Review questions
Objectives
This section lists the chapters objectives.
Objectives
Upon completion of this chapter, you will be able to perform the following tasks:
Describe the scalability problems associated with Internal BGP Explain and configure BGP Route Reflectors Describe and configure policy control in BGP using prefix lists Describe and configure BGP Communities and Peer Groups
www.cisco.com
BSCN10-2
Upon completion of this chapter, you will be able to perform the following tasks:
s s s s s s
Describe the scalability problems associated with Internal BGP Explain and configure BGP Route Reflectors Describe and configure policy control in BGP using prefix lists Describe and configure BGP Communities and Peer Groups Describe methods to connect to multiple ISPs using routes BGP Explain the use of redistribution between BGP and Interior Gateway Protocols (IGPs) Given a set of network requirements, configure a multi-homed BGP environment and verify proper operation (within described guidelines) of your routers
Note to reviewers: Compared to the design document, the 5th objective was changed; static routes moved to Note chapter 9. Route Maps topic moved to this chapter from later chapter (needed for Communities discussion).
Objectives (contd)
Describe methods to connect to multiple ISPs using BGP Explain the use of redistribution between BGP and Interior Gateway Protocols (IGPs) Given a set of network requirements, configure a multi-homed BGP environment and verify proper operation (within described guidelines) of your routers
www.cisco.com
BSCN10-3
AS 100
B
X
C
www.cisco.com
BSCN10-5
Chapter 9 discussed many BGP concepts, including IBGP and EBGP. Another rule governing IBGP behavior is the BGP split horizon rule. This BGP rule specifies that routes learned via IBGP are never propagated to other IBGP peers. Similar to the distance vector routing protocol split horizon rule, BGP split horizon is necessary to ensure that routing loops are not started within the AS. The result is that a full mesh of IBGP peers is required within an AS.
www.cisco.com
BSCN10-6
As the graphic illustrates though, a full mesh of IBGP is not scalable. With only 13 routers, 78 IBGP sessions would need to be maintained. As the number of routers increases, so does the number of sessions required, governed by the formula: n(n-1)/2 where n= the number of routers.
Solutions include:
Route Reflectors
www.cisco.com
BSCN10-7
As well as the number of BGP TCP sessions that must be created and maintained, the routing traffic may also be a problem. Depending on the AS topology, traffic may be duplicated many times on some links as it travels to each IBGP peer. For example, if the physical topology of a large AS includes some WAN links, the IBGP sessions running over those links may be consuming a significant amount of bandwidth. A solution to this problem is the use of route reflectors, discussed in the next section.
Route Reflectors
This section describes what a route reflector is, how it works, and how to configure it.
Route Reflectors
Route Reflector
AS 100
www.cisco.com
BSCN10-9
Route reflectors modify the BGP split horizon rule by allowing the router configured as the route reflector to propagate routes learned by IBGP to other IBGP peers. This saves on the number of BGP TCP sessions that must be maintained, and also reduces the BGP routing traffic.
www.cisco.com
BSCN10-10
With a BGP route reflector configured, full mesh of IBGP peers is no longer required. The route reflector is allowed to propagate IBGP routes to other IBGP peers. Route reflectors are used mainly by ISPs when the number of internal neighbor statements becomes excessive. Route reflectors reduce the number of BGP neighbor relationships in an AS by having key routers duplicate updates to their route reflector clients. Route reflectors do not affect the paths that IP packets follow; only how the routing information is distributed is affected. Within an AS there can be multiple route reflectors, both for redundancy and for grouping to further reduce the number of IBGP sessions required. Migrating to route reflectors involves a minimal configuration, and does not have to be done all at once since non-route-reflector routers can co-exist with route reflectors within an AS.
www.cisco.com
BSCN10-11
A route reflector is a router that is configured to be the router that is allowed to advertise (or reflect) routes that it learnt via IBGP to other IBGP peers. The route reflector will have a partial IBGP peering with other routers, which are called clients. Peering between the clients is not needed because the route reflector will pass advertisements between the clients. The combination of the route reflector and its clients is called a cluster. Other IBGP peers of the route reflector that are not clients are called non-clients. Two techniques prevent routing loops in route reflector configurations. The originator-ID is an optional, non transitive BGP attribute that is created by the route reflector. This attribute carries the router ID of the originator of the route in the local AS. If, because of poor configuration, the update comes back to the originator, the originator ignores it. Usually a cluster has a single route reflector, in which case the cluster is identified by the router ID of the route reflector. To increase redundancy and avoid single points of failure, a cluster might have more than one route reflector. When a cluster has more than one route reflector, all of the route reflectors in the cluster need to be configured with a cluster ID. The cluster ID allows route reflectors to recognize updates from other route reflectors in the same cluster.
Divide AS into multiple clusters At least one route reflector and few clients per cluster Route reflectors are fully meshed with IBGP Use single IGP, to carry next hop and local routes
www.cisco.com
BSCN10-12
The AS can be divided into multiple clusters, each having at least one route reflector and a few clients. Multiple route reflectors can exist in one cluster for redundancy. The route reflectors must be fully meshed with BGP to ensure that all routes learnt will be propagated throughout the AS. An IGP is still used, just as it was before route reflectors were introduced, in order to carry local routes and next hop addresses.
AS 100
B D E F
A C G H
www.cisco.com
BSCN10-13
Routers B, D, E and F form one cluster. Routers C, G and H form another cluster. Router A forms a third cluster. Routers A, B and C are all route reflectors and are fully meshed with BGP. Note that the routers within a cluster are not fully meshed.
www.cisco.com
BSCN10-14
When a route reflector receives an update, it takes the following actions, depending on the type of peer that sent the update:
s
If the update is from a non-client peer, it sends the update to all clients in the cluster. If the update is from a client peer, it sends the update to all non-client peers and to all client peers. If the update is from an EBGP peer, it sends the update to all non-client peers and to all client peers.
receives an update from Router A (a non-client), it will send it to Routers G and H. receives an update from Router H (a client), it will send it to Router G as well as to Routers A and B. receives an update from Router X (via EBGP), it will send it to Routers G and H as well as to Routers A and B.
www.cisco.com
BSCN10-15
When migrating to using route reflectors, the first consideration is which routers should be the reflectors and which should be the clients. Following the physical topology in this design decision will ensure that the packet forwarding paths will not be affected. Not following the physical topology (for example configuring route reflector clients that are not physically connected to the route reflector) may result in routing loops. Configure one route reflector at a time, and then delete the redundant IBGP sessions between the clients.
Configures the router as a BGP route reflector and configures the specified neighbor as its client
www.cisco.com
BSCN10-16
The neighbor route-reflector-client command is used to configure the router as a BGP route reflector and configure the specified neighbor as its client. neighbor route-reflector-client Command ip address Description IP address of the BGP neighbor being identified as a client.
AS1
RTRA(config)# router bgp 2 RTRA(config-router)# neighbor 172.16.12.1 remote-as 2 RTRA(config-router)# neighbor 172.16.12.1 route-reflector-client RTRA(config-router)# neighbor 172.16.17.2 remote-as 2 RTRA(config-router)# neighbor 172.16.17.2 route-reflector-client
www.cisco.com
BSCN10-17
In the graphic Router A is configured as a route reflector in AS 2. The neighbor route-reflector-client commands are used to configure which neighbors will be route reflector clients. In this example, both Routers B and C will be route reflector clients.
www.cisco.com
BSCN10-18
The show ip bgp neighbor command indicates that a particular neighbor is a route reflector client. The example output in the graphic is from Router A in the previous example and shows that 172.16.12.1 (Router B) is a route reflector client of Router A.
Policy Control
This section describes how a routing policy is applied to a BGP network, using distribute lists and prefix lists.
Policy Control
To restrict routing information to/from neighbors use
Distribute lists (using access lists) or Prefix lists
www.cisco.com
BSCN10-20
Note to reviewers: this section assumes the student knows how access lists work (which they should know from Note ICND) but chapters 11 and 12 are on access lists. Should those chapters be done before this one?
If you want to restrict the routing information that the Cisco IOS software learns or advertises, you can filter BGP routing updates to and from particular neighbors. To do this, you can either define an access list or a prefix list, and apply it to the updates.
Distribute Lists
192.168.2.0 172.30.0.0
AS 200
B 10.10.10.2 10.10.20.2 C
AS 300
172.30.0.0
172.30.0.0
10.10.10.1
In the example in the graphic, Router C is advertising network 172.30.0.0 to Router A. If we wanted to stop those updates from propagating to AS 200, an access-list could be applied on Router A to filter those updates when Router A is talking to Router B.
X
A
www.cisco.com
10.10.20.1
AS 100
192.168.1.0
BSCN10-21
Configures the router to distribute BGP neighbor information as specified in an access list Can use standard or extended access lists
www.cisco.com
BSCN10-22
The neighbor distribute-list command is used to distribute BGP neighbor information as specified in an access list. neighbor distribute-list Command ip address peer-group-name Description IP address of the BGP neighbor for which routes will be filtered. Name of a BGP peer group (peer groups are covered later in this chapter). Number of a standard or extended access list. It can be an integer from 1 to 199. (A named access-list can also be referenced). Indicates that the access list is applied to incoming advertisements from the neighbor. Indicates that the access list is applied to outgoing advertisements to the neighbor.
access-list-number
in
out
www.cisco.com
BSCN10-23
The configuration in this example is for Router A in the graphic two pages Note previously.
Router A has two neighbors, Router B (10.10.10.2 in AS 200) and Router C (10.10.20.2 in AS 300). When Router A sends updates to neighbor Router B, the neighbor distribute-list statement specifies that it will use the access-list 1 to determine which updates are to be sent. Access-list 1 specifies that any route starting with 172.30, i.e. the route to 172.30.0.0, should not be sent (it is denied in the access-list). All other routes will be sent to Router B. (Recall that since access-lists have an implicit deny any at the end, the permit statement is required in the access-list in order for the other routes to be sent).
www.cisco.com
BSCN10-24
As shown in the previous example, a standard IP access-list can be used to control the sending of updates about a specific network number. If, however, a router wants to control updates about subnets and supernets of a network with a distribute-list, extended access-lists would be required.
When an IP extended access-list is used with a distribute-list, the parameters Note have different meanings than when the extended access-list is used in other ways. The next page explains the differences.
www.cisco.com
BSCN10-25
The syntax of the IP extended access-list is the same as usual, with a source address and wildcard, and a destination address and wildcard. However, the meanings of these parameters are different. The source parameters are used to indicate the address of the network whose updates are to be permitted or denied. The destination parameters are used to indicate the subnet mask of that network. The wildcard parameters indicate, for the network and subnet mask, which bits are relevant. Network/subnet mask bits corresponding to wildcard bits set to 1 are ignored during comparisons, and network/subnet mask bits corresponding to wildcard bits set to 0 are used in comparisons. If the example access-list shown was used with a neighbor distribute-list command, it would allow only the supernet 172.0.0.0/8 to be advertised. For example, assume that Router A had routes to networks 172.20.0.0/16 and 172.30.0.0/16, and also had an aggregated route to 172.0.0.0/8. The use of this access list would allow only the supernet 172.0.0.0/8 to be advertised; networks 172.20.0.0/16 and 172.30.0.0/16 would not be advertised.
Prefix Lists
New in IOS Release 12.0
Prefix lists can be used as an alternative to access lists in many BGP route filtering commands. Advantages are:
Significant performance improvement Support for incremental modifications More user-friendly command-line interface Greater flexibility
www.cisco.com
BSCN10-26
As discussed, distribute lists make use of access lists in order to do route filtering. However, access-lists were originally designed to do packet filtering. Prefix lists, introduced in Release 12.0 of the Cisco IOS, can be used as an alternative to access lists in many BGP route filtering commands. The advantages of using prefix lists include:
s
A significant performance improvement over access-lists in loading and route lookup of large lists. Support for incremental modifications. Compared to the normal access-list where one no command will erase the whole access-list, a prefix-list can be modified incrementally. More user-friendly command-line interface. As we just saw, the command-line interface for using extended access lists to filter BGP updates is difficult to understand and use. Greater flexibility.
www.cisco.com
BSCN10-27
Filtering by prefix list involves matching the prefixes of routes with those listed in the prefix list, similar to using access lists. Whether a prefix is permitted or denied is based upon the following rules:
s s
An empty prefix list permits all prefixes. If a prefix is permitted, the route is used. If a prefix is denied, the route is not used. Prefix lists consist of statements with sequence numbers. The router will begin the search for a match at the top of the prefix list, which is the statement with the lowest sequence number. Once a match occurs, the router does not need to go through the rest of the prefix list. For efficiency, you may want to put the most common matches (permits or denies) near the top of the list by specifying the sequence number. An implicit deny is assumed if a given prefix does not match any entries of a prefix list.
ip prefix-list list-name [seq seq-value] deny|permit network/len [ge ge-value] [le le-value]
Creates a prefix-list
Router(config-router)#
Configures the router to distribute BGP neighbor information as specified in a prefix list
1999, Cisco Systems, Inc.
www.cisco.com
BSCN10-28
The ip prefix-list command is used to create a prefix-list. ip prefix-list Command list-name seq-value Description Name of the prefix list that will be created. Sequence number of the prefix-list statement, used to determine the order in which the statements are processed when filtering. The action taken once a match is found. The prefix to be matched and the length of the prefix. The network is a 32-bit address; the length is a decimal number. Used to specify the range of the prefix length to be matched, for prefixes that are more specific than network/len. The range is assumed to be from ge-value to 32 if only the ge attribute is specified. Used to specify the range of the prefix length to be matched, for prefixes that are more specific than network/len. The range is assumed to be from len to le-value if only the le attribute is specified.
deny|permit network/len
ge-value
le-value
Both ge and le are optional. They can be used to specify the range of the prefix length to be matched for prefixes that are more specific than network/len. The value range is: len < ge-value < le-value <= 32 An exact match is assumed when neither ge nor le is specified.
Copyright 1999, Cisco Systems, Inc.
A prefix-list can be re-configured incrementally, that is, an entry can be deleted or added individually. The neighbor prefix-list command is used to distribute BGP neighbor information as specified in a prefix list. neighbor prefix-list Command Description ip address peer-group-name prefix-listname in out IP address of the BGP neighbor for which routes will be filtered. Name of a BGP peer group (peer groups are covered later in this chapter). Name of the prefix list that will be used to filter the routes. Prefix list is applied to incoming advertisements from the neighbor. Prefix list is applied to outgoing advertisements to the neighbor.
The neighbor prefix-list command can be used as an alternative to the Note neighbor distribute-list command, but you cannot use both commands for configuring the same BGP peer.
The no ip prefix-list list-name command, where list-name is the string identifier of a prefix-list, is used to delete (i.e., destroy) a prefix-list. The [no] ip prefix-list list-name description text command can be used to add/delete a text description for a prefix-list.
Sequence Numbers
Generated automatically by default Use to insert entry in specific order Use to delete individual entry
www.cisco.com
BSCN10-29
Prefix list sequence numbers are generated automatically, unless you disable this automatic generation. If you disable the automatic generation of sequence numbers, you must specify the sequence number for each entry using the seq-value argument of the ip prefix-list command. Regardless of whether the default sequence numbers are used in configuring a prefix list, a sequence number does not need to be specified when removing a configuration entry. By default, the entries of a prefix list will have sequence values of 5, 10, 15 and so on. In the absence of a specified sequence value, a new entry will be assigned with a sequence number equal to the current maximum sequence number + 5. A prefix-list is an ordered list. The sequence number is significant when a given prefix is matched by multiple entries of a prefix list, in which case the one with the smallest sequence number is considered as the real match. Show commands include the sequence numbers in their output. The no ip prefix-list sequence-number command is used to disable the automatic generation of sequence numbers of prefix-list entries. Use the ip prefix-list sequence-number command to re-enable the automatic generation of sequence numbers.
AS 200
B 10.10.10.2 10.10.20.2 C
AS 300
AS 100
192.168.1.0
www.cisco.com
BSCN10-30
In this example we want Router A to only send the supernet 172.0.0.0/8 to AS 200; the route to the network 172.30.0.0/16 should not be sent.
www.cisco.com
BSCN10-31
Router A has two neighbors, Router B (10.10.10.2 in AS 200) and Router C (10.10.20.2 in AS 300). When Router A sends updates to neighbor Router B, the neighbor prefix-list statement specifies that it will use the prefix-list called superonly to determine which updates are to be sent. The ip prefix-list superonly specifies that only the route 172.0.0.0/8, should be sent (it is permitted in the prefix-list). No other routes will be sent to Router B, since prefix-lists have an implicit deny any at the end.
www.cisco.com
BSCN10-32
The commands related to prefix-lists are described below: Show ip prefix-list [detail|summary] Displays information of all prefixlists. Specifying the detail keyword includes the description and the hit count in the display. Display a table showing the entries in a specific prefix-list Display the policy associated with the node in a prefix-list. Display the prefix-list entry with a given sequence number. Display all entries of a prefix-list that are more specific than the given network and length. Display the entry of a prefix-list that matches the given prefix (network and length of prefix). Resets the hit count shown on prefix-list entries
Show ip prefix-list [detail|summary] name show ip prefix-list name [network/len] show ip prefix-list name [seq seq-num] show ip prefix-list name [network/len] longer show ip prefix-list name [network/len] first-match clear ip prefix-list name [network/len]
www.cisco.com
BSCN10-33
The output shown in the graphic is from Router A in the last example. It has a prefix-list called superonly, with only one entry (sequence number 5).
Describe the scalability problems associated with Internal BGP Explain and configure BGP Route Reflectors Describe and configure policy control in BGP using prefix lists
Task: Answer the following questions. 1. Describe the BGP split horizon rule. _________________________________________________________________ _________________________________________________________________ _________________________________________________________________ 2. What effect do route reflectors have on the BGP split horizon rule? _________________________________________________________________ 3. Write a brief description of the following: Route reflector _______________________________________ Route reflector client ______________________________________ 4. Routers configured as route reflectors do not have to be fully meshed with IBGP, true or false? _________________ 5. When a route reflector receives an update from a client, it sends it to _____________________________________________________________ 6. What is the command used to configure a router as a BGP route reflector? _________________________________________________________________ 7. When an extended access-list is used in a distribute-list, what is the meaning of the parameters of the access-list? _________________________________________________________________ _________________________________________________________________ _________________________________________________________________ 8. Describe the advantages of using prefix lists rather than access lists for BGP route filtering. _________________________________________________________________ _________________________________________________________________ _________________________________________________________________ 9. In a prefix list, what is the sequence number used for? _________________________________________________________________ _________________________________________________________________
Copyright 1999, Cisco Systems, Inc. Implementing BGP in Scalable ISP Networks 10-33
_________________________________________________________________ 10. What command is used to clear the hit count of the prefix list entries? _________________________________________________________________
Route Maps
Route maps can be used in many places. They are introduced here since they are used in communities discussed in the next section. Route maps will also be used in later chapters.
Route Maps
Filters for network advertisements Offer detailed control over advertisements Complex conditional advertisement via match command Changes routing table parameters via set command
www.cisco.com
BSCN10-37
For BGP, a route map is a method used to control and modify routing information. This is done by defining conditions for redistributing routes from one routing protocol to another or controlling routing information when injected in and out of BGP. (Redistribution between routing protocols is covered in a later chapter.) Route maps are complex access lists that allow some conditions to be tested against the route in question, and if the conditions match then some actions can be taken to modify the route. These actions are specified by set commands.
Route Maps
Route maps are complex access lists:
lines in access-lists statements in route maps access-list number route-map name addresses and masks in access-lists match statements in route maps statements in route-maps are numbered
can insert and delete statements in a route-map can edit match conditions in a statement
www.cisco.com
BSCN10-38
A collection of route-map statements that have the same route-map name are considered one route-map. Within a route-map, each route-map statement is numbered, and can therefore be edited individually. The statements in a route-map correspond to the lines of an access-list. Specifying the match conditions in a route-map is similar to specifying the source and destination address and masks in an access-list. One big difference between route maps and access-lists is that route maps can modify the route, by using set commands.
match {conditions}
set {actions}
www.cisco.com
BSCN10-39
The route-map command is used to define the conditions for policy routing. route-map Command map-tag permit|deny sequence-number Description Name of the route-map. Defines the action to be taken if the routemap match conditions are met. Sequence number that indicates the position a new route map is to have in the list of route maps already configured with the same name.
The route-map statements compose a route list. The list is processed top-down like an access list. The first match found for a route is applied. The sequence number is used for inserting or deleting specific route-map statements. The match route-map configuration commands are used to define the conditions to be checked. The set route-map configuration commands are used to define the actions to be followed if there is a match. The single match statement may contain multiple references. A route must be permitted by at least one reference in the match statement to be considered a match. A route must be permitted by all match statements in the route-map list to be considered a match for the route-map list. The sequence-number specifies the order in which conditions are checked. For example, if there are two instances of a route-map named MYMAP, one with sequence 10 and the other with sequence 20, sequence 10 will be checked first. If the match conditions in sequence 10 are not met then sequence 20 will be checked. Like an access-list, there is an implicit deny any at the end of a route-map.
Route Maps
Matching routes modified by set commands Matching routes permitted or denied by the associated route-map statement. If match criteria met and route-map specified permit control routes as specified by the set action; ignore rest of the route-map list If match criteria met and route-map specified deny do not control routes; ignore rest of the route-map list If all sequences in the list checked and no matches do not accept or forward route
1999, Cisco Systems, Inc.
www.cisco.com
BSCN10-40
If the match criteria are met and the route-map specified permit, then the routes will be controlled as specified by the set action(s), and the rest of the route-map list will be ignored. If the match criteria are met and the route-map specified deny, then the routes will not be controlled and the rest of the route-map list will be ignored. If all sequences in the list are checked without a match, then the route will not be accepted nor forwarded (this is the implicit deny any at the end of the routemap). Match commands include:
s s s s s s s s s s
match as-path match community match clns match interface match ip address match ip next-hop match ip route-source match metric match route-type match tag
s s s s s s s s s s s s s
set automatic-tag set community set interface set default interface set ip default next-hop set level set local-preference set metric set metric-type set next-hop set origin set tag set weight
A prefix-list can be used as an alternative to an access-list in the command Note match {ip address|next-hop|route-source} access-list of a route-map. The configuration of prefix-lists and access-lists are mutually exclusive within the same sequence of a routemap.
www.cisco.com
BSCN10-41
The neighbor route-map command is used to apply a route map to incoming or outgoing routes. neighbor route-map Command Description ip-address peer-group-name map-name in out Neighbors IP address. Name of a BGP peer group (peer groups are covered later in this chapter). Name of route map to apply Apply route map to incoming routes from the neighbor. Apply route map to outgoing routes to the neighbor.
When used for filtering BGP updates, route maps can not be used to filter Note inbound updates when using a "match" on the ip address. Filtering outbound updates is permitted.
www.cisco.com
BSCN10-42
In the example shown, BGP is running on the router, and a route-map named changemetric is being used when routes are sent out to neighbor 172.20.1.1.
Other router bgp configuration commands have been omitted from the example Note in the graphic.
Two instances of changemetric have been defined. Sequence number 10 will be checked first. If a routes IP address matches access-list 1, in other words if the IP address starts with 172.16, the route will have its metric (MED) set to 2, and the rest of the list will be ignored. If there is no match, then sequence number 20 will be checked. Since there is no match statements in this instance, the metric (MED) on all other routes will be set to 5. It is always very important to plan what will happen to routes that do not match any of the route-map instances, because they will be dropped by default.
Communities
This section discusses BGP communities and how to configure them.
BGP Communities
Communities are a means of tagging routes to ensure consistent filtering or route-selection policy Any BGP router can tag routes in incoming and outgoing routing updates or when doing redistribution Any BGP router can filter routes in incoming or outgoing updates or select preferred routes based on communities By default, communities are stripped in outgoing BGP updates
www.cisco.com
BSCN10-44
BGP communities are another way to filter incoming or outgoing routes. The distribute-lists and prefix-lists discussed in the previous section would be cumbersome to configure for a large network with a complex routing policy. For example, individual neighbor statements and access-lists or prefix-lists would need to be configured for each neighbor on each router that was involved in the policy. The BGP communities function allows routers to tag routes with an indicator (the community) and allows other routers to make decisions based upon that tag. BGP communities are used for destinations (routes) that share some common properties and that therefore share common policies; routers therefore act on the community rather than on individual routes. Communities are not restricted to one network or one AS, and have no physical boundaries. If a router does not understand the concept of communities it will pass it on to the next router. However, if the router does understand the concept, then it must be configured to propagate the community, otherwise communities are dropped by default.
Community Attribute
Community Attribute
Represented as an integer Carried across ASs (transitive) Each network can be member of multiple communities
www.cisco.com
BSCN10-45
The community attribute is an optional transitive attribute that can be in the range 0 to 4,294,967,200. Each network can be a member of more than one community. Route maps can be used to set the community attributes.
www.cisco.com
BSCN10-46
The community attribute is a 32 bit number, with the upper 16 bits indicating the AS number of the AS that defined the community. The lower 16 bits are the community number and have local significance. The community value can be entered as one decimal number or in the format AS:nn (where AS is the AS number and nn is the lower 16-bit local number). The community value is displayed as one decimal number by default.
Communities Configuration
Router(config-route-map)#
Sets BGP communities attribute of a route Done in route-map Use with neighbor route-map command to apply to updates
www.cisco.com
BSCN10-46
The set community command is used within a route-map to set the BGP communities attribute. set community Command community-number additive none Description The community number; values are 1 to 4294967200. Specifies that the community is to be added to the already existing communities. Removes the community attribute from the prefixes that pass the route-map
Predefined well known community-numbers that can be used in this command are:
s s s
no-export (do not advertise to EBGP peers) no-advertise (do not advertise this route to any peer) local-AS (do not send outside local AS)
Specify that the BGP communities attribute should be sent to a BGP neighbor By default, communities are stripped in outgoing BGP updates
www.cisco.com
BSCN10-48
The neighbor send-community command is used to specify that the BGP communities attribute should be sent to a BGP neighbor. neighbor send-community Command Description ip-address peer-group-name Neighbors IP address. Name of a BGP peer group (peer groups are covered later in this chapter).
Communities Example 1
172.30.0.0
AS 200
B 10.10.10.2 10.10.20.2 C
AS 300
172.30.0.0/16
172.30.0.0/16
10.10.10.1
Router C sends BGP routes to Router A but does not want Router A to propagate these routes to Router B
1999, Cisco Systems, Inc.
In the example in the graphic, Router C is sending BGP updates to Router A, but it does not want Router A to propagate these routes to Router B. Router C will set the community attribute in the BGP routes it is advertising to Router A. The no-export community attribute will be used, to indicate that Router A should not send the routes to its external BGP peers.
X
A
www.cisco.com
10.10.20.1
AS 100
192.168.1.0
BSCN10-49
www.cisco.com
BSCN10-50
The configuration for Router C is shown in the graphic. Router C has one neighbor, 10.10.20.1 (Router A). The route-map SETCOMM is used when sending routes to Router A. The route-map SETCOMM is used to set the community attribute. Any route that matches access-list 1 will have the community attribute set to no-export. Accesslist 1 permits any routes; therefore all routes will have the community attribute set to no-export. When communicating with Router A, the community attribute is sent, as specified by the neighbor send-community command. Router A will receive all of Router Cs routes, but will not pass them on to Router B.
