Cisco - Building Scalable Cisco Networks

Download Cisco - Building Scalable Cisco Networks

Post on 10-Sep-2014

112 views

Category:

Documents

11 download

TRANSCRIPT

1

Building Scalable Cisco Networks Introduction

OverviewBuilding Scalable Cisco Networks (BSCN) is an instructor-led course presented by Cisco Systems, Inc. training partners to their end-user customers. This fiveday course focuses on using Cisco routers connected in local area networks (LANs) and wide area networks (WANs) typically found at medium to large network sites. Upon completion of this training course, you will be able to select and implement the appropriate Cisco IOS services required to build a scalable routed network. This chapter highlights the course prerequisites and course highlights as well as some administrative issues. It includes the following topics:s s s s s s s s

Course Objectives Course Topics Prerequisites Participant Role General Administration Sources of Information Course Syllabus Graphic Symbols

Course ObjectivesThis section lists the course objectives.

Course ObjectivesUpon completion of this course, you will be able to perform the following tasks: Given a network specification that calls for simplifying IP address management at branch offices by centralizing addresses, select and configure the appropriate services Given a network specification calling for a scalable routed network that includes link state protocols and redistribution, implement the appropriate technologies 1999, Cisco Systems, Inc.

www.cisco.com

BSCN1-2

Upon completion of this course, you will be able to perform the following highlevel tasks:s

Select and configure a scalable IP address solution (including route summarization) for a branch office environment, given a list of specifications Select and implement the technologies necessary to redistribute between and to support multiple, advanced, IP routing protocols, given a network specification

s

1-2 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Course Objectives (cont.) Given a network specification calling for either a single or a multi-homed interconnection into an ISPs BGP network, configure the edge routers to properly interconnect into the BGP cloud Given a network specification calling for controlling access to networks or devices, or for minimizing overhead traffic, select and configure the appropriate access list features 1999, Cisco Systems, Inc.

www.cisco.com

BSCN1-3

s

Configure and test edge router connectivity (either single or multi-homed connection) into a BGP network, given a network specification Configure access lists, given a need to control access to devices and to selectively reduce overhead traffic in the network

s

Copyright 1999, Cisco Systems, Inc.

Introduction

1-3

Course Objectives (cont.)

Given various network specifications calling for multiple routed and routing protocols, implement case studies that reflect a scalable internetwork

1999, Cisco Systems, Inc.

www.cisco.com

BSCN1-4

s

Implement the results of case study discussions in a laboratory environment, given a specification containing multiple routed and routing protocols

1-4 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Course TopicsThis section lists the topics that will be covered in this course.

Course TopicsBGP AS #1 BGP AS #2

LegendFastEthernet/ Ethernet Primary Secondary

1999, Cisco Systems, Inc.

www.cisco.com

BSCN1-5

The figure shows a high-level overview of a network that you should be able to build at the end of this class. To accomplish this course goal, you will be taught how to configure Cisco routers with Ethernet LAN and serial WAN interfaces. You will configure the following on a Cisco device: Transmission Control Protocol/Internet Protocol (TCP/IP) and Internet Protocol (IP) addresses Hierarchical addressing using variable length subnet masking (VLSM) and s route summarization Routing protocols: Enhanced Internet Gateway Routing Protocol (EIGRP), s Open Shortest Path First (OSPF), and Border Gateway Protocol (BGP) Redistribution between different routing protocols s Access lists to control IP traffic and routing updates s Serial WAN connections over interfaces that use High-Level Data Link s Control (HDLC) and Point-to-Point Protocol (PPP) Serial WAN connections over subinterfaces that use Frame Relay s encapsulation Configuration, verification, and troubleshooting are done with Cisco IOS software.s

Copyright 1999, Cisco Systems, Inc.

Introduction

1-5

PrerequisitesThis section lists the courses prerequisites.

Prerequisites Working knowledge of the OSI reference model and the hierarchical model Understanding of internetworking fundamentals Operating and configuring a Cisco IOS device Working knowledge of the TCP/IP stack and how to configure a routed protocol, such as IP

Building Scalable Cisco Networks (BSCN)

Understanding distance vector routing protocol operation and configuring RIP and IGRP Determining when to use static and default routes and enabling them on a Cisco routerwww.cisco.comBSCN1-6

1999, Cisco Systems, Inc.

To fully benefit from BSCN, you should already possess certain prerequisite skills. The skills are presented in the following figures. These skills can be gained from self-paced/instructor-led training sessions and from work experience. These prerequisites are highlighted in the figures and are outlined on the following pages. The participant should have a working knowledge of:s s s s s s

Commonly used networking terms, numbering schemes, and topologies The Open System Interconnection (OSI) reference model Operation and configuration of a Cisco router TCP/IP stack and configuration of IP addresses Distance-vector routing protocol (RIP, IGRP) operation and configuration Static and default route usage, implementation, and configuration

1-6 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Prerequisites Displaying and interpreting a Cisco routing table Enabling an IP standard and extended access list Enabling a WAN serial connection Configuring Frame Relay PVCs on interfaces and subinterfaces

Building Scalable Cisco Networks (BSCN)

Verifying router configurations with available tools like show and debug commands

1999, Cisco Systems, Inc.

www.cisco.com

BSCN1-7

The participant should also have a working knowledge of:s s s s s

Contents and interpretation of a Cisco routing table Traffic filtering with standard and extended access lists Verifying router configuration using show and debug command output WAN serial interface configuration using HDLC WAN serial interface configuration using Frame Relay PVCs

Copyright 1999, Cisco Systems, Inc.

Introduction

1-7

PrerequisitesSuccessful completion of: Internetworking Technologies Multimedia (ITM) Plus ...

One of the following combinations: Introduction to Cisco Router Configuration (ICRC) and Cisco LAN Switch Configuration (CLSC) Cisco Router and LAN Switches (CRLS) Interconnecting Cisco Network Devices (ICND)

Building Scalable Cisco Networks (BSCN)

1999, Cisco Systems, Inc.

www.cisco.com

BSCN1-8

The participant should already possess certain knowledge and skills gained in a structured learning environment. These skills can be gained from completing the Internetworking Technology Multimedia (ITM) CD-ROM plus a combination of instructor-led training sessions. These courses are highlighted in the figure and are outlined below:s

Introduction to Cisco Router Configuration (ICRC) contains router configuration basics and Cisco LAN Switch Configuration (CLSC) contains LAN switch configuration basics Cisco Router and LAN Switches (CRLS) contains router and LAN switch configuration basics Interconnecting Cisco Network Devices (ICND) contains router and LAN switch configuration basics

s

s

1-8 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Participant RoleThis section discusses your responsibilities as a student.

Participant RoleStudent role Meet prerequisites Introduce yourself Ask/answer questions

1999, Cisco Systems, Inc.

www.cisco.com

BSCN1-9

To take full advantage of the information presented in this course, you should meet the prerequisites for this class. Introduce yourself to the instructor and other students who will be working with you during the five days of this course. You are encouraged to ask any questions relevant to the course materials. If you have pertinent questions concerning other Cisco features and products not covered in this course, please bring these topics up during breaks or after class and the instructor will try to answer the questions or direct you to an appropriate information source.

Copyright 1999, Cisco Systems, Inc.

Introduction

1-9

Welcome: Please Introduce Yourself

Your name and work location Your job responsibilities Your internetworking experience Your objectives for this week

1999, Cisco Systems, Inc.

www.cisco.com

BSCN1-10

Introduce yourself, stating your name and the job function you perform at your work location. Briefly describe what exposure you have with installing and configuring Cisco routers, attending Cisco classes, and how your work experience helped you meet the prerequisites highlighted earlier. You should also state what you expect to learn from this course.

1-10 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

General AdministrationThis section highlights miscellaneous administrative tasks that must be addressed.

General Administration

Class-related Sign-in sheet Length and times Participant materials Attire

Facilities-related Rest rooms Site emergency procedures Break and lunch room locations Communications

1999, Cisco Systems, Inc.

www.cisco.com

BSCN1-11

The instructor will discuss the administrative issues in detail so you will know exactly what to expect from both the class and facilities. The following items will be discussed:s s s s s s s s

Recording your name on a sign-in sheet The starting and anticipated ending time of each class day What materials you can expect to receive during the class The appropriate attire during class attendance Rest room locations What to do in the event of an emergency Class breaks and lunch facilities How to send and receive telephone, email and fax messages

Copyright 1999, Cisco Systems, Inc.

Introduction 1-11

Sources of InformationThis section identifies additional sources of information.

Sources of Information

Student kit www.cisco.com CD-ROM Cisco Press 1999, Cisco Systems, Inc.

www.cisco.com

BSCN1-12

Most of the information presented in this course can be found on the Cisco Systems Web site or on CD-ROM. These supporting materials are available in HTML format, and as manuals and release notes. To learn more about the subjects covered in this course, feel free to access the following sources of information:s s s

Cisco Documentation CD-ROM or www.cisco.com ITM CD-ROM or www.cisco.com Cisco IOS 12.0 Configuration Guide and Command Reference Guide

All of these documents can all be found at the following URL: http://www.cisco.com

1-12 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Course SyllabusThis section discusses the weeks schedule.

Course SyllabusModule 1Building Scalable Cisco Networks Introduction

Module 2Scalable Routing Protocol Overview Configuring OSPF in a Single Area

Module 3Managing Traffic and Access Configuring IP Access List Optimizing Routing Update Operation Scaling IP Addresses in Your Internetwork Implementing Scalability Features in Your InternetworkBSCN1-13

Overview of Scalable Interenetworks

Interconnecting Multiple OSPF Areas Configuring Enhanced IGRP Configuring Basic Border Gateway Protocol Implementing BGP in Scalable ISP Networks

Routing Principles

Extending IP Addressess

1999, Cisco Systems, Inc.

www.cisco.com

The following schedule reflects the recommended structure for this course. This structure allows enough time for your instructor to present the course information to you and for you to work through the laboratory exercises. The exact timing of the subject materials and labs depends on the pace of your specific class. Module 1, Scalable Internetworks The purpose of the module is to introduce you to the training room and the BSCN network environment. This section describes the characteristics of scalable networks and provides a review of routing fundamentals. You will also be introduced to methods for extending IP addresses, such as VLSM and route summarization. Module 1 includes the following chapters:s s s s

Chapter 1Building Scalable Cisco Networks Introduction Chapter 2Overview of Scalable Internetworks Chapter 3Routing Principles Chapter 4Extending IP Addresses

Module 2, Scalable Routing Protocols The purpose of the module is to describe the operation and configuration of different, sophisticated, routing protocols. You will learn to configure OSPF, Enhanced IGRP and BGP.Copyright 1999, Cisco Systems, Inc. Introduction 1-13

Module 2 includes the following chapters:s s s s s s

Chapter 5Scalable Routing Protocols Overview Chapter 6Configuring OSPF in a Single Area Chapter 7Interconnecting Multiple OSPF Areas Chapter 8Configuring Enhanced IGRP Chapter 9Configuring Basic Border Gateway Protocol Chapter 10Implementing BGP in Scalable ISP Networks

Module 3, Controlling Scalable Internetworks The purpose of the module is to describe ways to control overhead traffic, including routing updates, in a growing network environment. You will also learn how to control network access using access lists. In this section, you will learn about redistributing routes between different routing protocols such as RIP, IGRP, Enhanced IGRP and OSPF. After a discussion on scalable IP address solutions, the module completes with a comprehensive lab implementing most of the scalability features discussed throughout the course. Module 3 includes the following chapters:s s s s s

Chapter 11Managing Traffic and Access Chapter 12Configuring IP Access Lists Chapter 13Optimizing Routing Update Operation Chapter 14Scaling IP Addresses in Your Internetwork Chapter 15Implementing Scalability Features in Your Internetwork

1-14 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Graphic SymbolsThis section illustrates symbols that are used throughout the course.

Graphic SymbolsMulti-layer Network switch switch

Bridge

Switch

Router

Access serverDSU/CSU

ISDN switch

Personal computer

File Server

Data Service Unit/ Channel Service Unit

Modem

Web Server

WAN cloud

VLAN (Color May Vary) Fast Ethernetwww.cisco.com

Hub

Network Cloud or Broadcast Domain Circuit Switched LineBSCN1-14

Ethernet 1999, Cisco Systems, Inc.

Serial Line

These symbols are used in the graphical presentations of this course to represent device or connection types.The addressing schemes and telephone numbers used in this course are Note reserved and not to be used in the public network. They are used in this course as examples to facilitate learning. When building your network, use only the addresses and telephone numbers assigned by your network designer and service provider.

Copyright 1999, Cisco Systems, Inc.

Introduction 1-15

2

Overview of Scalable Internetworks

Copyright 1999, Cisco Systems, Inc.

Overview of Scalable Networks

1-1

ObjectivesUpon completion of this chapter, you will be able to perform the following tasks: Describe the key requirements of a scalable internetwork Select a Cisco IOS feature as a solution for a given internetwork requirement

1999, Cisco Systems, Inc.

www.cisco.com

BSCN2-2

ObjectivesThis chapter defines scalable internetworks and discusses some of the Cisco IOS features that can be used to meet the needs of these networks. Topics include:s s s s s s

Objectives Scaling Large Internetworks Characterizing Scalable Internetworks Summary Written Exercise: Overview of Scalable Internetworks Answers to Exercise

2-2

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Scaling Large InternetworksWAN Backbone

CoreCampus Backbone

Distribution AccessBranch Office

1999, Cisco Systems, Inc.

www.cisco.com

BSCN2-3

Scaling Large InternetworksTodays internetworks need to be scalable because they are experiencing phenomenal growth, primarily due to the increasing demands for connectivity in business and at home. What do scalable networks look like? What are the requirements that you, as an administrator, must be aware of when managing the growth of your scalable internetwork? Scalable internetworks are typically described as networks that are experiencing constant growth. They must be flexible and expandable. The best-managed scalable internetworks are typically designed following a hierarchical model. This simplifies the management of the internetwork and allows for controlled growth without overlooking the network requirements. The graphic illustrates a three-layer hierarchical model. The layers are defined as follows: CoreThe core is the central internetwork for the entire enterprise and may include LAN and WAN backbones. The primary function of this layer is to provide an optimized and reliable transport structure. DistributionThis represents the campus backbone. The primary function of s this layer is to provide access to various parts of the internetwork, as well as access to services. AccessThis provides access to corporate resources for a workgroup on a s local segment. A hierarchy simplifies things such as addressing and device management. Using an addressing scheme that maps to the hierarchy reduces the chance of you needing to redo the network addresses as a result of growth. Knowing where devices are placed in a hierarchy enables you to configure all routers within one layer in a consistent way because they all must perform similar tasks. Router specialization allows the best use of the Cisco IOS features discussed in this course.s

Copyright 1999, Cisco Systems, Inc.

Overview of Scalable Internetworks

2-3

Defining the Routers Role in a HierarchyCore WAN BackboneCampus Backbone Building Backbone

Distribution

AccessDial-In Branch Office Workgroups Telecommuter

1999, Cisco Systems, Inc.

www.cisco.com

BSCN2-4

Defining the Routers Role in a HierarchyThe hierarchical model provides a physical topology for building internetworks. Because the hierarchical structure uses three distinct layers that provide unique functionality, the routers placed at each layer also have unique functionality.s

Core routers provide services that optimize communication among routes at different sites or in different logical groupings. In addition, core routers provide maximum availability and reliability. Core routers should be able to maintain connectivity when LAN or WAN circuits fail at this layer. Distribution routers control access to resources that are available at the core layer, and must make efficient use of bandwidth. In addition, a distribution router must address the quality of service (QoS) needs for different protocols by implementing policy-based traffic control to isolate backbone and local environments. Access routers control traffic by localizing broadcasts and service requests to the access media. Access routers must also provide connectivity without compromising network integrity. For example, the routers at the access point must be able to detect whether a telecommuter dialing in is legitimate, with minimal authentication steps required by the telecommuter.

s

s

2-4

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Characterizing Scalable InternetworksScalable internetworks need to be: Reliable and available Responsive Efficient Adaptable Accessible but secure

1999, Cisco Systems, Inc.

www.cisco.com

BSCN2-5

Characterizing Scalable InternetworksThe key requirements inherent in scalable internetworks are in the following list. This course presents features and technologies that can be used to respond to these requirements.s

Reliable and availableThis includes being dependable and available 24 hours, 7 days a week. In addition, failures need to be isolated and recovery must be nonvisible to the end user. ResponsiveThis includes managing the QoS needs for the different protocols being used without affecting response at the desktop. For example, the internetwork must be able to respond to latency issues common for Systems Network Architecture (SNA) traffic, but still allow for the routing of desktop traffic, such as IPX, without compromising QoS requirements. EfficientLarge internetworks must optimize the use of resources, especially bandwidth. Reducing the amount of overhead traffic such as unnecessary broadcasts, service location, and routing updates results in an increase in data throughput without increasing the cost of hardware or the need for additional WAN services. AdaptableThis includes being able to accommodate disparate networks and interconnect independent network clusters (or islands), as well as to integrate legacy technologies, such as those running SNA. Accessible but secureThis includes the ability to enable connections into the internetwork using dedicated, dialup, and switched services while maintaining network integrity.

s

s

s

s

Copyright 1999, Cisco Systems, Inc.

Overview of Scalable Internetworks

2-5

Making the Network Reliable and AvailableOSPF

Use routing protocols that Increase reachability Decrease convergence time 1999, Cisco Systems, Inc.

www.cisco.com

BSCN2-6

Making the Network Reliable and AvailableThe internetwork should be reliable and available at all layers, but most critically at the core layer. Core routers are reliable when they can accommodate failures by rerouting traffic and respond quickly to changes in the network topology. The protocols that enhance network reliability and availability that the Cisco IOS supports are as follows:s

Scalable protocolsIncludes Open Shortest Path First (OSPF) and Enhanced IGRP (EIGRP). These protocols provide the following features:

ReachabilityScalable networks, including those using a hierarchical design, can have a large number of reachable networks or subnetworks. These networks can be subject to reachability problems due to metric limitations of distance vector routing protocols. Scalable routing protocols such as OSPF and EIGRP use metrics that expand the reachability potential for routing updates because they use cost, rather than hop count, as a metric. Fast convergence timeScalable protocols can converge quickly because of the routers ability to detect failure rapidly and because each router maintains a network topology map. Routers also forward network changes quickly to all routers in the network topology.

2-6

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Making the Network Responsive

Use routing protocols that Use alternate paths Load balance Use dial backup over WANs 1999, Cisco Systems, Inc.

www.cisco.com

BSCN2-7

Making the Network Responsives

Scalable protocols support additional features, such as:

Alternate pathsScalable protocols, such as EIGRP and OSPF, enable a router to maintain a map of the entire network topology, so when a failure is detected the router can reroute traffic by looking at the network topology and finding another path. Enhanced IGRP is also a feasible solution because it keeps a record of alternate routes in case the preferred route goes away. Load balancingBecause scalable protocols have a map of the entire network topology, and because of how they maintain their routing tables, they are able to transport data across multiple paths to a given location simultaneously.

s

Dial backupOn WAN connections, you can configure backup links when you need to do the following:

Make the primary WAN connection more reliable by configuring one or more on backup connections. Increase availability by configuring the backup connections to be used when a primary connection is experiencing congestion.

Copyright 1999, Cisco Systems, Inc.