Using Communities
Router(config)#
Create a community-list
Router(config-route-map)#
www.cisco.com
BSCN10-51
The ip community-list configuration command is used to create a community list for BGP and control access to it. ip community-list Command community-list-number community-number Description Community list number, in the range 1 to 99. Community number, configured by a set community command.
Some predefined well known community-numbers that can be used with the ip community-list command are:
s s s s
no-export (do not advertise to EBGP peers) no-advertise (do not advertise this route to any peer) local-AS (do not send outside local AS) internet (advertise this route to the internet community, any router belongs to it)
The match community route-map configuration command is used to match a BGP community attribute to a value in a community-list. match community Command community-list-number Description Community list number, in the range 1 to 99, that will be used to compare the community attribute with. Indicates an exact match is required. All of the communities and only those communities in the community list must be present in the community attribute.
exact
The match community command appears in the documentation as the match Note community-list command; however only match community actually works on the routers.
Communities Example 2
172.30.0.0
AS 200
B 10.10.10.2 10.10.20.2 C
AS 300
AS 100
192.168.1.0
Router C sends BGP routes to Router A, and Router A sets the weight of these routes based on the community
1999, Cisco Systems, Inc.
www.cisco.com
BSCN10-52
In the example in the graphic, Router C is sending BGP updates to Router A. Router A will set the weight of these routes based on the community value set by Router C.
www.cisco.com
BSCN10-53
The configuration for Router C is shown in the graphic. Router C has one neighbor, 10.10.20.1 (Router A). The route-map SETCOMM is used when sending routes to Router A. The route-map SETCOMM is used to set the community attribute. Any route that matches access-list 1 will have 100 added to the existing communities in the community attribute of the route. In this example access-list 1 permits any routes; therefore all routes will have 100 added to the list communities. If the additive keyword is not set, 100 will replace any old community that already exits; if the keyword additive is used then the 100 will be added to the list of communities that the route is part of. When communicating with Router A, the community attribute will be sent, as specified by the neighbor send-community command. The configuration for Router A is shown on the next page.
BSCN10-54
The configuration for Router A is shown in the graphic. Router A has a neighbor, 10.10.20.2 (Router C). The route-map CHKCOMM is used when receiving routes from Router C.
Other router bgp configuration commands for Router A are not shown in the Note graphic.
The route-map CHKCOMM is used to check the community attribute. Any route whose community attribute matches community-list 1 will have its weight attribute set to 20. Community-list 1 permits routes with a community attribute of 100; therefore all routes from Router C (which all have 100 in their list of communities) will have their weight set to 20. Any route that did not match community-list 1 would be checked against community-list 2. Any route matching community-list 2 would be permitted, but would not have any of its attributes changed. Community-list 2 specifies the internet keyword, which means all routes.
www.cisco.com
BSCN10-55
The example output shown in the graphic is from Router A. The output shows the details about the route 172.30.0.0 from Router C, including that its community attribute is 100 and its weight attribute is now 20.
Peer Groups
This section discusses peer groups and how to configure them.
Peer Groups
Peer Groups
Define template with parameters set for group of neighbors instead of individually Useful when many neighbors with same outbound policies Members can have different inbound policy Updates generated once per peer-group Simplifies configuration
www.cisco.com
BSCN10-57
Often, in BGP many neighbors are configured with the same update policies (that is, the same outbound route maps, distribute lists, filter lists, update source, and so on). On Cisco routers neighbors with the same update policies can be grouped into peer groups to simplify configuration and, more importantly, to make updating more efficient. When you have many peers, this approach is highly recommended. A BGP peer group is a group of BGP neighbors with the same update policies. Instead of separately defining the same policies for each neighbor, a peer group can be defined with these policies assigned to the peer group. Individual neighbors are then made members of the peer group. Members of the peer group inherit all of the configuration options of the peer group. Members can also be configured to override these options if these options do not affect outbound updates; in other words only options that affect the inbound updates can be overridden. Peer groups are useful to simplify configurations when many neighbors have the same policy. They are also more efficient since updates are generated only once per peer group rather than once for each neighbor. The peer group name is only local to the router it is configured on, it is not passed to any other router.
www.cisco.com
BSCN10-58
The neighbor peer-group command is used to create a BGP peer group and assign neighbors as part of the group. The parameters of the first syntax of the command shown in the graphic have the following meaning: neighbor peer-group Command peer-group-name Description Name of the BGP peer group to be created.
The parameters of the second syntax of the command shown in the graphic have the following meaning: neighbor peer-group Command ip-address Description IP address of neighbor that is to be assigned as a member of the peer group. Name of the BGP peer group.
peer-group-name
www.cisco.com
BSCN10-59
The clear ip bgp peer-group command is used to clear the BGP connections for all members of a BGP peer group. clear ip bgp peer-group Command peer-group-name Description Name of the BGP peer group.
The documentation says that the clear ip bgp peer-group command is used to Note remove all the members of a BGP peer group; however it actually clears the connections.
AS 200
B 10.10.10.2 10.10.20.2 C
AS 300
10.10.20.1 10.10.10.1
192.168.2.2
E 192.168.3.1
192.168.3.2
AS 100
www.cisco.com
BSCN10-60
In the example in the graphic, Router A has 2 internal neighbors, Routers D and E, and two external neighbors, Routers B and C. The routing policies for Routers D and E are the same, and the routing policy for Routers B and C are the same. Router A will be configured with two peer groups, one for internal neighbors, and one for external neighbors, rather than individual neighbor configurations.
www.cisco.com
BSCN10-61
Part of the configuration for Router A is shown in the graphic. This configuration creates a peer group called INTERNALMAP. All members of this peer group are in AS 100. A prefix-list called PREINTIN will be applied to all routes from members of this peer group and a prefix-list called PREINTOUT will be applied to all routes going to members of this peer group. A route-map called SETINTERNAL will be applied to all routes going to members of this peer group. Router E (192.168.2.2) and Router D (192.168.1.2) are members of the peer group INTERNALMAP. A prefix list called JUST2 will be applied to all routes from Router E (192.168.2.2). Recall that you can only override peer group options that affect inbound updates.
Note Router bgp configuration commands for Router A not related to peer groups are not shown in the graphic. The configuration for Router As external peer group is shown on the next page.
www.cisco.com
BSCN10-62
Part of the configuration for Router A is shown in the graphic. This configuration creates a peer group called EXTERNALMAP. A prefix-list called PREEXTIN will be applied to all routes from members of this peer group and a prefix-list called PREEXTOUT will be applied to all routes going to members of this peer group. A route-map called SETEXTERNAL will be applied to all routes going to members of this peer group. Router B (10.10.10.2) is in AS 200 and is a member of the peer group EXTERNALMAP. Router C (10.10.20.2) is in AS 300 and is a member of the peer group EXTERNALMAP. A prefix list called JUSTEXT2 will be applied to all routes from Router B (10.10.10.2). Recall that you can only override peer group options that affect inbound updates.
Note Router bgp configuration commands for Router A not related to peer groups are not shown in the graphic.
Multi-homing
This section describes multi-homing and provides some examples of configuring it.
What is Multi-homing?
Connecting to two or more ISPs to increase:
Reliabilityif one ISP fails, still connected Performancebetter paths to common Internet destinations
www.cisco.com
BSCN10-64
Multi-homing is the term used to describe when an AS is connected to more than one ISP. This is usually done for two reasons:
s
To increase the reliability of the connection to the Internet, so that if one connection fails another will still be available. To increase the performance, so that better paths can be used to certain destinations.
Types of Multi-homing
Three common types:
Default routes from all providers Customer routes and default routes from all providers Full routes from all providers
www.cisco.com
BSCN10-65
The configuration of the multiple connections to the ISPs can be classified depending on the routes that are provided to the AS from the ISPs. Three common ways of the configuring the connections are:
s s
All ISPs pass only default routes to the AS. All ISPs pass default routes, and selected specific routes (for example, from customers with who the AS exchanges a lot of traffic) to the AS. All ISPs pass all routes to the AS.
www.cisco.com
BSCN10-66
The first scenario is when all ISPs pass only default routes to the AS. This requires the minimum resources within the AS, since only default routes will have to be processed. The AS will send all of its routes to the ISPs, who will process them and pass them on to other ASs as appropriate. The ISP that a specific router within the AS uses to reach the Internet will be decided by the IGP metric used to reach the default route within the AS. The route that inbound packets take to get to the AS will be decided outside of the AS (within the ISPs and other ASs).
ISP AS 200
D 0.0.0.0 A B
ISP AS 300
E 0.0.0.0
AS 400
C
1999, Cisco Systems, Inc.
www.cisco.com
In the example in the graphic, As 200 and AS 300 send default routes into AS 400. The ISP that a specific router within AS 400 uses to reach any external address will be decided by the IGP metric used to reach the default route within the AS. For example if RIP is used within AS 400, Router C will select the route with the lowest hop count to the default route when it wants to send packets to network 172.16.0.0.
www.cisco.com
BSCN10-68
The second scenario is when all ISPs pass default routes, and selected specific routes (for example, from customers with who the AS exchanges a lot of traffic) to the AS. This requires the more resources within the AS, since default routes and some external routes will have to be processed. The AS will send all of its routes to the ISPs, who will process them and pass them on to other ASs as appropriate. The ISP that a specific router within the AS uses to reach the customer networks will usually be the shortest AS-path. However this can be overridden using the methods discussed earlier in this chapter, including distribute-lists, prefix-lists and communities. The path to all other external destinations will be decided by the IGP metric used to reach the default route within the AS. The route that inbound packets take to get to the AS will be decided outside of the AS (within the ISPs and other ASs).
ISP AS 200
D E
ISP AS 300
AS 400
C
www.cisco.com
BSCN10-69
In the example in the graphic, As 200 and AS 300 send default routes, as well as specific routes to the customers (AS 100) network 172.16.0.0, into AS 400. The ISP that a specific router within AS 400 uses to reach the customer networks will usually be the shortest AS-path. The shortest AS-path to AS 100 is via AS 200 (versus via AS 300, then AS 200) through Router A. Router C will select this route when it wants to send packets to network 172.16.0.0. The routes to other external addresses that are not specifically advertised to AS 400 will be decided by the IGP metric used to reach the default route within the AS.
ISP AS 200
D E
ISP AS 300
AS 400 AS 400
C
www.cisco.com
BSCN10-70
In this example, As 200 and AS 300 send default routes, as well as specific routes to the customers (AS 100) network 172.16.0.0, into AS 400. The ISP that a specific router within AS 400 uses to reach the customer networks will usually be the shortest AS-path. However, Router B is configured to change the local preference of routes to 172.16.0.0/16 to 800 from its default of 100. Router C will therefore take the path through Router B to get to 172.16.0.0. The routes to other external addresses that are not specifically advertised to AS 400 will be decided by the IGP metric used to reach the default route within the AS.
www.cisco.com
BSCN10-71
The third scenario is when all ISPs pass all routes to the AS. This requires a lot of resources within the AS, since all external routes will have to be processed. The AS will send all of its routes to the ISPs, who will process them and pass them on to other ASs as appropriate. The ISP that a specific router within the AS uses to reach the external networks will usually be the shortest AS-path. However this can still be overridden using the methods discussed earlier in this chapter, including distribute-lists, prefix-lists and communities. The route that inbound packets take to get to the AS will be decided outside of the AS (within the ISPs and other ASs).
ISP AS 200
D E
ISP AS 300
AS 400
C Chooses Shortest AS Path
1999, Cisco Systems, Inc.
C
www.cisco.com
BSCN10-72
In this example, As 200 and AS 300 send all routes into AS 400. The ISP that a specific router within AS 400 uses to reach the external networks will usually be the shortest AS-path. However, the routers in AS 400 could be configured to influence the path that routes to certain networks take.
www.cisco.com
BSCN10-73
These commands are some of the ones that can be used to influence the path taken to external routes. The neighbor weight command is used to assign a weight to a neighbor connection. neighbor weight Command ip-address Description IP address of neighbor that is to be assigned as a member of the peer group. Name of the BGP peer group. Weight to assign. Acceptable values are 0 to 65535.
peer-group-name weight
The bgp default local-preference command is used to change the default local preference value. bgp default local-preference Command value Description Local preference value from 0 to 4294967295. Higher is more preferred.
The set local-preference command is used to specify a preference value for the autonomous system path. set local-preference Command value Description Local preference value from 0 to 4294967295. Higher is more preferred.
Conditionally advertise prefixes non-exist-map is periodically checked; if satisfied (i.e. if routes are not in the BGP table), the prefixes matched by the advertise-map are advertised to the neighbor
www.cisco.com
BSCN10-74
The neighbor advertise-map command is used to conditionally advertise prefixes. neighbor advertise-map Command ip-address advertise-map route-map non-exist-map route-map Description IP address of neighbor to which advertisements will be sent. Route-map to be used to advertise prefixes. Route-map that will be periodically checked. If routes specified are not in the BGP table then the prefixes matched by the advertise-map routemap are advertised to the neighbor.
Multi-homing Example
172.25.0.0
AS 250
ISP AS 200
ISP AS 300
10.10.20.2 10.10.10.1 A
AS 100
www.cisco.com
BSCN10-75
In the example in the graphic, AS 100 is connected to two ISPs, AS 200 and AS 300. Assume that both ISPs are sending full routes to AS 100. The following pages show some configurations and results for Router A.
www.cisco.com
BSCN10-76
In this first example configuration, Router A is configured with two EBGP neighbors, Router B (10.10.10.2) and Router C (10.10.20.1). No special tuning is done to influence the way that AS 100 gets to the other ASs.
Results 1 - No Tuning
RtrA#show ip bgp BGP table version is 7, local router ID is 172.16.10.1 Status codes: s suppressed, d damped, h history, * valid, > best, i internal Origin codes: i - IGP, e - EGP, ? - incomplete Network *> 10.10.10.0/24 *> 10.10.20.0/24 * *> *> 172.25.0.0 * * *>
1999, Cisco Systems, Inc.
Next Hop 0.0.0.0 0.0.0.0 10.10.20.1 10.10.10.2 10.10.10.2 10.10.20.1 10.10.10.2 10.10.20.1
Metric LocPrf Weight Path 0 0 0 32768 i 32768 i 0 300 200 i 0 200 i 0 200 250 i 0 300 250 i 0 200 300 i 0 0 300 i
BSCN10-77
172.20.0.0
172.30.0.0
www.cisco.com
In this example, Router A will select the route via 10.10.10.2 (Router B) to get to 172.20.0.0 and the route via 10.10.20.1 (Router C) to get to 172.30.0.0, since these paths have the shortest AS-path length (of one AS). Router A has 2 paths to 172.25.0.0, and they both have the same AS-path length (there are two ASs in each path). In this case, with all other attributes being equal, Router A will select the path that has the lowest BGP Router ID value. Router A therefore chooses the path through 10.10.10.2 (Router B) to get to 172.25.0.0 in AS 250.
www.cisco.com
BSCN10-78
In this example configuration, Router A is configured with two EBGP neighbors, Router B (10.10.10.2) and Router C (10.10.20.1). The weights used for routes from each neighbor have been changed from their default of zero; routes received from 10.10.10.2 (Router B) will have a weight of 100 while routes received from 10.10.20.1 (Router C) will have a weight of 150.
Next Hop 0.0.0.0 0.0.0.0 10.10.20.1 10.10.10.2 10.10.20.1 10.10.10.2 10.10.20.1 10.10.10.2
Metric LocPrf Weight Path 0 0 0 32768 i 32768 i 150 300 200 i 100 200 i 150 300 250 i 100 200 250 i 0 150 300 i 100 200 300 i
BSCN10-79
www.cisco.com
In this example, since the weight for Router C is higher than the weight for Router B, we will force Router A to use Router C as a next hop to reach all external routes. Recall that the weight attribute is looked at before the AS-path length, so the AS-path length will be ignored in this case.
BGP has its own table, in addition to the IGP Routing Table Information can be exchanged between the two tables
1999, Cisco Systems, Inc.
www.cisco.com
BSCN10-81
As noted earlier, a router running BGP keeps a table of BGP information, separate from the IP routing table. Information in the tables can be exchanged between the BGP protocol and the IGP protocol running in the routers
BSCN10-82
Route information is sent from an Autonomous System into BGP in one of three ways:
s
Using the network command. As already discussed, for BGP the network command allows BGP to advertise a network that is already in the IP table. The list of network commands must include all of the networks in the AS that you want to advertise. Redistributing static routes into BGP. Redistribution is when a router running different protocols advertises routing information received between the protocols. Static routes in this case are considered to be a protocol, and static information is advertised to BGP. Redistributing dynamic IGP routes into BGP. This solution is not recommended as it may cause instability.
The following pages examine the last two bullets in more detail.
www.cisco.com
BSCN10-83
Redistribution of static routes configured to the null 0 interface into BGP is done to advertise aggregate routes rather than specific routes from the IP table. Any route redistributed into BGP must already be known in the IP table. Using the static route to null 0 is a way of fooling the process into believing that a route actually exists for the aggregate. A static route to null 0 is not necessary if you are using a network command with a non-aggregated network, i.e. a network that exists in the IP table. The use of null 0 may seem to be strange, since a static route to null 0 means discard any information for this network. This will usually not be a problem since the router doing the redistribution has a more specific route to the destination networks, and these will be used to route any traffic that comes into the router. A problem with using this method of aggregation is that if the router looses access to the more specific routes, it would still be advertising the static aggregate, thus creating a black hole. The preferred method is to use the aggregate-address command. With this command as long as a more specific route exists in the BGP table, then the aggregate gets sent. If the aggregating router looses connection to the networks being aggregated, then they disappear from the BGP table and hence the BGP aggregate does not get sent.
www.cisco.com
BSCN10-84
Redistributing from an IGP into BGP is not recommended because any change in the IGP routes, for example if a link goes down, may cause a BGP update. This method could result in unstable BGP tables. If redistribution is used, care must be taken that only local routes are redistributed. For example, routes learned from other ASs (that were learnt by redistributing BGP into the IGP) must not be sent out again from the IGP, or routing loops could result. Configuring this filtering can be complex.
www.cisco.com
BSCN10-85
Route information is sent from BGP into an Autonomous System by redistribution of the IGP routes into BGP. Since BGP is an external routing protocol, care must be taken when exchanging information with internal protocols due to the amount of information in BGP tables. For ISP autonomous systems, redistributing into BGP is not normally required. Other ASs may use redistribution, but the number of routes will mean that filtering will normally be required. Each of these situations is examined on the next two pages.
Advantages
Carry fewer routes in IGP BGP converges faster
1999, Cisco Systems, Inc.
www.cisco.com
BSCN10-86
An ISP typically has all routers in the AS running BGP. This would of course be a full mesh IBGP environment, and IBGP would be used to carry the EBGP routes across the AS. All of the routers in the AS would be configured with the no synchronization command, so that synchronization between IGP and BGP is not required. The BGP information would then not need to be redistributed into the IGP. The IGP would only need to route information local to the AS, and routes to the next-hop addresses of the BGP routes. One advantage of this approach is that the IGP protocol does not have to be concerned with all of the BGP routes, BGP will take care of them. BGP will also converge faster in this environment since it doesnt have to wait for the IGP to advertise the routes.
www.cisco.com
BSCN10-87
A non-ISP AS typically would not have all routers in the AS running BGP, and may not have a full mesh IBGP environment. If this is the case, and knowledge of external routes is required inside the AS, then redistribution of BGP into the IGP would be necessary. However, due to the number of routes that would be in the BGP tables, filtering will normally be required. As discussed in the multi-homing section, an alternative to receiving full routes from BGP is that the ISP could send only default routes, or default routes and some external routes to the AS.
EBGP
EBGP
ISP #1
ISP #2
www.cisco.com
BSCN10-89
In this case study, we will look at how JKL will connect to the Internet. As shown in the graphic, JKL has two ISP connections, to AS 4304 and AS 1673. The following topics are some considerations to discuss with the class during the case study:
s
Which routers will be running BGP? Where in the hierarchy will the ISP connections be made? How does JKLs topology approach differ from an ISP approach?
Recall that JKL is using OSPF, VLSM and route summarization. JKL has a class B public address. How will JKLs routes be advertised to the Internet? How will JKL learn routes of external ASs?
s s
Synchronization issues
s
Should JKL use synchronization between BGP and OSPF, or can it be turned off?
Copyright 1999, Cisco Systems, Inc.
What policies might JKL have and why? How would these policies be implemented?
Ease of configuration
s s
How difficult would the policies be to implement? Are there alternatives how easy would they be to implement?
Summary
This section summaries the tasks you learned to complete in this chapter
Summary
After completing this chapter, you should be able to perform the following tasks:
Describe the scalability problems associated with Internal BGP Explain and configure BGP Route Reflectors Describe and configure policy control in BGP using prefix lists Describe and configure BGP Communities and Peer Groups
www.cisco.com
BSCN10-85
Summary (contd)
After completing this chapter, you should be able to perform the following tasks:
Describe methods to connect to multiple ISPs using static routes, default routes, and BGP Explain the use of redistribution between BGP and Interior Gateway Protocols (IGPs) Given a set of network requirements, configure a multi-homed BGP environment and verify proper operation (within described guidelines) of your routers
1999, Cisco Systems, Inc.
www.cisco.com
BSCN10-86
Review Questions
Answer the following questions.
Review Questions
1. What is the command used to configure a router to distribute BGP information as specified in an access-list? 2. What is a route reflector cluster? 3. Route maps use ________ commands to test conditions and _______ commands to modify routes. 4. What is the command used to specify that the BGP communities attribute should be sent to a neighbor?
1999, Cisco Systems, Inc.
www.cisco.com
BSCN10-92
www.cisco.com
BSCN10-93
11
Objectives
Upon completion of this chapter, you will be able to perform the following tasks:
Describe the functions of access lists Describe how routing updates can be optimized
www.cisco.com
BSCN11-2
Objectives
This chapter discusses network congestion causes and presents ways to control network congestion. Sections:
s s s s s s s s
Objectives Congestion Overview Managing Traffic Congestion IP Access List Usage Optimizing Routing Updates Summary Written Exercise: Managing Traffic and Access Answers to Exercise
11-2
Congestion Overview
Network Traffic Bandwidth of the Link
Congestion occurs when the data traffic exceeds the data-carrying capacity of the link Congestion anywhere in the path results in delays for user applications
1999, Cisco Systems, Inc.
www.cisco.com
BSCN11-3
Congestion Overview
Congestion can occur when the amount of network traffic transmitted on a particular medium exceeds the bandwidth of that medium. The users of the network perceive the network to be slow, but may not understand the cause of the slowness. Temporary congestion can be expected in every network. Periodic congestion often occurs because of the bursty nature of todays network applications. Causes of chronic congestion should be identified and remedied. Serial lines are generally where congestion is experienced.
11-3
Traffic in an IP Network
IP Network IP Network
Sources of data and overhead traffic: User applications Routing protocol updates Domain name server (DNS) requests Encapsulated protocol transport
1999, Cisco Systems, Inc.
www.cisco.com
BSCN11-4
Traffic in an IP Network
An IP network has many sources of data traffic and overhead traffic:
s
User applicationsData traffic is usually generated by user applications. These applications initiate file transfers using the File Transfer Protocol (FTP) and Trivial File Transfer Protocol (TFTP). Electronic mail is another common source of data traffic; it uses the Simple Mail Transfer Protocol (SMTP). Routing protocol updatesRouting protocols send updates periodically or when routing information changes. Domain Name System (DNS) requestsOverhead traffic is generated when the traffic is not directly related to user applications. Examples of overhead traffic are routing updates and broadcast requests, such as for a DNS. Encapsulated protocol transportNoncontiguous networks can be joined by encapsulating the network traffic in IP packets and sending that traffic across the IP network. If the two noncontiguous networks generate large amounts of traffic, slow links in the IP network could become congested.
11-4
Sources of data and overhead traffic: All user applications All routing protocol updates All overhead broadcasts and multicasts All data link/physical-layer signaling
1999, Cisco Systems, Inc.
www.cisco.com
BSCN11-5
Address Resolution Protocol (ARP) to resolve logical-to-physical addressing issues Keepalives to maintain connectivity Tokens for accessibility Time To Live updates
s s s
11-5
www.cisco.com
BSCN11-6
Filtering user and application trafficYou can use access lists to filter user and application traffic. Traffic filters can keep some traffic from reaching critical links. Filtering broadcast trafficSome periodic broadcasts, such as SAP packets, have configurable transmission timers to lengthen the interval between broadcasts. Adjusting timers on periodic announcementsLengthening the timers reduces the overall traffic load on the link. For example, you can adjust the time between SAP updates. Providing static entries in tablesUsing static entries in a routing table can eliminate the need to dynamically advertise network routes across that link. This technique is very effective for serial lines. Controlling routing overhead trafficTraffic that is required to support the routing process can be reduced. Converting from a distance vector protocol to a link-state protocol will almost eliminate the periodic announcements made by distance vector protocols such as RIP.
11-6
Location
Access/distribution layer Validate traffic where it enters network
1999, Cisco Systems, Inc.
www.cisco.com
BSCN11-7
11-7
Internet
Unsolicited requests
Corporate Network
www.cisco.com
BSCN11-8
11-8
Finance
R&D
HR
Marketing
Secure Subnet
www.cisco.com
BSCN11-9
11-9
Access List
www.cisco.com
BSCN11-10
11-10
Queue List
Dial-on-demand routing
Route filtering
Routing Table
www.cisco.com
BSCN11-13
www.cisco.com
BSCN11-14
11-12
www.cisco.com
BSCN11-15
Apply route filter outboundan outbound route filter will selectively remove (according to the distribute-list statements) routes from the transmitted routing update. The routing table will indicate more routes than are actually transmitted to the neighboring router. The distribute-list can be applied to one or more transmitting interfaces. Create summary routethis action has no effect on the routing table of the router where the configuration was applied, but it does affect the content of the routing update. Summary routes reduce the update size by removing some of the subnet detail normally included in routing updates. Configure passive interfaceprevents the interface from generating regularly scheduled routing updates for the routing processes to which the interface is linked. Arriving routing updates will be accepted by this interface. Create static routemanually entered routes have significance on the router where the static entry was created. These route entries are not propagated to neighboring routers unless explicit redistribution statements are applied. As a result of not sending all entries in the routing table, the routing update becomes smaller.
www.cisco.com
BSCN11-16
Apply route filter inboundan inbound route filter will selectively remove (according to the distribute-list statements) routes from the arriving routing update. The distribute-list can be applied to an arriving interface or if route redistribution is occurring, at the input to the routing process receiving the routes. Create a default routeusing a default route allows much of the subnet detail to be removed from the local routing table. Most often, a distribute-list is placed on the neighboring routers outbound interface to suppress subnet details from arriving at the router that relies heavily on the default route.
11-14
Summary
Traffic congestion is caused by:
Bursts of user application traffic Multicast and broadcast traffic Too much traffic on low-bandwidth links Network design issues
www.cisco.com
BSCN11-17
Summary
User services
Router updates
DNS traffic
Objective: List solutions for controlling network congestion. Task: List five ways to control network congestion: 1.__________________________________
2. __________________________________
3. __________________________________
4. __________________________________
11-16
Answers to Exercise
1999, Cisco Systems, Inc.
www.cisco.com
2-19
Answers to Exercise
11-18
12
Objectives
Upon completion of this chapter, you will be able to perform the following tasks:
Configure IP standard and extended access lists Limit virtual terminal, HTTP and SNMP access Verify access list operation Configure an alternative to using access lists
1999, Cisco Systems, Inc.
www.cisco.com
BSCN12-2
Objectives
This chapter discusses the following Cisco IOS software features useful in reducing unwanted traffic or controlling access in an IP environment: access lists, null interfaces, and helper addresses. Sections include:
s s s s s s s s s s s s
Objectives Managing IP Traffic Overview Configuring IP Standard Access Lists Configuring IP Extended Access Lists Restricting Virtual Terminal, HTTP and SNMP Access Verifying Access List Configuration Written Exercise: Restricting Access Using an Alternative to Access Lists Written Exercise: Alternative to Access Lists Summary Case Study Filtering Traffic Answers to Exercises
12-2
Broadcast
X
1999, Cisco Systems, Inc.
www.cisco.com
BSCN12-4
www.cisco.com
BSCN12-6
12-4
www.cisco.com
12-7
The Cisco IOS Release 10.3 introduced substantial additions to IP access lists. Caution These extensions are backward compatible. Migrating from existing releases to the Release 10.3 or later image will convert your access lists automatically. However, previous releases are not upwardly compatible with these changes. Thus, if you save an access list with the Release 10.3 or later image and then use older software, the resulting access list will not be interpreted correctly. This incompatibility can cause security problems. Save your old configuration file before booting Release 10.3 (or later) images in case you need to revert to an earlier version.
172.16.5.0
www.cisco.com
BSCN12-8
12-6
Route to interface
Apply condition
www.cisco.com
BSCN12-9
www.cisco.com
BSCN12-10
12-8
IP Addressing Review
High-Order Bits 0 10 110 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 First Octet 1-126 128-191 192-223 Class A B C Standard Mask 255.0.0.0 255.255.0.0 255.255.255.0
Class B subnets
255.255.0.0 255.255.128.0 255.255.192.0 255.255.224.0 255.255.240.0 255.255.248.0 255.255.252.0 255.255.254.0 255.255.255.0 255.255.255.128 255.255.255.192 255.255.255.224 255.255.255.240 255.255.255.248 255.255.255.252 255.255.255.254
www.cisco.com
0 1 2 3 4 5 6 7
Class C subnets
BSCN12-11
IP Addressing Review
The IP address is 32 bits in length and is made up of two parts:
s s
The address format is known as dotted-decimal notation. An example address is 131.108.122.204. Each bit in an octet has a binary weight, such as (128,...4,2,1). The minimum value for an octet is 0; it contains all zeros. The maximum value for an octet is 255; it contains all ones. The allocation of addresses is managed by a central authority. Network numbers are administered by the Internet Network Information Center (InterNIC). The NIC is also the main Request For Comments (RFCs) repository.
0 bit = must match bits in addresses 1 bit = no need to match bits in addresses
* Assuming subnet mask of 255.255.248.0
1999, Cisco Systems, Inc.
www.cisco.com
BSCN12-16
12-10
www.cisco.com
BSCN12-18
Create an access list in global configuration mode by specifying an access list number and access conditions. Define a standard IP access list using a source address and wildcard. Define an extended access list using source and destination addresses, as well as optional protocol-type information for finer granularity of control.
Step 2
Apply the access list in interface configuration mode to interfaces or terminal lines. After an access list is created, you can apply it to one or more interfaces. Access lists can be applied on either outbound or inbound interfaces.
www.cisco.com
BSCN12-19
Identifies the list to which the entry belongs; a number from 1 to 99. Indicates whether this entry allows or blocks traffic from the specified address. Identifies source IP address. (Optional) Identifies which bits in the address field are matched. It has a 1 in positions indicating dont care bits, and a 0 in any position that is to be strictly followed. If this field is omitted, the mask 0.0.0.0 is assumed. Uses address 0.0.0.0 and source wildcard 255.255.255.255 to match any address.
any
Use the ip access-group command to link an existing access list to an interface. Each interface may have both an inbound and an outbound access list (provided they are both standard or extended).
ip access-group Command Description
access-list-number in | out
Indicates the number of the access list to be linked to this interface. Process packets arriving on/leaving from (default) this interface.
Eliminate the entire list by typing no access-list access-list number. Deapply the access list with the no ip access-group access-list-number command.
12-12 Building Scalable Cisco Networks Copyright 1999, Cisco Systems, Inc.
Implicit Masks
For Standard IP Access Lists
correct common errors not needed access-list 1 permit 131.108.5.17 ! access-list 1 permit 0.0.0.0 access-list 1 permit 131.108.0.0 access-list 1 deny access-list 1 deny any 0.0.0.0 255.255.255.255
Omitted mask assumed to be 0.0.0.0 Last two lines unnecessary (implicit deny any)
www.cisco.com
BSCN12-20
Implicit Masks
Implicit masks reduce typing and simplify configuration. Shown are three examples of implicit masks.The first line is an example of a specific host configuration. For standard access lists, if no mask is specified, the mask is assumed to be 0.0.0.0. The implicit mask makes it easier to enter a large number of individual addresses. When the symbolic name any is used, the mask 255.255.255.255 is implied. When a packet does not match any of the configured lines in an access list, the packet is denied by default because there is an invisible line at the end of the access list that is equivalent to deny any. Denying any is the same as configuring 0.0.0.0 255.255.255.255, so the last two lines are not needed. Common errors are found in the other access list lines:
s
The second linepermit 0.0.0.0 would exactly match the address 0.0.0.0 and then permit it. In most cases, this address is illegal so this list would prevent all traffic from getting through (the implicit deny any). The third linepermit 131.108.0.0 is probably a configuration error. The intention is probably 131.108.0.0 0.0.255.255. The exact address 131.108.0.0 is reserved to refer to the network and would never be assigned to a host. Network and subnets are represented by explicit masks. As a result, nothing would get through with this list, again due to the implicit deny any. The fourth and fifth linesdeny any and deny 0.0.0.0 255.255.255.255 are unnecessary to configure because they duplicate the function of the default deny that occurs when a packet fails to match all of the configured lines in an access list.
Although not necessary, you may want to add one of these entries for record-keeping purposes.
Copyright 1999, Cisco Systems, Inc. IP Access Lists 12-13
Configuration Principles
Top-down processing
Place more specific references first
www.cisco.com
BSCN12-21
Configuration Principles
Following these general principles helps ensure the access lists you create have the intended results:
s
Top-down processing
Organize your access list so that more specific references in a network or subnet appear before more general ones. Place more frequently occurring conditions before less frequent conditions.
Unless you end your access list with an explicit permit any, it will deny by default all traffic that fails to match any of the access list lines.
Subsequent additions are always added to the end of the access list. You cannot selectively add or remove lines when using numbered access lists, but you can when using IP named access lists (a Cisco IOS Release 11.2 feature).
If you apply an access list with the access-group command to an interface before any access list lines have been created, the result will be permit any. The list is live, so if you enter only one line, it goes from a permit any to a deny most (because of the implicit deny any) as soon as you press Return. For this reason, create your access list before you apply it to an interface.
12-14
Internet
D
36.48.0.0
36.51.0.0
36.0.0.0
Router(config)#access-list 2 permit 36.48.0.3 Router(config)#access-list 2 deny 36.48.0.0 0.0.255.255 Router(config)#access-list 2 permit 36.0.0.0 0.255.255.255 Router(config)#!(Note: all other access implicitly denied) Router(config)#interface ethernet 0 Router(config-if)#ip access-group 2 in
www.cisco.com
BSCN12-22
A A
E1 E0
B B
E1
E0
C C
E1 E0
D D
E1
On which router should the access list be configured to deny host Z access to network 10.20.0.0? How does location of a standard access list change the policy implemented?
www.cisco.com
BSCN12-23
Router BHost Z could not connect with host W (and host V on another network). Router CHost Z could not connect with hosts W and X (and host V on another network). Router DHost Z could not connect with hosts W, X, and Y (and host V on another network).
For standard access lists, place them as close to the destination router as possible to exercise the most control.
12-16
www.cisco.com
12-24
Internet
FTP Telnet
Manufacturing
SMTP
Accounting
www.cisco.com
BSCN12-25
12-18
Destination address
Protocol? *
Protocol options? * Match Apply condition Next entry in list Deny ICMP Message * If present in access list
1999, Cisco Systems, Inc.
www.cisco.com
BSCN12-26
access-list access-list-number { permit | deny } { protocol | protocol-keyword } { source source-wildcard | any } { destination destination-wildcard | any } [ protocol-specific options ] [ log ]
Defines an extended access list (numbered 100 to 199) Protocol keywords icmp, tcp, and udp define alternate syntax with protocolspecific options
1999, Cisco Systems, Inc.
www.cisco.com
BSCN12-27
A number from 100 to 199. Whether this entry is used to allow or block the specified address(es). ip, tcp, udp, icmp, igmp, gre, igrp, eigrp, ospf, nos, or a number in the range of 0 through 255. To match any Internet protocol, use the keyword ip. Some protocols have more options that are supported by an alternate syntax for this command.
source and destination IP addresses. source-wildcard and destination-wildcard any Wildcard masks of address bits that must match. 0s indicate bits that must match, 1s are dont care. Use this keyword as an abbreviation for a source and source-wildcard, and destination and destination-wildcard of 0.0.0.0 255.255.255.255. (Optional) Causes informational logging messages about the packet that matches the entry to be sent to the console. Exercise caution when using this keyword because it consumes CPU cycles.
log
12-20
The keyword any can be used in place of the address 0.0.0.0. with mask 255.255.255.255
access-list 101 permit ip 0.0.0.0 255.255.255.255 131.108.5.17 0.0.0.0 ! (alternate configuration) access-list 101 permit ip any host 131.108.5.17
The keyword host preceding an ip-address can be used in place of the mask 0.0.0.0
www.cisco.com
BSCN12-28
access-list access-list-number { permit | deny } icmp { source source-wildcard | any } { destination destination-wildcard | any } [ icmp-type [ icmp-code ] | icmp-message ]
www.cisco.com
BSCN12-29
A number from 100 to 199. Whether this entry is used to allow or block the specified address(es). IP addresses. Wildcard masks of address bits that must match. 0s indicate bits that must match, 1s are dont care. The keyword any used in place of either the source and destination, or wildcard masks can be used as a shortcut to typing 0.0.0.0 255.255.255.255. (Optional) Packets can be filtered by ICMP message type. The type is a number from 0 to 255. (Optional) Packets that have been filtered by ICMP message type can also be filtered by ICMP message code. The code is a number from 0 to 255. (Optional) Packets can be filtered by a symbolic name representing an ICMP message type or a combination of ICMP message type and ICMP message code. A list of these names is provided on the following graphic.
icmp-type icmp-code
icmp-message
12-22
www.cisco.com
BSCN12-30
TCP Syntax
Router(config)#
access-list access-list-number { permit | deny } tcp { source source-wildcard | any } [ operator source-port | source-port ] { destination destination-wildcard | any } [ operator destination-port | destination-port ] [ established ]
www.cisco.com
BSCN12-31
TCP Syntax
Use the access-list tcp command to create an entry in a complex traffic filter list. The protocol keyword tcp indicates that an alternate syntax is being used for this command and that protocol-specific options are available.
access-list tcp Command Description
access-list-number permit | deny source and destination source-wildcard and destination-wildcard operator source-port and destination-port established
A number from 100 to 199. Whether this entry is used to allow or block the specified address(es). IP addresses. Wildcard masks of address bits that must match. 0s indicate bits that must match, 1s are dont care. (Optional) A qualifying condition. Can be: lt, gt, eq, neq. (Optional) A decimal number from 0 to 65535 or a name that represents a TCP port number. (Optional) A match occurs if the TCP datagram has the ACK or RST bits set. Use this if you want a Telnet or another activity to be established in one direction only.
12-24
Type ? to get port numbers corresponding to names Other port numbers found in Assigned Numbers RFC
www.cisco.com
BSCN12-32
12-26
UDP Syntax
Router(config)#
access-list access-list-number { permit | deny } udp { source source-wildcard | any } [ operator source-port | source-port ] { destination destination-wildcard | any } [ operator destination-port | destination-port ]
www.cisco.com
BSCN12-33
UDP Syntax
The access-list udp command creates an entry in a complex traffic filter list. The protocol keyword udp indicates that an alternate syntax is being used for this command and that protocol-specific options are available.
access-list udp Command Description
access-list-number permit | deny source and destination source-wildcard and destination-wildcard any
A number from 100 to 199. Whether this entry is used to allow or block the specified address(es). IP addresses. Wildcard masks of address bits that must match. 0s indicate bits that must match, 1s are don't care. Use this keyword as an abbreviation for a source and source-wildcard, and destination and destination-wildcard of 0.0.0.0 255.255.255.255. (Optional) A decimal number from 0 to 65535 or a name that represents a UDP port number. (Optional) A qualifying condition. Can be: lt, gt, eq, neq.
Type ? to get port numbers corresponding to the name Other port numbers found in Assigned Numbers RFC
www.cisco.com
BSCN12-34
12-28
Internet
128.88.1.0
128.88.3.0
access-list 103 permit tcpany128.88.0.0 0.0.255.255 established access-list 103 permit tcp any host 128.88.1.2 eq smtp ! interface ethernet 1 ip access-group 103 in
www.cisco.com
BSCN12-35
12-30
Internet
128.88.1.0 E0
E1
128.88.3.0
access-list 104 permit tcp any 128.88.0.0 0.0.255.255 established access-list 104 permit tcp any host 128.88.1.2 eq smtp access-list 104 permit udp any any eq dns access-list 104 permit icmp any any echo access-list 104 permit icmp any any echo-reply ! interface serial 0 ip access-group 104 in
www.cisco.com
BSCN12-36
www.cisco.com
BSCN12-37
12-32
www.cisco.com
12-38
X
Router #
X
Router #
Standard and extended access lists will not block access from the router For security, virtual terminal (vty) access can be blocked to or from the router
1999, Cisco Systems, Inc.
www.cisco.com
BSCN12-39
12-34
0 Router #
Five virtual terminal lines (0 through 4) Set identical restrictions on all the virtual terminal lines
www.cisco.com
BSCN12-41
Some experts recommend that you configure one of the vty terminal lines differently Note than the others. This way you will have a back door into the router.
Restricts incoming and outgoing connections between a particular virtual terminal line (into a device) and the addresses in an access list
1999, Cisco Systems, Inc.
www.cisco.com
BSCN12-42
vty-number vty-range
Indicates the number of the line to be configured. Indicates the lines to which the configuration will apply.
Use the access-class command to link an existing access list to a terminal line or range of lines.
access-class Command Description
access-list-number in out
Indicates the number of the access list to be linked to a terminal line. This is a decimal number from 1 to 99. Prevents the router from receiving incoming connections from the addresses in the access list. Prevents someone from initiating a Telnet to addresses defined in the access list.
12-36
Permits only hosts in network 192.89.55.0 to connect to the virtual terminal ports on the router
www.cisco.com
BSCN12-43
Internet
NOC
S0 E1
128.88.1.2
DNS FTP E-mail
B 128.88.3.0
access-list 118 permit tcp any 128.88.0.0 0.0.255.255 eq www established access-list 118 permit tcp any host 128.88.1.2 eq smtp access-list 118 permit udp any any eq dns access-list 118 permit udp 128.8.3.0 0.0.0.255 128.8.1.0 0.0.0.255 eq snmp access-list 118 deny icmp any 128.8.0.0 0.0.255.255 echo access-list 118 permit icmp any any echo-reply ! interface ethernet 0 ip access-group 118 out
1999, Cisco Systems, Inc.
www.cisco.com
BSCN12-44
12-38
www.cisco.com
12-45
show access-list
show line
www.cisco.com
BSCN12-46
access-list-number
(Optional) Shows a specific list. If this option is not specified, then all IP access lists are displayed.
The system counts how many packets pass each line of an access list; the counters are displayed by the show access-list command. Use the clear access-list counters command in EXEC mode to clear the counters of an access list. Use the show line command to display information about terminal lines.
12-40
www.cisco.com
BSCN12-47
Written Exercise
Written Exercise
www.cisco.com
12-48
Written Exercise
12-42
172.16.3.3
X
172.16.1.0
172.16.2.0
172.16.3.0 172.16.4.0
Z
DNS
FTP
WWW
Client
4.2
1999, Cisco Systems, Inc.
4.3
4.4
4.5
BSCN12-49
www.cisco.com
y ,
w.cc.cm wisoo w
Create an access list and place it in the proper location to satisfy the following requirements:
s
Prevents all hosts on subnet 172.16.1.0/24 except host 172.16.1.3 from accessing the Web server on subnet 172.16.4.0 Prevents the outside world from pinging subnet 172.16.4.0 Allows all other hosts on all other subnets of network 172.16.0.0 (subnet mask 255.255.0.0) to queries to the DNS server on subnet 172.16.4.0 Prevents only host 172.16.3.3 from accessing subnet 172.16.4.0
s s
Write your configuration in the space below. Be sure to include the router name (A or B), interface name (E0, E1, or E2), and access list direction (in or out).
www.cisco.com
12-50
12-44
Null Interface
Routing table Packet arrives Access list access-list ip permit 1.0.0.0 ... access-list ip deny 2.0.0.0 ... access-list ip permit 3.0.0.0 ... access-list ip deny 4.0.0.0 ... access-list ip permit 5.0.0.0 ... Null 0 E0 S0 S1 T0
www.cisco.com
BSCN12-51
Null Interface
Access lists are processor-intensive. The router processes every line of an access list until a match is found. There is an alternative to using access lists if the policy is for unwanted traffic to be discarded every time. The alternative is to configure a null interface. A null interface saves CPU cycles. The null interface is a software-only interface that functions similarly to a null device used by operating systems. Message traffic that is not required (to be displayed) is directed to the null interface using a static route, where it is effectively dropped.
It is important to consider the location of the null interface because anytime a packet Note comes into the router to the defined destination, it will be dropped.
Creates a static route to filter unwanted traffic Interface name is always null 0
www.cisco.com
BSCN12-52
address mask
IP address of the target network, subnet, or host. Network mask that lets you mask network, subnetwork, or host bits.
12-46
131.108.7.0 131.108.6.2
131.108.6.1
131.108.4.0
201.222.5.0
www.cisco.com
BSCN12-53
The destination IP address and the mask. The null interface to which traffic is forwarded.
The static route forwards traffic for network 201.222.5.0 to the null interface, which drops it.
Token Ring
192.168.2.0 255.255.255.0
www.cisco.com
BSCN12-55
12-48
Summary
You can manage IP traffic by: Controlling packet transmission on each medium Using a static route to the null interface in place of an access list to minimize processing overhead Configuring helper addresses to forward broadcasts Standard access lists are easy to configure and require lower processing overhead Extended access lists provide greater control
1999, Cisco Systems, Inc.
www.cisco.com
BSCN12-56
Summary
www.cisco.com
12-57
12-50
Internet
PIX
Secure R & D Restrict Access Enable Web Access Enable Network Mangmnt HR, Accounting
Browser
NOC
www.cisco.com
BSCN12-58
Before filters can be applied, you must understand traffic flow in your network What steps are involved in implementing the corporate security policy How to control network functionality with access control lists
DNS
PIX
Secure R & D Enable Web Access
Future Plans
Public Area Enable Network Mangmnt
Browser
NOC
www.cisco.com
BSCN12-59
Secure areas must be protected Network management requires access to all areas of the network Security policy involves several platforms and operating systems Web access complicates the security policy
12-52
Answers to Exercises
1999, Cisco Systems, Inc.
www.cisco.com
12-60
Answers to Exercises
12-54
13
Overview
This chapter discusses different ways to control routing update information. Route redistribution to interconnect networks that use multiple routing protocols is explained. Controlling information between the protocols can be accomplished using filters, changing of administrative distance, and configuring metrics. The configuration of each of these techniques is provided. Policy-based routing using route-maps is explained and configured. This chapter includes the following topics:
s
Objectives
Note to reviewers: Route summarization (review) was a topic that was included in the design document for this Note chapter; however this topic has been covered many times already in the course so I didnt cover it again here.
s s s s s s s s
Redistribution Between Multiple Routing protocols Configuring Redistribution Controlling Routing Update Traffic Verifying Redistribution Operation Written Exercise: Redistribution and Controlling Routing Update Traffic Policy-based Routing Using Route-Maps Verifying Policy-Based Routing Case Study: Redistribution
s s
Objectives
This section lists the chapters objectives.
Objectives
Upon completion of this chapter, you will be able to perform the following tasks:
Select and configure the different ways to control route update traffic Configure route redistribution in a network that does not have redundant paths between dissimilar routing processes Configure route redistribution in a network that has redundant paths between dissimilar routing processes
1999, Cisco Systems, Inc.
www.cisco.com
BSCN13-2
Upon completion of this chapter, you will be able to perform the following tasks:
s s
Select and configure the different ways to control routing update traffic Configure route redistribution in a network that does not have redundant paths between dissimilar routing processes Configure route redistribution in a network that has redundant paths between dissimilar routing processes Resolve path selection problems that result in a redistributed network Verify route redistribution Configure policy-based routing using route-maps Given a set of network requirements, configure redistribution between different routing domains and verify proper operation (within described guidelines) of your routers Given a set of network requirements, configure policy-based routing within your pod and verify proper operation (within described guidelines) of your routers
s s s s
Objectives (contd)
Resolve path selection problems that result in a redistributed network Verify route redistribution Configure policy-based routing using route-maps Given a set of network requirements, configure redistribution between different routing domains and verify proper operation (within described guidelines) of your routers Given a set of network requirements, configure policy-based routing within your pod and verify proper operation (within described guidelines) of your routers
1999, Cisco Systems, Inc.
www.cisco.com
BSCN13-3
www.cisco.com
BSCN13-5
Thus far, we have looked at networks that use a single routing protocol. There are times, however, when you will need to use multiple routing protocols. Some reasons why you may need multiple protocols are as follows:
s
When you are migrating from an older IGP to a new IGP, multiple redistribution boundaries may exist until the new protocol has displaced the old protocol completely. Dual existence of protocols is effectively the same as a long-term coexistence design. When you want to use another protocol but need to keep the old protocol due to the needs of host systems. Different departments might not want to upgrade their routers or they might not implement a sufficiently strict filtering policy. In these cases you can protect yourself by terminating the other routing protocol on one of your routers. If you have a mixed router vendor environment, you can use a Cisco-specific protocol in the Cisco portion of the network and then use a common protocol to communicate with non-Cisco devices.
What Is Redistribution?
ASBR
S1
C
S0 A
B
I I I I
S1 advertises routes from EIGRP to IGRP S0 advertises routes from IGRP to EIGRP
Routes are learned from another routing protocol when a router redistributes the information between the protocols
1999, Cisco Systems, Inc.
www.cisco.com
BSCN13-7
When any of these situations arises, Cisco routers allow internetworks using different routing protocols (referred to as autonomous systems) to exchange routing information through a feature called route redistribution. Redistribution is defined as the ability for boundary routers connecting different autonomous systems to exchange and advertise routing information received from one autonomous system to the other autonomous system.
The term autonomous system as used here denotes internetworks using different Note routing protocols. These routing protocols may be IGPs and/or EGPs. This is a different use of the term Autonomous System than is used when discussing BGP.
Within each autonomous system the internal routers have complete knowledge about their network. The router interconnecting autonomous systems is called an autonomous system boundary router (ASBR). In the example shown in the graphic, AS 200 is running IGRP and AS 300 is running EIGRP, and the internal routers within each autonomous system have complete knowledge about their networks. Router A is the ASBR. Router A has both IGRP and Enhanced IGRP processes active and is responsible for advertising routes learned from one autonomous system into the other autonomous system. In this example, Router A learns about network 192.168.5.0 from Router B via the EIGRP protocol running on its S0 interface. It passes that information to Router C on its S1 interface via IGRP. Routing information is also passed the other way, from IGRP into EIGRP. Router B's routing table shows that it has learnt about network 172.16.0.0 via EIGRP (as indicated by the D in the routing table) and that the route is external to this autonomous system (as indicated by the EX in the routing table). Router
13-6 Building Scalable Cisco Networks Copyright 1999, Cisco Systems, Inc.
Cs routing table shows that it has learnt about network 192.168.5.0 via IGRP (as indicated by the I in the routing table). Note that there is no indication in IGRP if the route is external to the autonomous system. Note that in this case the routes that are exchanged are summarized on the network class boundary. Recall from the route summarization discussion in chapters 3 and 4 that EIGRP and IGRP automatically summarize routes on the network class boundary.
EIGRP
172.16
AS 300 EIGRP
ASBR
EIGRP
172.16
Routing feedback Suboptimal path selection Routing loops Incompatible routing information Inconsistent convergence time
1999, Cisco Systems, Inc.
www.cisco.com
BSCN13-8
Redistribution, although powerful, increases the complexity and potential for routing confusion, so it should only be used when absolutely necessary. The key issues that arise when using redistribution are as follows:
s
Routing feedback (loops)Depending on how you employ redistribution, routers can send routing information received from one autonomous system back into that same autonomous system. The feedback is similar to the routing loop problem that occurs in distance vector technologies. Incompatible routing informationBecause each routing protocol uses different metrics to determine the best path, for example RIP uses hops and OSPF uses cost, path selection using the redistributed route information may not be optimal. Because the metric information about a route cannot be translated exactly into a different protocol, the path a router chooses may not be the best. Inconsistent convergence timeDifferent routing protocols converge at different rates. For example, RIP converges slower that EIGRP, so if a link goes down, the EIGRP network will learn about it before the RIP network.
To understand why some of these problems may occur, you must first understand how Cisco routers select the best path when more than one routing protocol is running, and how they convert the metrics used when importing routes from one autonomous system into another. These topics are discussed in the following pages.
www.cisco.com
BSCN13-9
Most routing protocols have metric structures and algorithms that are not compatible with other protocols. In a network where multiple routing protocols are present, the exchange of route information and the ability to select the best path across the multiple protocols is critical. In order for routers to select the best path when they learn two or more routes to the same destination from different routing protocols, Cisco uses two parameters:
s
Administrative distanceAs we saw in chapter 3, administrative distance is used to rate the believability of a routing protocol. Each routing protocol is prioritized in order of most to least believable (reliable) using a value called administrative distance. This criterion is the first a router uses to determine which routing protocol to believe if more than one protocol provides route information for the same destination. A routing metricThe metric is a value representing the path between the local router and the destination network. The metric is usually a hop or cost value, depending on the protocol being used.
The following pages discuss these two path selection tools in more detail.
Connected Interface Static Route Enhanced IGRP Summary Route External BGP Internal Enhanced IGRP IGRP OSPF IS-IS RIP EGP External Enhanced IGRP Internal BGP Unknown
1999, Cisco Systems, Inc.
www.cisco.com
The table in the graphic lists the default believability (administrative distance) of the protocols that Cisco supports. For example, if a router received a route to network 10.0.0.0 from IGRP and then received a route to the same network from OSPF, the router would use the administrative distance to determine that IGRP is more believable, and would add the IGRP version of the route to the routing table. When using route redistribution, there may occasionally be a need to modify the administrative distance of a protocol so that it will be preferred. For example, if you want the router to select RIP-learned routers rather than IGRP-learned routes to the same destination, then you must increase the administrative distance for IGRP or decrease the administrative distance for RIP. Modifying the administrative distance is discussed in the Controlling Routing Update Traffic section later in this chapter.