Overview of Scalable Internetworks

2-7

Making the Network Efficient

Optimize bandwidth utilization using Access lists Route summarization Incremental updates 1999, Cisco Systems, Inc.

www.cisco.com

BSCN2-8

Making the Network EfficientOptimizing your network at all layers of an internetwork hierarchy is critical because it can reduce potential costs in additional WAN services. In this course, the focus is on optimizing your bandwidth. Bandwidth optimization is normally done by reducing the amount of update traffic over a WAN connection, without dropping essential routing information, to increase data traffic throughput. Cisco IOS features discussed in this course that help optimize bandwidth use are:s

Access listsCan be used to permit or drop (deny) protocol update traffic, data traffic, and broadcast traffic. Access lists are available for IP and other protocols and can be tailored to meet the needs for each protocol. For example, an access list can be defined by Transmission Control Protocol (TCP) port or by other criteria, depending on the situation. Reduce the number of routing table entriesYou can reduce the number of router processing cycles by reducing the overall number of routing entries in a routers routing table. This can be done using the following Cisco IOS features:

s

Route summarizationThe number of entries in a routing table can be reduced by using route aggregation or, as it is more commonly known, route summarization. Summarization of routes occurs at major network boundaries for most routing protocols. Some IP routing protocols, such as OSPF and Enhanced IGRP, allow manual summarization on arbitrary boundaries within the major network. Careful planning and address allocation is required for route summarization to be most effective. Incremental updatesProtocols such as Enhanced IGRP and OSPF make more efficient use of bandwidth than distance vector protocols by only sending topology changes rather than the entire routing table contents at fixed intervals.

2-8

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Making the Network Efficient (cont.)Dial ConnectionDCE

ISDN or Basic Service

Dial-on-demand routing Switched access Snapshot routing Compression over WANs 1999, Cisco Systems, Inc.

www.cisco.com

BSCN2-9

Making the Network Efficient (cont.)s

Dial-on-demand routing (DDR)Connections for infrequent traffic flow can be accomplished using DDR. Active links are created only after interesting traffic is detected by the router. This only as required service replaces dedicated circuits that are charged for even when that link is idle. Switched accessPacket-switched networks such as X.25 and Frame Relay offer the advantage of providing global connectivity through a large number of service providers with established circuits to most major cities. Snapshot routingAllows peer routers to exchange full distance vector routing information upon initial connection, then on a predefined interval. Typically used with ISDN, this feature can reduce WAN costs when using distance vector protocols because routing information is exchanged at an interval you define. Between update exchanges, the routing tables for the distance vector protocols are kept frozen. Compression over WANsSeveral compression techniques can be used to reduce traffic that is crossing a WAN connection. Cisco supports TCP/IP header compression and data (payload) compression. In addition, you can configure link compression, which compresses header and data information in packets that cross point-to-point (leased lines) connections. Compression is accomplished in software by the router before the frame is placed on the medium.

s

s

s

Copyright 1999, Cisco Systems, Inc.

Overview of Scalable Internetworks

2-9

Making the Network Adaptable

IP

SNA

SNA

Network must support routable and nonroutable traffic 1999, Cisco Systems, Inc.

www.cisco.com

BSCN2-10

Making the Network AdaptableBecause scalable internetworks experience change frequently, they must be able to adapt to changes such as:s

Mixing routable and nonroutable protocolsA network delivering both routable and nonroutable traffic has some unique problems. Most nonroutable protocols lack a mechanism to provide flow control and are sensitive to delays in delivery. Any delays in delivery or packets arriving out of order can result in session loss. Integrating islands of networksMany companies are integrating islands of networks that are typically using different protocols in their hierarchical design. In this case, you can add any protocols used by the network islands to the core layer, or create a tunnel in the backbone that will connect the network islands but not add new protocol traffic to the core backbone. Meeting the varying requirements for each protocol in the internetwork When multiple protocol traffic is present, the network must be balanced between the special needs of each protocol.

s

s

In this course, Cisco IOS features that focus on network adaptability are as follows:s s

EIGRPA routing protocol that supports IP, IPX, and AppleTalk traffic. RedistributionYou can exchange routing information between networks that are using different routing protocols.

2-10

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Making the Network Accessible but SecureDialup Dedicated Packet SwitchedFrame Relay PSTN

Network should support the necessary connection types

1999, Cisco Systems, Inc.

www.cisco.com

BSCN2-11

Making the Network Accessible but SecureThe network should be accessible, particularly at the access layer. Access routers need to connect to a variety of WAN services, yet be secure. For example, access routers must allow telecommuters to dial in, but be able to differentiate between legitimate and hostile connection attempts. Cisco IOS features discussed in this course that support access are as follows:s

Dedicated and switched WAN support:

Dedicated accessCisco routers can be directly connected to basic telephone service or digital services such as T1/E1. This means that you can create a core WAN infrastructure for heavy traffic loads, then use other access services for sporadic traffic requirements. Switched accessCisco routers support Frame Relay, X.25, SMDS, and ATM. With this variety of support, you can determine which switched service, or combination of switched services, to use, based on cost, location, and traffic requirements.

s

Exterior protocol supportCisco IOS supports several exterior protocols including Exterior Gateway Protocol (EGP) and Border Gateway Protocol (BGP). BGP, which is discussed in this course, is often used by Internet Service Providers (ISPs) and by organizations that want to connect to ISPs.

Copyright 1999, Cisco Systems, Inc.

Overview of Scalable Internetworks

2-11

Making the Network Accessible but Secure (cont.)Authentication Procedure Central-Site

Secure access to and from each remote site Secure access to devices within a network 1999, Cisco Systems, Inc.

www.cisco.com

BSCN2-12

Making the Network Accessible but Secure (cont.)Features discussed in this course that support network security are as follows:s

Access listsAccess lists can be defined to prevent user traffic from accessing portions of the network. Access lists can also assist in providing security because when they block user traffic effectively, the users themselves are being denied access to sensitive areas of the network. Authentication protocolsOn WAN connections using PPP, you can configure authentication protocols such as Password Authentication Protocol (PAP) or Challenge Handshake Authentication Protocol (CHAP).

s

For a complete discussion of how Cisco supports security, and how to make Note your network secure using Cisco products, refer to the Managing Cisco Network Security course.

2-12

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Summary Scalable internetworks must be reliable, responsive, efficient, adaptable, and accessible Routers can be specialized based on their location in the internetwork Cisco IOS features can be used to meet the requirements of today's scalable internetworks

1999, Cisco Systems, Inc.

www.cisco.com

BSCN2-13

SummaryKey points from this chapter include the following:s

Scalable internetworks must meet several requirements, as listed in the graphic. Note that these requirements are more or less critical to meet at each layer of the three-layer hierarchy presented. Remember that routers should be configured based on the key functions they need to perform at a given layer of the hierarchy. The Cisco IOS provides a large number of features, but not all features should be configured on a router. Only those features that meet the desired network requirements should be enabled on the router.

s

s

Copyright 1999, Cisco Systems, Inc.

Overview of Scalable Internetworks

2-13

Written Exercise: Overview of Scalable InternetworksObjective: Describe the key requirements of a scalable internetwork. Objective: Select a Cisco IOS feature as a solution for a given internetwork requirement. Complete the table by doing the following:s

Assigning each network problem one of the five requirements listed below. _____ Reliable and available _____ Responsive _____ Efficient _____ Adaptable _____ Accessible but secure

s

Listing one or more Cisco IOS features that can be used to correct each network problem.Network Problem Connectivity restrictions Single paths available to all networks Too much broadcast traffic Convergence problems with metric limitations Competition for bandwidth Illegal access to services on the internetwork Single WAN links available to each remote site Expensive tariffs on WAN links that do not get much use Very large routing tables Integrate networks using legacy protocols Key Requirement Cisco IOS Feature(s)

2-14

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Answers to Exercise 1999, Cisco Systems, Inc.

www.cisco.com

1-15

Answers to Exercise

Copyright 1999, Cisco Systems, Inc.

Overview of Scalable Internetworks

2-15

Written Exercise: Overview of Scalable InternetworksNetwork Problem Connectivity restrictions Key Requirement Accessible but secure Cisco IOS Feature(s)s

Dedicated and switched access technologies BGP support Scalable protocols Dial backup Access lists Scalable protocols Scalable protocols Access lists Snapshot routing Compression over WANs Generic Traffic Shaping Access lists (not an end-all solution) Authentication protocols Lock and Key Security Dial backup Switched access technologies Route summarization Incremental updates Bridging mechanisms

s

Single paths available to all networks

Reliable and available

s s

Too much broadcast traffic

Efficient

s s

Convergence problems with metric limitations Competition for bandwidth

Reliable and available Efficient

s s s s s

Illegal access to services on the internetwork

Accessible but secure

s

s s

Single WAN links available to each remote site Expensive tariffs on WAN links that do not get much use Very large routing tables

Responsive Efficient

s s

Efficient

s s

Integrate networks using legacy protocols

Adaptable

s

2-16

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

3

Routing Principles

OverviewThis chapter covers concepts related to logical Internet Protocol (IP) network addresses and the usage of network masks to make routing decisions. The mechanisms by which Cisco routers learn and maintain knowledge of the network topology is also discussed. It includes the following topics:s s s s s

IP Address Overview Subnetting Overview Distance-Vector Operation Link-State Operation Routing Table Analysis

ObjectivesThis section lists the chapters objectives.

ObjectivesUpon completion of this chapter, you will be able to perform the following tasks: List the key information routers need to route data Describe classful and classless routing protocols Compare distance vector and link-state protocol operation Describe the use of the fields in a routing table Given a pre-configured laboratory network, discover the topology, analyze the routing table, and test connectivity using accepted troubleshooting techniques 1999, Cisco Systems, Inc.

www.cisco.com

BSCN4-2

ObjectivesThis chapter covers a review of IP addressing and routing principles. The difference between distance vector and link-state routing protocol behavior is explained and an example of each is presented in a Case Study. Convergence issues surrounding the most commonly used interior routing protocols (RIP, IGRP, Enhanced IGRP and OSPF) are also presented. Upon completion of this chapter, you will be able to perform the following tasks:s

List the major classes of IP addresses and describe the default mask associated with each Describe the requirements for subnetting a classful network Compare and contrast the two major functions performed by a router Describe, in detail, the functionality of each field in a routing table entry Explain the convergence steps used by the following routing protocols Routing Information Protocol (RIP) Interior Gateway Routing Protocol (IGRP) Enhanced IGRP Open Shortest Path First (OSPF)

s s s s

3-2 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

IP Addressing ReviewThis section contains review information related to IP addressing and subnetting concepts. Section topics are as follows:s s s s

Classes of IP Addresses Default Routing Masks Creating Subnets by Extending the Mask Subnetting Examples

Copyright 1999, Cisco Systems, Inc.

Routing Principles

3-3

IP Address Overview32 bits

Network

Host

Boundary between network and host is determined by a 32-bit mask Mask contains contiguous ones in the network portion Mask contains contiguous zeros in the host portion

Once the network portion of the address is defined, all devices on the network will share the same binary pattern in the network portion 1999, Cisco Systems, Inc.

www.cisco.com

BSCN4-4

IP Address OverviewIP addresses are composed of 32 binary bits and uniquely identify devices within the Transmission Control Protocol/Internet Protocol (TCP/IP) domain. The TCP/IP domain includes all device connected to the Internet using the World Wide Web (WWW). An IP address contains two parts: a network part and a host part. The boundary between the two parts of the IP address is defined by another 32-bit field, referred to as a routing mask. There is a bit-for-bit alignment between the IP address and the routing mask. The routing mask contains a field of all ones and a field of all zeros. The routing mask contains contiguous ones starting at the left and moving to the right. The routing mask also contains a field of contiguous zeros starting at the right and moving to the left. Where the contiguous ones stop indicates the boundary between the network part and the host part of the IP address. The network boundary can occur at any place after the eighth bit position from the left. Once the boundary between the network part and the host part of the IP address is known, all devices addressed in that network will have a common binary pattern in the network part that identifies the device as belonging to the specified network.

3-4 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

IP Address ClassesIP address and associated mask are represented in 32-bit dotted decimalOther formats are commonly used

Decimal value in the first octet determines the Class of the address 001 - 126 = Class A 128 - 191 = Class B 192 - 223 = Class C 224 - 239 = Class D 240 - 254 = Class E 1999, Cisco Systems, Inc.

www.cisco.com

BSCN4-5

IP Address ClassesBoth the IP address and the associated routing mask contain 32 bits. Routing devices are similar to computers in that they both use the binary numbering scheme to represent addresses. Working with 32-bit binary numbers is the standard operational mode for a routing device. However, network administrators do not use binary numbers on a daily basis and have therefore adopted other formats to represent 32-bit IP addresses. Some common formats include decimal (base 10) and hexadecimal (base 16) notation. The generally accepted method of representing IP addresses and routing masks is to break the 32-bit field into four groups of eight bits and to represent those eightbit fields in a decimal format separated by decimal points. Hence the reference to IP addresses and routing masks being represented in 32-bit dotted decimal notation. Although the dotted decimal notation is commonly accepted, that notation means nothing to the routing device because the device internally uses the 32-bit binary string as an address identifier. All routing decisions are based on the 32-bit binary field. IP addresses belong to classes defined by the decimal value represented in the first eight bits (octet). The decimal number ranges are strictly dictated by the binary weights of the ones and zeros patterns within the octet. The class definition is referred to the First Octet Rule. Classes A through E are defined, but only Class A, B and C addresses are used to identify devices connected to the Internet. The two remaining classes are used for special or testing purposes.

Copyright 1999, Cisco Systems, Inc.

Routing Principles

3-5

IP Address Default MasksIP address Class determines the default mask A = 255.0.0.0 B = 255.255.0.0 C = 255.255.255.0

A bit for bit alignment exists between an IP address and its associated mask

1999, Cisco Systems, Inc.

www.cisco.com

BSCN4-6

IP Address Default MasksOnce the class of address is known, the number of bits in the default routing mask is also known. By default, routing masks contain one or more octets of contiguous ones that define the network part of the IP address. To simplify the class representation, the fields of contiguous ones are limited to the fields separated by the decimal points.

3-6 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Determining IP Address ClassWhich Class of address is 201.222.5.12?201 is in the 192 - 223 range = Class CDevice Address

201.

222. Network

5.

12 Host

Default Mask

255.

255.

255.

0

1999, Cisco Systems, Inc.

www.cisco.com

BSCN4-7

Determining IP Address ClassTo determine the class of an IP address, one only has to match the decimal value in the first octet to the accepted number ranges. Once the class of address is known, the default routing mask is also known. In the example above, because 201 is in the Class C range of addresses there is a default 24-bit routing mask. The bit position where the 24 contiguous one bits end defines the end of the network part of the address. Therefore, all of the bits that represent 201.222.5 are part of the network part of the IP address. As described earlier, the routing mask will help routing devices forward traffic to the network defined by the binary bits in the network portion of the IP address.

Copyright 1999, Cisco Systems, Inc.

Routing Principles

3-7

Subnetting OverviewMoving the network boundary to the right creates additional subnetworks at the expense of fewer hosts on each segment The new network mask will contain additional contiguous ones indicating by how many bits the network portion has been extended The formula 2n, where n equals the number of extended bits, indicates the maximum number of subnets created

1999, Cisco Systems, Inc.

www.cisco.com

BSCN4-8

Subnetting OverviewWhen additional contiguous ones are added to the default routing mask, the allones field is longer and that extends the definition of the network part of an IP address. Adding bits to the network part of an address is responsible for decreasing the number of bits in the host part. Creating additional network binary patterns is done at the expense of the number of host devices that can occupy each network segment. The number of bits added to the point where the default routing mask ended creates a counting range. This binary range counts sub networks. Each count is a unique binary pattern and defines a location within the master network address space. The remaining bits not allocated as the network part or the subnetwork part form a counting range for hosts. Host addresses are selected from these remaining bits and must also be numerically unique from all other hosts on this network.

3-8 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Creating SubnetsExtending the mask creates subnets201. 222. 5. 0 Network 255. 255. 255. 224 Mask

Subnet Counting Range 4 2 1

Subnet Number

Host Counting Range 16 8 4 2 1

Host Number

128 64 32 16 8 4 2 1 1 1 1 0 0 0 0 0 S S S HH H H H

0 0 0 0 1 1 1 1

0 0 1 1 0 0 1 1

0 1 0 1 0 1 0 1

0 1 2 3 4 5 6 7

** Special usage 1999, Cisco Systems, Inc.

0 0 0 0 0 . . . 1 1

0 0 0 0 0 . . . 1 1

0 0 0 0 0 1 0 1 1 0 . . . . . . . . . 1 1 1 1

0 1 0 1 0 . . . 0 1

0 ** 1 2 3 4 . . . 30 31 **BSCN4-9

www.cisco.com

Creating SubnetsIn the example above, the network part has been extended and is indicated by the new mask of 255.255.255.224, which is three bits longer than the default mask of 255.255.255.0. Once the default routing mask has been extended, in this case by three bits, it creates a counting range to represent subnetworks. For the sample network of 201.222.5.0, the fourth octet now contains two counting ranges; a three-bit field for counting subnetworks and a five-bit field for counting hosts. Each counting range is displayed with individual binary weights assigned to the bit positions. As is true for eight-bit binary fields discussed earlier, the least significant bit (LSB) has a binary weight of one and is always located at the right side of the field. Each count is an assignment for a subnetwork or a discrete host. Reminder: The count of all zeros and of all ones in the host range is reserved for special usage. The count of all zeros represents the segment identifier and the count of all ones represents a broadcast address used to contact all hosts on that segment. Reminder: The count of all zeros in the subnetwork range must be explicitly allowed. The count of all ones has no special significance in the subnetwork range and identifies a location within the major network. Only after all of the binary counts have been performed, can the 32 binary bits be broken into four eight-bit fields and represented as a dotted decimal value. Only after the binary bits have been represented in dotted decimal notation does the IP address have significance to the network administrator. An example of the dotted decimal notation for the counting ranges is shown on the following page.

Copyright 1999, Cisco Systems, Inc.

Routing Principles

3-9

Subnet AddressingBefore Before subnetting subnetting 201.222.5.0 255.255.255.0 201.222.5.0

Host Range 001 - 254

Hosts/Seg. 254

After After subnetting subnetting

201.222.5.32 201.222.5.64 201.222.5.96

(001) (010) (011)

33 - 62 65 - 94 . . . . . . . . . . . . . . 225 - 254 Total

30 30 . . . . . . . 30 210BSCN4-10

201.222.5.128 (100) 201.222.5.0 255.255.255.224Extend mask by three bits 23 = 8 subnets

201.222.5.160 (101) 201.222.5.192 (110) 201.222.5.224 (111)

* Additional configuration required to activate subnet zero 1999, Cisco Systems, Inc.

www.cisco.com

Subnet AddressingIn the upper portion of the graphic, the Class C network of 201.222.5.0 is shown with all host addresses belonging to a single segment. This major network is associated with the default routing mask of 255.255.255.0. In the lower portion of the graphic, the default routing mask for network 201.222.5.0 has been extended by three bits, as indicated by the subnet mask of 255.255.255.224. The mask extension creates a three-bit counting range, which, using the 2n formula, generates eight possible counts. The seven counts which do not require additional configuration statements on the Cisco router are shown above. Subnetwork zero must be explicitly allowed using configuration commands in Cisco IOS releases prior to 12.0. In Cisco IOS Release 12.0 and later, subnet zero is enabled by default. Once each unique count is determined in the subnetwork range, the valid counts from the host range are added to it. The resulting decimal values represent a range of valid host addresses for each location (subnetwork) within the network address space. The function of extending the network mask (subnetting) creates additional unique locations within the network at the expense of fewer hosts on each segment. There is a small loss of usable host addresses due to the special usage of some bits within the host range. This loss of usable host addresses can be minimized by good network design with an eye toward address utilization on a per segment basis.