Seed Metric
The first, or seed, metric for a route is derived from being directly connected to a router interface But redistributed routes are not physically connected
Use default-metric command to establish the seed metric for the route Once a compatible metric is established, the metric will increment just like any other route Set default metric larger than the largest native metric
www.cisco.com
BSCN13-11
Once the most believable protocol is determined for each destination and the routes are added to the routing table, a router may advertise the routing information to other protocols if configured to do so. If the router was advertising a link directly connected to one of its interfaces, the initial or seed metric used would be derived from the characteristics of that interface and the metric would increment as the routing information passed to other routers. However, redistributed routes are not physically connected to a router; they are learnt from other protocols. If an ASBR wants to redistribute information between routing protocols, it must be able to translate the metric of the received route from the source routing protocol into the other routing protocol. For example, if an ASBR receives a RIP route, the route will have hop count as a metric. To redistribute the route into OSPF, the router must translate the hop count into a cost metric that will be understood by other OSPF routers. This cost metric, referred to as the seed or default metric, is defined during configuration. Once the seed metric for a redistributed route is established, the metric will increment normally within the autonomous system. (The exception to this is OSPF E2 routes, as discussed previously, which hold their default metric regardless of how far they are propagated across an autonomous system.) When configuring a default metric for redistributed routes, the metric should be set to a value larger than the largest metric within the receiving autonomous system, to help prevent routing loops. Configuring default metrics is discussed distance is discussed in the Controlling Routing Update Traffic section later in this chapter.
www.cisco.com
BSCN13-12
As the graphic shows for IP, all protocols are supported by redistribution. Before implementing redistribution, consider the following points:
s
You can only redistribute protocols that support the same protocol stack. For example, you can redistribute between IP RIP and OSPF because they both support the TCP/IP stack. But you cannot redistribute between IPX RIP and OSPF because IPX RIP supports the IPX/SPX stack and OSPF does not. How you configure redistribution varies among protocols and among combinations of protocols. For example, redistribution occurs automatically between IGRP and EIGRP when they have the same autonomous system number, but it must be configured between EIGRP and RIP.
IPX RIP redistribution with Enhanced IGRP is enabled by default AppleTalk RTMP redistribution is enabled by default Redistribution of IGRP in the same autonomous system is automatic; manual if different autonomous system Other protocols require manual redistribution
1999, Cisco Systems, Inc.
www.cisco.com
BSCN13-13
EIGRP, because it supports multiple routing protocols, can be used to redistribute with IP, IPX, and AppleTalk routing protocols (within the same protocol stack). Consider the following when redistributing EIGRP with these protocols:
s
In the IP environment, IGRP and EIGRP have a similar metric structure and therefore redistribution is straightforward. For migration purposes, when IGRP and Enhanced IGRP are both running in the same autonomous system, redistribution is automatic. When redistributing between different autonomous systems, redistribution must be configured for Enhanced IGRP, just as it is required for IGRP. All other IP routing protocols, both internal and external, require that redistribution be configured in order to communicate with EIGRP. By design, EIGRP automatically redistributes route information with Novell RIP. Beginning with Cisco IOS Release 11.1, EIGRP can be configured to redistribute route information with NLSP. EIGRP for AppleTalk understands RTMP updates, and redistribution is enabled by default.
Configuring Redistribution
This section describes how to configure redistribution between multiple protocols.
Configuring Redistribution
What do I need to determine before configuring redistribution?
Identify the ASBRs, where the protocols will run Determine which protocol is the core and which is the edge Determine the directions you want to redistribute the protocols
1999, Cisco Systems, Inc.
www.cisco.com
BSCN13-17
Configuring route redistribution can be very simple or very complex, depending on the mix of protocols that you want to redistribute. The commands used to enable redistribution and assign metrics vary slightly depending on the protocols being redistributed. The following steps are generic enough to apply to virtually all protocol combinations. However, the commands used to implement the steps may vary. It is highly recommended that you review the Cisco IOS documentation for the configuration commands that apply to the specific protocols that you want to redistribute.
In this section the terms core and edge are generic terms used to simplify the Note discussion about redistribution. Step 1 Step 2
Locate the ASBR that redistribution needs to be configured on. Determine which routing protocol is the core or backbone protocol. Usually this is OSPF or EIGRP. Determine which routing protocol is the edge or short-term (if you are migrating) protocol. Access the routing process into which you want routes redistributed. Typically, you start with the backbone routing process. For example, to access OSPF, do the following:
router(config)#router ospf process-id
Step 3
Step 4
www.cisco.com
BSCN13-18
Step 5
Configure the router to redistribute routing updates from the edge protocol into the backbone protocol. This command varies, depending on the protocols. The command shown here is for redistributing updates into OSPF:
router(config-router)#redistribute protocol [process-id] [metric metricvalue] [metric-type type-value] [route-map map-tag] [subnets] [tag tagvalue]
Description Source protocol from which routes are being redistributed. It can be one of the following keywords: connected, bgp, eigrp, egp, igrp, isis, iso-igrp, mobile, odr, ospf, static, or rip. For bgp, egp, eigrp or igrp, this is an autonomous system number For ospf, this is an OSPF process ID. An optional parameter used to specify the metric used for the redistributed route. When redistributing into protocols other than OSPF, if this value is not specified and no value is specified using the default-metric router configuration command, the default metric is 0 and routes may not be redistributed. With OSPF, the default metric is 20. Use a value consistent with the destination protocol, in this case OSPF cost. An optional OSPF parameter that specifies the external link type associated with the default route advertised into the OSPF routing domain.
Optimizing Routing Update Operation 13-15
process-id
metric-value
type-value
This value can be 1 for type-1 external routes or 2 for type-2 external routes. The default is a type-2 external route. map-tag Optional identifier of a configured route-map to be interrogated to filter the importation of routes from this source routing protocol to the current routing protocol. An optional OSPF parameter that specifies that subnetted routes should also be redistributed. Only routes that are not subnetted are redistributed if the subnets keyword is not specified. Optional 32-bit decimal value attached to each external route. This is not used by the OSPF protocol itself. It may be used to communicate information between Autonomous System Boundary Routers.
subnets
tag-value
Configuring Redistribution
into EIGRP
RtrA(config-router)#router eigrp 100 RtrA(config-router)#redistribute ospf ? <1-65535> Process ID RtrA(config-router)#redistribute ospf 1 ? match Redistribution of OSPF routes metric Metric for redistributed routes route-map Route map reference <cr>
www.cisco.com
BSCN13-19
Description Source protocol from which routes are being redistributed. It can be one of the following keywords: connected, bgp, eigrp, egp, igrp, isis, iso-igrp, mobile, odr, ospf, static, or rip. For bgp, egp, eigrp or igrp, this is an autonomous system number For ospf, this is an OSPF process ID. Optional, for OSPF, the criteria by which OSPF routes are redistributed into other routing domains. It can be one of the following: internal: redistribute routes that are internal to a specific autonomous system. external 1: redistribute routes that are external to the autonomous system, but are imported into OSPF as type 1 external route. external 2: redistribute routes that are external to the autonomous system, but are imported into OSPF as type 2 external route.
process-id
match
metric-value
An optional parameter used to specify the metric used for the redistributed route. When redistributing into protocols other than OSPF, if this value is not specified and no value is specified using the default-metric router configuration command, the default metric is 0 and routes may not be redistributed. Use a
Optimizing Routing Update Operation 13-17
value consistent with the destination protocol (see the description of the default metric command in this section for a description of the EIGRP metric). map-tag Optional identifier of a configured route-map to be interrogated to filter the importation of routes from this source routing protocol to the current routing protocol.
default-metric number
www.cisco.com
BSCN13-20
Step 6
Define the default seed metric that the router uses when redistributing routes into a routing protocol.
s
When redistributing into IGRP or EIGRP use the top command shown in the graphic. Description Minimum bandwidth of the route in kilobits per second. Route delay in tens of microseconds. Likelihood of successful packet transmission expressed in a number from 0 to 255, where 255 means the route is 100% reliable. Effective loading of the route expressed in a number from 1 to 255, where 255 means the route is 100% loaded. Maximum transmission unit (MTU)the maximum packet size along the route in bytes, an integer greater than or equal to 1.
loading
mtu
When redistributing into OSPF, RIP, EGP, and BGP use the lower command shown in the graphic. Description The value of the metric, such as the number of hops for RIP.
Configuring Redistribution
Edge Protocol
Core Protocol
www.cisco.com
BSCN13-21
Step 8
Enter configuration mode for the other routing process, usually the edge or short-term process. Depending on your network, this configuration will vary because you want to employ some techniques to reduce routing loops. For example, you may do any of the following:
s
Step 9
Redistribute a default route about the core autonomous system into the edge autonomous system. Redistribute multiple static routes about the core autonomous system into the edge autonomous system. Redistribute all routes from the core autonomous system into the edge autonomous system, then assign a distribution filter to filter out inappropriate routes. Redistribute all routes from the core autonomous system into the edge autonomous system, then modify the administrative distance associated with the received routes so that they are not the selected routes when multiple routes exist for the same destination. In some cases, the route learned by the native protocol is better, but may have a less believable administrative distance. Refer to the Redistribution Example Using distance later in this chapter for an example of this scenario.
Redistribution of static and default information are discussed in the following pages. Filtering and changing the administrative distance are discussed in the Controlling Routing Update Traffic section later in this chapter.
Defines a path using a next hop address Use if have a route to the defined address Requires redistribution
Router(config)#
Defines a path using an interface Use if do not have a route to the next hop address Automatically redistributed in some cases
www.cisco.com
BSCN13-23
Static routes are routes that you can manually configure on the router. Static routes are used most often to:
s
Define specific routes to use when two autonomous systems must exchange routing information, rather than having entire routing tables exchanged. Define routes to destinations over a WAN link to eliminate the need for a dynamic routing protocol. That is, when you do not want routing updates to enable or cross the link.
The commands to configure static routes for IP are shown in the graphic and their use is discussed in the following steps:
Step 1
Determine which networks you want defined as static. For example, if you are configuring static routes on a WAN router that is connecting to a branch office, you probably want to select the networks at the branch office. Determine the next-hop router to the destination networks or the local routers interface that connects to the remote router. Configure the static route on each router. For IP, use the ip route command. Description The route prefix for the destination The prefix mask for the destination. The IP address of the next-hop router that can be used to reach that network. The network interface to use to get to the destination network.
Step 2 Step 3
distance
Optional administrative distance to assign to this route. (Recall that administrative distance refers to how believable the routing protocol is). Optional value that can be used as a match value in route-maps. Specifies that the route will not be removed even if the interface associated with the route goes down.
tag permanent
Static routes pointing to an interface should only be used on point-to-point Note interfaces since on other interfaces the router will not know which specific address to send the information to. On point-to-point interfaces the information will be sent to the only other device on the network.
router rip passive-interface Serial1 network 10.0.0.0 ! ip route 172.16.0.0 255.255.0.0 Serial1
p1r2
p2r2
172.16.0.0
p1r2#sh ip rout <Output Omitted> Gateway of last resort is not set 10.0.0.0 255.255.255.0 is subnetted, 2 subnets C 10.1.3.0 is directly connected, Serial1 C 10.1.1.0 is directly connected, Serial0 S 172.16.0.0 is directly connected, Serial1 <Output Omitted>
www.cisco.com
BSCN13-24
The example in the graphic shows a static route configured on Router p1r2. P1r2 will use its interface serial 1 to get to network 172.16.0.0/16. As shown in the routing table for p1r2, static routes pointing to an interface are treated as directly connected networks. When configuring static routes, keep in mind the following considerations:
s
When using static routes, all participating routers must have static routes defined so that they can advertise the remote networks. This requirement is necessary because static routes replace routing updates. If you want a router to advertise a static route in a routing protocol, you may need to redistribute it.
Static route entries must be defined for all routes that a router is responsible for. To reduce the number of static route entries, you can define a default static route, for example ip route 0.0.0.0 0.0.0.0 s1. When using RIP, default static routes are advertised (redistributed) automatically.
10.64.0.1/24
p2r2: router rip network 10.0.0.0 network 172.68.0.0 ! ip classless ip default-network 172.68.0.0
p1r3#show ip route <Output Omitted> Gateway of last resort is 10.64.0.2 to network 0.0.0.0 10.0.0.0/8 is variably subnetted, 7 subnets, 2 masks <Output Omitted> R 10.2.3.0/24 [120/1] via 10.64.0.2, 00:00:05, Ethernet0 C 10.64.0.0/24 is directly connected, Ethernet0 R 172.68.0.0/16 [120/1] via 10.64.0.2, 00:00:16, Serial0 R* 0.0.0.0/0 [120/1] via 10.64.0.2, 00:00:05, Ethernet0
www.cisco.com
BSCN13-25
Cisco lets you configure default routes for other protocols. For example, when you create a default route on a router running RIP, the router advertises an address of 0.0.0.0. When a router receives this default route, it will forward any packets destined to a destination that does not appear in its routing table to the default route you configured. When running RIP, you can create the default route by using the ip defaultnetwork command. If the router has a directly connected interface onto the network specified in the ip default-network command, RIP will generate (or source) a default route to its RIP neighbor routers. The ip default-network command is used as a method of distributing default route information to other routers. This command provides no functionality for the router on which it is configured. ip default-network Command network-number Description The number of the destination network
Other protocols behave differently than RIP with the ip route 0.0.0.0 0.0.0.0 and Note ip default-network commands. For example, EIGRP will not redistribute default routes by default. However, if the network 0.0.0.0 command is added to the EIGRP configuration, it will redistribute a default route as the result of the ip route 0.0.0.0 0.0.0.0 command, but not as the result of the ip default-network command. Refer to Cisco IOS documentation for further information.
S0:10.1.1.2/24
P1R2
P1R3
S1:10.1.3.1/24 S0:10.1.3.2/24
S1:10.2.1.1/24
P2R1
RIP
S0:10.2.2.1/24 S1:10.2.2.2/24
P2R3
OSPF
S0:10.2.1.2/24
P2R2
E0:172.6.31.6/24
S1:10.2.3.1/24
S0:10.2.3.2/24
RIP
1999, Cisco Systems, Inc.
www.cisco.com
BSCN13-26
This example demonstrates how you can redistribute in one direction and use a default route in the other direction, instead of redistributing in both directions. The graphic illustrates an internetwork that uses three autonomous systems. In this case, OSPF is the core protocol and RIP is the edge protocol. The following pages illustrate how to:
s
Allow the OSPF backbone to know all the routes in each autonomous systemThis is done by configuring redistribution on the ASBRs so that all RIP routes are redistributed into OSPF. Allow the RIP autonomous systems to know only about their internal routes, and use a default route to networks that are not in the autonomous system This is done by configuring a default route on the ASBRs. The default route is advertised by the ASBRs into the RIP autonomous systems.
This redistribution example shows one way to configure redistribution. Many other Note ways exist, so you must understand your network topology and requirements in order to choose the best solution.
P1R3-ASBR
<Output Omitted> Must be enabled ! for subnets. router ospf 200 redistribute rip metric 10 subnets network 172.6.31.5 0.0.0.0 area 0 ! router rip network 10.0.0.0 ! no ip classless ip default-network 10.0.0.0 ! <Output Omitted>
Must be on all RIP/IGRP routers if want to use default route to get to unknown subnets of directly connected networks
1999, Cisco Systems, Inc.
www.cisco.com
BSCN13-27
The graphic illustrates the configurations for one of the ASBRs and a router in one of the RIP networks. Points about each configuration are as follows:
s
Internal RIP router (P1R1) No redistribution configuration is necessary because the intent is not to have this router learn about external routes. The ip classless command is required on all RIP/IGRP routers that must use a default route to get to other subnets of network 10.0.0.0 (for example the 10.2.x.0 subnets). This command allows the software to forward packets that are destined for unrecognized subnets of directly connected networks. The packets are forwarded to the best supernet route, which may be the default route. When this feature is disabled, the software discards the packets when the router receives packets for a subnet that numerically falls within its subnetwork addressing scheme, if there is no such subnet number in the routing table
Note ip classless is on by default in Cisco IOS Release 12.0; it is off by default in earlier releases.
s
ASBR (P1R3) When redistributing into OSPF, you need the subnets keyword so that subnetted networks will be redistributed. Define the default network to be advertised to the edge protocols.
Comprehensive examples of this configuration and outputs appear in Appendix A, Note Supplement B, One-Way Redistribution Configuration Examples.
13-26 Building Scalable Cisco Networks Copyright 1999, Cisco Systems, Inc.
OSPF
* 10.0.0.0/24 is subnetted, 6 subnets C 10.1.3.0 is directly connected, Serial0 O E2 10.2.1.0 [110/10] via 172.6.31.6, 00:44:56, Ethernet0 C 10.1.2.0 is directly connected, Serial1 R 10.1.1.0 [120/1] via 10.1.3.1, 00:00:05, Serial0 [120/1] via 10.1.2.1, 00:00:17, Serial1 O E2 10.2.2.0 [110/10] via 172.6.31.6, 00:44:56, Ethernet0 O E2 10.2.3.0 [110/10] via 172.6.31.6, 00:44:56, Ethernet0 172.6.0.0/24 is subnetted, 1 subnets C 172.6.31.0 is directly connected, Ethernet0
www.cisco.com
BSCN13-28
The graphic illustrates one of the ASBR routing tables after redistribution was enabled on both ASBRs. For comparison, an example of the routing table prior to redistribution is as follows:
P1R3#show ip route <Output Omitted> 10.0.0.0/24 10.1.3.0 10.1.2.0 10.1.1.0 is subnetted, 3 subnets is directly connected, Serial0 is directly connected, Serial1 [120/1] via 10.1.3.1, 00:00:16, Serial0 [120/1] via 10.1.2.1, 00:00:28, Serial1 172.6.0.0/24 is subnetted, 1 subnets 172.6.31.0 is directly connected, Ethernet0
C C R
Notice that in the before output the 10.2.0.0/24 networks do not appear. They appear once redistribution is configured on P2R2.
RIP
R C C R* 10.0.0.0/24 is subnetted, 3 subnets 10.1.3.0 [120/1] via 10.1.1.2, 00:00:24, Serial1 [120/1] via 10.1.2.2, 00:00:10, Serial0 10.1.2.0 is directly connected, Serial0 10.1.1.0 is directly connected, Serial1 0.0.0.0/0 [120/1] via 10.1.2.2, 00:00:10, Serial0
Router forwards packets destined to 10.2.0.0/24 networks using the default route
1999, Cisco Systems, Inc.
www.cisco.com
BSCN13-29
The graphic illustrates one of the internal routing tables after the default route was configured on the ASBR. Using this routing table, P1R1 can successfully ping any network in the other RIP autonomous system, for example:
P1R1#ping 10.2.2.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.2.2.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 68/68/68 ms P1R1#
IGRP
Redistribute
OSPF
Default or Static
IGRP
Redistribute
OSPF
www.cisco.com
BSCN13-31
At a high level, Cisco recommends you consider employing the following guidelines when using redistribution:
s
The overriding recommendation is to be familiar with your network and your network traffic. There are many ways to implement redistribution, so knowing your network will enable you to make the best decision. Do not overlap routing protocolsDo not run two different protocols in the same internetwork. Rather, have distinct boundaries between networks that use different protocols. One-way redistributionTo avoid routing loops, and problems with varying convergence time, only allow routes to be exchanged in one direction, not both directions. In the other direction, you should consider using a default route. Two-way redistributionIf you must allow two-way redistribution, enable a mechanism to reduce the chances of routing loops. Examples of mechanisms covered in this chapter are default routes, route filters, and modification of the metrics advertised. With these types of mechanisms, you can reduce the chances of routes imported from one autonomous system being re-injected into the same autonomous system as new route information.
How can we prevent routing update traffic from crossing some of these links?
172.16.3.2
Trans 172.16.2.2
T-1
172.16.1.1 172.16.1.2 Cen 172.16.5.1
172.16.2.1
64Kb
172.16.7.1
64Kb
R300 172.16.6.1 R100 172.16.6.2
172.16.9.1
172.16.10.1
www.cisco.com
BSCN13-32
Thus far, we have discussed a variety of routing protocols and how they propagate routing information throughout an internetwork. There are times, however, when you do not want routing information propagated, for example:
s
When using an on-demand WAN linkYou may want to minimize, or stop entirely, the exchange of routing update information across this type of link, otherwise the link will remain up constantly. When you want to prevent routing loopsMany companies have large enough networks where redundant paths are prominent. In some cases, for example, when a path is learned to the same destination by two different routing protocols, you may want to filter the propagation of one of the paths.
This section discusses several ways you can control or prevent routing update exchange and propagation:
s
Passive interfacePrevents all routing updates from being sent through an interface. For EIGRP and OSPF, this method includes Hello protocol packets. Route update filteringUse access lists to filter route update traffic about specific networks. Changing administrative distanceChange the administrative distance to affect which protocol the router believes.
Default routesInstructs the router that if it does not have a route for a given destination, send the packet to the default route. Static routesA route to a destination that you configured in the router.
www.cisco.com
BSCN13-33
The passive-interface command prevents all routing updates for a given routing protocol from being sent into a network, but does not prevent the specified interface from receiving updates. When using the passive-interface command in a network using a link-state routing protocol, the command prevents the router from establishing a neighbor adjacency with other routers connected to the same link as the one specified in the command. An adjacency cannot be established because the Hello protocol is used to verify bi-directional communication between routers. If a router is configured to not send updates, then it cannot participate in bi-directional communication. To configure a passive interface, regardless of the routing protocol, do the following:
Step 1 Step 2
Select the router and routing protocol that requires the passive interface. Determine which interface(s) you do not want routing update traffic to be sent through. Configure using the passive interface command. Description Type of interface and interface number that will not send routing updates.
Step 3
This capability is typically used in conjunction with other capabilities, as you will Note see in this chapter.
End
www.cisco.com
BSCN13-38
The Cisco IOS software can filter incoming and outgoing routing updates by using access lists. In general, the process the router uses is as follows: 1. 2. The router receives a routing update or is getting ready to send an update about one or more networks. The router looks at the interface involved with the action. For example, if it is an incoming update, then the interface on which it arrived is checked. If it is an update that must be advertised, the interface out of which it should be advertised is checked. 3. 4. The router determines if a filter is associated with the interface. If a filter is associated with the interface, the router views the access list to learn if there is a match for the given routing update. If a filter is not associated with the interface, the packet is processed as normal. 5 If there is a match, then the route entry is processed as configured. If no match is found in the access list, the implicit deny any at the end of the access list will cause the update to be dropped.
Filtering routing updates was also discussed in chapter 10 for BGP. The ideas Note here are the same, although the commands used are different than those used for BGP, as shown on the next page.
Use a standard access list to permit or deny routes Access list can be applied to transmitted (outbound) or received (inbound) routing updates
www.cisco.com
BSCN13-41
You can filter routing update traffic for any protocol by defining an access list and applying it to specific routing protocol. To configure a filter, do the following:
Step 1 Step 2 Step 3
Identify the network addresses you want to filter and create an access list. Determine if you want to filter them on an incoming or outgoing interface. To assign the access list to filter outgoing routing updates, use the distribute-list out command.
distribute-list out Command Description access-list-number | name out interface-name routing-process Standard access list number or name. Applies the access list to outgoing routing updates. Optional interface name out which updates will be filtered. Optional name of the routing process, or the keyword static or connected, from which updates will be filtered. Optional autonomous system number of routing process.
autonomous-system-number
Or, to assign the access list to filter incoming routing updates, use the distribute-list in command: distribute-list in Command access-list-number | name Description Standard access list number or name.
in type number
Applies the access list to incoming routing updates. Optional interface type and number from which updates will be filtered.
192.168.5.0
www.cisco.com
BSCN13-42
The following describes some of the commands shown in the example in the graphic: Command
distribute-list 7 out s0
Description Applies access list 7 as a route redistribution filter on EIGRP routing updates sent on interface serial 0.
Access list number. Routes matching the parameters can be forwarded. Network number and wildcard mask used to qualify source addresses. The first two address octets must match and the rest are masked.
The distribute-list out command applies access list 7 to outbound packets. The access list only allows routing information about network 172.16.0.0 to be distributed out the S0 interface. As a result, network 10.0.0.0 is hidden.
192.168.7.18 10.0.0.0 S0
C
passive-interface s0
D D EE
passive-interface s0
ip route 10.0.0.0 255.0.0.0 192.168.7.18 ip route 172.16.0.0 255.255.0.0 192.168.7.10 ! router eigrp 1 network 192.168.7.0 default-metric 10000 100 255 1 1500 redistribute static distribute-list 3 out static ! access-list 3 permit 10.0.0.0 0.255.255.255
www.cisco.com
BSCN13-43
The example in the graphic shows a static route being redistributed and filtered into EIGRP. The following describes some of the commands shown in the example in the graphic: Command 10.0.0.0 255.0.0.0 192.168.7.18
redistribute static
Description Defines the IP address and subnet mask of the destination network. Defines the next-hop address to use to reach the destination. Assigns routes learned from static entries in the routing table to be redistributed into Enhanced IGRP. Filters routes learned from static entries by using access list 3, before those routes are passed to the Enhanced IGRP process. The access list is list number 3. Routes that match the parameters will be advertised.
3 permit
10.0.0.0 0.255.255.255 Packets about IP addresses that match the first octet of 10.0.0.0 will be forwarded.
Configure static route redistribution on one router only to eliminate the possibility Note of routing loops created by static route redistribution on routers with parallel routes between networks.
In this example, the 10.0.0.0 route is passed to routers D and E. The static route to 172.16.0.0 is filtered (denied by the implicit deny at the end of the access list).
www.cisco.com
BSCN13-44
In some cases, you will find that a router will select a suboptimal path because it believes a routing protocol that, although it has a better administrative distance, has a poorer route. One way to make sure that routes from the desired routing protocol are selected is to give the undesired routing protocol a larger administrative distance. Use the commands shown in the graphic to change the default administrative distances. For all protocols except EIGRP and BGP, use the distance command: distance Command weight address Description Administrative distance, an integer from 10 to 255 (the values 0 to 9 are reserved for internal use.) Optional IP address. Allows filtering of networks according to the IP address of the router supplying the routing information Optional wildcard mask for IP address. A bit set to 1 in the mask argument instructs the software to ignore the corresponding bit in the address value. Number or name of standard access list to be applied to the incoming routing updates. Allows filtering of the networks being advertised. Optional, specifies IP-derived routes for IS-IS.
mask
access-list-number | name
ip
For EIGRP use the distance eigrp command. distance eigrp Command Description internal-distance Administrative distance for Enhanced IGRP internal routes. Internal routes are those that are
Copyright 1999, Cisco Systems, Inc.
learned from another entity within the same autonomous system. external-distance Administrative distance for Enhanced IGRP external routes. External routes are those for which the best path is learned from a neighbor external to the autonomous system.