3-10 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Routing FundamentalsThis section discusses the components that make up a routing decision. The different methods of learning and the mechanisms for maintaining the routers awareness of the network topology are covered in detail. These topics are consolidated into a discussion of how to read and understand the contents of a routing table display. Section topics are as follows:s s s s

What is routing? Routing requirements Router functions Distance vector routing protocols

Operation Comparison

s

Link-state routing protocols

Operation Comparison

s s

Convergence on a new network topology Routing table interpretation

Copyright 1999, Cisco Systems, Inc.

Routing Principles 3-11

What is Routing?Routing is the process of forwarding an item from one location to another Routers forward traffic to a logical destination in a computer network Routers perform two major functions: RoutingLearning the logical topology of the network

SwitchingForwarding packets from an inbound interface to an outbound interface

1999, Cisco Systems, Inc.

www.cisco.com

BSCN4-12

What is Routing?What is routing? Routing is a relay system by which items are forwarded from one location to another. In computer networks, user generated traffic, such as electronic mail or graphic/text documents, is forwarded from a logical source to a logical destination. Each device in the network has a logical address so it can be reached individually or in some cases as part of a larger group of devices. For a router to act as an effective relay device, it must be able to understand the logical topology of the network and to communicate with its neighboring devices. The router understands several different logical addressing schemes and regularly exchanges topology information with other devices in the network. The mechanism of learning and maintaining awareness of the network topology is considered to be the routing function. The actual movement of transient traffic through the router is a separate function and is considered to be the switching function. Routing devices must perform both a routing and a switching function to be an effective relay device.

3-12 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Routing RequirementsIs the protocol suite active on this device? Is the destination network known to this device? Is there an entry in the routing table? Is the route currently available?

Which outbound interface represents the best path? Lowest metric path is preferred Equal lowest metric paths are shared

1999, Cisco Systems, Inc.

www.cisco.com

BSCN4-13

Routing RequirementsThere are three major decisions that have to be made in order to make a routing decision. First and foremost, can the routing device understand the logical destination address? For a logical address understanding to exist within the router, the protocol suite that uses that logical addressing scheme must be enabled and currently active. Some examples of common aprotocol suites are TCP/IP, IPX, DECnet, and others. Secondly, once the router can understand the addressing scheme, does the destination logical network exist within the current routing table as a valid destination. If the destination logical network does not exist in the routing table, routing devices are programmed to discard the packet and to generate an Internet Control Message Protocol (ICMP) message to notify the sender of the event. Some network managers have successfully reduced the size of their networks routing tables by including only a few destination networks and manually specifying a default route entry. If specified, a default route will be followed if the destination logical network, as indicated by the packet header, is not included as part of this devices routing table. Lastly, if the destination network is in the routing table, through which outbound interface will the packet be forwarded? The routing table should contain only the best path to any given destination logical network. The best path to a destination network has been associated with a particular outbound interface by the routing protocol process. Routing protocols use a metric scheme to determine the best path to a destination. A smaller metric indicates a preferred path and if two or more paths have an equal lowest metric, then all of those paths will be equally shared. Sharing packet traffic across multiple paths is referred to as load balancing to the destination. Once the outbound interface is known, the router must also have an encapsulation solution to forward with. An encapsulation method (framing) is required to forward the packet to the next-hop logical device in the relay path.Copyright 1999, Cisco Systems, Inc. Routing Principles 3-13

Routing InformationMost of the necessary information is contained in the routing tableII 172.16.8.0 172.16.8.0I 172.16.8.0 [100 /118654] via 172.16.7.9 00:00:23 Serial0

[100/118654] via 172.16.7.9, 00:00:23, Serial0 [100/118654] via 172.16.7.9, 00:00:23, Serial0-------How the route was learned (IGRP) Destination logical network/subnet Administrative distance (prioritization factor) Metric value (reachability) Next hop logical address (next router) Age of entry (in hours:minutes:seconds) Interface through which route was learned and through which the packet will leave

1999, Cisco Systems, Inc.

www.cisco.com

BSCN4-14

Routing InformationMost of the information required to perform the routing operation is included in the routing table on a per-entry basis. Each entry is created by the routing protocol process and indicates the following:s

By which mechanism the was route learned. Learning methods can be either dynamic or manual entries. Logical destination address, expressed either as a major network or as a subnetwork of a major network. In isolated cases, host addresses can be contained in the routing table. Administrative distance; a measure of the trustworthiness of the learning mechanism. Metric; a measure of the aggregate path cost specified in a format consistent with the metric used by that routing protocol. Address of the next relay device (router) in the path to the destination. How current is the route information? This field indicates the amount of time the information has been in the routing table. Entry information is refreshed periodically to ensure it is current. The interface associated with reaching the destination network. This is the port through which the packet will leave the router, being forwarded to the next-hop relay device.

s

s

s

s s

s

3-14 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Administrative DistanceAdministrative Distance is a prioritization method for IP routing protocols The lower the administrative distance, the more trusted the learning mechanism Manually entered routes are preferred to dynamically learned routes Routing protocols with sophisticated metrics are preferred over protocols with simple metric structures 1999, Cisco Systems, Inc.

www.cisco.com

BSCN4-15

Administrative DistanceThe routing process is responsible for selecting the best path to any destination network. The concept of an administrative distance is required to handle the case when there are multiple inputs on the same route. More than one learning mechanism can exist inside the router at any given time. The routing process has been programmed to prefer lower values rather than higher values when comparing administrative distances. In general, administrative distances have been assigned in a fashion to prefer manual entries over dynamically learned entries and to prefer routing protocols with more sophisticated metrics over routing protocols with simple metrics. A comparison chart of administrative distances is located on the following page.

Copyright 1999, Cisco Systems, Inc.

Routing Principles 3-15

Administrative Distance Comparison ChartRoute Source Default Distance 0 0 1 5 20 90 100 110 115 120 140 170 200 255BSCN4-16

Connected Interface Static Route out an Interface Static Route to a Next Hop Enhanced IGRP Summary Route External BGP Internal Enhanced IGRP IGRP OSPF IS-IS RIP v1, v2 EGP External Enhanced IGRP Internal BGP Unknown 1999, Cisco Systems, Inc.

www.cisco.com

Administrative Distance Comparison ChartThe chart above compares the administrative distances for the different learning methods available in a TCP/IP environment.

3-16 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Routing DecisionsRouting protocols maintain a loop-free, single path to each destination network Routes are advertised with a reachability factor referred as a metric The path to the destination network is represented by the sum of the metrics associated with all intermediate links The routing process uses the metric value to select a preferred path to each destination Multiple paths can be used if metric values are equal 1999, Cisco Systems, Inc.

www.cisco.com

BSCN4-17

Routing DecisionsIn a routed network, the routing process relies on the routing protocol to maintain a loop-free topology. In addition to maintaining a loop-free topology, the routing process must locate the best path to every destination network. The concept of what is the best path to any destination is what distinguishes different routing protocols in the TCP/IP environment. Each routing protocol uses a different measurement as to what is best. Routers advertise the path to any network in terms of a metric value. Some common examples of metrics are: hop count (how many routers to pass through), cost (based on bandwidth) and composite (using several parameters in their calculation). If the destination network is not local to this router, then the path is represented by the total of metric values defined for all of the links that must be traversed to reach that network. Once the routing process knows the metric values associated with the different paths (assuming that multiple paths exist), then the routing decision can be made. The routing process will select the path that has the smallest metric value. In Cisco routers, if multiple, lowest, equal metric paths exist in an IP environment, then, load sharing (also known as load balancing) will be in effect across the multiple paths. Cisco supports up to six equal metric paths to a common destination network.

Copyright 1999, Cisco Systems, Inc.

Routing Principles 3-17

RIP Routing Metrics5.1 4.0 5.2 5.3 5.4 C C R R R 5.0 dir conn Eth0 4.0 dir conn Ser0 10.0 [120/4] via 5.2, Eth0 10.0 [120/4] via 5.3, Eth0 10.0 [120/4] via 5.4, Eth0

TRFDDI 10.0

Routing metric used by RIP is hop countUsing a neighboring router interface is a hop

Routing process arbitrarily selects a path from several possible pathsIP load balancing is enabled by default 1999, Cisco Systems, Inc.

www.cisco.com

BSCN4-18

RIP Routing MetricsThe Routing Information Protocol (RIP) is a commonly used routing protocol in small-to-medium sized TCP/IP networks. RIP uses hop count as a metric (based upon how many neighboring routers must be passed through to reach the destination). In the topology indicated above, traditional RIP implementations would arbitrarily choose one path in order to reach network 10.0. In this case, only the selected path would be displayed in the routing table. In Cisco routers, the RIP implementation is such that multiple equal hop paths can be shared. In the graphic above, notice that network 10.0 can be reached by three different paths that vary in bandwidth but have an equal hop count. As a result of the equal metric, all three paths will be displayed in the routing table as the lowest metric path. This graphic illustrates that bandwidth is not a consideration in RIPs understanding of the best path to reach network 10.0. In addition, this topology is for demonstration purposes only and does not represent an optimal network design.

3-18 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

IGRP Routing Metrics5.1 4.0 5.2 5.3 5.4

TRFDDI 10.0

C 5.0 dir conn Eth0 C 4.0 dir conn Ser0 I 10.0 [100/327684] via 5.4, Eth0

Routing metric used by IGRP is compositeBandwidth, delay, reliability, load, MTU

Routing process selects the fastest pathIP load balancing is enabled by default 1999, Cisco Systems, Inc.

www.cisco.com

BSCN4-19

IGRP Routing MetricCiscos IGRP is a commonly used routing protocol in medium-to-large sized TCP/IP networks. IGRP uses a composite metric, one based upon bandwidth, delay, reliability, load, and Maximum Transfer Unit (MTU). In IGRPs standard algorithm computation, only the bandwidth and delay values are enabled by default. Load balancing is enabled for all IP routing protocols implemented by Cisco. IGRPs composite metric can distinguish subtle differences in link characteristics and, therefore, will select the highest bandwidth (fastest) path to the destination network. In the graphic above, the FDDI-link path is selected because its 100 Mbps bandwidth is higher than the other available paths. If equal (at least equal within one percent) metric paths exist, load balancing will be in effect. IGRP is capable of load balancing across as many as six equal metric paths. Again, this topology is for demonstration purposes only and does not represent an optimal network design.

Copyright 1999, Cisco Systems, Inc.

Routing Principles 3-19

Routers Forward TrafficRouting protocols maintain neighbor relationships with adjacent (connected) routers Neighboring routers/routing protocols exchange frames containing either: Hello packets Routing update packets Routing tables contain routes learned from neighboring routers

Routers forward traffic to the destination network by passing packets to the next-hop logical device (router) in the delivery path 1999, Cisco Systems, Inc.

www.cisco.com

BSCN4-20

Routers Forward TrafficImmediately after a router completes its startup procedure, the router attempts to establish a routing relationship with neighboring routing devices. The purpose of this initial communication is to identify the neighboring devices and to begin learning the network topology. The method of establishing adjacencies and initial learning of the topology varies between different routing protocols. Often, broadcast frames are used to locate the neighboring devices, especially until the media access control (MAC) addresses of the adjacent network interface card (NIC) cards are learned. The routing process, via the routing protocol, establishes a peer relationship at the software layers (layers four through seven) of the OSI reference model with the neighboring routers. The routing protocol(s) will exchange either periodic Hello messages or periodic routing updates to maintain the on-going communication between the neighbors. Once the network topology is understood and the routing table contains the best path to all known destination networks, the forwarding of traffic can begin. The function of forwarding transient packets by the router is referred to as the switching. The switching function relies heavily on the router knowing the MAC address of the next-hop routing device. The MAC address learning process was a critical phase in establishing the neighbor relationship after startup. The graphic on the following page summarizes the switching operation performed by the router.

3-20 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Basic Switching Functions1

Check framing and buffer packet Associate destination logical address with next-hop logical device and outbound interface Associate next-hop logical device with physical address to create frame header Create framing and forward packetwww.cisco.com

Inbound interface

2

Routing table

Maintained by routing protocol*

3

ARP cache (LAN)

Map table (WAN)

Maintained by ARP or Inverse ARP process*

4

Outbound interface* Manual entries availableBSCN4-21

1999, Cisco Systems, Inc.

Basic Switching FunctionsIn order to forward a packet that has arrived at a router interface, the router must perform the switching function. The switching function needs the end result of the routing function, which is a routing table entry that points to the destination logical network. The switching function has four basic steps:s

A packet transiting the router will be accepted into the router if the frame (in which the packet resides) header contains the MAC address of one of the routers NIC cards. If properly addressed, once the framing is checked, the frame and its content (the packet) will be buffered pending further processing. The buffering occurs in main memory or some other specialized memory location. The switching process checks the destination logical network portion of the packet header against the network/subnetwork entries in the routing table. If the search is successful, the switching process associates the destination network with a next-hop logical device and an outbound interface. Once the next-hop logical device address is known, a lookup is performed to locate a physical address for the next device in the relay chain. The lookup is performed in an Address Resolution Protocol (ARP) table for local-area network (LAN) interfaces or a map table for wide-area network (WAN) interfaces. The contents of these tables can be created either by dynamic means or by manual entries. Once the physical address of the next delivery device is known, an overwrite of the frame header occurs in the memory locations where the frame (and packet) is buffered. After the frame header is created, the frame is programmatically moved to the outbound interface for transmission onto the media. As the frame is placed on the media, the outbound interface adds the CRC character and ending delimiters to the frame. These characters will need to be validated at the arriving interface on the next-hop relay device.Routing Principles 3-21

s

s

s

Copyright 1999, Cisco Systems, Inc.

Classful Routing OverviewClassful routing protocols are a consequence of the distance vector method of route calculation RIPv1 IGRP Routing masks are not carried within the routine, periodic routing updates Within a network, consistency of mask is assumed

1999, Cisco Systems, Inc.

www.cisco.com

BSCN4-22

Classful Routing OverviewClassful routing is a consequence of the fact that routing masks are not advertised in the periodic, routine, routing advertisements generated by distance vector routing protocols. In a classful environment, the receiving device must know the routing mask associated with any advertised subnets or those subnets cannot be advertised to it. How would the receiving device know the mask of an advertised subnet? There are two ways this information can be gained:s s

Share the same routing mask as the advertising device If the routing mask does not match, this device must summarize the received route a classful boundary and send the default routing mask in its own advertisements.

3-22 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Classful RoutesSubnetwork routes are shared by devices within the same network Summary routes are exchanged between foreign networks Summary routes are automatically created at major network boundaries

1999, Cisco Systems, Inc.

www.cisco.com

BSCN4-23

Classful RoutesClassful routing protocols, such as RIPv1 and IGRP, exchange routes to subnetworks within the same network. This is possible because all of the subntworks in the major network will have the same routing mask. This consistency is enforced by administrative controls invoked by the network administrators. When routes are exchanged with foreign (networks whose network portion does not match ours) networks, subnetwork information from this network cannot be included because the routing mask of the other network is not known. As a result, the subnetwork information from this network must be summarized to a classful boundary using a default routing mask prior to inclusion in the routing update. The creation of a classful summary route at major network boundaries is handled automatically by classful routing protocols. Summarization at other points within the major network address is not allowed by classful routing protocols.

Copyright 1999, Cisco Systems, Inc.

Routing Principles 3-23

Classful Subnetting RequirementsA requirement for only two host addresses Forced to allocate 30 host addresses201.222.5.129 /27 E0 S1 201.222.5.98 /27 S0 E0

201.222.5.97 /27 E1 201.222.5.65 /27

201.222.5.33 /27

All router interfaces in the network must have the same subnet mask This approach may not fully utilize available allocation of host addresses 1999, Cisco Systems, Inc.

www.cisco.com

BSCN4-24

Classful Subnetting RequirementsWhen performing subnetting in conjunction with a classful routing protocol, care must be taken to assign the same subnet mask to all router interfaces in the classful routing domain. This consistency is a requirement for subnetwork routes to be advertised correctly. The consistency of subnet mask has a potential downside from the standpoint of efficient address allocation. While a 27-bit mask, as shown in the graphic above, allocates the proper number of host addresses (approximately 30 addresses) onto each Ethernet segment, not all of the 30 addresses can be utilized on the serial link.

3-24 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Distance Vector Routing Update TrafficRouting Table

All Routes

In a distance vector environment, routing updates are propagated only to directlyconnected neighbors 1999, Cisco Systems, Inc.

www.cisco.com

BSCN4-25

Distance Vector Routing Update TrafficThe periodic, routine, routing updates generated by distance vector routing protocols are only addressed to directly-connected routing devices. The addressing scheme most commonly used is a logical broadcast, although unicast updates can be specified. In a distance vector environment, the routing update includes a complete routing table. By receiving a neighbors full table, a router can verify all of the known routes and make changes to the local table based upon updated information received from the neighboring router. This process is easily understood, but it becomes obvious that this routers understanding of the network is based upon the neighbors perspective of the network topology. The distance vector approach to routing is sometimes referred to as routing by rumor.

Copyright 1999, Cisco Systems, Inc.

Routing Principles 3-25

Distance Vector Protocol Comparison ChartCharacteristicCount to infinity Split horizon with poison reverse Hold-down timer Triggered updates with route poisoning Load balancing - equal paths Load balancing - unequal paths VLSM support Routing algorithm Metric Hop count limit Scalability

RIPv1 RIPv2 IGRPX X X X X X X X X X X B-F Hops 16 Med X X X X X X B-F Comp 100 Large

EIGRP**X X X X X DUAL Comp 100 Large

B-F Hops 16 Med

** Enhanced IGRP is an advanced distance vector protocol 1999, Cisco Systems, Inc.

www.cisco.com

BSCN4-26

Distance Vector Protocol Comparison ChartThe chart above compares the characteristics of the different distance vector routing protocols supported on Cisco routers. Most distance vector routing protocols use the Bellman-Ford (B-F) algorithm for route calculation. Enhanced IGRP is an advanced distance vector protocol and uses the Diffusing Updatebased algorithm (DUAL). The hop count limit for IGRP defaults to 100 but is configurable up to a maximum of 255 hops.

3-26 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Written Exercise: Comparing Distance Vector Routing ProtocolsObjective: Describe the operating characteristics of different distance vector routing protocols. 1. Complete the following table by indicating which protocol(s) demonstrate the characteristic shown in the right-hand column. Indicate your choice(s) in the left-hand column by entering one or more of the following distance vector routing protocols: RIPv1, RIPv2, IGRP, EIGRP Protocol Characteristic Has a hop count limitation of 15 hops Uses broadcast packets to propagate routing updates Has an administrative distance of 100 Supports split horizon to avoid routing loops Uses a composite metric to determine best path Employs a count to infinity concept to avoid routing loops Can select preferred path based upon bandwidth consideration Supports variable length subnet masks (VLSM) Is supported by all vendors of routing equipment

2. Which of the following statements are true for all distance vector routing protocols? Indicate your selection by placing a T in the blank area in front of each statement. _______ Routing updates contain all routes in the routing table

_______

Load balancing of equal metric paths in enabled by default

_______

Automatic route summarization occurs at major network boundaries

_______

Length of the subnet mask is carried in the routing update

_______

Consistency of subnet mask is a network design requirement

Copyright 1999, Cisco Systems, Inc.

Routing Principles 3-27

Case Study: Using Distance Vector Routing Protocols

Distance Vector Case Study

Class C Class C

Token Ring

Token Ring

Class C

Gigabit Ethernet Fast Ethernet Ethernet Serial 1999, Cisco Systems, Inc.

www.cisco.com

BSCN4-28

Distance vector routing protocols are commonly deployed in small to medium sized networks. These protocols are popular, well understood, and straightforward to configure. Although distance vector protocols, such as RIP and IGRP, are widely deployed there are still some operational guidelines that must be adhered to. Some operational concepts that require consideration include:s s s s s

Topology considerations Metric limitations Routing update traffic Convergence Ease of configuration and management

3-28 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Classless Routing OverviewClassless routing protocols include the routing mask with the route advertisement Open Shortest Path First (OSPF) Enhanced IGRP RIPv2 IS-IS BGP

Routing updates triggered by topology changes Summary routes manually controlled at any point within the network 1999, Cisco Systems, Inc.

www.cisco.com

BSCN4-29

Classless Routing OverviewClassless routing protocols can be considered as second generation protocols because they are designed to deal with some of the limitations of the earlier classful protocols. One of the most serious limitations in a classful network environment is that the routing mask is not exchanged during the routing update process. This original approach required the same routing mask be used on all subnetworks. The classless approach advertises the routing mask for each route and therefore a more precise lookup can be performed in the routing table. Once the initial topology learning phase is complete, updates about network routes are triggered by changes in topology. The event-driven approach reduces the periodic bandwidth consumption associated with full table updates. Classless routing protocols also addressed another limitation of the classful approach: the need to summarize to a classful network with a default routing mask at major network boundaries. In the classless environment, the summarization process is manually controlled and can be invoked at any point within the network. Since subnet routes are propagated throughout the routing domain, summarization is required to keep the size of the routing tables at a manageable size.

Copyright 1999, Cisco Systems, Inc.

Routing Principles 3-29

Classless Subnetting RequirementsA requirement for only two host addresses VLSM support accommodates this201.222.5.129 /27 E0 S1 201.222.5.209 /30 S0 E0

201.222.5.210 /30 E1 201.222.5.65 /27

201.222.5.33 /27

Router interfaces within the same network can have different subnet masksVariable length subnet masking (VLSM) is supported

This approach maximizes allocation of available host addresses 1999, Cisco Systems, Inc.

www.cisco.com

BSCN4-30

Classless Subnetting RequirementsAnother limitation of classful routing protocols was the requirement for a consistent mask to be applied to all router interfaces within the major network. This strict (classful) approach resulted in inefficient utilization of host addresses Classless routing protocols understand that different routes within a major network can have different masks. The use of different masks within a major network is referred to as Variable Length Subnet Masking (VLSM). Classful routing protocols support VLSM and that in turn leads to more efficient utilization of host addresses. In the graphic above, the serial link has been configured with a subnet mask that properly supports the links requirement for only two host addresses.

3-30 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Link-State Routing Update TrafficRouting Table

One Route

In a link-state environment, link-state announcements are propagated to all devices in the routing domainHierarchical design can limit the requirement to notify all devices 1999, Cisco Systems, Inc.

www.cisco.com

BSCN4-31

Link State Routing Update TrafficLink state routing protocols generate routing updates only when there is a change in the topology. When a link changes state, a link-state advertisement (LSA) concerning that link (route) is created by the device that detected the change and propagated to all neighboring devices using a special multicast address. Each routing device takes a copy of the LSA, updates its topological database and forwards the LSA to all neighboring devices. This flooding of the LSA is required to ensure that all routing devices update their database before creating an updated routing table that reflects the new topology. Most link-state routing protocols require a hierarchical design, especially to support proper address summarization. The hierarchical approach, such as creating multiple logical areas for OSPF, reduces the need to flood an LSA to all devices in the routing domain. The use of areas restricts the flooding to the logical boundary of the area rather than to all devices in the OSPF domain. In other words, a change in one area should only cause routing table recalculation in that area, not in the entire domain.

Copyright 1999, Cisco Systems, Inc.

Routing Principles 3-31

Link-State Protocol Comparison ChartCharacteristicHierarchical topology - required Retains knowledge of all possible routes Route summarization - manual Route summarization - automatic Event triggered announcements Load balancing - equal paths Load balancing - unequal paths VLSM support Routing algorithm Metric Hop count limit Scalability** Enhanced IGRP has some link-state features 1999, Cisco Systems, Inc.

OSPF IS-ISX X X X X X X X X X

EIGRP**X X X X X X X DUAL Comp 100 Large

X X Dijks IS-IS Cost Cost 200 1024 Large VryLg

www.cisco.com

BSCN4-32

Link State Routing Protocol Comparison ChartThe chart above compares some of the characteristics exhibited by link-state routing protocols. Enhanced IGRP is technically an advanced distance vector protocol, but it demonstrates some link-state features. The routing algorithm used by OSPF is the Dijkstra algorithm. Iintermediate system-to- intermediate system (IS-IS) is the routing algorithm used by the International Standards Organization (ISO) protocol suite, which includes connectionless network services (CLNS). Enhanced IGRP uses Distributed Update-based algorithm (DUAL) in its route calculations.

3-32 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Written Exercise: Comparing Link State Routing ProtocolsObjective: Describe the operating characteristics of link-state routing protocols 1. Complete the following table by indicating which protocol(s) demonstrate the characteristic shown in the right-hand column. Indicate your choice(s) in the left-hand column by entering one or more of the following distance vector routing protocols: OSPF, IS-IS, EIGRP Protocol Characteristic Maintains additional tables to assist in rapid convergence Uses broadcast packets to propagate topology updates Has an administrative distance of 115 Supports flooding of updates to avoid routing loops Requires a hierarchical design to operate correctly Allows manual route summarization at any location Can select preferred path based upon bandwidth consideration Supports variable length subnet masks (VLSM) Is supported by all vendors of routing equipment

2. Which of the following statements are true for all link-state routing protocols? Indicate your selection by placing a T in the blank area in front of each statement. _______ Routing updates contain only the affected routes in the routing table

_______

Load balancing of equal metric paths in enabled by default

_______

Automatic route summarization occurs at major network boundaries

_______

Length of the subnet mask is carried in the routing update

_______

Consistency of subnet mask is a network design requirement

Copyright 1999, Cisco Systems, Inc.

Routing Principles 3-33

Case Study: Using Link State Routing Protocols

Link-State Case Study

AreaHi-speed Core

DR

BDR

FDDIToken Ring

Gigabit Ethernet Fast Ethernet Ethernet Serial 1999, Cisco Systems, Inc.

www.cisco.com

BSCN4-34

Link state routing protocols are commonly deployed in medium to large-scale networks. Implementation of these protocols requires that sound design principles be followed with an eye towards a hierarchical topology. A hierarchical structure is important for both router functionality and for address allocation. Some operational concepts that require consideration include:s s s s s

Topology considerations Metric limitations Routing update traffic Convergence Ease of configuration and management

3-34 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

ConvergenceConvergence is the time that it takes for all routers to agree on the network topology after a change New routes being added Existing routes changing state Convergence time is effected by: Update mechanism (hold-down timers) Size of the topology table Route calculation algorithm 1999, Cisco Systems, Inc.

www.cisco.com

BSCN4-35

ConvergenceIn a routed network, the routing process in each router must maintain a loop-free, single path to each possible destination logical network. When all of the routing tables are synchronized and each contains a usable route to each destination network, the network is described as being converged. Convergence is the activity associated with making the routing tables synchronized after a topology change occurs. Convergence efforts are different within different routing protocols and the default timers used within the same routing protocol can vary by vendor implementation. Convergence time can vary within any network. One of the critical questions to be answered when measuring convergence time is how was the link change detected? Using the OSI reference model terminology as a guideline, there are at least two different detection methods. First, when the NIC (at the Physical/Data Link layer) fails to receive three consecutive keepalives, the link is considered to be down. Second, when the routing protocol (at the Network/Transport Layer) fails to receive three consecutive Hello messages (or routing updates, etc.), the link is considered to be down. Once the detection method is understood, factors associated with routing protocol operation come into play. Most routing protocols have timers that prevent topological loops from forming during periods of link transition. For example, when a route is suspect, it is placed in hold-down and no new routing information about that route will be accepted until the hold-down timer expires. This approach gives the network topology an opportunity to stabilize before new route calculations are performed. Unfortunately, a network cannot converge more rapidly than the duration of the hold-down timer. The concept of a hold-down timer is primarily associated with distance vector routing protocols. In addition to timer values, other factors such as the size of internet, the efficiency of the routing algorithm and how the failure information is radiated all affect convergence time. Some examples are shown on the following pages.Copyright 1999, Cisco Systems, Inc. Routing Principles 3-35

RIP ConvergenceS1 S0 F E D E0 C E1 E0 B S0 S0 A

Steps of convergence:1. C detects link failure; sends flash update, goes to D and B- Route is poisoned to B and D; removed from Cs routing table

2. C sends a request to neighbors for alternate path - Broadcast for v1, multicast for v2 3. D reports no alternate path; B reports route with weaker metric- Route via B immediately placed in routing table

4. C advertises route via B in periodic update to D- No change to table because route is in hold-down

5. In D, E, and F, as hold-down timer expires, route added to table- New route propagated in periodic update

Convergence time at F: 6 update intervals + 60 seconds 1999, Cisco Systems, Inc.

www.cisco.com

BSCN4-36

RIP ConvergenceThe sequence of events for RIP convergence is as follows: 1. Router C detects the link failure between A and C, C sends a flash update with a poisoned route to B and D. D creates a new flash update and sends it to E. E creates a new flash update and sends it to F. C purges the entry for the down link and removes all routes associated with that link from the routing table. 2. Router C sends a query to its neighbors on 255.255.255.255 (v1) and 224.0.0.9 (v2). D responds with a poisoned route and B responds with a route with a weaker metric. The route from B is immediately installed in the routing table. 3. Router C does not go into hold-down because the entry was already purged. 4. Router D is in hold-down for the failed route. When C makes its periodic advertisement that the route is available with a weaker metric, D ignores the route because it is in hold-down. D continues to send a poisoned route to C in Ds updates. 5. As routers D, E, and F come out of hold-down, the new route announced by C will cause their routing table entries to be updated. From Fs perspective, convergence time is the total of detection time, plus holddown time, plus two update times (D to E and E to F), plus one partial or full update time. The actual time to converge at F could exceed 240 seconds or approximately four minutes.

3-36 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

IGRP ConvergenceS1 S0 F E D E0 C E1 E0 B S0 S0 A

Steps of convergence:1) C detects link failure; sends flash update, goes to D and B- Route is poisoned to B and D; removed from Cs routing table

2) C sends query to neighbors for alternate route - Broadcast on all interfaces 3) C receives route with weaker metric from B; no route from D- Route via B placed in routing table

4) C advertises route via B in flash update to D and B- No change to table because route is in hold-down

5) In D, E, and F, as hold-down timer expires, route added to table- New route propagated in periodic update

Convergence time at F: 5 update intervals + 30 seconds 1999, Cisco Systems, Inc.

www.cisco.com

BSCN4-37

IGRP ConvergenceThe sequence of events for IGRP convergence is as follows: 1. Router C detects the link failure between A and C, C sends a flash update with a poisoned route to B and D. D creates a new flash update and sends it to E. E creates a new flash update and sends it to F. C purges the entry for the down link and removes all routes associated with that link from the routing table. 2. Router C sends a query to its neighbors on 255.255.255.255 using all interfaces including the one that is down. D responds with a poisoned route and C sends (out all interfaces) a flash update without the failed link entry. 3. B responds with a route with a weaker metric. The route from B is immediately installed in the routing table. Router C does not go into holddown because the entry was already purged. C sends a flash update with the new route information out all interfaces. 4. Router D is in hold-down for the failed route. When C makes its flash advertisement that the route is available with a weaker metric, D ignores the route because it is in hold-down. D continues to send a poisoned route to C in Ds updates. 5. As routers D, E, and F come out of hold-down, the new route announced by C will cause their routing table entries to be updated. From Fs perspective, convergence time is the total of detection time, plus holddown time, plus two update times (D to E and E to F), plus one partial or full update time. The actual time to converge at F could exceed 490 seconds or approximately six minutes.

Copyright 1999, Cisco Systems, Inc.

Routing Principles 3-37

EIGRP ConvergenceS1 S0 F E D E0 C E1 E0 B S0 S0 A

Steps of convergence:1) C detects link failure; has no FS, goes into active convergence- No successor candidates present in topology database

2) C sends query to B and D to get logical successor- No route with a lower feasible distance available

3) 4) 5) 6)

Ds response indicates no logical successor Bs response indicates FS with higher feasible distance C accepts new path and distance, adds route via B to table Sends flash update about higher metric, goes to D and B- Only higher metric propagated in triggered update

Convergence time to F: approximately 2 seconds 1999, Cisco Systems, Inc.

www.cisco.com

BSCN4-38

Enhanced IGRP ConvergenceThe sequence of events for IGRP convergence is as follows: 1. Router C detects the link failure between A and C, checks the topology table for a feasible successor, doesnt find a qualifying alternate route and enters in an active convergence state. 2. C sends a Query out all interfaces for other routes to the failed link. The neighboring routers acknowledge the query. 3. The reply from D indicates no other route to the failed link. 4. Bs reply contains a route to the failed link, although it has a higher feasible distance. 5. Router C accepts the new path and metric information, places it in the topology table, and creates an entry for the routing table. 6. C sends an update about the new route out all interfaces. All neighbors acknowledge the update and send updates of their own (which are acknowledged) back to the sender. These bi-directional updates are necessary to ensure the routing tables are synchronized and to validate the neighbors awareness of the new topology. From Fs perspective, convergence time is the total of detection time, plus Query and Reply times, plus Update times. The actual time to converge at F is very rapid, approximately two seconds.

3-38 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

OSPF ConvergenceS1 S0 F E D E0 C E1 E0 B S0 S0 A

Steps of convergence:1) C detects link failure; sends link-state advertisement, goes to D and B- Topology change is detected, traffic forwarding suspended

2) All routers update topology database; copy LSA and flood to neighbors- All devices have topological awareness

3) All routers run Dijkstra algorithm, generate new routing table- Route via B in routing tables, traffic forwarding resumed

Convergence time to F: approximately 6 seconds

1999, Cisco Systems, Inc.

www.cisco.com

BSCN4-39

OSPF ConvergenceThe sequence of events for OSPF convergence is as follows: 1. Router C detects the link failure between A and C and tries to perform a DR election process on the LAN interface, but fails to reach any neighbors. C deletes the route from the routing table, builds a router LSA and sends it out all other interfaces. 2. Upon receipt of the LSA, routers B and D copy the advertisement and forward (flood) the LSA packet out all interfaces other than the one upon which it arrived. 3. All routers, including router C, wait five seconds after receiving the LSA and run the shortest path first (Dijkstra) algorithm. After running the algorithm, router C adds the new route to the routing table, and routers D, E and F update the metric in the routing table. After approximately 30 seconds, A sends an LSA after aging out the topology entry from router C about the failed link. After five seconds, all routers run the SPF algorithm again and update their routing tables to reflect that B is the path to the failed link. From Fs perspective, convergence time is the total of detection time, plus LSA flooding time, plus five seconds. The actual time to converge at F is very rapid, approximately six seconds and could be longer depending on the size of the topology table. If As LSA about aging out of the topology entry is also considered in Fs convergence, approximately another 30 - 40 seconds could be added before the network is again stable.

Copyright 1999, Cisco Systems, Inc.

Routing Principles 3-39

Routing UpdatesDifferent ways to send route informationRouting Table Distance vector Approach Full Table

Routing Table

link-state Single Entry Approach

1999, Cisco Systems, Inc.

www.cisco.com

BSCN4-40

Routing UpdatesThere are two basic ways to send routing updates: the distance vector approach and the link-state approach. These approaches are being described after the initial learning mechanisms have completed. Distance-vector protocols use a routine, periodic announcement that contains the entire contents of the routing table. These announcements are usually broadcasts and are propagated only to directly-connected devices. This approach allows the router to view the network from the neighbors perspective and facilitates the addition of the routers metric to the distance already stated by the neighboring router. The downside of this approach is that considerable bandwidth is consumed at regular intervals on each link even if there are no topology changes to report. Link-state protocols use a triggered-update type of announcement. These announcements are generated only when there is a topology change within the network. The link-state announcements only contain information about the link that changed (such as a single route) and are propagated to all devices in the network. The flooding of the announcement is required because link-state devices all make their route calculations independently but those calculations are based upon a common understanding of the network topology. This approach saves bandwidth on each link because the announcements contain less information, as well as, only being sent when there is a topology change. In some link-state protocols, a periodic announcement (every 30 minutes for OSPF) is required to ensure that the topology database is synchronized among all routing devices.

3-40 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Routing TablesEntries are listed in binary descending orderSimplifies the search mechanism

Multiple paths to a common destination can be listedLoad balancing is enabled by default for IP

Displayed by the show ip route command Entries can be refreshed by clear ip route command Specify a single entry, use network number Specify all entries, use * as a wildcard character 1999, Cisco Systems, Inc.

www.cisco.com

BSCN4-41

Routing TablesThe entries in a routing table represent each possible logical destination network that is known to this router. The entries for major networks are listed in ascending order and, most commonly, within each major network the subnetworks are listed in descending order. The order of the entries may at times look like a random pattern, but the order is optimized by bit patterns to facilitate the lookup process based upon length of subnet mask. The routing process must maintain a single, loop-free path to each destination network. If equal, lowest metric paths exist to a destination, all paths (up to a maximum of six) will be listed in the routing table. The IP routing process will attempt to load share traffic across equal metric paths. An IP routing table display can be requested with the privileged EXEC command show ip route. If the information that is displayed is not trusted, an update can be obtained from the neighboring devices with the clear ip route command. An optional keyword, either an individual network/subnetwork route or the * (wildcard for all) character, can be used to further identify the route(s) to be refreshed.

Copyright 1999, Cisco Systems, Inc.

Routing Principles 3-41

Sample Routing TableInclude sample displayInclude Static, default and gateway of last resort

1999, Cisco Systems, Inc.

www.cisco.com

BSCN4-42

Sample Routing TableClick here to enter topic content.

3-42 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Lab Exercise: Discovering the NetworkRefer to the Lab Guide for details about the tasks to be performed during this lab exercise. The lab will be pre-configured by the instructor and includes IP and IGRP. The following is an overview of the tasks to be performed:s

Use show commands and CDP to discover

Addresses Protocols Metrics

s s s

Analyze the contents of the routing table Verify connectivity to all other pods Using the addresses assigned to your pod, determine

Subnet ID Host IDs Broadcast address

Copyright 1999, Cisco Systems, Inc.

Routing Principles 3-43

SummaryThis section summaries the tasks you learned to complete in this chapter

SummaryAfter completing this chapter, you should be able to perform the following tasks: List the key information routers need to route data Describe classful and classless routing protocols Compare distance vector and link-state protocol operation Describe the use of the fields in a routing table 1999, Cisco Systems, Inc.

www.cisco.com

BSCN4-44

3-44 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Answers to Exercises

Answers to Exercises 1999, Cisco Systems, Inc.

www.cisco.com

4-45

Answers to Exercises

Copyright 1999, Cisco Systems, Inc.