172.16.2.2 172.16.2.1
172.16.3.1
172.16.1.2
Cen
172.16.4.1
S0.2
172.16.7.2
172.16.5.1
S0.1
T1 Frame Relay
172.16.4.2
64 kbps
Rem
172.16.7.1
R300
172.16.11.1
64 kbps
172.16.6.1 172.16.6.2
R100
172.16.5.2
172.16.9.1
172.16.10.1
www.cisco.com
BSCN13-45
This example uses RIP and IGRP to illustrate how a router can make a poor path selection due to the default administrative distance values given to RIP and IGRP in a redundant network. The example also illustrates one possible way of correcting the problem. The graphic illustrates the network prior to using multiple routing protocols. The R200 and Cen routers are the primary focus of this example, as are networks 172.16.6.0, 172.16.9.0, and 172.16.10.0. The configuration output and routing tables appear on the following pages.
This example uses RIP and IGRP for simplicity. These and other protocol Note combinations can have the same problems occur, depending on the network topology, which is one reason Cisco highly recommends that you study your network topology prior to implementing redistribution, and to monitor it after it is enabled.
There are a number of ways to correct path selection problems in a redistribution Note environment. The purpose of this example is to show how a problem can occur, where it appears, and one possible way of resolving it.
IGRP
I I I C C I I
172.16.0.0/24 is subnetted, 11 subnets 172.16.9.0 [100/158813] via 172.16.1.1, 00:00:02, TokenRing1 172.16.10.0 [100/8976] via 172.16.5.2, 00:00:02, Serial0.1 172.16.11.0 [100/8976] via 172.16.4.2, 00:00:02, Serial0.2 172.16.4.0 is directly connected, Serial0.2 172.16.5.0 is directly connected, Serial0.1 172.16.6.0 [100/160250] via 172.16.5.2, 00:00:02, Serial0.1 172.16.3.0 [100/8539] via 172.16.2.2, 00:00:02, TokenRing0 [100/8539] via 172.16.1.1, 00:00:03, TokenRing1
Administrative Distance
1999, Cisco Systems, Inc.
Metric
www.cisco.com
BSCN13-46
First, we have only IGRP running in all of the routers in the network. The graphic shows a portion of the routing table on the Cen router. Following is the complete IP routing table for the Cen router:
Cen#show ip route <Output Omitted> 172.16.0.0/24 is subnetted, 11 subnets 172.16.12.0 [100/1188] via 172.16.2.2, 00:00:02, TokenRing0 172.16.9.0 [100/158813] via 172.16.1.1, 00:00:02, TokenRing1 172.16.10.0 [100/8976] via 172.16.5.2, 00:00:02, Serial0.1 172.16.11.0 [100/8976] via 172.16.4.2, 00:00:02, Serial0.2 172.16.4.0 is directly connected, Serial0.2 172.16.5.0 is directly connected, Serial0.1 172.16.6.0 [100/160250] via 172.16.5.2, 00:00:02, Serial0.1 172.16.7.0 [100/158313] via 172.16.1.1, 00:00:02, TokenRing1 172.16.1.0 is directly connected, TokenRing1 172.16.2.0 is directly connected, TokenRing0 172.16.3.0 [100/8539] via 172.16.2.2, 00:00:02, TokenRing0 [100/8539] via 172.16.1.1, 00:00:03, TokenRing1
I I I I C C I I C C I
Note the administrative distance and the composite metrics for each learned link. Administrative distance refers to how believable the routing protocol is, and the composite metric is the value assigned to the link. Now consider that you want to split the network into two autonomous systems IGRP and RIP. Note that IGRP is more believable than RIP because it has an administrative distance of 100 and RIP has an administrative distance of 120.
Trans
172.16.2.2
172.16.3.1
T1
172.16.1.1 172.16.1.2
172.16.2.1
IGRP
R200
Cen
S0.2
172.16.4.1 T1 Frame Relay
RIP 172.16.7.2
64 kbps
172.16.7.1
172.16.5.1
S0.1
172.16.4.2
Rem
172.16.11.1
64 kbps
R300
172.16.6.1 172.16.6.2
172.16.5.2
R100
172.16.10.1
172.16.9.1
www.cisco.com
BSCN13-47
The graphic shows the network with RIP and IGRP autonomous systems. The configurations for two of the routers are shown on the next graphic.
Router R200
router rip redistribute igrp 1 passive-interface Serial0 passive-interface TokenRing0 network 172.16.0.0 default-metric 3 ! router igrp 1 redistribute rip passive-interface Serial1 network 172.16.0.0 default-metric 10 100 255 1 1500
www.cisco.com
BSCN13-48
The configurations for the Cen and R200 routers are shown in the graphic. The passive interface commands are used to prevent routes from a particular routing protocol from being forwarded needlessly on links when the remote router cannot understand or is not using that protocol. Note in these configurations that RIP is being redistributed into IGRP and IGRP is being redistributed into RIP, on both routers.
RIP
Cen
IGRP
R R I C C R I
172.16.0.0/24 is subnetted, 11 subnets 172.16.9.0 [120/2] via 172.16.5.2, 00:00:01, Serial0.1 172.16.10.0 [120/1] via 172.16.5.2, 00:00:02, Serial0.1 172.16.11.0 [100/8976] via 172.16.4.2, 00:00:02, Serial0.2 172.16.4.0 is directly connected, Serial0.2 172.16.5.0 is directly connected, Serial0.1 172.16.6.0 [120/1] via 172.16.5.2, 00:00:02, Serial0.1 172.16.3.0 [100/8539] via 172.16.2.2, 00:00:02, TokenRing0 [100/8539] via 172.16.1.1, 00:00:02, TokenRing1
www.cisco.com
BSCN13-49
The graphic shows the resulting routing table on the Cen router. The table lists the routes that are relevant to the discussion in this section. Notice that the Cen router learned RIP and IGRP routes. You can use the following graphic to trace some of the routes (this is a copy of the previous figure repeated here for your convenience):
Trans
172.16.2.2
172.16.3.1
T1
172.16.1.1 172.16.1.2
172.16.2.1
IGRP
R200
Cen
S0.2
172.16.4.1 T1 Frame Relay
RIP 172.16.7.2
64 kbps
172.16.7.1
172.16.5.1
S0.1
172.16.4.2
Rem
172.16.11.1
64 kbps
R300
172.16.6.1 172.16.6.2
172.16.5.2
R100
172.16.10.1
172.16.9.1
www.cisco.com
BSCN13-50
RIP
R200
IGRP
I I I I I I C
www.cisco.com
BSCN13-51
The graphic shows the resulting routing table on the R200 router. The route table lists the routes that are relevant to the discussion in this section. Notice that all the routes are learned from IGRP, even though R200 is also connected to a RIP network. Notice too that if you trace some of the routes, such as to network 172.16.9.0, the router uses the long way via router Cen rather than via router R300.
www.cisco.com
BSCN13-52
Router R200 selected the poor paths because IGRP has a better administrative distance than RIP. To make sure that R200 selects the RIP routes, you can change the administrative distance, as shown in the graphic. The following describes some of the commands shown in the example in the graphic: Command 130 Description Defines the administrative distance that specified routes will be assigned.
distance 130 0.0.0.0 255.255.255.255 1
0.0.0.0 255.255.255.255 Defines the source address of the router supplying the routing information, in this case any router. 1 Defines the access-list to be used to filter incoming routing updates to determine which will have their administrative distance changed. The access-list number. Allows all networks that match the address to be permitted, in this case to have their administrative distance changed. A network to be permitted, in this case to have its administrative distance changed.
1 permit
172.16.9.0
Router R200, for example, is configured to assign an administrative distance of 130 to IGRP routes to networks 172.16.9.0, 172.16.10.0, and 172.16.6.0. In this way, when the router learns about these networks from RIP, the RIP-learned routes (with a lower administrative distance of 120) will be selected and put in the
13-46 Building Scalable Cisco Networks Copyright 1999, Cisco Systems, Inc.
routing table. Note that the distance command is for IGRP-learned routes because it is part of the IGRP routing process configuration.
RIP
R200
IGRP
172.16.0.0/24 is subnetted, 11 subnets 172.16.9.0 [120/1] via 172.16.7.1, 00:00:19, Serial1 172.16.10.0 [120/2] via 172.16.7.1, 00:00:19, Serial1 172.16.11.0 [100/9039] via 172.16.1.2, 00:00:49, TokenRing0 172.16.4.0 [100/8539] via 172.16.1.2, 00:00:49, TokenRing0 172.16.5.0 [100/8539] via 172.16.1.2, 00:00:49, TokenRing0 172.16.6.0 [120/1] via 172.16.7.1, 00:00:19, Serial1 172.16.3.0 is directly connected, Serial0
www.cisco.com
BSCN13-53
The output in the graphic shows that Router R200 now has retained the better route to some of the networks by learning them from RIP. With this configuration, however, note the loss of routing information. For example, given the actual bandwidths involved, the IGRP path would have been better for the 172.16.10.0 network, so it may have made sense to not include 172.16.10.0 in the access-list. This example illustrates the importance of not only knowing your network prior to implementing redistribution, but also that you should view which routes the routers are selecting after redistribution is enabled. You should pay particular attention to routers that can select from a number of possible redundant paths to a network because they are more likely to select suboptimal paths.
show ip route
trace
www.cisco.com
BSCN13-55
Know your network topology, particularly where redundant routes exist. Show the routing table of the appropriate routing protocol on a variety of routers in the internetwork. For example, check the routing table on the ASBR as well as some of the internal routers in each autonomous system. Perform a trace on some of the routes that go across the autonomous systems to verify that the shortest path is being used for routing. Make sure that you especially run traces to networks for which redundant routes exist. If you do encounter routing problems, use trace and debug commands to observe the routing update traffic on the ASBRs and internal routers.
Running debug requires extra processing by the router, so if the router is already Note overloaded, initiating debug is not recommended.
Select and configure the different ways to control route update traffic. Configure route redistribution in a network that does not have redundant paths between dissimilar routing processes Configure route redistribution in a network that has redundant paths between dissimilar routing processes Resolve path selection problems that result in a redistributed network Verify route redistribution
s s
Task: Answer the following questions about redistribution and controlling routing update traffic. 1 List three reasons why you may use multiple routing protocols in a network. _____________________________________________________________ _____________________________________________________________ _____________________________________________________________ 2 What two parameters are used by routers to select the best path when they learn two or more routes to the same destination from different routing protocols? _____________________________________________________________ _____________________________________________________________ 3 What are the components of the EIGRP routing metric? _____________________________________________________________ _____________________________________________________________ _____________________________________________________________ 4 Consider that you have a dialup WAN connection between site A and site B. What can you do to prevent excess routing update traffic from crossing the list, but still have the boundary routers know the networks that are at the remote sites? _____________________________________________________________ _____________________________________________________________ 5 What command is used to cause RIP to source a default route? _____________________________________________________________ 6 If there is no filter associated with an interface, what happens to packets destined for that interface? _____________________________________________________________
What command can be used to discover the path that a packet takes through a network? _____________________________________________________________
How can a routing loop result in a network that has redundant paths between two routing processes? _____________________________________________________________ _____________________________________________________________ _____________________________________________________________
Policy-Based Routing
Policy-based routing
Allows you to implement policies that selectively cause packets to take different paths Can also mark traffic with different TOS Since IOS Release 11.0
www.cisco.com
BSCN13-58
In today's high performance internetworks, organizations need the freedom to implement packet forwarding and routing according to their own defined policies in a way that goes beyond traditional routing protocol concerns. By using policybased routing, introduced in Cisco IOS Release 11.0, policies that selectively cause packets to take different paths can be implemented. Policy-based routing also provides a mechanism to mark packets with different types of service (TOS). This feature can be used in conjunction with IOS queuing techniques so that certain kinds of traffic can receive preferential service.
Cost Savings
use high cost links only when necessary
Load Sharing
use multiple paths based on traffic characteristics
1999, Cisco Systems, Inc.
www.cisco.com
BSCN13-59
The benefits that can be achieved by implementing policy-based routing in the networks include:
s
Source-Based Transit Provider SelectionInternet service providers and other organizations can use policy-based routing to route traffic originating from different sets of users through different Internet connections, across the policy routers. Quality of Service (QoS)Organizations can provide QoS to differentiated traffic by setting the precedence or type of service (TOS) values in the IP packet headers in routers at the periphery of the network and leveraging queuing mechanisms to prioritize traffic in the core or backbone of the network. This setup improves network performance by eliminating the need to classify the traffic explicitly at each WAN interface in the core or backbone of the network. Cost Savings An organization can direct the bulk traffic associated with a specific activity to use a higher bandwidth, high-cost link for a short time, and continue basic connectivity over a lower bandwidth, low-cost link for interactive traffic. For example, a dial-on-demand Integrated Services Digital Network (ISDN) line could be brought up in response to traffic to a finance server for file transfers selected by policy routing. Load SharingIn addition to the dynamic load-sharing capabilities offered by destination-based routing that the Cisco IOS software has always supported, network managers can now implement policies to distribute traffic among multiple paths based on the traffic characteristics.
Policies
Applied to incoming packets Implemented using route-maps
Matching routes modified by set commands If match criteria met and route-map specified permit control routing as specified by the set action If match criteria met and route-map specified deny normal (destination based) routing If all sequences in the list checked and no matches normal (destination based) routing
1999, Cisco Systems, Inc.
www.cisco.com
BSCN13-60
Policy-based routing is applied to incoming packets. All packets received on an interface with policy-based routing enabled are considered for policy-based routing. The router passes the packets through a route-map. Based on the criteria defined in the route-map, packets are forwarded to the appropriate next hop. Routers normally forward packets to the destination addresses based on information in their routing tables. Instead of routing by the destination address, policy-based routing allows network administrators to determine and implement routing policies to allow or deny paths based on:
s s s s
The identity of a particular end system The application being run The protocol in use The size of packets
As discussed in chapter 10, route-maps are complex access-lists. Each entry in a route-map statement contains a combination of match and set statements. The match statements define the criteria for whether appropriate packets meet the particular policy (that is, the conditions to be met). The set clauses define how the packets should be routed once they have met the match criteria. For each combination of match and set commands in a route-map statement, all sequential match statements must be met simultaneously by the packet for the set statements to be applied. There may be multiple sets of combinations of match and set commands in a full route-map statement. The route-map statements can also be marked as permit or deny. If the statement is marked as a deny, a packet meeting the match criteria is sent back through the normal forwarding channels (in other words, destination-based routing is performed). Only if the statement is marked as permit and the packet meets the
match criteria are all the set commands applied. If no match is found in the routemap then the packet is forwarded through the normal routing channel. If it is desired not to revert to normal forwarding and to drop a packet that does not match the specified criteria, then a set statement to route the packets to interface null 0 should be specified as the last entry in the route-map.
route-map map-tag [permit | deny] [sequence-number] Defines the conditions for policy routing
Router(config-route-map)#
www.cisco.com
BSCN13-61
The graphic is a review of the route-map configuration commands from chapter 10. The specific match and set commands for policy-based routing are discussed in the following pages.
match ip address {access-list-number | name} [...access-list-number | name] Matches IP addresses for policy routing
Router(config-route-map)#
match length min max Matches layer 3 length of packet for policy routing
www.cisco.com
BSCN13-62
IP standard or extended access lists can be used to establish policy-based routing match criteria using the match ip address command. A standard IP access list can be used to specify the match criteria for source address of a packet; extended access lists can be used to specify the match criteria based on source and destination address, application, protocol type, TOS, and precedence. match ip address Command access-list-number | name Description Number or name of a standard or extended access list to be used to test incoming packets. If multiple access-lists are specified, matching any one will result in a match.
The match length command can be used to establish criteria based on the packet length, between specified minimum and maximum values. For example, a network administrator could use the match length as the criterion that distinguishes between interactive and file transfer traffic, since file transfer traffic usually has larger packet sizes. match length Command min max Description Minimum layer 3 length of the packet, inclusive, allowed for a match. Maximum layer 3 length of the packet, inclusive, allowed for a match.
set interface type number [...type number] Defines interface to output packets to
www.cisco.com
BSCN13-63
If the match statements are satisfied, one of the following set statements can be used to specify the criteria for forwarding packets through the router; they are evaluated in the order listed here. Once a destination address or interface has been chosen, other set commands for changing the destination address or interface are ignored. 1. The set ip next-hop command provides a list of specified IP addresses used to specify the adjacent next hop router in the path toward the destination to which the packets should be forwarded. The first IP address associated with a currently up connected interface will be used to route the packets. set ip next-hop Command ip-address Description IP address of the next hop to which packets are output. It must be the address of an adjacent router.
2. The set interface command provides a list of interfaces through which the packets can be routed. If more than one interface is specified, then the first interface that is found to be up will be used for forwarding the packets. set interface Command type number Description Interface type and number, to which packets are output.
If there is no explicit route for the destination address of the packet in the routing Note table, the set interface command is not followed.
set ip default next-hop ip-address [...ip-address] Defines next hop to output packets that have no explicit route to the destination
Router(config-route-map)#
set default interface type number [...type number] Defines interface to output packets that have no explicit route to the destination
www.cisco.com
BSCN13-64
3. The set ip default next-hop command provides a list of default next hop IP addresses. The packet is routed to the next hop specified by this set clause only if there is no explicit route for the destination address in the packet in the routing table. The first next hop specified that appears to be adjacent to the router is used. The optional specified IP addresses are tried in turn. set ip default next-hop Command Description ip-address IP address of the next hop to which packets are output. It must be the address of an adjacent router
4. The set default interface command provides a list of default interfaces. If there is no explicit route available to the destination address of the packet being considered for policy routing, then it will be routed to the first up interface in the list of specified default interfaces. set default interface Command Description type number Interface type and number, to which packets are output.
5. The set ip tos command is used to set the IP TOS value in the IP packets. 6. The set ip precedence command is used to set the IP precedence in the IP packets. The set commands can be used in conjunction with each other.
ip route-cache policy
www.cisco.com
BSCN13-65
To identify a route-map to use for policy routing on an interface, use the ip policy route-map interface configuration command. ip policy route-map Command Description map-tag Name of the route-map to use for policy routing. Must match a map-tag specified by a route-map command.
Policy-based routing is specified on the interface that receives the packets, not on Note the interface from which the packets are sent.
IP policy routing can now be fast-switched. Prior to this feature, policy routing could only be process switched, which meant that on most platforms, the switching rate was approximately 1,000 to 10,000 packets per second. This was not fast enough for many applications. Users who need policy routing to occur at faster speeds can now implement policy routing without slowing down the router. Policy routing must be configured before you configure fast-switched policy routing. Fast switching of policy routing is disabled by default. To have policy routing be fast-switched, use the ip route-cache policy command in interface configuration mode. Fast-switched policy routing supports all of the match commands and most of the set commands, except for the following restrictions:
s s
The set ip default command is not supported. The set interface command is supported only over point-to-point links, unless a route-cache entry exists using the same interface specified in the set interface command in the route-map. Also, at the process level, the routing table is
Copyright 1999, Cisco Systems, Inc.
consulted to determine if the interface is on a reasonable path to the destination. During fast switching, the software does not make this check. Instead, if the packet matches, the software blindly forwards the packet to the specified interface.
S3:10.1.1.1
S2:172.16.1.2
www.cisco.com
BSCN13-66
In the graphic Router A has a policy that packets from 192.168.2.1 should go out to Router Cs interface serial 1. All other packets should be routed according to their destination.
www.cisco.com
BSCN13-67
Router As serial 2 interface, where packets from 192.168.2.1 go into Router A, is configured to do policy routing with the ip policy route-map command. The route-map test is used for this policy routing. It tests the IP addresses in packets against access-list 1 to determine which packets will be policy routed. Access-list 1 specifies that packets with a source address of 192.168.2.1 will be policy routed. Packets that match access-list 1 will be sent to the next-hop address 172.17.1.2, which is Router Cs serial 1 interface. All other packets will be forwarded normally, according to their destination. (Recall that access-lists have an implicit deny any at the end, so no other packets will be permitted by accesslist 1).
show ip policy
Display a route-map
www.cisco.com
BSCN13-69
To display the route-maps used for policy routing on the routers interfaces, use the show ip policy EXEC command. To display configured route-maps, use the show route-map EXEC command. show route-map Command map-name Description Optional name of a specific route-map.
debug ip policy
trace
ping
www.cisco.com
BSCN13-70
Use the debug ip policy EXEC command to display IP policy routing packet activity. This command helps you determine what policy routing is doing. It displays information about whether a packet matches the criteria, and if so, the resulting routing information for the packet.
Because the debug ip policy command generates a significant amount of output, Note use it only when traffic on the IP network is low, so other activity on the system is not adversely affected.
To discover the routes the packets follow when traveling to their destination from the router, use the trace privileged EXEC command. To change the default parameters and invoke an extended trace test, enter the command without a destination argument. You will be stepped through a dialog to select the desired parameters. To check host reachability and network connectivity, use the ping (IP packet internet groper function) privileged EXEC command. You can use the extended command mode of the ping command to specify the supported header options, by entering the command without any arguments.
www.cisco.com
BSCN13-71
Note
The output shown in the graphic is from Router A in the last example.
The graphic provides examples of two show commands. The show ip policy command indicates that the route-map called test is used for policy routing on the routers interface serial 2. The show route-map command indicates that three packets have matched sequence 10 of the test route-map.
www.cisco.com
BSCN13-72
Note
The output shown in the graphic is from Router A in the last example.
The graphic provides an example of the output of the debug ip policy command. The show logging command shows the logging buffer including the output of the debug command. The output indicates that a packet from 172.16.1.1 destined for 192.168.1.1 was received on interface serial 2 and that it was rejected by the policy on that interface. The packet is routed normally (i.e. by destination). Another packet, from 192.168.2.1 destined for 192.168.1.1, was later received on the same interface serial 2. This packet matched the policy on that interface and was therefore policy routed and sent out interface serial 1 to 172.17.1.2.
As new acquisition
RIP Domain, Metric = Hops 1 Class C Supports Unix W/S, Servers
3
T-3
To JKL
www.cisco.com
BSCN13-74
In this case study, we will look at how JKLs Acquisition A will implement its routing protocols. Recall that Acquisition A is running a mixture of protocols, IGRP, RIP and OSPF. It has two class C public addresses and uses a class A private address. As shown in the graphic, each of the three protocol domains is connected to the other two. The following topics are some considerations to discuss with the class during the case study:
s
Within each of the protocol domains (RIP, IGRP, OSPF) what are the limitations? What implications do these limitations have when redistributing information between the domains?
s s
Will any of the interfaces have to be configured as passive interfaces? When would it be more appropriate to use a distribute-list filter on an interface versus for a process? Is there anywhere in the network where policy-based routing would be appropriate?
Synchronization/metric issues
s
How do each of the protocols in use ensure that the routers running them are synchronized? When a router in the RIP domain learns of a network within the OSPF domain, what meaning does the metric have?
Ease of configuration
s
How difficult would it be to configure each of the individual routing domains? How much more complicated is it to implement redistribution between the routing domains? Are there any alternatives? How easy would they be to implement?
Summary
Summary
After completing this chapter, you should be able to perform the following tasks:
Select and configure the different ways to control route update traffic Configure route redistribution in a network that does not have redundant paths between dissimilar routing processes Configure route redistribution in a network that has redundant paths between dissimilar routing processes
1999, Cisco Systems, Inc.
www.cisco.com
BSCN13-76
Summary (contd)
Resolve path selection problems that result in a redistributed network Verify route redistribution Configure policy-based routing using route-maps Given a set of network requirements, configure redistribution between different routing domains and verify proper operation (within described guidelines) of your routers Given a set of network requirements, configure policy-based routing within your pod and verify proper operation (within described guidelines) of your routers
1999, Cisco Systems, Inc.
www.cisco.com
BSCN13-77
Review Questions
Answer the following questions.
Review Questions
1. What is redistribution? 2. What is the default administrative distance for IGRP? For RIP? For OSPF? 3. When configuring a default metric for redistributed routes, the metric should be set to a value ________ than the largest metric within the AS. 4. What command is used for policy-based routing to establish criteria based on the packet length?
1999, Cisco Systems, Inc.
www.cisco.com
BSCN13-78
www.cisco.com
BSCN13-79
14
Overview
This chapter is a review of the contents in the course, and culminates with a large summary lab that allows the students to configure many of the features discussed. This chapter includes the following topics:
Note to reviewers: The Chapter 14 listed in the design document has been deleted and this chapter now becomes Note chapter 14. Compared to the design document, some topics have been renamed and reordered, to improve the flow of this chapter.
s s s s s s s s
Objective Routing Principles Extending IP Addressing Space Connecting to ISPs Controlling Overhead Traffic Route Redistribution Written Exercise: Using Scalable Strategies Case Study: Summary (Optional)
s s
Objective
This section lists the chapters objective.
Objective
Upon completion of this chapter, you will be able to perform the following task:
Given a set of network requirements, configure many of the features discussed in class and verify proper operation (within described guidelines) of your routers
www.cisco.com
BSCN14-2
Upon completion of this chapter, you will be able to perform the following task:
s
Given a set of network requirements, configure many of the features discussed in class and verify proper operation (within described guidelines) of your routers
Routing Principles
This section reviews the principles of routing.
What is Routing?
Routing is the process of forwarding an item from one location to another Routers forward traffic to a logical destination in a computer network Routers perform two major functions:
Routing
Learning the logical topology of the network
Switching
Forwarding packets from an inbound interface to an outbound interface
1999, Cisco Systems, Inc.
www.cisco.com
BSCN14-4
Routing is a relay system by which items are forwarded from one location to another, from a logical source to a logical destination. Each device in the network has a logical address so it can be reached individually or in some cases as part of a larger group of devices. For a router to act as an effective relay device, it must be able to understand the logical topology of the network and to communicate with its neighboring devices. The router understands several different logical addressing schemes and regularly exchanges topology information with other devices in the network. The mechanism of learning and maintaining awareness of the network topology is considered to be the routing function. The actual movement of transient traffic through the router is a separate function and is considered to be the switching function. Routing devices must perform both a routing and a switching function to be an effective relay device.
Classful Routing
Classful routing protocols are a consequence of the distance vector method of route calculation
RIPv1 IGRP
Subnet masks are not carried within the routine, periodic routing updates Summary routes are automatically created at major network boundaries
1999, Cisco Systems, Inc.
www.cisco.com
BSCN14-5
Classful routing is a consequence of the fact that subnet masks are not advertised in the periodic, routine, routing advertisements generated by distance vector routing protocols. In a classful environment, the receiving device must know the mask associated with any advertised subnets. There are two ways this information can be gained:
s s
The receiving device shares the same mask as the advertising device. If the mask does not match, the receiving device must use the default routing mask.
Classful routing protocols, such as RIPv1 and IGRP, exchange routes to all subnetworks within the same network. This is possible because all of the subnetworks in the major network must have the same routing mask. When routes are exchanged with foreign networks (networks whose network portion does not match ours), subnetwork information from this network cannot be included because the mask of the network will not be known. As a result, the subnetwork information from this network must be summarized to a classful boundary using a default routing mask prior to inclusion in the routing update. The creation of a classful summary route at major network boundaries is handled automatically by classful routing protocols. Summarization at other points within the major network address is not allowed by classful routing protocols.