Routing Principles 3-45

Written Exercise: Comparing Distance Vector Routing Protocols Objective: Describe the operating characteristics of different distance vector routing protocols. 1. Complete the following table by indicating which protocol(s) demonstrate the characteristic shown in the right-hand column. Indicate your choice(s) in the left-hand column by entering one or more of the following distance vector routing protocols: RIPv1, RIPv2, IGRP, EIGRP Protocol RIPv1, RIPv2 RIPv1, IGRP IGRP RIPv1, RIPv2, IGRP, EIGRP IGRP, EIGRP RIPv1, RIPv2 IGRP, EIGRP RIPv2, EIGRP RIPv1 Characteristic Has a hop count limitation of 15 hops Uses broadcast packets to propagate routing updates Has an administrative distance of 100 Supports split horizon to avoid routing loops Uses a composite metric to determine best path Employs a count to infinity concept to avoid routing loops Can select preferred path based upon bandwidth consideration Supports variable length subnet masks (VLSM) Is supported by all vendors of routing equipment

2. Which of the following statements are true for all distance vector routing protocols? Indicate your selection by placing a T in the blank area in front of each statement. _______ Routing updates contain all routes in the routing table

___T___

Load balancing of equal metric paths in enabled by default

___T___

Automatic route summarization occurs at major network boundaries

_______

Length of the subnet mask is carried in the routing update

_______

Consistency of subnet mask is a network design requirement

3-46 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Written Exercise: Comparing Link State Routing Protocols Objective: Describe the operating characteristics of link-state routing protocols 1. Complete the following table by indicating which protocol(s) demonstrate the characteristic shown in the right-hand column. Indicate your choice(s) in the left-hand column by entering one or more of the following distance vector routing protocols: OSPF, IS-IS, EIGRP Protocol OSPF, IS-IS, EIGRP None IS-IS OSPF OSPF, IS-IS OSPF. IS-IS, EIGRP OSPF, EIGRP OSPF, IS-IS, EIGRP OSPF Characteristic Maintains additional tables to assist in rapid convergence Uses broadcast packets to propagate topology updates Has an administrative distance of 115 Supports flooding of updates to avoid routing loops Requires a hierarchical design to operate correctly Allows manual route summarization at any location Can select preferred path based upon bandwidth consideration Supports variable length subnet masks (VLSM) Is supported by all vendors of routing equipment

2. Which of the following statements are true for all link-state routing protocols? Indicate your selection by placing a T in the blank area in front of each statement. ___T___ Routing updates contain only the affected routes in the routing table

___T___

Load balancing of equal metric paths in enabled by default

_______

Automatic route summarization occurs at major network boundaries

___T___

Length of the subnet mask is carried in the routing update

_______

Consistency of subnet mask is a network design requirement

Copyright 1999, Cisco Systems, Inc.

Routing Principles 3-47

3-48 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

4

Extending IP Addresses

OverviewThis chapter discusses various aspects if IP addressing. This chapter includes the following topics:s s s s s s s s s s s s

Objectives Issues with IP Addressing IP Addressing Solutions Hierarchical Addressing Variable-Length Subnet Masks Written Exercise: Calculating VLSMs Route Summarization Written Exercise: Using Route Summarization Classless Inter-domain Routing Case Study: Introduction to Course Case Studies Summary Review Questions

.

ObjectivesThis section lists the chapters objectives.

Objectives

Upon completion of this chapter, you will be able to perform the following tasks: Given an IP address, use VLSMs to extend the use of the IP address Given a network plan that includes IP addressing, explain if route summarization is or is not possible

1999, Cisco Systems, Inc.

www.cisco.com

BSCN4-2

Upon completion of this chapter, you will be able to perform the following tasks:s s

Given an IP address, use VLSMs to extend the use of the IP address. Given a network plan that includes IP addressing, explain if route summarization is or is not possible.

4-2 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Issues with IP AddressingThis section discusses issues with IP addressing.

Issues with IP Addressing

Internet

UNIVERSITY

IP address exhaustion Routing table growth 1999, Cisco Systems, Inc.

www.cisco.com

BSCN4-4

When IP addressing was first defined, in 1981, it was a 32-bit number that had two components: a network address and a node (host) address. Classes of addresses were also definedclass A, B, and C and later classes D and E. Since then, the growth of the Internet has been incredible. Two addressing issues have resulted from this explosion:s

IP address exhaustionThis has largely been due to the random allocation of IP addresses by the NIC. It is also due to the fact that subnetting with one subnet mask may not be suitable for a typical network topology, as you will see later in this chapter. Routing table growth and manageabilityOne source indicates that in 1990 only about 5000 routes were tracked in order to use the Internet. This number had grown to 74,000 routes by 1999. In addition to the exponential growth of the Internet, the random assignment of IP addresses throughout the world has also contributed to the exponential growth of routing tables.

s

Next-generation IP (IP version 6) tries to respond to these problems by introducing a 128-bit address. In the meantime Internet Request For Comments (RFCs), have been introduced to enable the current IP addressing scheme to continue to be useful.

Copyright 1999, Cisco Systems, Inc.

Extending IP Addresses 4-3

IP Addressing SolutionsThis section identifies solutions to IP addressing issues.

IP Addressing Solutions Subnet Masking, RFC 1812 Address Allocation for Private Internets, RFC 1918 Network Address Translation, RFC 1631 Hierarchical Addressing Variable-Length Subnet Masks, RFC 1812 Route Summarization, RFC 1518 Classless Inter-Domain Routing, RFCs 1518, 1519 1999, Cisco Systems, Inc.

www.cisco.com

BSCN4-5

Since the 1980s, solutions have been developed to slow the depletion of IP addresses and to reduce the number of Internet route table entries by enabling more hierarchical layers in an IP address. These solutions include:s

Subnet MaskingRFCs 950 (1985), 1812 (1995)Developed to add another level of hierarchy to an IP address. This additional level allows for extending the number of network addresses derived from a single IP address. (Subnet masking is discussed in chapter 3 of this course and in detail in the Interconnecting Cisco Network Devices [ICND] course.) Address Allocation for Private InternetsRFC 1918 (1996)Developed for organizations that do not need much access to the Internet. The only reason to have a NIC-assigned IP address is to interconnect to the Internet. Any and all companies can use the privately assigned IP addresses within their organization, rather than using a NIC-assigned IP address unnecessarily. (Private addresses are discussed in chapter 14 of this course and in the Building Cisco Remote Access Networks [BCRAN] course). Network Address Translation (NAT)RFC 1631 (1994)Developed for those companies that use private addressing or use non-NIC-assigned IP addresses. This strategy enables an organization to access the Internet with a NIC-assigned address, without having to reassign the private or illegal addresses that are already in place. (NAT is discussed in chapter 14 of this course and in the BCRAN course). Hierarchical Addressing Applying a structure to addressing such that multiple addresses share the same leftmost bits. Hierarchical addressing is discussed later in this chapter.Copyright 1999, Cisco Systems, Inc.

s

s

s

4-4 Building Scalable Cisco Networks

s

Variable-Length Subnet Masks (VLSMs)RFC 1812 (1995)Developed to allow multiple levels of subnetworked IP addresses within a single network. This strategy can only be used when it is supported by the routing protocol in use, such as OSPF and EIGRP. VLSMs are discussed later in this chapter. Route SummarizationRFC 1518 (1993)A way of having a single IP address represent a collection of IP addresses when you employ a hierarchical addressing plan. Route summarization is discussed later in this chapter. Classless Inter-Domain Routing (CIDR)RFCs 1518, 1519 (1993), 2050 (1996)Developed for ISPs. This strategy suggests that the remaining IP addresses be allocated to ISPs in contiguous blocks, with geography being a consideration. CIDR is discussed later in this chapter.

s

s

Copyright 1999, Cisco Systems, Inc.

Extending IP Addresses 4-5

Hierarchical AddressingThis section discusses what hierarchical addressing is and the benefits of using it.

Planning an IP Address HierarchyLong (Remote) Distance Path to 1(A number indicates destination is remote)

Long Distance Virginia Path to 555 Path to 703(An area code summarizes an area in VA) (A Prefix summarizes Local Office a smaller area in VA)

Local Office

Alexandria

Path to 1212 (Number) California Aunt Judy

Does a telephone switch in California know how to reach a specific phone (1-703-555-1212) in Virginia? 1999, Cisco Systems, Inc.

www.cisco.com

BSCN4-11

What is an addressing hierarchy, and why do you want to have it? Perhaps the best known addressing hierarchy is the telephone network. The telephone network uses a hierarchical numbering scheme that includes country codes, area code, and local exchange numbers. For example, if you are in San Jose, California and call someone else in San Jose, then you dial the San Jose local exchange number, 528, and the persons telephone number, 7777. The central office, upon seeing the number 528, recognizes that the destination telephone is within its area so it looks for number 7777 and transfers the call. To call Aunt Judy in Alexandria, Virginia from San Jose, dial 1, then the area code, 703, the Alexandria prefix, 555, then Aunt Judys local number, 1212. The central office first sees the number 1, indicating a remote call, then looks up the number 703. The central office immediately routes the call to a central office in Alexandria. The San Jose central office does not know exactly where 555-1212 is in Alexandria, nor does it have to. It only needs to know the area codes, which summarize the local telephone numbers within an area. If there were no hierarchical structure, every central office would need to have every telephone number, worldwide, in its locator table. Instead, the central offices have summary numbers, such as area codes and country codes. A summary number (address) represents a group of numbers. For example, an area code such as 408 is a summary number for the San Jose area. That is, if you dial 1- 408 from anywhere in the United States, then a seven-digit telephone number, the central office will route the call to a San Jose central office. This is the kind of addressing

4-6 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

strategy that the Internet gurus are trying to work toward, and that you as a network administrator should implement in your own internetwork.

Copyright 1999, Cisco Systems, Inc.

Extending IP Addresses 4-7

Benefits of Hierarchical Addressing Reduce the number of route table entries Summarize multiple addresses into route summaries Efficient allocation of addresses Contiguous address assignment allows you to use all possible addresses

1999, Cisco Systems, Inc.

www.cisco.com

BSCN4-12

The benefits of hierarchical addressing include:s

Reduced number of routing table entriesWhether it is with your Internet routers, or your internal routers, you should try to keep your routing tables as small as possible by using route summarization. Route summarization is a way of having a single IP address represent a collection of IP addresses when you employ a hierarchical addressing plan. By summarizing routes, you can keep your routing table entries manageable, which means: More efficient routing. Reduced number of CPU cycles when recalculating a routing table, or sorting through the routing table entries to find a match. Reduced router memory requirements. Faster convergence after a change in the network. Easier troubleshooting

s

Efficient allocation of addressesHierarchical addressing enables you to take advantage of all possible addresses because you group them contiguously. With random address assignment, you may end up wasting groups of addresses because of addressing conflicts. For example, recall that classful routing protocols automatically create summary routes at a network boundary. These protocols therefore do not support discontiguous addressing (as you will see later in this chapter), so some addresses would be unusable if not assigned contiguously.

4-8 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Variable-Length Subnet MasksThis section introduces variable-length subnet masks, including some examples, and discusses VLSM use with classless and classful routing protocols.

What Is a Variable-Length Subnet Mask?172.16.14.32/27A

17 2.

16 .1

4. 1

172.16.14. 64/27

B

172.1

6.14. 1

0 36/30

32 /3

2. 17

. .1 16

2 0/

4

172.16.14.96/27

C

.14.14 172.16

0/30

HQ 1 72

.16 .2.

172.16.0.0/16

0/2 4

Subnet 172.16.14.0/24 is divided into smaller subnets: Subnet with one mask at first (/27) Further subnet one of these subnets not used elsewhere (/30) 1999, Cisco Systems, Inc.

www.cisco.com

BSCN4-16

VLSMs provide the ability to include more than one subnet mask within a network, and the ability to subnet an already subnetted network address. The benefits of VLSMs include:s

Even more efficient use of IP addressesWithout the use of VLSMs, companies are locked into implementing a single subnet mask within an entire class A, B or C network number. For example, consider the 172.16.0.0/16 network address divided into subnets using /24 masking, and one of the subnetworks in this range, 172.16.14.0/24, further divided into smaller subnets with the /27 masking, as shown in the graphic. These smaller subnets range from 172.16.14.0/27 to 172.16.14.224/27. In the graphic, one of these smaller subnets, 172.16.14.128, is further divided with the /30 prefix, creating subnets with only two hosts, to be used on the WAN links.

s

Greater capability to use route summarizationVLSMs allow for more hierarchical levels within your addressing plan, and thus allow for better route summarization within routing tables. For example, in the graphic, subnet 172.16.14.0/24 summarizes all of the addresses that are further subnets of 172.16.14.0, including those from subnet 172.16.14.0/27 and from 172.16.14.128/30. Route summarization is discussed in more detail later in this chapter.

Copyright 1999, Cisco Systems, Inc.

Extending IP Addresses 4-9

Classless and Classful Routing UpdatesRIPv1 Network172.16.2.0/24 A 172.16.2.0 172.16.1.0/24 B 172.16.0.0Routing Table 172.16.0.0/16

192.168.5.0/24 C

OSPF Network172.16.2.0/24 A 172.16.2.0/24 172.16.1.0/24 B 172.16.2.0/24 172.16.1.0/24 1999, Cisco Systems, Inc.

Routing Table 172.16.2.0/24 172.16.1.0/24

192.168.5.0/24 C

www.cisco.com

BSCN4-20

VLSMs can be used when the routing protocol sends a subnet mask along with each network address. As discussed in chapter 3, routing protocols that include a subnet mask are known as classless routing protocols; they include RIPv2, OSPF, EIGRP, BGP, and ISIS. As also discussed in chapter 3, routing protocols that do not send subnet mask information along with each network address are known as classful routing protocols. RIPv1 and IGRP are classful routing protocols and therefore do not support VLSMs. RIPv1 and IGRP networks support only one subnet mask per network address because routing updates do not include a subnet mask field. As a result, upon receiving a packet, the router does one of the following to determine the network portion of the destination address:s

If the routing update information is about the same network number as configured on the receiving interface, the router applies the subnet mask that is configured on the receiving interface. If the routing update information is about a network address that is not the same as the one configured on the receiving interface, the router will apply the default (by class) subnet mask.

s

For example, in the graphic the RIPv1 network Router B is attached to network 172.16.1.0/24. Therefore, if Router B learns about any network on this interface that is also a subnet of the 172.16.0.0 network, it will apply the subnet mask configured on its receiving interface (/24) to that learned network. But, notice how Router C, which is attached to Router B via the 192.168.5.0/24 network, handles routing information about network 172.16.0.0. Rather than using the subnet mask that Router B knows about (/24), Router C applies the default (classful) subnet mask for a class B address (/16) when it receives information about 172.16.0.0. (Also notice that Router B summarized the routing information about the 172.16.0.0 network when sending it to Router C, because it was sent over an interface in a different network.)4-10 Building Scalable Cisco Networks Copyright 1999, Cisco Systems, Inc.

It is impossible in this kind of environment to further subnet already subnetted IP addresses without causing confusion. Instead VLSMs can be used only when the routing protocol sends subnet mask information along with the network address. To contrast, in the lower graphic the OSPF network Router B passed the subnet and subnet mask information to Router C; Router C put the subnet details into its routing table. Router C did not have to use any default masks for the received routing information.

Copyright 1999, Cisco Systems, Inc.

Extending IP Addresses 4-11

Calculating VLSMsSubnetted Address: 172.16.32.0/20 In Binary 10101100. 00010000.00100000.00000000 VLSM Address: 172.16.32.0/26 In Binary 10101100. 00010000.00100000.00000000

1st Subnet: 2nd Subnet: 3rd Subnet: 4th Subnet: 5th Subnet:

10101100 172 172 172 172

. 00010000 .0010 0000.00 000000=172.16.32.0 . 16 .0010 0000.01 000000=172.16.32.64 . 16 .0010 0000.10 000000=172.16.32.128 . 16 .0010 0000.11 000000=172.16.32.192 . 16 .0010 0001.00 000000=172.16.33.0 Subnet VLSM Subnet. . .www.cisco.com

Network. . . 1999, Cisco Systems, Inc.

Host. . .BSCN4-24

. . .

. . .

As already discussed, VLSMs allow you to subnet an already subnetted address. Consider, for example, that you have a subnet address 172.16.32.0/20 and you need to assign addresses to a network that has ten hosts. With this subnet address, however, you have over 4000 (212-2=4094) host addresses, so you would be wasting over 4000 IP addresses. With VLSMs you can further subnet the address 172.16.32.0/20 to give you more network addresses and fewer hosts per network, which would probably work better in this network topology. If, for example, you subnet 172.16.32.0/20 to 172.16.32.0/26, you gain 64(=26) subnets, each of which could support 62 (=26-2) hosts. To further subnet 172.16.32.0/20 to 172.16.32.0/26 do the following: 1. Write 172.16.32.0 in binary form. 2. Draw a vertical line between the 20th and 21st bits, as shown in the graphic. 3. Draw a vertical line between the 26th and 27th bits, as shown in the graphic. 4. Calculate the 64 subnet addresses using the bits between the two vertical lines, from lowest to highest in value. The graphic shows the first five subnets available. If necessary, refer to the Job Aid: Binary Decimal Conversion Chart in Appendix A.

4-12 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

A Working VLSM ExampleDerived from the 172.16.32.0/20 Subnet 172.16.32.0/26 172.16.33.0/30 172.16.32.64/26

172.16.33.4/30

172.16.33.8/30

172.16.32.128/26

172.16.33.12/30 Derived from the 172.16.33.0/26 Subnet 172.16.32.192/26

30 bit mask (2 hosts)

26 bit mask (62 hosts)

1999, Cisco Systems, Inc.

www.cisco.com

BSCN4-28

VLSMs are commonly used to maximize the number of possible addresses available for a network. For example, because point-to-point serial lines require only two host addresses, you want to use a subnetted address that will not waste scarce subnet numbers. In the graphic, the addresses used on the ethernets are those generated on the previous page, Calculating VLSMs. This graphic illustrates where the addresses can be applied, depending on the number of hosts anticipated at each layer. For example, the WAN links use addresses with a prefix of /30. This prefix allows for only 2 hostsjust enough hosts for a point-to-point connection between a pair of routers. To calculate the addresses used on the WAN links, further subnet one of the unused subnets. In this case, we further subnetted 172.16.33.0/26 with a prefix of /30. This provides 4 more subnet bits and therefore 24 = 16 subnets for the WANs.It is important to remember that only subnets that are unused can be further Note subnetted. In other words, if you use any addresses from a subnet, that subnet cannot be further subnetted. In the example in the graphic, four subnet numbers are used on the LANs. Another, unused, subnet, 172.16.33.0/26, is further subnetted for use on the WANs.

Copyright 1999, Cisco Systems, Inc.

Extending IP Addresses 4-13

Written Exercise: Calculating VLSMsObjective: Given an IP address, use VLSMs to extend the use of the IP address. Task: You are in charge of the network in the graphic below. It consists of 5 LANs with 25 users on each segment and 5 serial links. You have been assigned the IP address 192.168.49.0/24 to allocate addressing for all links.

Written ExerciseUsing VLSMs, define appropriate subnets for addressing the networks using 192.168.49.0/24. 25 Users

Addresses for WAN linksA Serial B Serial C Serial D Serial E Serial

A25 Users

A B C HQ

B25 Users

C25 Users

D D E

25 Users

E 1999, Cisco Systems, Inc.

www.cisco.com

BSCN4-30

_________________________________________________________________ _________________________________________________________________

_________________________________________________________________

_________________________________________________________________

_________________________________________________________________

_________________________________________________________________

4-14 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Route SummarizationThis section describes and gives examples of route summarization, including implementation considerations.

What Is Route Summarization?172.16.25.0/24 I can route to the 172.16.0.0/16 network. 172.16.26.0/24

A172.16.27.0/24

B Routing Table 172.16.0.0/16

Routing Table 172.16.25.0/24 172.16.26.0/24 172.16.27.0/24

Routing protocols can summarize addresses of several networks into one address 1999, Cisco Systems, Inc.

www.cisco.com

BSCN4-33

In large internetworks hundreds or even thousands of network addresses can exist. In these environments, it is often not desirable for routers to maintain all these routes in their routing table. Route summarization, also called route aggregation or supernetting, can reduce the number of routes that a router must maintain because it is a method of representing a series of network numbers in a single summary address. For example, as the graphic shows, the router can either send three routing update entries, or summarize the addresses into a single network number.The router in the graphic is saying that it can route to the network 172.16.0.0/16, Note including all subnets of that network. However, if there were other subnets of 172.16.0.0 elsewhere in the network (for example, if 172.16.0.0 was discontiguous), summarizing in this way may not be valid. Discontiguous networks and summarization are discussed later in this chapter.

Another advantage to using route summarization in a large, complex network is that it can isolate topology changes from other routers. That is, if a specific link in the 172.16.27.0/24 domain was flapping, the summary route would not change, so no router external to the domain would need to keep modifying its routing table due to this flapping activity. Route summarization is most effective within a subnetted environment when the network addresses are in contiguous blocks in powers of two. For example, 4, 16, or 512 addresses can be represented by a single routing entry because summaryCopyright 1999, Cisco Systems, Inc. Extending IP Addresses 4-15

masks are binary masksjust like subnet masksso summarization must take place on binary boundaries (powers of two). Routing protocols summarize or aggregate routes based on shared network numbers within the network. Classless routing protocolsRIPv2, OSPF, and Enhanced IGRPsupport route summarization based on subnet addresses, including VLSM addressing. Classful routing protocolsRIPv1 and IGRP automatically summarize routes on the class network boundary, and do not support summarization on any other boundaries. Summarization is described in RFC 1518, An Architecture for IP Address Allocation with CIDR.

4-16 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Summarizing within an Octet172.16.168.0/24 = 10101100 . 00010000 .10101 000 . 00000000 172.16.169.0/24 = 172.16.170.0/24 = 172.16.171.0/24 = 172.16.172.0/24 = 172.16.173.0/24 = 172 172 172 172 172 . . . . . 16 16 16 16 16 .10101 001 . .10101 010 . .10101 011 . .10101 100 . .10101 101 . 0 0 0 0 0

Number of Common Bits = 21 Summary: 172.16.168.0/21 1999, Cisco Systems, Inc.

Noncommon Bits = 11BSCN4-34

www.cisco.com

The previous graphic illustrated a summary route based on a full octet 172.16.25.0/24, 172.16.26.0/24, and 172.16.27.0/24 could be summarized into 172.16.0.0/16. What if a router received updates for the following routeshow would the router summarize them?s s s s s s

172.16.168.0/24 172.16.169.0/24 172.16.170.0/24 172.16.171.0/24 172.16.172.0/24 172.16.173.0/24

To determine the summary route, the router determines the number of highestorder number of bits that match in all of the addresses. Referring to the list of IP addresses on this page, 21 bits match in all of the addresses. Therefore the best summary route is 172.16.168.0/21, as shown in the graphic. To allow the router to aggregate the most number of IP addresses into a single route summary, your IP addressing plan should be hierarchical in nature. This approach is particularly important when using VLSMs, as illustrated on the next page. You can summarize when the number of addresses is a power of two. If it is not a power of two you can divide the addresses into groups and summarize the groups separately.

Copyright 1999, Cisco Systems, Inc.

Extending IP Addresses 4-17

Summarizing Addresses in a VLSM-Designed Network172.16.128.0/20 B

17 2. 16 .1 28 .0

172.16.32.64/26 172.16.32.0/24 C 172.16.32.128/26

/2 0Corporate network A

172.16.0.0/1664 6. .1 72 0 /2 .0

1172.16.64.0/20 D

1999, Cisco Systems, Inc.

www.cisco.com

BSCN4-35

A VLSM design allows for maximum use of IP addresses, as well as more efficient routing update communication when using hierarchical IP addressing. In the graphic, for example, route summarization occurs at two levels:s

Router C summarizes two routing updates from networks 172.16.32.64/26 and 172.16.32.128/26 into a single update, 172.16.32.0/24. Router A receives three different routing updates, but summarizes them into a single routing update before propagating it to the corporate network.

s

4-18 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Implementation Considerations Multiple IP addresses must have same highest order bits Routing decisions made based on entire address Routing protocols must carry prefix (subnet mask) length

1999, Cisco Systems, Inc.

www.cisco.com

BSCN4-36

Route summarization reduces memory use on routers and routing-protocol network traffic. Requirements for summarization to work correctly are as follows:s s

Multiple IP addresses must share the same high-order bits. Routing protocols must base their routing decisions on a 32-bit IP address and prefix length that can be up to 32 bits. Routing protocols must carry the prefix length (subnet mask) with the 32-bit IP address.

s

Copyright 1999, Cisco Systems, Inc.

Extending IP Addresses 4-19

Route Summarization Operation in Cisco Routers172.16.5.33 172.16.5.32 172.16.5.0 172.16.0.0 0.0.0.0 /32 /27 /24 /16 /0 host subnet network block of networks default

Supports host-specific routes, blocks of networks, default routes Routers use the longest match

1999, Cisco Systems, Inc.

www.cisco.com

BSCN4-37

This following discusses the generalities of how Cisco routers handle route summarization. Details about how route summarization operates with a specific protocol are discussed in the specific protocol chapter. For example, route summarization for OSPF is discussed in the Interconnecting Multiple OSPF Areas chapter. Cisco routers manage route summarization in two ways:s

Sending route summariesRouting information advertised out an interface is automatically summarized at major (classful) network address boundaries by RIP, IGRP, and Enhanced IGRP. Specifically, this automatic summarization occurs for those routes whose classful network address differs from the major network address of the interface to which the advertisement is being sent. For OSPF you must configure summarization. Route summarization is not always a solution. You would not want to use route summarization if you needed to advertise all networks across a boundary, such as when you have discontiguous networks (discussed on the next page). EIGRP and RIPv2 allow you to disable autosummarization.

s

Selecting routes from route summariesIf more than one entry in the routing table matches a particular destination, the longest prefix match in the routing table is used. Several routes might match one destination, but the longest matching prefix is used. For example, if a routing table has different paths to 172.16.0.0/16 and to 172.16.5.0/24, packets addressed to 172.16.5.99 would be routed through 172.16.5.0/24 path because that address has the longest match with the destination address.

4-20 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Summarizing Routes in a Discontiguous Network172.16.5.0 255.255.255.0 192.168.14.16 255.255.255.240 172.16.6.0 255.255.255.0

ARIPv1 will advertise network 172.16.0.0

C

BRIPv1 will advertise network 172.16.0.0

RIPv1 and IGRP do not advertise subnets, and therefore cannot support discontiguous subnets OSPF, EIGRP, and RIPv2 can advertise subnets, and therefore can support discontiguous subnets 1999, Cisco Systems, Inc.

www.cisco.com

BSCN4-38

Classful routing protocols summarize automatically at network boundaries. This behavior, which cannot be changed with RIPv1 and IGRP, has important results:s s

Subnets are not advertised to a different major network. Discontiguous subnets are not visible to each other.

In the example, the 172.16.5.0 255.255.255.0 and 172.16.6.0 255.255.255.0 subnets are not advertised by RIP because RIP cannot advertise subnets; both Router A and Router B advertise 172.16.0.0. This leads to confusion when routing across network 192.168.14.0; for example Router C receives routes about 172.16.0.0 from two different directions so it cannot make a correct routing decision. This situation can be resolved by using RIPv2, OSPF, or Enhanced IGRP and not using summarization, because the subnet routes would be advertised with their actual subnet masks. Advertisements are configurable when using OSPF and Enhanced IGRP. The Cisco IOS software also provides an IP unnumbered feature that permits noncontiguous subnets separated by an unnumbered link.

Copyright 1999, Cisco Systems, Inc.

Extending IP Addresses 4-21

Be Careful When Summarizing Routes172.16.5.0/24 172.16.7.0/24 192.168.14.16 255.255.255.240 172.16.6.0/24

A

C

B

172.16.9.0/24

EIGRP advertises 172.16.0.0/16

EIGRP advertises 172.16.0.0/16

EIGRP on both Router A and Router B advertise a summarized route to 172.16.0.0/16 Router C receives two routes to 172.16.0.0/16 Router A (and/or B) should be configured to not summarize 1999, Cisco Systems, Inc.

www.cisco.com

BSCN4-39

Be careful when using route summarization in a network that has discontiguous subnets, or if not all of the summarized subnets are reachable via the advertising router. If a summarized route indicates that certain subnets are reachable via a router, when in fact those subnets are discontiguous and/or are not reachable via that router, the network may have problems similar to those shown in the previous graphic for a RIPv1 network. However, since routers running classless routing protocols use the longest prefix match when selecting a route from the routing table, if the other subnets are advertised without being summarized, then other routers can select the longest prefix match and follow the correct path. For example, in the graphic, if Router A continues to summarize to 172.16.0.0/16 and Router B was configured to not summarize, then Router C would receive explicit routes for 172.16.6.0/24 and 172.16.9.0/24 along with the summarized route to 172.16.0.0/16. All traffic for Router Bs subnets would then be sent to Router B, while all other traffic for the 172.16.0.0 network would be sent to Router A.

4-22 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Written Exercise: Using Route SummarizationObjective: Given a network plan that includes IP addressing, explain if route summarization is or is not possible. Task: In the following graphics, indicate where route summarization can occur, and what the summarized address would be, by completing the tables.

Exercise 1

Written ExerciseExercise 1172.16.1.192/28 172.16.1.208/28

A172.16.1.64/28 172.16.1.96/28

B172.16.1.80/28

Other Network Addresses172.16.1.128/28 172.16.1.144/28 172.16.1.176/28 172.16.1.160/28 172.16.1.48/28

C

172.16.1.112/28

D Major Network 172.16.0.0/28 1999, Cisco Systems, Inc.

www.cisco.com

BSCN4-41

Router C Route Table Entries

Routes That Can Be Advertised to Router D from Router C

Copyright 1999, Cisco Systems, Inc.

Extending IP Addresses 4-23

Exercise 2

Written Exercise (cont.)Exercise 2172.16.1.128/28 172.16.1.144/28

F Other Network Addresses172.16.1.192/28 172.16.1.208/28 172.16.1.64/28 172.16.1.80/28 172.16.1.96/28 172.16.1.112/28

G172.16.1.160/28

172.16.1.176/28

H172.16.1.48/28

D Major Network 172.16.0.0/28

1999, Cisco Systems, Inc.

www.cisco.com

BSCN4-42

Router H Route Table Entries

Routes That Can Be Advertised to Router D from Router H

4-24 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Classless Inter-Domain RoutingThis section describes the classless inter-domain routing (CIDR) mechanism.

Classless Inter-domain Routing (CIDR) Mechanism developed to alleviate exhaustion of addresses and reduce routing table size Blocks of Class C addresses assigned to ISPs; ISPs assign subsets of address space to organizations Blocks are summarized in routing tables 1999, Cisco Systems, Inc.

www.cisco.com

BSCN4-44

Classless Inter-domain Routing (CIDR) is a mechanism developed to help alleviate the problem of exhaustion of IP addresses and growth of routing tables. The idea behind CIDR is that blocks of multiple Class C addresses can be combined, or aggregated, to create a larger (that is, more hosts allowed) classless set of IP addresses. Blocks of Class C network numbers are allocated to each network service provider. Organizations using the network service provider for Internet connectivity are allocated subsets of the service provider's address space as required. These multiple Class C addresses can then be summarized in routing tables, resulting in fewer route advertisements CIDR is described further in RFCs 1518 and 1519. RFC 2050, the Internet Registry IP Allocation Guidelines, specifies guidelines for the allocation of IP addresses.

Copyright 1999, Cisco Systems, Inc.

Extending IP Addresses 4-25

CIDR Example192.168.8.0/24A

19 2.1 68

.8.

192.168.9.0/24. . .

0/2 4192.168.8.0/21HQ

B . . . H

192.1 68.9.0

/24

192.168.15.0/24

6 2.1 19

/24 5 .0 8.1

Networks 192.168.8.0/24 through 192.168.15.0/24 are summarized by HQ in one advertisement 192.168.8.0/21 1999, Cisco Systems, Inc.

www.cisco.com

BSCN4-45

The graphic shows an example of CIDR and route summarization. The class C network addresses 192.168.8.0/24 through 192.168.15.0/24 are being used and are being advertised to the HQ router. When the HQ router advertises the networks available, instead of separately advertising the eight class C networks, it can summarize these into one route. By advertising 192.168.8.0/21, the HQ router is saying: I can get to all destination addresses that have the first 21 bits the same as the first 21 bits of the address 192.168.8.0. The mechanism used to calculate the summary route to advertise is the same as shown earlier in the chapter.

4-26 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Case Study: Introduction to Course Case StudiesThis section introduces the case studies used throughout the remainder of the course.

Case Study: Introduction to Course Case StudiesInternetAcquisition A 1 Class A - Private 2 Class C - Public IGRP AS 350, RIP OSPF Area 0 - Small Acquisition C 1 Class B - Public OSPF Area 0 - All Multi-vendor Equipment No Summarization

JKL Corporation 1 Class B - Public Recently re-designed, optimal OSPF Area 0 - Small, Redundant OSPF Multi-Area, Hierarchical VLSM with Route Summarization

Acquisition B 3 Class C - Public IP RIP Only 500 Devices, out of addr. 6 Hops

Acquisition D 1 Class B - Public 1 Class C - Private Enhanced IGRP AS 400 Discontig. Subnets

JKLs Problem: How to integrate Acquisitions A - D? 1999, Cisco Systems, Inc.

www.cisco.com

BSCN4-47

Check numbers with Kip Throughout the rest of this course we will be using a Case Study of JKL Corporation to discuss various aspects of scalable routing. The case studies are used to review key concepts, to discuss critical issues surrounding network operation, and to provide a focus for the lab exercises. JKL is an enterprise that will be making four acquisitions A, B, C and D. JKLs ultimate goal is to integrate the acquisitions networks with its own network. JKL has recently undertaken to redesign their network and now have a robust design using OSPF, VLSM and route summarization. JKL has a class B public address. As we introduce details on various topics throughout the rest of the course we will see the problems that JKL must overcome as it integrates the networks of its acquisitions with its own OSPF network. Acquisition A is using a mixture of routing protocolsRIP, IGRP and OSPF. It has two class C public addresses and uses a class A private address. Acquisition B is using 3 class C public addresses and is using only IP RIP as its routing protocol. It has 500 devices and has run out of IP addresses. Acquisition C has a multi-vendor environment and is using OSPF and 1 class B public address. It is not using summarization. Acquisition D has 1 class B and 1 class C public address and discontiguous subnets. It is using EIGRP as the routing protocol.Copyright 1999, Cisco Systems, Inc. Extending IP Addresses 4-27

In this course we elaborate on many issues relating to routing protocols and addressing strategies; the JKL case study will provide a mechanism to study a practical application of these concepts.

4-28 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

SummaryThis section summaries the tasks you learned to complete in this chapter

SummaryAfter completing this chapter, you should be able to perform the following tasks:Given an IP address, use VLSMs to extend the use of the IP address Given a network plan that includes IP addressing, explain if route summarization is or is not possible

1999, Cisco Systems, Inc.

www.cisco.com

BSCN4-48

Copyright 1999, Cisco Systems, Inc.

Extending IP Addresses 4-29

Review QuestionsAnswer the following questions.

Review Questions1. What are some of the advantages of using a hierarchical IP addressing model? 2. Given an address with a prefix of /20, how many additional subnets are gained when subnetting with a prefix of /28? 3. When selecting a route, the __________ prefix match is used.

1999, Cisco Systems, Inc.

www.cisco.com

BSCN4-49

4-30 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

5

Scalable Routing Protocol Overview

.

ObjectivesUpon completion of this chapter, you will be able to perform the following tasks: List the key information routers need to route data Compare distance vector and link-state protocol operation

1999, Cisco Systems, Inc.

www.cisco.com

BSCN5-2

ObjectivesThis chapter discusses the kind of information routers need in order to route traffic and how distance vector and link-state routing protocols operate to get the information. Sections:s s s s s s

Objectives What Is Routing? Comparing Routing Protocols Written Exercise: Comparing Routing Protocols Summary Answers to Exercises

Copyright 1999, Cisco Systems, Inc.

Scalable Routing Protocol Overview

5-2

What Is Routing?How do I get this to Hong Kong?

OptionsHong Kong

Regular mail service Two-week ground mail service Overnight air mail service

1999, Cisco Systems, Inc.

www.cisco.com

BSCN5-3

What Is Routing?Routing is the process by which an item gets from one location to another. Many items get routed: for example, mail, telephone calls, and trains. In this class, you have been learning how to configure a router, the device used to route traffic in a computer network. To be able to route anything, a router, or any other entity that performs the routing, needs to know the following key information:s s s s s

The destination, or address of the item that needs to be routed. From which source it can learn the paths to given destinations. Possible routes, or paths, to intended destinations. The best path(s) to the intended destinations. A way of verifying that the known paths to destinations are the most current.

This information is exactly what a routing protocol provides a router. Further, each routing protocol uses a slightly different mechanism to obtain this information, nevertheless, the goal is the same. The chapters in this module discuss routing protocols in the context of how they operate to provide a router the key information listed. In this way you should be able to better compare routing protocols and their application in your networking environment.

5-3

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Comparing Routing ProtocolsWhat must I know to route to Hong Kong?

Destination address Who I can learn routes from Possible routes The best route A way to verify the route is currentProtocol Categories Characteristic Distance Vector Link State Older; for small networks Newer; for large networks Supported Protocols RIP, IGRP, RTMP OSPF, NLSP, IS-IS

1999, Cisco Systems, Inc.

www.cisco.com

BSCN5-10

Comparing Routing ProtocolsAlthough there are numerous routing protocols such as RIP, OSPF, IS-IS, and NLSP, they can all be classified under one of the categories shown in the table.Category Distance vector routing protocols Link-state routing protocols Routing Protocol IP RIP, IPX RIP, AppleTalk RTMP, IGRP IP OPSF, IPX NLSP, IS-IS

Although the protocols operate slightly differently, the mechanisms they use for learning and selecting paths, for example, have their origin in either distance vector or link-state routing. Distance vector protocols were written first and were designed for use in smaller network environments. Link-state protocols were created as a result of growing networks in order to address the limitations that distance vector protocols have when used in larger internetworks. This subsection summarizes the differences in how each routing protocol category obtains the following key information for a router:s s s s s

Addressing Identifying neighbors Discovering routes Selecting route Maintaining routing information

Copyright 1999, Cisco Systems, Inc.