Classless Routing
Classless routing protocols include the routing mask with the route advertisement
Open Shortest Path First (OSPF) Enhanced IGRP RIPv2 IS-IS BGP
Routing updates triggered by topology changes Summary routes manually controlled at any point within the network
1999, Cisco Systems, Inc.
www.cisco.com
BSCN14-6
Classless routing protocols can be considered as second generation protocols because they are designed to deal with some of the limitations of the earlier classful protocols. One of the most serious limitations in a classful network environment is that the subnet mask is not exchanged during the routing update process. This original approach required the same mask be used on all subnetworks. The classless approach advertises the mask for each route and therefore a more precise lookup can be performed in the routing table. Once the initial topology learning phase is complete, updates about network routes are triggered by changes in topology. The event-driven approach reduces the periodic bandwidth consumption associated with full table updates. Classless routing protocols also address another limitation of the classful approach: the need to summarize to a classful network with a default routing mask at major network boundaries. In the classless environment, the summarization process is manually controlled and can be invoked at any point within the network. Since subnet routes are propagated throughout the routing domain, summarization is required to keep the size of the routing tables at a manageable size.
IP Addressing Solutions
Subnet Masking, RFC 1812 Address Allocation for Private Internets, RFC 1918 Network Address Translation, RFC 1631 Hierarchical Addressing Variable-Length Subnet Masks, RFC 1812 Route Summarization, RFC 1518 Classless Inter-Domain Routing, RFCs 1518, 1519
1999, Cisco Systems, Inc.
www.cisco.com
BSCN14-8
Since the 1980s, solutions have been developed to slow the depletion of IP addresses and to reduce the number of Internet route table entries by enabling more hierarchical layers in an IP address. These solutions include:
s
Subnet MaskingRFCs 950 (1985), 1812 (1995)Developed to add another level of hierarchy to an IP address. This additional level allows for extending the number of network addresses derived from a single IP address. Address Allocation for Private InternetsRFC 1918 (1996)Developed for organizations that do not need much access to the Internet. The only reason to have a NIC-assigned IP address is to interconnect to the Internet. Any and all companies can use the privately assigned IP addresses within their organization, rather than using a NIC-assigned IP address unnecessarily. Network Address Translation (NAT)RFC 1631 (1994)Developed for those companies that use private addressing or use non-NIC-assigned IP addresses. This strategy enables an organization to access the Internet with a NIC-assigned address, without having to reassign the private or illegal addresses that are already in place. Hierarchical Addressing Applying a structure to addressing such that multiple addresses share the same leftmost bits. Variable-Length Subnet Masks (VLSMs)RFC 1812 (1995)Developed to allow multiple levels of subnetworked IP addresses within a single network. This strategy can only be used when it is supported by the routing protocol in use, such as OSPF and EIGRP.
Implementing Scalability Features in Your Internetwork 14-7
Route SummarizationRFC 1518 (1993)A way of having a single IP address represent a collection of IP addresses when you employ a hierarchical addressing plan. Classless Inter-Domain Routing (CIDR)RFCs 1518, 1519 (1993), 2050 (1996)Developed for ISPs. This strategy suggests that the remaining IP addresses be allocated to ISPs in contiguous blocks, with geography being a consideration.
17 2.
16 .1
4. 1
172.16.14.64/27
172.1
B
6.14. 1
0 36/30
32 /3
2. 17
. .1 16
2 0/
172.16.14.96/27
HQ 17
2.1
6.2 .
172.16.0.0/16
0/2 4
www.cisco.com
BSCN14-9
VLSMs provide the ability to include more than one subnet mask within a network, and the ability to subnet an already subnetted network address. The benefits of VLSMs include:
s
Even more efficient use of IP addressesWithout the use of VLSMs, companies are locked into implementing a single subnet mask within an entire class A, B or C network number. For example, consider the 172.16.0.0/16 network address divided into subnets using /24 masking, and one of the subnetworks in this range, 172.16.14.0/24, further divided into smaller subnets with the /27 masking, as shown in the graphic. These smaller subnets range from 172.16.14.0/27 to 172.16.14.224/27. In the graphic, one of these smaller subnets, 172.16.14.128, is further divided with the /30 prefix, creating subnets with only two hosts, to be used on the WAN links.
Greater capability to use route summarizationVLSMs allow for more hierarchical levels within your addressing plan, and thus allow for better route summarization within routing tables. For example, in the graphic, subnet 172.16.14.0/24 summarizes all of the addresses that are further subnets of 172.16.14.0, including those from subnet 172.16.14.0/27 and from 172.16.14.128/30.
A
172.16.27.0/24
Routing protocols can summarize addresses of several networks into one address
1999, Cisco Systems, Inc.
www.cisco.com
BSCN14-10
In large internetworks hundreds or even thousands of network addresses can exist. In these environments, it is often not desirable for routers to maintain all these routes in their routing table. Route summarization, also called route aggregation or supernetting, can reduce the number of routes that a router must maintain because it is a method of representing a series of network numbers in a single summary address. For example, as the graphic shows, the router can either send three routing update entries, or summarize the addresses into a single network number.
Note The router in the graphic is saying that it can route to the network 172.16.0.0/16, including all subnets of that network. However, if there were other subnets of 172.16.0.0 elsewhere in the network (for example, if 172.16.0.0 was discontiguous), summarizing in this way may not be valid.
What is CIDR?
192.168.8.0/24
A
19 2.1 68
.8.
192.168.9.0/24
. . .
0/2 4
192.168.8.0/21
HQ
B . . . H
192.1 68.9.0
/24
192.168.15.0/24
6 2.1 19
/24 5 .0 8.1
www.cisco.com
BSCN14-11
CIDR is a mechanism developed to help alleviate the problem of exhaustion of IP addresses and growth of routing tables. The idea behind CIDR is that blocks of multiple Class C addresses can be combined, or aggregated, to create a larger (that is, more hosts allowed) classless set of IP addresses. Blocks of Class C network numbers are allocated to each network service provider. Organizations using the network service provider for Internet connectivity are allocated subsets of the service provider's address space as required. These multiple Class C addresses can then be summarized in routing tables, resulting in fewer route advertisements CIDR is described further in RFCs 1518 and 1519. RFC 2050, the Internet Registry IP Allocation Guidelines, specifies guidelines for the allocation of IP addresses. The graphic shows an example of CIDR and route summarization. The class C network addresses 192.168.8.0/24 through 192.168.15.0/24 are being used and are being advertised to the HQ router. When the HQ router advertises the networks available, instead of separately advertising the eight class C networks, it can summarize these into one route. By advertising 192.168.8.0/21, the HQ router is saying: I can get to all destination addresses that have the first 21 bits the same as the first 21 bits of the address 192.168.8.0.
Connecting to ISPs
This section reviews autonomous systems and BGP as they relate to connecting to Internet Service Providers.
Autonomous Systems
IGPs: RIP, IGRP, OSPF, EIGRP EGPs: BGP
An autonomous system (AS) is a collection of networks under a a single technical administration IGPs operate within an autonomous system EGPs connect different autonomous systems
1999, Cisco Systems, Inc.
www.cisco.com
BSCN14-13
One way to categorize routing protocols is by whether they are interior or exterior:
s
Interior gateway protocols (IGPs)Routing protocols used to exchange routing information within an autonomous system. RIP, IGRP, OSPF and EIGRP are examples of IGPs. Exterior gateway protocols (EGPs)used to connect between autonomous systems. Border Gateway Protocol (BGP) is an example of an EGP.
BGP version 4, BGP-4, is the latest version of BGP and is defined in RFC 1771. As noted in this RFC, the classic definition of an autonomous system is a set of routers under a single technical administration, using an interior gateway protocol and common metrics to route packets within the AS, and using an exterior gateway protocol to route packets to other ASs. Nowadays, ASs may use more than one IGP, with potentially several sets of metrics. The important characteristic of an AS from the BGP point of view is that the AS appears to other ASs to have a single coherent interior routing plan and presents a consistent picture of what destinations are reachable through it. All parts of the AS must be connected to each other.
BGP Characteristics
BGP is a distance-vector protocol with enhancements:
Reliable updates - BGP runs on top of TCP (port 179) Incremental, triggered updates only Periodic keepalives to verify TCP connectivity Rich metrics (called path vectors or attributes) Designed to scale to huge internetworks
www.cisco.com
BSCN14-14
BGP is a distance vector protocol, but is has many differences to the likes of RIP. BGP uses TCP as its transport protocol, which provides connection-oriented reliable delivery. In this way, BGP assumes that its communication is reliable and therefore it doesnt have to implement any retransmission or error recovery mechanisms. BGP uses TCP port 179. Two routers speaking BGP form a TCP connection with one another and exchange messages to open and confirm the connection parameters. These two routers are called peer routers or neighbors. Once the connection is made, full routing tables are exchanged. However since the connection is reliable, BGP routers need only send changes (incremental updates) after that. Periodic routing updates are also not required on a reliable link, so triggered updates are used. BGP sends keepalive messages, similar to the hello messages sent by OSPF and EIGRP. BGP routers exchange network reachability information, called path vectors, made up of path attributes, including a list of the full path (of BGP AS numbers) that a route should take in order to reach a destination network. This path information is used in constructing a graph of ASs that is loop free and where routing policies can be applied in order to enforce some restrictions on the routing behavior. The path is loop free because a router running BGP will not accept a routing update that already includes its AS number in the path list, since this would mean that the update has already passed through its AS, and accepting it again would result in a routing loop.
www.cisco.com
BSCN14-15
After BGP receives updates about different destinations from different autonomous systems, the protocol decides which path to choose in order to reach a specific destination. BGP will choose only a single path to reach a specific destination. The decision process is based on BGP path attributes. When faced with multiple routes to the same destination, BGP chooses the best route for routing traffic toward the destination. The following process summarizes how BGP on a Cisco router chooses the best route. 1. If the path is internal, synchronization is on and route is not synchronized, do not consider it. 2. If the Next-Hop address of a route is not reachable do not consider it. 3. Prefer the route with the highest Weight. (Recall that the weight is Cisco proprietary and is local to the router only). 4. If multiple routes have the same Weight, prefer the route with the highest Local Preference. (Recall that the local preference is used within an AS). 5. If multiple routes have the same Local Preference, prefer the route that was originated by the local router. 6. If multiple routes have the same Local Preference, or if no route was originated by the local router, prefer the route with the shortest AS path. 7. If the AS path length is the same, prefer the lowest origin code (IGP<EGP<Incomplete). 8. If all origin codes are the same, prefer the path with the lowest MED. (Recall that the MED is sent from other ASs).
The MED comparison is only done if the neighboring autonomous system is the same for all routes considered, unless the bgp always-compare-med command is enabled.
Note The most recent IETF decision regarding BGP MED assigns a value of infinity to the missing MED, making the route lacking the MED variable the least preferred. The default behavior of BGP routers running Cisco IOS software is to treat routes without the MED attribute as having a MED of 0, making the route lacking the MED variable the most preferred. To configure the router to conform to the IETF standard, use the bgp bestpath missing-as-worst command.
9. If the routes have the same MED, prefer external paths (EBGP) over internal paths (IBGP). 10. If IGP synchronization is disabled and only internal paths remain, prefer the path through the closest IGP neighbor. This means the router will prefer the shortest internal path within the AS to reach the destination (the shortest path to the BGP next-hop). 11. Prefer the route with the lowest neighbor BGP Router ID value. The path is put in the routing table and propagated to the routers BGP neighbors.
AS 250
ISP AS 200
ISP AS 300
10.10.20.2 10.10.10.1 A
AS 100
www.cisco.com
BSCN14-16
In the example in the graphic, AS 100 is connected to two ISPs, AS 200 and AS 300. AS 100 is said to have a multi-homed connection to the Internet and will chose the path it takes to various destinations as detailed in the decision process on the previous graphic.
Route filtering
www.cisco.com
BSCN14-18
To permit or deny packets from crossing specified router interfaces. To permit or deny virtual terminal (vty) access to and from a router. To establish a finer granularity of control when differentiating traffic into priority and custom queues. To identify interesting traffic that serves to trigger dialing in dial-on-demand routing (DDR). To filter and alter attributes within a routing update.
End
www.cisco.com
BSCN14-19
The Cisco IOS software can filter incoming and outgoing routing updates by using distribute-lists that use access-lists. In general, the process the router uses is as follows: 1. 2. The router receives a routing update or is getting ready to send an update about one or more networks. The router looks at the interface involved with the action. For example, if it is an incoming update, then the interface on which it arrived is checked. If it is an update that must be advertised, the interface out of which it should be advertised is checked. 3. 4. The router determines if a filter is associated with the interface. If a filter is associated with the interface, the router views the access list to learn if there is a match for the given routing update. If a filter is not associated with the interface, the packet is processed as normal. 5. If there is a match, then the route entry is processed as configured. If no match is found in the access list, the implicit deny any at the end of the access list will cause the update to be dropped.
Route-Maps
Route-maps
Filters for network advertisements Offer detailed control over advertisements Complex access-lists Complex conditional advertisement via match command Changes routing table parameters via set command
www.cisco.com
BSCN14-20
A route map is a method used to control and modify routing information. This is done by defining conditions for redistributing routes from one routing protocol to another or controlling routing information when injected in and out of BGP. Route maps are complex access lists that allow some conditions to be tested against the route in question, and if the conditions match then some actions can be taken to modify the route. These actions are specified by set commands.
Policy-Based Routing
Policy-based routing
Allows you to implement policies that selectively cause packets to take different paths Can also mark traffic with different TOS Since IOS Release 11.0 Applied to incoming packets Implemented using route-maps
www.cisco.com
BSCN14-21
In today's high performance internetworks, organizations need the freedom to implement packet forwarding and routing according to their own defined policies in a way that goes beyond traditional routing protocol concerns. By using policybased routing, introduced in Cisco IOS Release 11.0, policies that selectively cause packets to take different paths can be implemented. Policy-based routing also provides a mechanism to mark packets with different types of service (TOS). This feature can be used in conjunction with IOS queuing techniques so that certain kinds of traffic can receive preferential service. Policy-based routing is applied to incoming packets. All packets received on an interface with policy-based routing enabled are considered for policy-based routing. The router passes the packets through a route-map. Based on the criteria defined in a route-map, packets are forwarded to the appropriate next hop.
www.cisco.com
BSCN14-22
BGP has additional features for controlling update traffic. If you want to restrict the BGP routing information that the Cisco IOS software learns or advertises, you can filter BGP routing updates to and from particular neighbors. To do this, you can either define an access list or a prefix list, and apply it to the updates. Access lists are applied using distribute lists.
Route Redistribution
This section reviews route redistribution.
www.cisco.com
BSCN14-24
There are times when you may need to use multiple routing protocols. Some reasons why you may need multiple protocols are as follows:
s
When you are migrating from an older IGP to a new IGP, multiple redistribution boundaries may exist until the new protocol has displaced the old protocol completely. Dual existence of protocols is effectively the same as a long-term coexistence design. When you want to use another protocol but need to keep the old protocol due to the needs of host systems. Different departments might not want to upgrade their routers or they might not implement a sufficiently strict filtering policy. In these cases you can protect yourself by terminating the other routing protocol on one of your routers. If you have a mixed router vendor environment, you can use a Cisco-specific protocol in the Cisco portion of the network and then use a common protocol to communicate with non-Cisco devices.
What Is Redistribution?
ASBR
S1
C
S0 A
B
I I I I
S1 advertises routes from EIGRP to IGRP S0 advertises routes from IGRP to EIGRP
Routes are learned from another routing protocol when a router redistributes the information between the protocols
1999, Cisco Systems, Inc.
www.cisco.com
BSCN14-25
When any of these situations arises, Cisco routers allow internetworks using different routing protocols (referred to as autonomous systems) to exchange routing information through a feature called route redistribution. Redistribution is defined as the ability for boundary routers connecting different autonomous systems to exchange and advertise routing information received from one autonomous system to the other autonomous system.
Note The term autonomous system as used here denotes internetworks using different routing protocols. These routing protocols may be IGPs and/or EGPs. This is a different use of the term Autonomous System than is used when discussing BGP.
Within each autonomous system the internal routers have complete knowledge about their network. The router interconnecting autonomous systems is called an autonomous system boundary router (ASBR). In the example shown in the graphic, AS 200 is running IGRP and AS 300 is running EIGRP, and the internal routers within each autonomous system have complete knowledge about their networks. Router A is the ASBR. Router A has both IGRP and Enhanced IGRP processes active and is responsible for advertising routes learned from one autonomous system into the other autonomous system. In this example, Router A learns about network 192.168.5.0 from Router B via the EIGRP protocol running on its S0 interface. It passes that information to Router C on its S1 interface via IGRP. Routing information is also passed the other way, from IGRP into EIGRP. Router B's routing table shows that it has learnt about network 172.16.0.0 via EIGRP (as indicated by the D in the routing table) and that the route is external to this autonomous system (as indicated by the EX in the routing table). Router Cs routing table shows that it has learnt about network 192.168.5.0 via IGRP (as
Copyright 1999, Cisco Systems, Inc. Implementing Scalability Features in Your Internetwork 14-23
indicated by the I in the routing table). Note that there is no indication in IGRP if the route is external to the autonomous system.
IGRP
Redistribute
OSPF
Default or Static
IGRP
Redistribute
OSPF
www.cisco.com
BSCN14-26
At a high level, Cisco recommends you consider employing the following guidelines when using redistribution:
s
The overriding recommendation is to be familiar with your network and your network traffic. There are many ways to implement redistribution, so knowing your network will enable you to make the best decision. Do not overlap routing protocolsDo not run two different protocols in the same internetwork. Rather, have distinct boundaries between networks that use different protocols. One-way redistributionTo avoid routing loops, and problems with varying convergence time, only allow routes to be exchanged in one direction, not both directions. In the other direction, you should consider using a default route. Two-way redistributionIf you must allow two-way redistribution, enable a mechanism to reduce the chances of routing loops. Examples of mechanisms covered in this chapter are default routes, route filters, and modification of the metrics advertised. With these types of mechanisms, you can reduce the chances of routes imported from one autonomous system being re-injected into the same autonomous system as new route information.
JKL Corporation 1 Class B - Public Recently re-designed, optimal OSPF Area 0 - Small, Redundant OSPF Multi-Area, Hierarchical VLSM with Route Summarization
Acquisition B 3 Class C - Public IP RIP Only 500 Devices, out of addr. 6 Hops
Acquisition D 1 Class B - Public 1 Class C - Private Enhanced IGRP AS 400 Discontig. Subnets
www.cisco.com
BSCN14-30
Throughout the course we have been using a Case Study of JKL Corporation to discuss various aspects of scalable routing. The case studies were used to review key concepts, to discuss critical issues surrounding network operation, and to provide a focus for the lab exercises. JKL is an enterprise that is making four acquisitions A, B, C and D. JKLs ultimate goal is to integrate the acquisitions networks with its own network. We have seen the multi-area OSPF design used within JKL, including VLSM and route summarization. JKL has a class B public address. Recall that JKL has two ISP connections. We have seen that Acquisition A is using a mixture of routing protocolsRIP, IGRP and OSPF. It has two class C public addresses and uses a class A private address. We have discussed how Acquisition A will redistribute routing information between the three routing domains. We have seen that Acquisition B is using three class C public addresses and is using only IP RIP as its routing protocol. It has run out of IP addresses. Recall that Acquisition C has a multi-vendor environment and is using OSPF and one class B public address. It is not using summarization. We have also seen that Acquisition D is using EIGRP, has one class B and one class C public address and discontiguous subnets.
Copyright 1999, Cisco Systems, Inc. Implementing Scalability Features in Your Internetwork 14-27
Now we will look at how JKL can integrate these acquisitions into its own network. What would be the most appropriate way for each of the Acquisitions networks to be incorporated into JKLs network? The following topics are some considerations to discuss with the class during the case study:
s
Are there any parts of the acquisitions networks that do not scale? How should these be incorporated into JKLs network? Should the routing protocols in any of the acquisitions be changed to another protocol? What issues would be involved in selecting those that should be changed? Where in JKLs network should the other networks be integrated? Should they be part of area 0, or should new areas be added in some cases?
If the resulting JKL network has more than one routing protocol how will redistribution be handled? What issues may arise when configuring redistribution in this network? Will any filtering be necessary?
s s s
Addressing
s
How will all of the current addresses be incorporated into the integrated network? If private addresses are kept, what will be required in order to access the Internet?
Internet Access
s
In the integrated network, where will access to the Internet be implemented? Will BGP be used for the Internet connections?
Summary
This section summaries the tasks you learned to complete in this chapter.
Summary
After completing this chapter, you should be able to perform the following task:
Given a set of network requirements, configure many of the features discussed in class and verify proper operation (within described guidelines) of your routers
www.cisco.com
BSCN14-31
Review Questions
Answer the following questions.
Review Questions
1. What distinguishes classful routing protocols from classless routing protocols? 2. A router has the networks 192.168.160.0/24 through 192.168.175.0/24 in its routing table. How could it summarize these networks into one route? 3. In the BGP selection process, which attribute is checked first, AS-path, weight, or local preference?
1999, Cisco Systems, Inc.
www.cisco.com
BSCN14-32
Overview
This chapter contains Job Aids and Supplements for the following topics:
s s s s s
Note to reviewers: In the design document, the Route Optimization supplements were in a separate appendix; Note they have been moved to this appendix for consistency.
Extending IP Addressing
Note to reviewers: In the design document, this section had some job aids and supplements that were redundant; Note these have been cleaned up and the section reordered.
Net Host
N.H.H.H N.N.H.H N.N.N.H
First Octet
Subnet Mask
# Subnets
# Hosts
1126 1111 1111 0000 0000 0000 0000 0000 0000 128191 1111 1111 1111 1111 0000 0000 0000 0000 192223 1111 1111 1111 1111 1111 1111 0000 0000
131.108.5.72
255.255.255.192 1111 1111 1111 1111 1111 1111 1100 0000 1000 0011 0110 1100 0000 0101 0100 1000 1111 1111 1111 1111 1111 1111 1100 0000
Network
255.255.192.0 255.255.224.0 255.255.240.0 255.255.248.0 255.255.252.0 255.255.254.0 255.255.255.0 255.255.255.128 255.255.255.192 255.255.255.224 255.255.255.240 255.255.255.248 255.255.255.252
Of the part that remains, the subnet mask bits define the subnet portion.
0000 0101 0100 1000 1111 1111 1100 0000 00 1000 00 0000
Subnet
4 8 16 32 64
62 30 14 6 2
Host
www.cisco.com
BSCNA-2
Binary
00000000 00000001 00000010 00000011 00000100 00000101 00000110 00000111 00001000 00001001 00001010 00001011 00001100 00001101 00001110 00001111 00010000 00010001 00010010 00010011 00010100 00010101 00010110 00010111 00011000 00011001 00011010 00011011 00011100 00011101 00011110 00011111 00100000 00100001 00100010 00100011 00100100 00100101 00100110 00100111 00101000 00101001 00101010 00101011 00101100 00101101 00101110 00101111 00110000 00110001 00110010 00110011 00110100 00110101 00110110 00110111 00111000 00111001 00111010 00111011 00111100 00111101 00111110 00111111
Decimal
64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127
Binary
01000000 01000001 01000010 01000011 01000100 01000101 01000110 01000111 01001000 01001001 01001010 01001011 01001100 01001101 01001110 01001111 01010000 01010001 01010010 01010011 01010100 01010101 01010110 01010111 01011000 01011001 01011010 01011011 01011100 01011101 01011110 01011111 01100000 01100001 01100010 01100011 01100100 01100101 01100110 01100111 01101000 01101001 01101010 01101011 01101100 01101101 01101110 01101111 01110000 01110001 01110010 01110011 01110100 01110101 01110110 01110111 01111000 01111001 01111010 01111011 01111100 01111101 01111110 01111111
Decimal
128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191
Binary
10000000 10000001 10000010 10000011 10000100 10000101 10000110 10000111 10001000 10001001 10001010 10001011 10001100 10001101 10001110 10001111 10010000 10010001 10010010 10010011 10010100 10010101 10010110 10010111 10011000 10011001 10011010 10011011 10011100 10011101 10011110 10011111 10100000 10100001 10100010 10100011 10100100 10100101 10100110 10100111 10101000 10101001 10101010 10101011 10101100 10101101 10101110 10101111 10110000 10110001 10110010 10110011 10110100 10110101 10110110 10110111 10111000 10111001 10111010 10111011 10111100 10111101 10111110 10111111
Decimal
192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255
Binary
11000000 11000001 11000010 11000011 11000100 11000101 11000110 11000111 11001000 11001001 11001010 11001011 11001100 11001101 11001110 11001111 11010000 11010001 11010010 11010011 11010100 11010101 11010110 11010111 11011000 11011001 11011010 11011011 11011100 11011101 11011110 11011111 11100000 11100001 11100010 11100011 11100100 11100101 11100110 11100111 11101000 11101001 11101010 11101011 11101100 11101101 11101110 11101111 11110000 11110001 11110010 11110011 11110100 11110101 11110110 11110111 11111000 11111001 11111010 11111011 11111100 11111101 11111110 11111111
Converting IP Addresses Between Decimal and Binary Determining an IP Address Class Extending an IP Classful Address Using Subnet Masks Calculating a Subnet Mask Calculating the Networks for a Subnet Mask Using Prefixes to Represent a Subnet Mask
1 1 1 1 1 1 1 1 128 64 32 16 8 4 2 1 = 255
Converting from binary to decimal
0 1 0 0 0 0 0 1 128 64 32 16 8 4 2 1 0 +64 +0 +0 +0 +0 +0 +1 = 65
www.cisco.com
BSCNA-4
An IP address is a 32-bit, two-level hierarchical number. It is hierarchical because the first portion of the address represents the network and the second portion of the address represents the node (host). The 32 bits are grouped into 4 octets with 8 bits per octet. The value of each octet ranges from 0 to 255 decimal, or 00000000 to 11111111 binary. The graphic illustrates how you convert an IP address in dotted-decimal notation into binary. It is important that you understand how this conversion is done for calculating subnet masks, which are discussed later in this section.
00001010.00000001.00010111.00010011
www.cisco.com
BSCNA-6
The graphic shows three examples of converting between binary and decimal.
network
www.cisco.com
BSCNA-7
To accommodate large and small networks, the NIC segregated the 32-bit IP address into classes A through E. Each address class allows for a certain number of network addresses and a certain number of host addresses within a network, as shown in the following table.
Class Class A Class B Class C Class D Class E Address Range 1.0.0.0 to 126.0.0.0 128.0.0.0 to 191.255.0.0 192.0.0.0 to 223.255.255.0 224.0.0.0 to 239.255.255.254 240.0.0.0 to 255.255.255.255 Number of Networks 128 (2 ) 16,386 (214) Approximately 2 million (221) Reserved for multicast addresses Reserved for research
7
Using classes to denote which portion of the address represents the network number and which portion is the node or host address is referred to as classful addressing. There are several issues with classful addressing, however. The number of available Class A, B, and C addresses is finite. Another problem is that not all classes are useful for a midsize organization, as illustrated in the table. As can be expected, the Class B range is the most accommodating to a majority of todays organizational network topologies. To maximize the use of the IP address(es) received by an organization regardless of the class, subnet masks were introduced.