Scalable Routing Protocol Overview

5-4

Hierarchical Addressing172.16.25.0

I can route to the 172.16.0.0 network.172.16.26.0

172.16.27.0

A single address, similar to a state, represents a large collection of addresses

172.16.28.0

A single address, similar to a city, represents a smaller collection of addresses

1999, Cisco Systems, Inc.

www.cisco.com

BSCN5-12

Hierarchical AddressingIn a small networking environment, there is no concern about running out of addresses. In large and growing networking environments, however, the number of addresses can become very limited unless the addresses are structured into a hierarchical framework. A hierarchical addressing framework has at least two key advantagesincreased availability of addresses and reduced need to memorize all addressing entries. Consider, the postal system, which uses the following hierarchy for routing mail in the United States:s s s s s

Zip code State City Street House number (most specific)

This six-layer hierarchical structure enables an unlimited number of addresses to exist. In addition, a postal carrier need not memorize all the streets in Chicago, Illinois, if he or she delivers mail in San Diego, California. All the carrier needs to know is what zip code represents Chicago. That is, the zip code is a single entry that represents all house addresses in a given area. In other words, it is a summary of the addresses in an area. To accommodate large internetworks, a similar type of hierarchical framework must be used. To support hierarchical addressing, this module discusses variable length subnet masking (VLSM), which is specifically used in IP environments, and route summarization.

5-5

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Identifying Neighbors

B A A D D C

Hello, are you my neighbor?

1999, Cisco Systems, Inc.

www.cisco.com

BSCN5-13

Identifying NeighborsIn networks with few routers, routers can converge in a reasonable amount of time, even though a downed router is not detected quickly. However, the delay in detecting a downed router in a large network can be disastrous. To make sure that a downed router is located quickly in a large network, link-state protocols include a process for identifying neighbors and verifying periodically that the neighbors exist. The key differences in how distance vector and link-state protocols identify neighbors is as follows:Distance Vector Does not have a formal way of learning about neighbors. Link-State Establishes a formal connection (linkstate) with each directly connected neighbor. This is done using the Hello protocol, which is discussed in detail in the Configuring OSPF in a Single Area chapter. Detects when a neighbor is unavailable when a hello is not received in predefined update interval. Typically the interval is 10 seconds.

Detects when a neighbor is unavailable only when the neighbor does not send its routing update during the periodic routing update interval, which can range from 10 to 90 seconds.

Copyright 1999, Cisco Systems, Inc.

Scalable Routing Protocol Overview

5-6

Discovering Paths to Destinations

Token RingFDDI

What routes do I have to each network?

1999, Cisco Systems, Inc.

www.cisco.com

BSCN5-14

Discovering Paths to DestinationsIn networks with few routers, distance vector protocols can use the hearsay method to communicate because there are not many routers through which the information must cross. Further, sending out the entire routing table in a small internetwork does not use much overhead. But consider an internetwork with 100 routers. What would happen if each router sent out its entire routing table? To reduce traffic overhead, link-state routers send information for specific links, not their entire link-state table. In addition, because the link-state information is received firsthand by each router, there is less chance for routing errors to be propagated throughout the network. The key differences in how distance vector and link-state protocols discover the network are as follows:Distance Vector Each router creates a routing table that includes its directly connected networks and sends the routing table to its directly connected neighbors. The neighbor incorporates all received routing tables into its own routing table and sends the updated routing table to its neighbors. Link-State Each router creates a link-state table that includes entries about the entire network.

Each router floods the entire internetwork with information about the links it knows about in update packets. Each neighboring router receives the update packet, copies the contents, and continues sending it. Note that the router does not recalculate its routing table before sending the entry to its neighbors.

5-7

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Selecting the Best PathA

BToken RingFDDI

What is the best path to host B?www.cisco.com

1999, Cisco Systems, Inc.

BSCN5-15

Selecting the Best PathIn small networks, the media types used are generally the same and the metric used to determine distance is based on the number of routers that are in the path to the destination. But both of these conditions may be problematic in a large and growing network, particularly in the case when there are 100 or so routers and when mixed media is present throughout the network. To address these issues, link-state protocols use bandwidth to determine the distance to a destination. The key differences in how distance vector and link-state protocols select the best path to a destination in the internetwork are as follows:Distance Vector The typical metric used is to count the number of routers (hops) on the path to the destination. IPX RIP also uses a time value called a tick. The path with the lowest number of hops is the best path. The maximum number of hops is typically 15. To determine the shortest path, the Bellman-Ford algorithm is used. The routing table can include multiple equal cost routes to a given destination. These can be used for load balancing or redundancy. Link-State The metric used is a numerical value based on the bandwidth of the link. The value is called cost. The path with the lowest total cost is the best path. The maximum possible cost is almost unlimited. The algorithm used to determine the lowest cost is the shortest path first (SPF) algorithm. The routing table can include multiple equal cost routes to a given destination. These can be used for load balancing or redundancy.

Copyright 1999, Cisco Systems, Inc.

Scalable Routing Protocol Overview

5-8

Maintaining RoutesA

A

B

B

C C

D D

Routing Update

Routing Table

Routing Table

Routing Table

Routing Table

Send routing table periodically or Send updated entries incrementally 1999, Cisco Systems, Inc.

www.cisco.com

BSCN5-16

Maintaining RoutesIn a small network using a distance vector protocol, neighboring routers exchange their route information at a periodic interval, which is acceptable because a small network does not typically have much route information. In contrast, routers in large networks must manage large amounts of routing information. Exchanging large routing tables periodically could bring down a network and not allow any data traffic to flow. Link-state protocols address this issue. The key differences in how distance vector and link state protocols maintain routes is as follows:Distance Vector When a router learns about a change in the internetwork, the router updates its routing table with the change and sends its entire routing table to its neighbors. Neighboring routers incorporate the received routing table into their routing table, run the Bellman-Ford algorithm, and forward their updated routing tables. This process continues until all routers converge. If there is no change in the internetwork at a periodic interval (usually 60 seconds), each router sends out its routing table to its neighbors. Link-State When a router learns about a change in the internetwork, it updates its link-state table and sends an update only about changed entries to all routers in the internetwork. Each router receives the update and adds it to the link-state table.

The routers then run the SPF algorithm to select the best paths. If no change occurs in the internetwork, then the routers will send updates only for those route entries that have not been updated periodicallyfrom 30 minutes to 2 hours, depending on the routing protocol.

5-9

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Written Exercise: Comparing Routing ProtocolsObjective: List the key information routers need to route data. Objective: Compare distance vector and link-state protocol operation. Task: List the five pieces of information that a router needs in order to route traffic. 1 2 3 4 5 __________________________________________________________ __________________________________________________________ __________________________________________________________ __________________________________________________________ __________________________________________________________

Task: In the line to the left of each statement, identify the routing protocol by placing a DV for distance vector or LS for link-state. If a sentence describes more than one routing protocol, identify all protocols that apply. _____________ ____________ ____________ ____________ ____________ ____________ ____________ ____________ 1. Sends periodic updates, even if no network change has occurred. 2. Sends out updates when network changes occur. 3. The simplest routing protocol to configure. 4. RIP and RTMP are examples of this routing protocol. 5. OSPF is an example of this protocol. 6. Learns about neighbors to ensure bidirectional communication. 7. This protocol determines the best path by the lowest hop count. 8. This protocol uses the shortest path first algorithm.

Copyright 1999, Cisco Systems, Inc.

Scalable Routing Protocol Overview

5-10

Summary A routing protocol learns the following information: Destination address Identified neighbors Paths to destinations Best path Route information maintained Distance vector protocols are designed for smaller networks Link-state protocols are designed for larger networks 1999, Cisco Systems, Inc.

www.cisco.com

BSCN5-18

Summary

5-11

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Answers to Written Exercise: Comparing Routing ProtocolsFirst Written Exercise1 2 3 4 5 Destination address Identify neighbors Discover routes Select routes Maintain routing information

Second Written Exercise1 2 3 4 5 6 7 8 DV (Note: OSPF sends out updates every 30 minutes.) LS DV DV LS LS DV LS

Copyright 1999, Cisco Systems, Inc.

Scalable Routing Protocol Overview

5-12

5-13

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

6

Configuring OSPF in a Single Area

.

ObjectivesUpon completion of this chapter, you will be able to perform the following tasks: Explain why OSPF is better than RIP in a large internetwork Explain how OSPF discovers, chooses, and maintains routes in Multiaccess, Point-to-Point and NBMA networks Configure OSPF for proper operation Verify OSPF operation

1999, Cisco Systems, Inc.

www.cisco.com

BSCN 6-2

ObjectivesThis chapter covers the use, operation, configuration, and verification of OSPF. Sections:s s s

Objectives OSPF Overview OSPF Operation within a Single Areas s s

Mutliaccess Network Point-to-Point Network NBMA Network

s s s s s s s

Written Exercise: OSPF Operation Configuring OSPF in a Single Area Verifying OSPF Operation Summary Lab Exercise: Configuring OSPF for a Single Area Answers to Exercises Supplement AOSPF Single Area Configuration Examples

OSPF was written for large and growing networks. It allows you to segregate the Note internetwork into smaller areas. This chapter discusses how OSPF operates within an area and the next chapter, Interconnecting Multiple OSPF Areas, discusses how the areas interoperate with each other.

Copyright 1999, Cisco Systems, Inc.

Configuring OSPF in a Single Area

6-2

OSPF OverviewThis section provides an overview of OSPF

What Is OSPF?

Has fast convergence Supports VLSM Has no hop count limitation Processes updates efficiently Selects paths based on bandwidth Supports equal-cost multipath

1999, Cisco Systems, Inc.

www.cisco.com

BSCN 6-4

What Is OSPF?OSPF is a link-state technology, as opposed to a distance vector technology such as RIP. The OSPF protocol performs the two basic primary function of every routing protocol algorithm: path selection and path switching . OSPF was developed by the Internet Engineering Task Force (IETF) in 1988. The most recent version, known as OSPF version 2, is described in RFC 2328. OSPF is an Interior Gateway Protocol (IGP) which means that it distributes routing information between routers belonging to the same Autonomous System. OSPF was written to address the needs of large, scalable internetworks that RIP could not. The issues it addresses are as follows: s Speed of convergenceIn large networks, RIP convergence can take several minutes as the routing algorithm goes through a holddown and route-aging period. With OSPF, convergence is faster than with RIP because routing changes are flooded immediately and computed in parallel. s Support for Variable-Length Subnet Masks (VLSMs)RIP1 does not support VLSMs. OSPF supports subnet masking and VLSMs. (Note that RIP2 supports VLSMs.) s Network reachabilityA RIP network that spans more than 15 hops (15 routers) is considered unreachable. OSPF has virtually no reachability limitations. s Use of bandwidthRIP broadcasts full routing tables to all neighbors every 30 seconds, which is especially problematical over slow WAN links. OSPF multicasts link state updates and only sends the updates when there is a change in the network.

6-3

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Method for path selectionRIP has no concept of network delays and link costs. Routing decisions are based purely on hop count, which could lead to suboptimal path selection in cases where a longer path (in terms of hop count) has a higher aggregate link bandwidth and shorter delays. OSPF uses a cost value, which is based on the speed of the connection. As with RIP and IGRP, OSPF also provides support for equal-cost multipath. Note that although OSPF was written for large networks, implementing it requires proper design and planning, which is especially important if your network has more than 50 routers.s

Copyright 1999, Cisco Systems, Inc.

Configuring OSPF in a Single Area

6-4

OSPF TerminologyAutonomous System

NeighborsInterfacesDR

Area 1Cost=1785

Cost=10Token Ring

Area 0BDR

Cost=6

Neighbors Lists Lists Neighbors

Topology Database Lists All Routes

Routing Table Lists Best Routes

1999, Cisco Systems, Inc.

www.cisco.com

BSCN 6-13

OSPF TerminologyThis page introduces you to a variety of terms related to link-state technology and OSPF. The following are basic terms to get you started:s

InterfaceThe connection between the router and one of its attached networks. An interface is sometimes referred to as a link in OSPF literature. Link stateThe status of a link between two routers, that is a routers interface and its relationship to its neighboring routers. CostThe value assigned to a link. Rather than hops, link-state protocols assign a cost to a link that is based on the speed of the media. A cost is associated with the output side of each router interface, referred to as Interface Output Cost. Autonomous SystemA group of routers exchanging routing information using a common routing protocol. AreaA collection of networks and routers that have the same area identification. Each router within an area has the same link-state information. A router within an area is an internal router. NeighborTwo routers that have interfaces on a common network. Neighbor relationship are usually discovered and maintained by the Hello protocol. HelloProtocol used by OSPF to establish and maintain neighbor relationship. Designated router (DR) and backup designated router (BDR)A router that is elected by all other routers on the same LAN to represent all the routers. Each network has a DR and BDR. These routers have special responsibilities that are discussed later in this chapter.

s

s

s

s

s

s

s

6-5

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

s

Neighborship list A listing of all the neighbors to which a router has established bi-directional communication. Not every pair of neighboring routers become adjacent. Link-state database, also known as a topological databaseA list of link-state entries of all other routers in the internetwork. It shows the internetwork topology. All routers within an area have identical link-state databases. The link-state database is pieced together from LSAs generated by routers Routing tableThe routing table (also known as forwarding database) generated when an algorithm is run on the link-state database. Each routers routing table is unique.

s

s

Copyright 1999, Cisco Systems, Inc.

Configuring OSPF in a Single Area

6-6

OSPF OperationThe following section discusses the operation of OSPF.

OSPF TopologiesBroadcast Multiaccess

Point-to-Point

NBMA

X.25Frame Relay

1999, Cisco Systems, Inc.

www.cisco.com

BSCN 6-15

OSPF TopologiesOSPF can run over multi-access networks or over non-broadcast networks. The topology of a network has an impact on how adjacencies are created. Following are the different topologies found in OSPF and covered in this chapter.

s

Broadcast Multi-access networksNetworks supporting many (more than two) attached routers, together with the capability to address a single physical message to all of the attached routers (broadcast). An Ethernet segment is an example of a broadcast network. Point-to-point networksA network that joins a single pair of routers. A T1 dedicated serial line is an example of a point-to-point network. Non-broadcast Multi-access networksNetworks supporting many (more than two) routers, but having no broadcast capability. Frame Relay and X.25 are example of Non-Broadcast Multiaccess Networks (NBMA)

s

s

6-7

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

OSPF Operation in a Multi-Access NetworkThe following section discusses OSPF operation in a multi-access environment, such as Ethernet or Token Ring

NeighborshipD E Hello

B

Aafadjfjorqpoeru 39547439070713

C

Hello

Router ID Hello/Dead Intervals Neighbors Area-ID Router Priority DR IP Address BDR IP Address Authentication Password Stub Area Flag

*

*

*

*

* Entry must match on neighboring routers 1999, Cisco Systems, Inc.

www.cisco.com

BSCN 6-17

NeighborshipBecause OSPF routing is dependent on the status of a link between two routers, neighbor routers must recognize each other on the network before they can share information. This process is done using the Hello protocol. The Hello Protocol is responsible for establishing and maintaining neighbor relationships.. It ensures that the communication between neighbors is bi-directional, where a router sees itself listed in the Hello packet it received from a neighbor. Hello packets are sent periodically out of each interface participating in OSPF using IP multicast address 224.0.0.5. The information contained in a Hello packet is as follows: Router IDA 32-bit number which uniquely identifies the router within an Autonomous System. The highest IP address on an active interface is chosen by default, for example, IP address 131.108.13.5 would be chosen over 128.11.4.1. This identification is important in establishing neighbor relationships and coordinating messages between copies of the SPF algorithm running in the network. Also, the router ID is used to break ties during the DR and BDR election processes if the priority values are equal. (DR and BDR are discussed later.) Hello and dead intervalsThe hello interval specifies the frequency in seconds that a router sends hellos (ten-second default on multi-accessCopyright 1999, Cisco Systems, Inc. Configuring OSPF in a Single Area 6-8

networks). The dead interval is the time in seconds that a router waits to hear from a neighbor before declaring the neighbor router down (four times the hello interval by default). These timers must be the same on neighboring routers.

6-9

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Neighborship (cont.)D E Hello

B

Aafadjfjorqpoeru 39547439070713

C

Hello

Router ID Hello/Dead Intervals Neighbors Area-ID Router Priority DR IP Address BDR IP Address Authentication Password Stub Area Flag

*

*

*

*

* Entry must match on neighboring routers 1999, Cisco Systems, Inc.

www.cisco.com

BSCN 6-18

Neighborship (cont.) NeighborsThe neighbors to which a bi-directional communication has been established. Bi-directional communication is indicated when the router sees itself listed in the neighbor's Hello Packet. (At this point, this field is empty.) Area-IDTo communicate, two routers must share a common segment and have their interfaces belong to the same area on that segment (also same subnet and mask). These routers will all have the same link-state information. Router Priority An 8-bit number that indicates the priority of this router when selecting a designated DR and BDR. DR and BDRIf known, the IP addresses of the DR and BDR for the specific network(covered in next section). Authentication passwordIf authentication is enabled, two routers must exchange the same password. Authentication does not have to be set, but if it is set, all peer routers must have the same password. Stub area flagA stub area is a special area that will be discussed in the next chapter. Two routers must agree on the stub area flag in the hello packets.

Copyright 1999, Cisco Systems, Inc.

Configuring OSPF in a Single Area

6-10

Neighborship (cont.)A172.68.5.1/24 E0 172.68.5.2/24 E1

B

Down State

I am router ID 172.68.5.1 and I see no one.Init State

Router B Neighbors List 172.68.5.1/24, int E1 I am router ID 172.68.5.2, and I see 172.68.5.1 Router A Neighbors List 172.68.5.2/24, int E0Two-Way State

1999, Cisco Systems, Inc.

www.cisco.com

BSCN 6-22

Neighborship (cont.)The exchange process, using the hello protocol, when all routers are coming up on the network at the same time, is as follows: 1. Router A is enabled on the LAN and is in a down state because it has not exchanged information with any other router. It begins by sending a hello packet through each of its interfaces participating in OSPF, even though it does not know the identity of the DR or of any other routers. The Hello packet is sent out using multicast address 224.0.0.5. 2. All routers running OSPF receive the hello packet from router A and add router A to their list of neighbors. This is the Init state. 3. All routers that received the packet send a unicast reply hello packet to router A with their corresponding information, as listed in step 1. The neighbor field includes all other neighboring routers, including router A. 4. When router A receives these packets, it adds all the routers that had its (router As) router ID in their packet to its own neighborship database. This is referred to as the two-way state. At this point, all routers that have each other in their list of neighbors have established bi-directional communication. 5. The routers determine who the DR and BDR will be. The DR and BDR election process is described in the next subsection, Electing the DR and BDR. This process must occur before routers can begin exchanging link-state information. Link-state exchanges are discussed in the Discovering Routes subsection. 6. Periodically (ten seconds by default) the routers within a network exchange hello packets to ensure communication is still working. The hello updates include the DR/BDR and the list of routers whose hello packets have been received by the router. Remember that received means that the receiving router saw its name as one of the entries in the received hello packet.6-11 Building Scalable Cisco Networks Copyright 1999, Cisco Systems, Inc.