Copyright 1999, Cisco Systems, Inc.
www.cisco.com
BSCNA-8
RFC 950 was written to address the problem of IP address shortage. It proposed a procedure, called subnet masking, for dividing Class A, B, and C addresses into smaller pieces, thus increasing the amount of possible networks. A subnet mask is a 32-bit value that identifies which bits in an address represent network bits and which represent host bits. In other words, rather than the router determining the network portion of the address by looking at the value of the first octet, it looks at the subnet mask associated with the address. In this way, subnet masks allow you to extend the usage of an IP address. It is a way of making an IP address a threelevel hierarchy, as shown in the graphic. To use a subnet mask, put a 1 for each bit that you want to represent a network or subnet portion of the address and a 0 for each bit that you want to represent a node portion of the address. Note that the 1s in the mask are contiguous. For example, the default subnet masks for Class A, B, and C addresses are as follows:
Class Class A Class B Class C Default Mask Decimal 255.0.0.0 255.255.0.0 255.255.255.0 Default MaskBinary 11111111.00000000.00000000.00000000 11111111.11111111.00000000.00000000 11111111.11111111.11111111.00000000
A 1 2 15 E 1
C 1 2 15 D
15
www.cisco.com
BSCNA-9
Because subnet masks extend the number of network addresses you can use by using additional bits in the host portion, you do not want to randomly decide how many additional bits to use for the network portion. Rather, you want to do some research to determine how many network addresses you need to derive from your NIC-given IP address. For example, consider that the NIC has given you IP address 172.16.0.0. The process for establishing your subnet mask would be as follows: 1. Determine the number of networks (subnets) needed. In the graphic, for example, there are five networks. 2. Determine how many nodes per subnet must be defined. The graphic, for example, has 5 nodes on each subnet. 3. Determine future network and node requirements. For example, assume 100 percent growth. 4. Given the information gathered from questions 1 through 3, determine the total number of networks required. For the example, it would be ten networks. Refer to the Job Aid: IP Addressing and Subnetting and select the appropriate subnet mask value that can accommodate ten networks. There is no mask that exactly accommodates ten networks. Depending on your network growth trends, you may select four subnet bits, resulting in a subnet mask of 255.255.240.0. The binary representation of this subnet mask is: 11111111.11111111.11110000.00000000 The number of additional subnetworks given by n additional bits is 2 n. For example, the additional four subnet bits would give you sixteen subnetworks.
1st Subnet 10101100 . 00010000 .0000 0000.00000000 =172.16.0.0 172 . 16 .0001 0000.00000000 =172.16.16.0 2nd Subnet: 172 . 16 .0010 0000.00000000 =172.16.32.0 3rd Subnet: 172 . 16 .0011 0000.00000000 =172.16.48.0 4th Subnet: . . 10th Subnet: 172 . 16 .1001 0000.00000000 =172.16.144.0
Network Subnet Host
www.cisco.com
BSCNA-10
Once you identify your subnetwork, you must calculate the ten subnetted network addresses to use with 172.16.0.0 255.255.240.0. One way to do this is as follows: 1. Write the subnetted address in binary format, as shown in the graphic. Use the Job Aid: Binary to Decimal Conversion Chart as necessary. 2. On the binary address, draw a line between the 16th and the 17th bits, as show in the graphic. Then draw a line between the 20th and 21st bits. Now you can focus on the target bits. 3. Go to the Job Aid: Binary to Decimal Conversion Chart and locate the first subnetwork number. Because your subnetwork bits are 0000, and the rest of the octet is 0000, the first number would be 00000000, or subnet 0. Historically, it was recommended that you begin choosing networks from highest (from the left-most bit) to lowest so you could have available network addresses. But this strategy does not allow you to adequately summarize network addresses, therefore the present recommendation is to choose networks from lowest to highest (right to left). 4. (Optional) It is recommended that you list each subnetwork in binary form to reduce the number of errors. In this way, you will not forget where you left off in your network address selection. 5. Locate the second lowest subnetwork number. In this case, it would be 0001. When combined with the next four bits this is subnet 16. 6. Continue locating subnetwork numbers until you have what you need, in this case 10 subnets.
<Output Omitted>
p1r3#show interface serial0 Serial0 is down, line protocol is down Hardware is HD64570 Internet address is 10.1.3.2/24
<Output Omitted>
1999, Cisco Systems, Inc.
www.cisco.com
BSCNA-11
As already discussed, subnet masks are used to identify the number of bits in an address that represent the network, subnet and host portions of the address. Another way of indicating this is to use a prefix. A prefix is a slash (/), and a numerical value that is the sum of the bits that represent the network and subnet portion of the address. For example, if you were using a subnet mask of 255.255.255.0, the prefix would be /24 for 24 bits. The following table shows some examples of the different ways that you can represent a prefix and subnet mask.
IP Address/Prefix 192.168.112.0/21 172.16.0.0/16 10.1.1.0/27 Subnet Mask 255.255.248.0 255.255.0.0 255.255.255.224 Subnet MaskBinary 11111111.11111111.11111000.00000000 11111111.11111111.00000000.00000000 11111111.11111111.11111111.11100000
It is important to know how to write subnet masks and prefixes because the Cisco router uses both as shown in the graphic. You will typically be asked to input a subnet mask when configuring an IP address, but the output generated using show commands typically show an IP address with a prefix.
Your network has the address 172.16.168.0/21. Write eight IP addresses in this network:
Write the four IP addresses in the range described by the 192.168.99.16/30 address:
Of these four host addresses, which two could you use as host addresses in a point-to-point connection? _____________________________________________________
OSPF
Supplement AOSPF Single Area Configuration Examples
10.1.1.2/24 P1R2
Area 0
10.1.2.2/24
10.1.3.1/24
10.1.3.2/24
P1R3
www.cisco.com
BSCNA-13
This section includes configuration and show command output examples that result from configuring the network shown in the graphic.
P1R3#
C C O
P1R3#show ip ospf neighbor detail Neighbor 10.1.3.1, interface address 10.1.3.1 In the area 0 via interface Serial0 Neighbor priority is 1, State is FULL Options 2 Dead timer due in 00:00:34 Neighbor 10.1.2.1, interface address 10.1.2.1 In the area 0 via interface Serial1 Neighbor priority is 1, State is FULL Options 2 Dead timer due in 00:00:36 P1R3#show ip ospf database OSPF Router with ID (10.1.3.2) (Process ID 1) Router Link States (Area 0) Link ID 10.1.2.1 10.1.3.1 10.1.3.2 P1R3# ADV Router 10.1.2.1 10.1.3.1 10.1.3.2 Age 301 292 288 Seq# 0x80000004 0x80000004 0x80000004
Type 1 LSAs
Checksum 0x4A49 0x1778 0x5D2E Link count 4 4 No type 2 LSAs 4 because all
10.1.1.1/24
P1R1
10.1.2.1/24
10.2.1.1/24 10.2.1.2/24
P2R1
10.2.2.1/24
10.1.1.2/24
Area 1
10.1.3.2/24
10.1.2.2/24
Area 2
10.2.2.2/24
P1R2 10.1.3.1/24
P1R3
Area 0
P2R2 10.2.3.1/24
10.2.3.2/24
P2R3
10.64.0.1/24
10.64.0.2/24
www.cisco.com
BSCNA-14
This section includes configuration and show command output examples that result from configuring the network shown in the graphic.
Example show Output Before Areas Are Configured for Stub and Route Summarization
The following is example output from P1R3, before the network is configured with stub areas and route summarization:
P1R3#show ip ospf database OSPF Router with ID (10.64.0.1) (Process ID 1) Router Link States (Area 0) Link ID 10.64.0.1 10.64.0.2 ADV Router 10.64.0.1 10.64.0.2 Age 84 85 Seq# Checksum Link count 0x80000009 0x6B87 1 0x8000000C 0x6389 1
Net Link States (Area 0) Link ID 10.64.0.2 ADV Router 10.64.0.2 Age 85 Seq# Checksum 0x80000001 0x7990
Summary Net Link States (Area 0) Link ID 10.1.1.0 10.1.2.0 10.1.3.0 10.2.1.2 10.2.2.1 10.2.3.1 ADV Router 10.64.0.1 10.64.0.1 10.64.0.1 10.64.0.2 10.64.0.2 10.64.0.2 Age 128 129 129 71 41 51 Seq# 0x80000001 0x80000001 0x80000001 0x80000001 0x80000001 0x80000001 Checksum 0x92D2 0x59F 0xF9A9 0x716F 0x7070 0x657A
Router Link States (Area 1) Link ID 10.1.2.1 10.1.3.1 10.64.0.1 ADV Router 10.1.2.1 10.1.3.1 10.64.0.1 Age 859 868 133 Seq# 0x80000004 0x80000004 0x80000007 Checksum 0xD681 0xEB68 0xAF61 Link count 4 4 4
Summary Net Link States (Area 1) Link ID 10.2.1.2 10.2.2.1 10.2.3.1 10.64.0.0 P1R3# ADV Router 10.64.0.1 10.64.0.1 10.64.0.1 10.64.0.1 Age 74 45 55 80 Seq# 0x80000001 0x80000001 0x80000001 0x80000003 Checksum 0xDBFB 0xDAFC 0xCF07 0x299
Example show Output after Areas Are Configured for Stub and Route Summarization
The following is example output from P1R3, after the network is configured with stub areas and route summarization:
P1R3#show ip ospf database OSPF Router with ID (10.64.0.1) (Process ID 1) Router Link States (Area 0) Link ID 10.64.0.1 10.64.0.2 ADV Router 10.64.0.1 10.64.0.2 Age 245 246 Seq# Checksum Link count 0x80000009 0x6B87 1 0x8000000C 0x6389 1
Net Link States (Area 0) Link ID 10.64.0.2 ADV Router 10.64.0.2 Age 246 Seq# Checksum 0x80000001 0x7990
Summary Net Link States (Area 0) Link ID 10.1.0.0 10.2.0.0 ADV Router 10.64.0.1 10.64.0.2 Age 54 25 Seq# Checksum 0x80000001 0x1B8B 0x80000001 0x9053
Router Link States (Area 1) Link ID 10.1.2.1 10.1.3.1 10.64.0.1 ADV Router 10.1.2.1 10.1.3.1 10.64.0.1 Age 1016 1026 71 Seq# 0x80000004 0x80000004 0x80000009 Checksum 0xD681 0xEB68 0xE9FF Link count 4 4 2
Summary Net Link States (Area 1) Link ID 0.0.0.0 P1R3# ADV Router 10.64.0.1 Age 76 Seq# Checksum 0x80000001 0x4FA3
EIGRP
Supplement AEIGRP Configuration Output Examples
P1R1
10.1.1.1/24 10.1.2.1/24
P2R1
10.2.1.1/24 10.2.1.2/24 10.2.2.1/24
10.1.1.2/24
10.1.2.2/24
10.2.2.2/24
P1R2
10.1.3.1/24
10.1.3.2/24
P1R3
P2R2
10.2.3.1/24
P2R3
10.2.3.2/24
10.64.0.1/24
10.64.0.2/24
Shutdown
www.cisco.com
BSCNA-15
This section includes configuration and show command output examples that result from configuring the network shown in the graphic.
EIGRP configured.
case of equal cost paths same network, both routes appear in the topology table as successors.
P1R3#show ip eigrp topology all IP-EIGRP Topology Table for process 200 Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply, r - Reply status P 10.1.3.0/24, 1 successors, FD is 40512000, serno 48 via Connected, Serial0 All routes appear here, but one route via 10.1.2.1 (3193856/2681856), Serial1 has a higher advertised distance P 10.1.2.0/24, 1 successors, FD is 2169856, serno 3 than the feasible distance of the via Connected, Serial1 successor route, so it is not selected P 10.1.1.0/24, 1 successors, FD is 2681856, serno 50 as a feasible successor or successor. via 10.1.2.1 (2681856/2169856), Serial1 via 10.1.3.1 (41024000/40512000), Serial0, serno 51 P1R3#
BGP
Supplement ABGP Configuration Output Examples
P1R1
1.1.0.2/16
P2R1
2.2.0.1/16 2.2.0.2/16 2.1.0.2/16
AS1
1.3.0.1/16 1.3.0.2/16 10.14.0.3/24
1.1.0.1/16
AS2
2.3.0.1/16 2.3.0.2/16
2.1.0.1/16
P1R2
P1R3
P2R2
P2R3
10.14.0.4/24
3.2.0.1/16
P3R1
3.1.0.2/16 3.1.0.1/16
4.2.0.1/16 4.2.0.1/16
P4R1
4.1.0.2/16 4.1.0.1/16
3.2.0.2/16
AS3
3.3.0.1/16 3.3.0.2/16
AS4
4.3.0.1/16 4.3.0.2/16
P3R2
P3R3
P4R2
P4R3
www.cisco.com
BSCNA-16
This section includes configuration and show command output examples that result from configuring the network shown in the graphic. RIP is configured as the internal routing protocol within the autonomous systems and BGP is the external protocol between the autonomous systems. BGP routes are redistributed into RIP.
RIP advertises network 10.0.0.0 so internal routers can see network 10.0.0.0 Do not allow RIP to advertise any routes on the backbone Redistribute BGP information into RIP, with a hop count of 3
Advertise network 1.0.0.0 to BGP neighbors Router has 3 external BGP neighbors
Route Optimization
Supplement AExamples of Redistribution in a Non-Redundant Configuration
Note to reviewers: The original supplement Redistribution Configuration Output Examples has been split into Note two supplements: Examples of Redistribution in a Non-Redundant Configuration and Examples of Redistribution in a Redundant Configuration
P1R1
10.1.2.1/24
P2R1
10.2.2.1/24 10.2.2.2/24
Pod 1
Pod 2
10.1.3.1/24
10.1.3.2/24
P2R3 10.2.3.2/24
www.cisco.com
BSCNA-17
This section includes configuration and show command output examples that result from configuring the network shown in the graphic. The addressing for this configuration is shown on this page; protocols for the example are shown on the next page.
Pod 1
E0 PxR2 PXR3 E0 PxR2
Pod 2
EIGRP
OSPF
EIGRP
PxR3
www.cisco.com
BSCNA-18
The addressing for this configuration is shown on the previous page; protocols for the example are shown on this page.
Router Link States (Area 0) Link ID count 10.64.0.1 1 10.64.0.2 1 (Area 0) Link ID Checksum 10.64.0.2 0x7791 States Link ID Checksum Tag 10.1.1.0 0 10.1.2.0 0 10.1.3.0 0 10.2.1.0 0 10.2.2.0 0 10.2.3.0 0 10.64.0.0 0 10.64.0.0 0 P1R3# ADV Router 10.64.0.1 10.64.0.1 10.64.0.1 10.64.0.2 10.64.0.2 10.64.0.2 10.64.0.1 10.64.0.2 Age 202 202 202 1686 1686 1686 204 1688 Seq# 0x80000002 0x80000002 0x80000002 0x80000001 0x80000001 0x80000001 0x80000002 0x80000001 0xE95E 0xDE68 0xD372 0xD96D 0xCE77 0xC381 0xFD0C 0xF910 ADV Router 10.64.0.2 Age 274 Seq# 0x80000002 ADV Router 10.64.0.1 10.64.0.2 Net Link States Age 280 274 Seq# Checksum Link 0x80000005 0x767F 0x80000004 0x767D
External routes learned by OSPF. Note that subnetted networks are included.
P1R3#show ip eigrp topology IP-EIGRP Topology Table for process 200 Codes: P - Passive, A - Active, U - Update, Q - Query, R Reply, r - Reply status P 10.1.3.0/24, 1 successors, FD is 40512000 via Connected, Serial0 via 10.1.2.1 (3193856/2681856), Serial1 P 10.2.1.0/24, 1 successors, FD is 281600 via Redistributed (281600/0) P 10.1.2.0/24, 1 successors, FD is 2169856 via Connected, Serial P 10.2.2.0/24, 1 successors, FD is 281600 via Redistributed (281600/0) P 10.1.1.0/24, 1 successors, FD is 2681856 via 10.1.2.1 (2681856/2169856), Serial1 P 10.2.3.0/24, 1 successors, FD is 281600 via Redistributed (281600/0) P 10.64.0.0/24, 1 successors, FD is 281600 via Connected, Eth t0
Pod 1
Pod 2
P1R2 10.1.3.1/24
P2R3 10.2.3.2/24
www.cisco.com
BSCNA-19
This section includes configuration and show command output examples that result from configuring the network shown in the graphic. The addressing for this configuration is shown on this page; protocols for the example are shown on the next page.
Pod 1
E0 P1R2 P1R3 E0 P2R2
Pod 2
RIP
OSPF
IGRP 200
P2R3
P1R1RIP and IGRP 200; passive interface on E0 for RIP and passive interface on S0 and S1 for IGRP P1R2RIP P1R3RIP and OSPF; passive interface on E0 for RIP P2R1IGRP 200 P2R2OSPF and IGRP 200; passive interface on E0 for IGRP P2R3IGRP 200
1999, Cisco Systems, Inc.
www.cisco.com
BSCNA-20
The addressing for this configuration is shown on the previous page; protocols for the example are shown on this page.
RIP configuration. Redistribute IGRP into RIP using a seed metric of 3 hops. IGRP configuration. Redistribute RIP into OSPF using the listed seed metric.
OSPF configured. Redistribute RIP routes, including subnetted networks. RIP configured. Redistribute OSPF using a seed metric of 3.
Indicates to assign an administrative distance of 105 to the RIP-learned routes for networks listed in the access list. In this way they will be selected over OSPF-learned routes to these networks. OSPF has an administrative distance of 110. Access list indicates which networks to assign the new administrative distance of 105.
These routes are kept because OSPF has a better administrativ distance than RIP. Note that they are suboptimal, if traced following the example graphic.
C 10.1.3.0 is directly connected, Serial0 10.2.1.0 [110/20] via 10.64.0.2, 00:01:36, Ethernet0 O E2 C 10.1.2.0 is directly connected, Serial1 10.2.2.0 [110/20] via 10.64.0.2, 00:01:36, Ethernet0 O E2 R 10.1.1.0 [105/1] via 10.1.3.1, 00:00:11, Serial0 [105/1] via 10.1.2.1, 00:00:00, Serial1 10.2.3.0 [110/20] via 10.64.0.2, 00:01:36, Ethernet0 O E2 C 10.64.0.0 is directly connected, Ethernet0 P1R3#
RIP-learned routes to same networks are selected because the OSPF routes are assigned a higher administrative distance when they are learned by OSPF. If the RIP routes were to fail, the OSPF routes would be selected, then used.
Indicates to follow permit and deny instructions in access list 1 on inbound IGRP packets received on E0. Access list indicates which routes to allow or deny by defining the network addresses. This list indicates to drop routes for networks 10.1.3.0 and 10.64.0.0, but permit all other routes.
These routes are kept because IGRP has a better administrativ distance than RIP. Note that they are suboptimal, if traced following the example graphic.
RIP-learned routes because IGRP routes for the same networks are filtered. In this case, if the RIP routes failed, the IGRP routes would not be used because they are filtered.
P1R3#show ip ospf neighbor Neighbor ID 172.6.31.6 Pri 1 State FULL/DR Dead Time 00:00:30 Address 172.6.31.6 Interface Ethernet0
P1R3#show ip protocols
Routing Protocol is "rip" Sending updates every 30 seconds, next due in 0 seconds Invalid after 180 seconds, hold down 180, flushed after 240 Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Redistributing: rip Default version control: send version 1, receive any version Interface Send Recv Key-chain BRI0 1 1 2 Serial0 1 1 2 Serial1 1 1 2 Routing for Networks: 10.0.0.0 Routing Information Sources: Gateway Distance Last Update 10.1.2.1 120 00:00:03 10.1.3.1 120 00:00:21 10.64.0.2 120 00:06:43 Distance: (default is 120) Routing Protocol is "ospf 200" Sending updates every 0 seconds Invalid after 0 seconds, hold down 0, flushed after 0 Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Redistributing: ospf 200 Routing for Networks: 172.6.31.5/32 Routing Information Sources: Gateway Distance Last Update Distance: (default is 110)
OSPF Router with ID (172.6.31.5) (Process ID 200) Router Link States (Area 0) Link ID count 10.64.0.1 10.64.0.2 172.6.31.5 172.6.31.6 ADV Router 10.64.0.1 10.64.0.2 172.6.31.5 172.6.31.6 Age 648 648 259 260 Seq# 0x80000002 0x80000002 0x80000003 0x80000003 Checksum Link 0x7684 0x7483 0x8645 0x8444 1 1 1 1
Net Link States (Area 0) Link ID 10.64.0.2 172.6.31.6 ADV Router 10.64.0.2 172.6.31.6 Age 648 261 Seq# Checksum 0x80000001 0x7990 0x80000001 0x8B50
Following is the show output for the ASBR with redistribution and ip defaultnetwork configured:
P1R3#show ip protocol
Routing Protocol is "rip" <Output Omitted> Redistributing: rip Default version control: send version 1, receive any version Interface Send Recv Key-chain BRI0 1 1 2 Serial0 1 1 2 Serial1 1 1 2 Routing for Networks: 10.0.0.0 Routing Information Sources: Gateway Distance Last Update 10.1.2.1 120 00:00:23 10.1.3.1 120 00:00:10 10.64.0.2 120 00:56:28 Distance: (default is 120) Routing Protocol is "ospf 200" <Output Omitted> Redistributing: rip, ospf 200 Routing for Networks: 172.6.31.5/32 Routing Information Sources: Gateway Distance 172.6.31.6 110 Distance: (default is 110) P1R3#
router igrp 71 redistribute igrp 109 distribute-list 3 out igrp 109 access-list 3 permit 192.168.7.0 0.0.0.255
www.cisco.com
BSCNA-21
Cisco IOS software supports multiple IGRP autonomous systems. Each autonomous system maintains its own routing database. You can redistribute routing information between these routing databases. The following describes some of commands in the example in the graphic: Command redistribute igrp109 distribute-list 3 out igrp 109 Description Redistributes routes from IGRP 109 into IGRP 71. Uses access list 3 to define which routes will be redistributed from IGRP 109 into IGRP 71. Redistributes per access list 3. Applies the access list to outgoing routing updates. Identifies the IGRP routing process to filter.
access-list 3 permit 192.168.7.0 0.0.0.255 Permits routes from only network 192.168.7.0. In this example, only routing updates from the 192.168.7.0 network are redistributed into autonomous system 71. Updates from other networks are denied.
Avoiding Loops
OSPF Area 0
R1
RIP
R3
172.16.8.1 R2
R2
RIP
router ospf 109 network 172.16.62.0 0.0.0.255 area 0 network 172.16.63.0 0.0.0.255 area 0 redistribute rip subnets metric-type 1 metric 20 distribute-list 11 out rip access-list 11 permit 172.16.8.0 0.0.7.255
1999, Cisco Systems, Inc.
www.cisco.com
BSCNA-22
In the example in the graphic, there is an additional path connecting the RIP clouds. These paths, or back doors, frequently exist, allowing the potential for feedback loops. You can use access lists to determine the routes that are advertised and accepted by each router. For example, access list 11 in the configuration file for router R1 allows OSPF to redistribute information learned from RIP only for networks 172.16.8.0 through 172.16.15.0. These commands prevent router R1 from advertising networks in other RIP domains onto the OSPF backbone, thereby preventing other boundary routers from using false information and forming a loop. You would configure similar access lists on R2 and R3.
A
router rip network 172.16.0.0 redistribute eigrp 300 default-metric 3 router eigrp 300 network 192.168.5.0 redistribute rip default-metric 56 2000 255 1 1500
www.cisco.com
BSCNA-23
In the example in the graphic, the router is redistributing IP RIP and Enhanced IGRP routes. The 192.168.5.0 network is redistributed to the IP RIP network with a metric of three hops. Enhanced IGRP in autonomous system 300 learns routes from IP RIP. The following describes some of commands in the example in the graphic: Command redistribute eigrp 300 Description Enables redistribution of routes learned from Enhanced IGRP autonomous system 300 into the IP RIP network. Specifies that Enhanced IGRP learned routes are three hops away. Enables redistribution of routes learned from the IP RIP network into Enhanced IGRP autonomous system 300. The RIP-derived network is being redistributed with the following Enhanced IGRP metric values: Bandwidth is 56 kilobits per second. Delay is 2000 tens of microseconds. Reliability is 100 percent (255 of 255). Loading is less than 1 percent (1 of 255). MTU is 1500 bytes.
EIGRP 172.16.0.0
EIGRP 10.0.0.0
www.cisco.com
BSCNA-24
The following describes some of commands in the redistribution filtering example in the graphic: Command redistribute eigrp 1 Description Enables routes learned from Enhanced IGRP autonomous system 1 to be redistributed into IP RIP. Specifies that all routes learned from Enhanced IGRP will be advertised by RIP as reachable in three hops. Defines that routes defined by access-list 7 leaving the Enhanced IGRP process will be filtered prior to being given to the RIP process.
default-metric 3
This example filters the redistribution of routing updates between the routing processes IP RIP and Enhanced IGRP. The distribute-list 7 out eigrp 1 command uses access-list 7 as the input for the RIP process. This distribute list redistributes all routing information except updates about network 10.0.0.0.
router igrp 109 network 192.168.7.0 redistribute rip default-metric 10000 100 255 1 1500 distribute-list 10 out rip access-list 10 permit 172.16.0.0 0.0.255.255
www.cisco.com
BSCNA-25
The following describes some of commands in the redistribution example in the graphic: Command redistribute rip default-metric 10000 100 255 1 1500 distribute-list 10 out rip Description Redistributes RIP routes. Sets the metric for IGRP for all redistributed routes. Sets the minimum bandwidth of the route to 10000 kbps. Sets the delay to 100 tens of microseconds. Sets the reliability, in this case to the maximum. Sets the loading to 1. Sets the MTU to 1500 bytes. Uses access list 10 to limit updates going out of RIP into IGRP.
In this example, RIP routes are given an IGRP metric and advertised into the IGRP autonomous system. The RIP configuration for this example is shown on the next page.
AS 109 192.31.7.0
router rip network 192.168.8.0 network 172.16.0.0 redistribute igrp 109 default-metric 4 distribute-list 11 out igrp 109 access-list 11 permit 192.31.7.0 0.0.0.255
www.cisco.com
BSCNA-26
You can also redistribute IGRP-derived routes into the RIP network. The following describes some of commands in the redistribution example in the graphic: Command redistribute igrp 109 default-metric 4 Description Redistributes IGRP routes. Sets the metric for IGRP-derived routes to four hops.
Overview
This appendix contains the procedure for password recovery on Cisco routers.
Step 2
Step 3
Set bit 6 (along with the original bit settings) in order to ignore NVRAM on boot up, using the o/r command. For example, if the original configuration register value was 0x2102, then setting bit 6 will give a value of 0x2142 for the configuration register. In this example, to set the configuration register, use: >o/r 0x2142 On some routers you must use the confreg utility to set the configuration register. In the utility, enter y when asked if you want to enable "ignore system config info"? y/n [n]. Keep all other settings the same as you noted in step 2.
Step 4
Initialize and reboot the router, using the i command, or the boot command on some routers.
Step 5
When the router boots it will go into setup mode. Answer no to all questions (just say no!)
Step 6
Once you are back at the router prompt, enter privileged mode: Router> enable
Step 7
Load the configuration in NVRAM to active memory: Router# copy startup-config running-config (or Router# config memory on older versions of the IOS). Remember that this is a merge, so all interfaces will be shutdown at this point because they were shutdown when the router loaded without a configuration.
Step 8
Enable all interfaces that should be enabled: hostname#config term hostname(config)#interface x/y hostname(config-if)#no shutdown
Step 9
Restore the original configuration register value: hostname#config term hostname(config)#config-register 0xvalue (for example hostname(config)#config-register 0x2102)
Step 10 Recover/record lost passwords hostname#show startup-config (or hostname#show config on older versions of the IOS).
Or, change passwords (you must use this method if passwords are encrypted): hostname#config term hostname(config)#enable secret newpassword hostname(config)#enable password newpassword hostname(config)#line con 0 hostname(config-line)#login hostname(config-line)#password newpassword
Step 11 Save your new configuration hostname# copy running-config startup-config (or hostname#write memory on older versions of the IOS).
Answers
Overview
This chapter contains the Answers to Exercises, Review Questions and Lab Exercises.
Chapter 2 Exercises
Answers To Written Exercise: Overview of Scalable Internetworks
Network Problem Connectivity restrictions Key Requirement Accessible but secure Cisco IOS Feature(s)
s
Dedicated and switched access technologies BGP support Scalable protocols Dial backup Access lists Scalable protocols Scalable protocols Access lists Compression over WANs Generic Traffic Shaping Access lists (not an end-all solution) Authentication protocols Dial backup Switched access technologies Route summarization Incremental updates Bridging mechanisms
s s
Efficient
s s
s s s s
Single WAN links available to each remote site Expensive tariffs on WAN links that do not get much use Very large routing tables
Responsive Efficient
s s
Efficient
s s
Adaptable
Answers C-3
Chapter 3 Exercises
Written Exercise: Comparing Distance Vector Routing Protocols
Objective: Describe the operating characteristics of different distance vector routing protocols. 1. Complete the following table by indicating which protocol(s) demonstrate the characteristic shown in the right-hand column. Indicate your choice(s) in the left-hand column by entering one or more of the following distance vector routing protocols: RIPv1, RIPv2, IGRP, EIGRP Protocol RIPv1, RIPv2 RIPv1, IGRP IGRP RIPv1, RIPv2, IGRP, EIGRP IGRP, EIGRP RIPv1, RIPv2 IGRP, EIGRP RIPv2, EIGRP RIPv1 Characteristic Has a hop count limitation of 15 hops Uses broadcast packets to propagate routing updates Has an administrative distance of 100 Supports split horizon to avoid routing loops Uses a composite metric to determine best path Employs a count to infinity concept to avoid routing loops Can select preferred path based upon bandwidth consideration Supports variable length subnet masks (VLSM) Is supported by all vendors of routing equipment
2. Which of the following statements are true for all distance vector routing protocols? Indicate your selection by placing a T in the blank area in front of each statement. _______ Routing updates contain all routes in the routing table
___T___
___T___
_______
_______
2. Which of the following statements are true for all link-state routing protocols? Indicate your selection by placing a T in the blank area in front of each statement. ___T___ Routing updates contain only the affected routes in the routing table
___T___
_______
___T___
_______
Answers C-5
Chapter 4 Exercises
Answers To Written Exercise: Calculating VLSMs
For 5 LANs with 25 users each, 3 subnet bits and 5 host bits will be needed, yielding a maximum of 8 subnets with 30 hosts each. A prefix of /27 will therefore be used. The available subnets are: 192.168.49.0/27 192.168.49.32/27 192.168.49.64/27 192.168.49.96/27 192.168.49.128/27 192.168.49.160/27 192.168.49.192/27 192.168.49.224/27
For the WAN addresses, one of the above subnets that is not used on the LANs would be further subnetted. A prefix of /30 would be used to allow for 2 host addresses on each WAN. This would leave 3 bits for additional subnetting, giving 8 subnets for the WANs. For example, if we further subnetted 192.168.49.160/27, the available subnets for the WANs are: 192.168.49.160/30 192.168.49.164/30 192.168.49.168/30 192.168.49.172/30 192.168.49.176/30 192.168.49.180/30 192.168.49.184/30 192.168.49.188/30
172.16.1.208/28 172.16.1.64/28 172.16.1.64/26 Summarizes: 172.16.1.64/28, 172.16.1.80/28, 172.16.1.96/28, 172.16.1.112/28 172.16.1.80/28 172.16.1.96/28 172.16.1.112/28
Exercise 2:
Router H Route Table Entries 172.16.1.48/28 172.16.1.128/28 Routes That Can Be Advertised to Router D from Router H 172.16.1.48/28 172.16.1.128/26 Summarizes: 172.16.1.128/28, 172.16.1.144/28, 172.16.1.160/28, 172.16.1.176/28 172.16.1.144/28 172.16.1.160/28 172.16.1.176/28
2. Given an address with a prefix of /20, how many additional subnets are gained when subnetting with a prefix of /28? 28 = 256 additional subnets are gained
Answers C-7
Chapter 5 Exercises
Answer to Written Exercises: Comparing Routing Protocols
First Written Exercise
1 2 3 4 5 Destination address Identify neighbors Discover routes Select routes Maintain routing information
Chapter 6 Exercises
Answer to Written Exercise: OSPF Operation
Task: Answer the following questions. 1 List three reasons why OSPF operates better than RIP in a large internetwork. Refer to the list of reasons in the What Is OSPF? section. 2 What does a router do when it receives an LSU? When each router receives the LSU, it does the following: If the entry already exists and the received LSU has the same information, it resets the aging timer on the LSA entry and sends an LSAck to the DR. (Recall that the DR is the central point of contact during the flooding process.) If the entry already exists but the LSU includes new information, it sends a LSR to request all the information about the entry. If the entry already exists but the LSU includes older information, it sends an LSU with its information. 3 Identify when the exchange protocol and the flooding protocol are used, and describe how each operates. The exchange process is used to get neighboring routers into a Full state. To be initiated, two routers must agree on a master-slave relationship. The process enables them to synchronize their link-state databases using DDPs. Once in a Full state the exchange process does not get done again unless the Full state is changed to a different state. The flooding process is used anytime there is a change in a link-state, such as the link goes down or a new link is added to the network. In this process, all link-state changes are sent in LSU packets to the DR/BDR of the area. The DR is then responsible for forwarding the LSUs to all other routers in the network. 4 Write a brief description of the following: Internal routerA router that resides within an area and routes traffic. LSUA link-state update packet. This packet includes update information about link-state advertisements. DDPA database description packet. This packet is used during the exchange protocol and includes summary information about link-state entries. Hello packetUsed during the hello process, includes information that enables routers to establish themselves as neighbors.
Answers C-9
Match the term with the statement most closely describing it. Write the letter of the description next to the term. ___D ___B ___A ___C area Full state DR A) The router responsible for route synchronization. B) Indicates routers can route information. C) Indicates routers can discover link state information.
Name the two RFC-compliant modes for OSPF over Non-broadcast Multiaccess network:. Non-broadcast Point-to-Multipoint Name the two additional Cisco modes for OSPF over NBMA: Broadcast Point-to-point
Chapter 7 Exercises
Answers To Written Exercise: OSPF Operation across Multiple Areas
Define hierarchical routing and explain what internetwork problems it solves. OSPFs ability to separate a large internetwork into multiple areas is also referred to as hierarchical routing. Hierarchical routing enables you to separate your large internetwork (autonomous system) into smaller internetworks that are called areas. The advantages include smaller routing tables, reduced frequency of SPF calculations, and reduced LSU overhead.
An internal router will receive type-5 LSAs if it is what type of area? If it is an area that is NOT configured for stubby or totally stubby.
What area types are connected to the backbone area? All area types are connected to the backbone.
The backbone must be configured as what area? The backbone area must always be area 0.
Answers C-11
LSA Type 1
Description Generated by each router for each area it belongs to. It describes the states of the routers link to the area. These are only flooded within a particular area. The link status and cost are two of the descriptors provided. Generated by DRs in multiaccess networks. They describe the set of routers attached to a particular network. Flooded within the area that contains the network only. Originated by ABRs. Describes the links between the ABR and the internal routers of a local area. These entries are flooded throughout the backbone area to the other ABRs. Type-3 describes routes to networks within the local area that are sent to the backbone area. Type-4 describes routes from the ABR to the ASBR. These link entries are not flooded through totally stubby areas. Originated by the ASBR. Describes routes to destinations external to the autonomous system. Flooded throughout an OSPF autonomous system except for stub and totally stubby areas.
3 or 4
Autonomous system external link entry (E1-OSPF external type-1) (E2-OSPF external type-2)
Describe the path a packet must take in order to get from one area to another. The packet must go through the interarea, through the ABR, through the backbone area, through the next ABR, and then through the internal routers to its final destination.
When is a default route injected into an area? When the area is configured for stub or totally stubby.
Chapter 8 Exercises
Answers To Written Exercise: EIGRP Overview
1 2 3 4 5 6 7 8 9 D E G B A H A C F
10 A
Answers C-13
Chapter 9 Exercises
Answers To Written Exercise: BGP Terminology and Operation
1. What protocol does BGP us as its transport protocol? What port number does BGP use? BGP uses TCP as its transport protocol; port 179 has been assigned to BGP.
2. Any two routers that have formed a BGP connection are called BGP peers or BGP neighbors. 3. Write a brief description of the following: Internal BGP When BGP is running between routers within one AS it is termed internal BGP (IBGP).
External BGP When BGP is running between routers in different ASs it is termed external BGP (EBGP).
Well-known attributes A well-known attribute is one that all BGP implementations must recognize. Well-known attributes are propagated to BGP neighbors.
Transitive attributes A transitive attribute that is not implemented in a router can be passed to other BGP routers untouched
BGP synchronization The BGP synchronization rule states that a BGP router should not advertise a route to an external neighbor unless that route is local or is learnt from the IGP.
4. For an external update advertised by IBGP, where does the value for the nexthop attribute of an update come from? For an external update advertised by IBGP, the value of the next-hop attribute is carried from the EBGP update.
5. Describe the complication that an NBMA network can cause for the next-hop attribute of an update. When running BGP over a multi-access network, a BGP router will use the appropriate address as the next-hop address, to avoid inserting additional hops into the network. The address used is the router on the multi-access network that advertised the network. On ethernet that router will be accessible to all other routers on the ethernet. On NBMA media all routers on the network may not be accessible to each other, so the nexthop address used may be unreachable.
6. Complete the table to answer the following questions about these BGP attributes: Which order are the attributes preferred in (1, 2 or 3)? For the attribute, is the highest or lowest value preferred? Which other routers if any is the attribute sent to? Attribute Order Preferred in 2 3 1 Highest or Lowest value preferred? highest lowest highest Sent to which other routers? Sent to internal BGP neighbors only Sent to external BGP neighbors only Not sent to any BGP neighbors; local to router only
7. How is the BGP Router ID chosen? The BGP Identifier is an IP address assigned to that router and is determined on startup. The BGP router ID is chosen the same way that the OSPF router ID is chosen it is highest active IP address on the router, unless a loopback interface with an IP address exists, in which case it is the highest such loopback IP address.
2. What are the four BGP message types? Open Keepalive Update Notification
3. How does BGP-4 support CIDR? BGP-4 support for CIDR includes: The BGP UPDATE message includes both the prefix and the prefix length; previous versions only included the prefix, the length was assumed from the address class. Addresses can be aggregated when advertised by a BGP router.
Answers C-15
The AS-path attribute can include AS-SEQUENCEs, which are ordered lists, and AS-SETs, which are unordered sets. An ASSEQUENCE is an ordered mathematical set of the ASs that have been traversed. The AS_SET is an unordered set of other ASs, not included in the AS-SEQUENCE, that any of the non-aggregated routes would transverse. The combination of the ASs listed in the both components should be considered to ensure that the route is loop-free.
4. What command is used to activate a BGP session with another router? The neighbor remote-as command is used to activate a BGP session with another router.
5. What command is used to display information about the BGP connections to neighbors? The show ip bgp neighbor command is used to display information about the BGP connections to neighbors.
Chapter 10 Exercises
Answers To Written Exercise: BGP Route Reflectors and Policy Control
1. Describe the BGP split horizon rule. The BGP split horizon rule specifies that routes learned via IBGP are never propagated to other IBGP peers.
2. What effect do route reflectors have on the BGP split horizon rule? Route reflectors modify the BGP split horizon rule by allowing the router configured as the route reflector to propagate routes learned by IBGP to other IBGP peers.
3. Write a brief description of the following: Route reflector: A router that is configured to be the router that is allowed to advertise (or reflect) routes that it learnt via IBGP to other IBGP peers.
Route reflector client: A route reflector will have a partial IBGP peering with other routers, which are called clients.
4. Routers configured as route reflectors do not have to be fully meshed with IBGP, true or false? False 5. When a route reflector receives an update from a client, it sends it to all non-client peers and to all client peers.
6. What is the command used to configure a router as a BGP route reflector? The neighbor route-reflector-client command is used to configure the router as a BGP route reflector and configure the specified neighbor as its client.
7. When an extended access-list is used in a distribute-list, what is the meaning of the parameters of the access-list? The syntax of the IP extended access-list is the same as usual, with a source address and wildcard, and a destination address and wildcard. However, the meanings of these parameters are different. The source parameters are used to indicate the address of the network whose updates are to be permitted or denied. The destination parameters are used to indicate the subnet mask of that network. The wildcard parameters indicate, for the network and subnet mask, which bits are relevant. Network/subnet mask bits corresponding to wildcard bits set to 1 are ignored during comparisons, and network/subnet mask bits corresponding to wildcard bits set to 0 are used in comparisons.
8. Describe the advantages of using prefix lists rather than access lists for BGP route filtering.
Copyright 1999, Cisco Systems, Inc.
A significant performance improvement over access-lists in loading and route lookup of large lists. Support for incremental modifications. Compared to the normal access-list where one no command will erase the whole access-list, a prefix-list can be modified incrementally. More user-friendly command-line interface. The command-line interface for using extended access lists to filter BGP updates is difficult to understand and use. Greater flexibility.
9. In a prefix list, what is the sequence number used for? The sequence number of the prefix-list statement is used to determine the order in which the statements are processed when filtering
10. What command is used to clear the hit count of the prefix list entries? The clear ip prefix-list name [network/len] command resets the hit count shown on prefix-list entries.
2. What is a route reflector cluster? The combination of the route reflector and its clients is called a cluster.
3. Route maps use match commands to test conditions and set commands to modify routes. 4. What is the command used to specify that the BGP communities attribute should be sent to a neighbor? The neighbor send-community command is used to specify that the BGP communities attribute should be sent to a BGP neighbor.
5. When would peer groups be useful? Peer groups are useful to simplify configurations when many neighbors have the same policy. They are also more efficient since updates are generated only once per peer group rather than once for each neighbor.
6. What is BGP multi-homing? Multi-homing is the term used to describe when an AS is connected to more than one ISP. This is usually done for two reasons: To increase the reliability of the connection to the Internet, so that if one connection fails another will still be available. To increase the performance, so that better paths can be used to certain destinations.
8. What is the preferred method to use to advertise an aggregated route from an AS into BGP? The preferred method to advertise an aggregated route from an AS into BGP is to use the aggregate-address command. With this command as long as a more specific route exists in the BGP table, then the aggregate gets sent. If the aggregating router looses connection to the networks being aggregated, then they disappear from the BGP table and hence the BGP aggregate does not get sent.
Answers C-19
Chapter 11 Exercises
Answers To Written Exercise: Managing Traffic and Access
Answers will vary. Task: In the space below, briefly describe each cause of network congestion.
User services
Large volume of traffic at peak times Multiple large file transfers Client/server model overwhelms server with multiple, continuous requests
Router updates
Periodic advertisements Broadcast traffic affects all devices on the segment Exchanging large tables consumes bandwidth
DNS traffic
Broadcast traffic affects all devices on the segment Name server not always local affects multiple segments Name cache entries short-lived lookup must be repeated
Service advertisements are overhead Periodic announcements even if no changes Broadcast traffic affects all devices on the segment
Objective: List solutions for controlling network congestion. Task: List five ways to control network congestion: 1.____Filter user application traffic___
5.____Eliminate need for dynamic learning___ Note: Answers will vary for these exercises.
Chapter 12 Exercises
Answers To Written Exercise: Configuring IP Access Lists Written Exercise: IP Extended Access Lists
Objective: Configure IP extended access lists.
y ,
w.cc.cm wisoo w
Create an access list and place it in the proper location to satisfy the following requirements:
s
Prevents all hosts on subnet 172.16.1.0/24 except host 172.16.1.3 from accessing the Web server on subnet 172.16.4.0 Prevents the outside world from pinging subnet 172.16.4.0 Allows all other hosts on all other subnets of network 172.16.0.0 (subnet mask 255.255.0.0) to send queries to the DNS server on subnet 172.16.4.0 Prevents only host 172.16.3.3 from accessing subnet 172.16.4.0
s s
Write your configuration in the space below. Be sure to include the router name (A or B), interface name (E0, E1, or E2), and access list direction (in or out). access-list 104 ip permit host 172.16.3.3 172.16.4.0 0.0.0.255 access-list 104 tcp permit 172.16.1.3 0.0.0.0 172.16.4.4 0 0.0.0 eq 80 access-list 104 tcp deny 172.16.1.0 0.0.0.255 host 172.16.4.4 eq 80 access-list 104 udp permit 172.16.0.0 0.0.255.255 host 172.16.4.4 eq 53 access-list 104 icmp permit 172.16.0.0 0.0.255.255 172.16.4.0 0.0.0.255
Answers C-21
Chapter 13 Exercises
Answers To Written Exercise: Redistribution and Controlling Routing Update Traffic
1 List three reasons why you may use multiple routing protocols in a network. Some reasons why you may need multiple protocols are as follows: When you are migrating from an older IGP to a new IGP, multiple redistribution boundaries may exist until the new protocol has displaced the old protocol completely. Dual existence of protocols is effectively the same as a long-term coexistence design. When you want to use another protocol but need to keep the old protocol due to the needs of host systems. Different departments might not want to upgrade their routers or they might not implement a sufficiently strict filtering policy. In these cases you can protect yourself by terminating the other routing protocol on one of your routers. If you have a mixed router vendor environment, you can use a Ciscospecific protocol in the Cisco portion of the network and then use a common protocol to communicate with non-Cisco devices.
What two parameters are used by routers to select the best path when they learn two or more routes to the same destination from different routing protocols? In order for routers to select the best path when they learn two or more routes to the same destination from different routing protocols, Cisco uses two parameters: Administrative distanceAdministrative distance is used to rate the believability of a routing protocol. Each routing protocol is prioritized in order of most to least believable (reliable) using a value called administrative distance. This criterion is the first a router uses to determine which routing protocol to believe if more than one protocol provides route information for the same destination. A routing metricThe metric is a value representing the path between the local router and the destination network. The metric is usually a hop or cost value, depending on the protocol being used.
What are the components of the EIGRP routing metric? The components of the EIGRP routing metric are: bandwidth delay reliability Minimum bandwidth of the route in kilobits per second. Route delay in tens of microseconds. Likelihood of successful packet transmission expressed in a number from 0 to 255, where 255 means the route is 100% reliable.
Answers C-23
loading
Effective loading of the route expressed in a number from 1 to 255, where 255 means the route is 100% loaded. Maximum transmission unit (MTU)the maximum packet size along the route in bytes, an integer greater than or equal to 1.
mtu
Consider that you have a dialup WAN connection between site A and site B. What can you do to prevent excess routing update traffic from crossing the link, but still have the boundary routers know the networks that are at the remote sites? Use static routes, possibly in combination with passive interfaces.
What command is used to cause RIP to source a default route? When running RIP, you can create the default route by using the ip default-network command. If the router has a directly connected interface onto the network specified in the ip default-network command, RIP will generate (or source) a default route to its RIP neighbor routers.
If there is no filter associated with an interface, what happens to packets destined for that interface? If a filter is not associated with the interface, the packets are processed normally.
What command can be used to discover the path that a packet takes through a network? To discover the routes a packet follows when traveling to its destination from a router, use the trace privileged EXEC command.
How can a routing loop result in a network that has redundant paths between two routing processes? Depending on how you employ redistribution, routers can send routing information received from one autonomous system back into that same autonomous system. The feedback is similar to the routing loop problem that occurs in distance vector technologies.
2. What is the default administrative distance for IGRP? For RIP? For OSPF?
C-24 Building Scalable Cisco Networks
The default administrative distance for IGRP is 100. The default administrative distance for RIP is 120. The default administrative distance for OSPF is 110.
Copyright 1999, Cisco Systems, Inc.
3. When configuring a default metric for redistributed routes, the metric should be set to a value larger than the largest metric within the AS. 4. What command is used for policy-based routing to establish criteria based on the packet length? The match length command can be used to establish criteria based on the packet length, between specified minimum and maximum values.
5. What command is used to configure filtering of the routing update traffic from an interface? What command mode is this command entered in? To assign an access list to filter outgoing routing updates, use the distribute-list access-list-number | name out interface-name command. This command is entered in Router(config-router)# command mode
6. What does the following command do? distance 150 0.0.0.0 255.255.255.255 3 The distance 150 0.0.0.0 255.255.255.255 3 command is used to change the default administrative distance of routes, from specific source addresses, that are permitted by an access-list. The parameters mean: 150 Defines the administrative distance that specified routes will be assigned.
0.0.0.0 255.255.255.255 Defines the source address of the router supplying the routing information, in this case any router. 3 Defines the access-list to be used to filter incoming routing updates to determine which will have their administrative distance changed.
Routes matching access-list 3, from any router, will be assigned an administrative distance of 150. 7. What are the benefits of policy-based routing? The benefits that can be achieved by implementing policy-based routing in the networks include: Source-Based Transit Provider Selection Quality of Service (QoS) Cost Savings Load Sharing
Answers C-25
Chapter 14 Exercises
Written Exercise: Using Scalable Strategies
1. Name the two major functions performed by routers. Routers perform both a routing and a switching function.
2. What are the benefits of VLSMs? The benefits of VLSMs include: Even more efficient use of IP addresses Greater capability to use route summarization
3. If the subnet 172.17.2.32/28 was further subnetted with a /30 prefix, how many more subnets would be created? How many hosts would be available on each of these new subnets? The additional 2 subnet bits would create 22 = 4 more subnets. There would be 22 2 = 2 hosts available on each of these subnets.
4. Define the following terms: IGP Interior gateway protocolA routing protocol used to exchange routing information within an autonomous system. RIP, IGRP, OSPF and EIGRP are examples of IGPs. EGPExterior gateway protocolsA routing protocol used to connect between autonomous systems. Border Gateway Protocol (BGP) is an example of an EGP. Autonomous System (AS): BGP Autonomous System A set of routers under a single technical administration, using an interior gateway protocol and common metrics to route packets within the AS, and using an exterior gateway protocol to route packets to other ASs. Another definition of autonomous system internetworks using different routing protocols.
RedistributionThe ability for boundary routers connecting different autonomous systems to exchange and advertise routing information received from one autonomous system to the other autonomous system.
5. Describe some of the characteristics of BGP. BGP is a distance vector protocol, but is has many differences to the likes of RIP: BGP uses TCP as its transport protocol, which provides connectionoriented reliable delivery. In this way, BGP assumes that its communication is reliable and therefore it doesnt have to implement any retransmission or error recovery mechanisms. BGP uses TCP port 179. Two routers speaking BGP form a TCP connection with one another and exchange messages to open and confirm the connection parameters. These two routers are called peer routers or neighbors.
Copyright 1999, Cisco Systems, Inc.
Once the connection is made, full routing tables are exchanged. However since the connection is reliable, BGP routers need only send changes (incremental updates) after that. Periodic routing updates are also not required on a reliable link, so triggered updates are used. BGP sends keepalive messages, similar to the hello messages sent by OSPF and EIGRP. BGP routers exchange network reachability information, called path vectors, made up of path attributes, including a list of the full path (of BGP AS numbers) that a route should take in order to reach a destination network. This path information is used in constructing a graph of ASs that is loop free and where routing policies can be applied in order to enforce some restrictions on the routing behavior. The path is loop free because a router running BGP will not accept a routing update that already includes its AS number in the path list, since this would mean that the update has already passed through its AS, and accepting it again would result in a routing loop.
6. Describe some of the ways in which access-lists can be used. Access lists can be used in many ways, including: To permit or deny packets from crossing specified router interfaces. To permit or deny virtual terminal (vty) access to and from a router. To establish a finer granularity of control when differentiating traffic into priority and custom queues. To identify interesting traffic that serves to trigger dialing in dialon-demand routing (DDR). To filter and alter attributes within a routing update.
Answers C-27
at other points within the major network address is not allowed by classful routing protocols. Classless routing protocol characteristics: Once the initial topology learning phase is complete, updates about network routes are triggered by changes in topology. The event-driven approach reduces the periodic bandwidth consumption associated with full table updates. Advertises the subnet mask for each route. The summarization process is manually controlled and can be invoked at any point within the network. Since subnet routes are propagated throughout the routing domain, summarization is required to keep the size of the routing tables at a manageable size.
2. A router has the networks 192.168.160.0/24 through 192.168.175.0/24 in its routing table. How could it summarize these networks into one route? The addresses in binary are: 192.168.160.0/24 11000000 10101000 10100000 00000000 192.168.161.0/24 11000000 10101000 10100001 00000000 192.168.162.0/24 11000000 10101000 10100010 00000000 192.168.163.0/24 11000000 10101000 10100011 00000000 192.168.164.0/24 11000000 10101000 10100100 00000000 192.168.165.0/24 11000000 10101000 10100101 00000000 192.168.166.0/24 11000000 10101000 10100110 00000000 192.168.167.0/24 11000000 10101000 10100111 00000000 192.168.168.0/24 11000000 10101000 10101000 00000000 192.168.169.0/24 11000000 10101000 10101001 00000000 192.168.170.0/24 11000000 10101000 10101010 00000000 192.168.171.0/24 11000000 10101000 10101011 00000000 192.168.172.0/24 11000000 10101000 10101100 00000000 192.168.173.0/24 11000000 10101000 10101101 00000000 192.168.174.0/24 11000000 10101000 10101110 00000000 192.168.175.0/24 11000000 10101000 10101111 00000000 To determine the summary route, the router determines the number of highest-order number of bits that match in all of the addresses. Referring to the list of IP addresses above, 20 bits match in all of the addresses. Therefore the best summary route is 192.168.160.0/20.
3. In the BGP selection process, which attribute is checked first, AS-path, weight, or local preference? In the BGP selection process the weight is the first attribute checked, of the three listed.
Appendix A Exercises
Extending IP Addressing Written Exercise: Calculating Subnet Masks
1 You need to design an IP network for your organization. Your organizations IP address is 172.16.0.0. Your assessment indicates that the organization needs at least 130 networks of no more than 100 nodes in each network. As a result, you have decided to use a classful subnetting scheme based on the 172.16.0.0/24 scheme. In the space below write any four IP host addresses that are part of the range of subnetwork numbers. Also, write the subnet address and subnet mask for these addresses. One address is provided as an example.
172.16.1.1/24 172.16.1.0 255.255.255.0
Your network has the address 172.16.168.0/21. Write eight IP host addresses in this network: 172.16.168.1 172.16.168.255 172.16.169.1 172.16.175.253 172.16.168.2 172.16.169.0 172.16.169.2 172.16.175.254
Write the four IP addresses in the range described by the 192.168.99.16/30 address: 192.168.99.16 192.168.99.17 192.168.99.18 192.168.99.19
Of these four host addresses, which two could you use as hosts addresses in a point-to-point connection? 192.168.99.17 and 192.168.99.18
Answers C-29