Establishing AdjacencyDR BDR

Hellos elect DR and BDR Each router forms adjacency with DR and BDR

1999, Cisco Systems, Inc.

www.cisco.com

BSCN 6-23

Establishing AdjacencyAdjacency refers to the relationship, which exists between a router and its DR/BDR. Adjacency is based upon the use of a common media segment, example, two routers connected on the same Ethernet segment. But prior to establishing a preferred When routers first come up on a network, they perform the hello process, as discussed in the previous sub-section. A router will then attempt to form adjacencies with some of its newly acquired neighbors. Routers must elect a DR and BDR to represent the network. The DR and BDR add value to the network in the following ways:s

Reducing routing update trafficThe DR and BDR act as a central point of contact for link-state information exchange on a given network, therefore, each router must establish an adjacency with the DR/BDR. Instead of each router exchanging link-state information with every other router on the segment, each router sends the link-state information to the DR and BDR. The DR represents the multiaccess network in the sense that it sends each routers link-state information to all other routers in the network. This flooding process significantly reduces the router-related traffic on a segment. Manage link-state synchronizationThe DR and BDR assure that the other routers on the network have the same link-state information about the internetwork. In this way, the number of routing errors is reduced.

s

The BDR does not perform any DR functions when the DR is operating. Instead, it receives all information, but allows the DR to performs the forwarding and synchronization tasks. The BDR performs DR tasks only if the DR fails.Once a DR/BDR is elected, then any router added to the network will go through Note the establishing adjacencies process only with the DR and BDR.Copyright 1999, Cisco Systems, Inc. Configuring OSPF in a Single Area 6-12

Electing the DR and BDRP=3 P=2

DR

BDR

Hello

P=1

P=1

P=0

Hello packets exchanged via IP multicast Router with highest OSPF priority elected 1999, Cisco Systems, Inc.

www.cisco.com

BSCN 6-24

Electing a DR and BDRTo elect a DR and BDR, the routers view each others priority value during the hello packet exchange process, and use the following conditions to determine which is elected:s s s

The router with the highest priority value is the DR. The router with the second highest priority value is the BDR. The default for the interface OSPF priority is 1. In case of a tie, the routers router ID is used. A router with a priority set to 0 is ineligible to become DR or BDR. If a router with a higher priority value gets added to the network, the DR and BDR do NOT change. The only time a DR or BDR will change is if one goes down. If the DR goes down, then the BDR takes over as the DR and a new BDR is elected. If the BDR goes down, a new BDR is elected. To determine if the DR is down, the BDR sets a timer. This is a reliability feature. If the BDR does not hear the DR forwarding link-state advertisements (LSAs) before the timer expires, then the BDR assumes the DR is out of service.

s s

In a multiaccess environment, each network segment will have its own DR and BDR. Therefore a router that is connected to multiple networks can be a DR on one segment and a regular router on another segment. How neighbors are perceived in other network topologies is discussed later on in this chapter.

6-13

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Discovering RoutesE0 172.68.5.1afadjfj orqpoeru 39547439070713

DR E0 172.68.5.3Exstart State

Hello

I will start exchange because I have router ID 172.68.5.1.afadjfj orqpoeru 39547439070713

No, I will start exchange because I have a higher router ID.Exchange State

Helloafadjfj orqpoeru 39547439070713

Here is a summary of my link-state database.afadjfj orqpoeru 39547439070713

DBD

DBD 1999, Cisco Systems, Inc.

Here is a summary of my link-state database.www.cisco.comBSCN 6-26

Discovering RoutesOnce the DR and BDR have been elected, the routers are considered to be in the Exstart state and are ready to discover the link-state information about the internetwork and create their link-state databases. The process used to discover the network routes is called the Exchange protocol, and is performed to get the routers to a Full state of communication. Once adjacent routers are in a Full state, they do not redo the exchange protocol unless the Full state changes. The exchange protocol operates as follows: 1. In the Exstart state, the DR and BDR establish adjacencies with each router in the network. During this process, a master-slave relationship is created between each router and its adjacent DR/BDR. The router that has the higher router ID acts as the master. Note that link-state information is exchanged and synchronized only between the DR/BDR and the routers to which they have established adjacencies because having the DR represent the network in this capacity reduces the amount of routing update traffic. 2. The master and slave routers exchange one or more database description packets (DBDs or DDPs), which is referred to as the Exchange state. A DBD includes the LSA entries that appear in the master routers link-state database. The entries can be about a link or about a network. Each LSA entry includes such things as a link-state type, the address of the advertising router, the cost of the link, and the sequence number. The sequence number is a routers way of determining the newness of the received link-state information. The sequence number used by the adjacent routers is the one defined by the master.

Copyright 1999, Cisco Systems, Inc.

Configuring OSPF in a Single Area

6-14

Discovering Routes (cont.)DR E0 172.68.5.1afadjfj orqpoeru 39547439070713

E0 172.68.5.3afadjfj orqpoeru 39547439070713

LSAckafadjfj orqpoeru 39547439070713

Thanks for the information!Loading State.

LSAck

LSR

I need the complete entry for network 172.68.6.0/24.afadjfj orqpoeru 39547439070713

Here is the entry for network 172.68.6.0/24.afadjfj orqpoeru 39547439070713

LSU

LSAck Thanks for the information!Full State 1999, Cisco Systems, Inc.

www.cisco.com

BSCN 6-29

Discovering Routes (cont.)3. When the slave router receives the DBD, it does the following: Acknowledges the receipt of the DBD by echoing the link-state entry sequence numbers in a link-state acknowledgment (LSAck) packet. Compares the information it received with the information it has. Remember that the initial entries put into the link-state database are from the adjacencies database. If the DBD has a more up-to-date link-state entry, then the slave router sends a link-state request (LSR) to the master router. The master router responds with the complete information about the requested entry in a link-state update (LSU) packet. Again, the slave router sends an LSAck when the LSU is received. The process of sending LSRs is referred to as the Loading state. 4. All routers add the new link-state entries into their link-state database. 5. Once all LSRs have been satisfied for a given router, the adjacent routers are considered synchronized and in a Full state. The routers must be in a Full state before they can route traffic. At this point, the routers should all have identical link-state databases.

6-15

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Choosing Routes1.1.1.0/24 AToken Ring

2.2.2.0/24 BFDDI

3.3.3.0/24 C

Cost=6 Cost=1 Cost=104.4.4.0/24 Topology Table Net Cost Out Interface 2.2.2.0 6 To0 3.3.3.0 7 To0 This is the best route to C. 3.3.3.0 10 E0 1999, Cisco Systems, Inc.

www.cisco.com

BSCN 6-30

Choosing RoutesOnce a router has a complete link-state database, it is ready to create its routing table so it can route traffic. Recall that distance vector protocols such as RIP select the best route to a destination based on a hop count metric. The Bellman-Ford algorithm is run to determine the routes with the lowest hop count. Link-state protocols use a cost metric to determine the best path to a destination. The default cost metric is based on media bandwidth. For example, 10-Mbps Ethernet has a lower cost than a 56kbps line because it is faster. To calculate the lowest cost to a destination, link-state protocols such as OSPF use the Dijkstra algorithm. Using its link-state database as input, a router runs the Dijkstra Algorithm, thus building its routing table step by step. In simple terms, the algorithm adds up the total costs between the local router (the root) and each destination network. If there are multiple paths to a destination, the lowest-cost path is preferred. But note that OSPF keeps up to six equal cost route entries in the routing table for load balancing. Sometimes a link, such as a serial line, will go up and down rapidly (called flapping), or a link-state change may affect another series of links. In these situations, a series of LSUs could be generated, which would cause routers to repeatedly recompute a new routing table. This flapping could be so serious that the routers would never converge. To minimize this problem, each time an LSU is received the router waits for a period of time before recalculating its routing table. The spf holdtime command was added to the Cisco IOS software to prevent routers from computing a new routing table after fewer than 10 seconds (default). Refer to the OSPF version 2 RFC 2328 for a detailed description of the Dijkstra algorithm.

Copyright 1999, Cisco Systems, Inc.

Configuring OSPF in a Single Area

6-16

Maintaining Routing Information2

Link-State ChangeLSU

DR

4 I need to update my routing table. 1 LSU

x

A New Router

B

3LSU

New router tells all OSPF DRs on 224.0.0.6 DR tells others on 224.0.0.5 1999, Cisco Systems, Inc.

www.cisco.com

BSCN 6-34

Maintaining Routing InformationIn a link-state routing environment, it is very important for all routers' topological databases to stay synchronized. When there is a change in a link-state, the routers use a flooding process to notify the other routers in the network of the change. Link State Update packets provide the mechanism for flooding LSAs. In general, the flooding process is as follows: 1. A router notices a change in a link state and multicasts an LSU packet that includes the updated LSA entry to 224.0.0.6, the all OSPF DRs (and BDR) address. . An LSU packet may contain several distinct LSAs. 2. The DR acknowledges the receipt of the change and floods the LSU to others on the network using the OSPF multicast address 224.0.0.5. To make the flooding procedure reliable, each LSA must be acknowledged separately. After receiving the LSU, each router responds to the DR with an LSAck. 3. If a router is connected to another network, it floods the LSU to other networks by forwarding the LSU to the DR of the multi-access network, or adjacent router if in a point-to-point network. The DR, in turn, multicasts the LSU to the other routers in the network. 4. When a router receives the LSU that includes the changed LSU, the router updates its link-state database. It then computes the SPF algorithm with the new database to generate a new routing table. After a short delay, it switches over to the new routing table. OSPF simplifies the synchronization issue by requiring only adjacent routers to remain synchronized.

6-17

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

In a Cisco router, if a route already exists, the routing table is used simultaneously Note as the SPF is calculating. But if the SPF is calculating a new route, the use of the routing table occurs after the SPF calculation is complete.

Copyright 1999, Cisco Systems, Inc.

Configuring OSPF in a Single Area

6-18

Maintaining Routing Information (cont.)LSU LSA Is entry in link-state database? No A Add to database Is seq. # the same? No Is seq. # newer? No Send LSU with newer information to source Endwww.cisco.comBSCN 6-38

Ignore LSA Yes

Yes

Yes

Send LSAck to DR

Flood LSA Run SPF to calculate new routing table

Go to A

End 1999, Cisco Systems, Inc.

Maintaining Routing Information (cont.)Each LSA entry has its own aging timer, carried in the LS Age field. The default timer value is 30 minutes (it is expressed in seconds in the LS age field). After an LSA entry ages, the router that originated the entry sends an LSU to the network to verify that the link is still active. This validation method saves on bandwidth compared to distance vector routers, which send their entire routing table. When each router receives the LSU, it does the following:s

If the entry already exists and the received LSU has the same information, it ignores the LSA entry. If the entry already exists but the LSU includes new information, it sends an LSAck to the DR, adds the entry to its link state database, and updates its routing table. If the entry already exists but the LSU includes older information, it sends an LSU with its information.

s

s

Remember that there are different types of LSAs. In this chapter, the LSAs Note discussed are the router link LSA, which is an LSA about a link and its status, and the network LSA, which the DR sends out. The network LSA describes all the routers attached to a multiaccess segment. The next chapter will discuss other LSA types.

6-19

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

OSPF Operation in a Point-to-Point networkThe following section discusses the OSPF operation with Point-to-Point links

Point-to-Point Neighborship

Router dynamically detects its neighboring router using the Hello protocol No election: adjacency is automatic as soon as the two routers can communicate OSPF packets are always sent as multicast 224.0.0.5 1999, Cisco Systems, Inc.

www.cisco.com

BSCN 6-40

Point-to-Point NeighborshipA Point-to-point network joins a single pair of routers. A T1 serial line is an example of a point-to-point network. On point-to-point networks, the router dynamically detects its neighboring routers by sending its Hello packets to the multicast address AllSPFRouters, 224.0.0.0.5. On physical point-to-point networks, neighboring routers become adjacent whenever they can communicate directly. No election is performed. On physical point-to-point networks, the IP destination is always set to the multicast address AllSPFRouters, 224.0.0.5. On all other network types, the majority of OSPF packets are sent as unicasts, i.e., sent directly to the other end of the adjacency, sent as unicasts to the DR and BDR. It is possible to use IP unnumbered with OSPF. Usually, the IP source address is set to the address of the outgoing interface. Interfaces to unnumbered point-topoint networks have no associated IP address. On these interfaces, the IP source will be set to any of the other IP addresses belonging to the router.

Copyright 1999, Cisco Systems, Inc.

Configuring OSPF in a Single Area

6-20

OSPF Operation in a NBMA networkThe following section discusses OSPF in a Non-Broadcast Multi-Access environment.

NBMA NetworkX.25Frame Relay

Single interface interconnects multiple sites NBMA support multiple routers but without broadcasting capabilities

1999, Cisco Systems, Inc.

www.cisco.com

BSCN 6-42

NBMA NetworksWhen a single interface is used to interconnect multiple sites, you may have reachability issues because of the nonbroadcast multiaccess (NBMA) nature of Frame Relay and X.25. With Frame Relay running multiple PVCs over a single interface, the primary issue is with split horizon. NBMA networks are those networks that support many (more than two) routers, but have no broadcast capability, such as Frame Relay. For the purpose of our NBMA presentation, we will work with a Frame Relay environment. By default, a Frame Relay network provides NBMA connectivity between remote sites. NBMA connectivity means that although all locations can reach each other, depending on the topology, routing update broadcasts received by one router cannot be forwarded to all locations because Frame Relay networks use split horizon to reduce the number of routing loops.

6-21

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Frame Relay TopologiesMultiaccess(Full Mesh)

Point-to-Multipoint(Partial Mesh)

Point-to-Point(Star (Hub and Spoke))

Reachability issues ? 1999, Cisco Systems, Inc.

www.cisco.com

BSCN 6-43

Frame Relay TopologiesFrame Relay allows you to interconnect your remote sites in a variety of ways, and by default interfaces that support Frame Relay are multipoint connection types. Example topologies, as shown in Figure 11-7, include the following:s

A star topology, also known as a hub-and-spoke configuration, is the most popular Frame Relay network topology. In this topology, remote sites are connected to a central site that generally provides a service or application. This is the least expensive topology because it requires the least number of PVCs. In this scenario, the central router provides a multipoint connection because it is typically using a single interface to interconnect multiple PVCs. In a full-mesh topology, all routers have virtual circuits to all other destinations. This method, although costly, provides direct connections from each site to all other sites and allows for redundancy. When one link goes down, a router at site A can reroute traffic through site C, for example. As the number of nodes in the full-mesh topology increases, the topology becomes increasingly more expensive. In a partial-mesh topology, not all sites have direct access to a central site.

s

s

Reachability Issues with Routing UpdatesBy default, a Frame Relay network provides NBMA connectivity between remote sites. NBMA connectivity means that although all locations can reach each other, depending on the topology, routing update broadcasts received by one router cannot be forwarded to all locations because Frame Relay networks use split horizon to reduce the number of routing loops.

Copyright 1999, Cisco Systems, Inc.

Configuring OSPF in a Single Area

6-22

Split-horizonR1

UpdateDLCI 51

S0 Central R2DLCI 52 Split-Horizon

R3

DLCI 53

Routing updates are prevented from exiting the router interface through which the update was first learned 1999, Cisco Systems, Inc.

www.cisco.com

BSCN 6-44

Split-Horizon in NBMASplit horizon reduces the number of routing loops by not allowing a routing update received on one interface to be forwarded through the same interface. As shown above, central routers interface S0 receives a routing update from router R1. Central router is connecting through three PVCs over a single interface. Split Horizon forbids Central router to send out updates via the same interface that it received them. Therefore, routers R2 and R3 will never receive the update.

6-23

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

OSPF over Frame Relay Modes of operation RFC-compliant modes: Non-broadcast multiaccess Point-to-multipoint Additional modes from Cisco: Broadcast multiaccess Point-to-Point

1999, Cisco Systems, Inc.

www.cisco.com

BSCN 6-45

OSPF over Frame RelayAs described in RFC 2328, OSPF runs in one of two official modes over nonbroadcast networks:s

Nonbroadcast multiaccess (NBMA) - Simulates the operation of OSPF in a broadcast network. That is, the routers exchange update traffic to identify their neighbors and elect a designated router (DR)/ backup designated router (BDR). This configuration is usually seen in a fully meshed network. Some configuring is necessary on the router for this mode to work properly, which we will see later on in this chapter. The neighbor will have to be statically defined or they are broadcast.

Broadcasting is implemented by multiplicating packets in routers and individually sent to destination. This process is CPU and bandwidth intensive.

s

Point-to-multipoint - Treats the non- broadcast network as a collection of point-to-point links. Non-broadcast networks are referred to as NBMA networks or point-to-multipoint networks, depending on OSPF's mode of operation over the network. In this environment, the routers identify their neighbors but do not elect a DR/BDR. This configuration is used typically with partially meshed networks.

The OSPF point-to-multipoint mode is a numbered Point to point interface. This configuration is treated just like any other point to point physical interface. It can be either done under the serial interface itself (typically a point to point interface) or under a point to point subinterface. These point-to-point links operate as if you had a large number of leased lines. Remember though that each point-to-point links must be on its own separate subnet for IP addresses.

Copyright 1999, Cisco Systems, Inc.

Configuring OSPF in a Single Area

6-24

The choice of mode of operation between NBMA mode and point-to-multipoint mode, determines the way that the Hello protocol and flooding work over the nonbroadcast network.

6-25

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

NBMA mode neighborship

Fully-meshed network Stability of network DR/BDR elected if more than two routers on the Frame Relay network RFC 2328 compliant

1999, Cisco Systems, Inc.

www.cisco.com

BSCN 6-46

OSPF in NBMA modeOSPF considers the NBMA environment like any other broadcast media such as Ethernet. NBMA clouds are usually built in a hub and spoke topology. PVCs or SVCs are laid out in a partial mesh and the physical topology does not provide the multi access that OSPF believes is out there. In NBMA mode, OSPF emulates operation over a broadcast network. A DR and BDR are elected for the NBMA network, and the DR/BDR originates an LSA for the network. Note that in this environment, the routers must be fully meshed in order for adjacencies to be established among the routers. Assuming that there are not a lot of neighbors in the network, NBMA mode is the most efficient way to run OSPF over non-broadcast networks, both in terms of link-state database size and in terms of the amount of routing protocol traffic. However, consider the following before using this mode:s

Full Mesh: Requires all routers attached to the NBMA network to be able to communicate directly with each other. This restriction may be met on some non-broadcast networks, such as an ATM subnet utilizing SVCs, or Frame Relay, when using subinterfaces, but it is not met in fully-meshed Frame Relay networks. In Fully meshed (and to certain extent partially meshed) Frame Relay networks, the split horizon rule is used, therefore, anything received on a PVC over a given interface, cannot be sent out the same interface on which it was received, even if it is over another PVC, as explained earlier in this chapter. Stability of the network: Link-state routing protocols require that, for a multiaccess environment, neighbor adjacencies has been defined in order for routing updates to be exchanged. In OSPF, the designated router (DR) and backup designated router (BDR), assure that all the routers on the have the same link-state information regarding the internetwork. If the network is notConfiguring OSPF in a Single Area 6-26

s

Copyright 1999, Cisco Systems, Inc.

stable, anytime a connection is compromised, routers noticing the link state change, multicast an update to the DR/BDR. DR will acknowledged the update and floods it to other routers. Further, any changes made to the link state database, will require the forwarding database to be recalculated, and thus burdening the router CPU. DR and BDR are elected when there are multiple devices (more than two) on the same segment. The intent is to prevent the segment from being overwhelmed with broadcast updates from all of the devices on that same segment. It does not, however, mean that broadcasts are limited to those devices. When a modification occurs the DR and BDR handle the change for that segment. The change is then flooded out into the area, which you will see in the next chapter. It is possible for the frame relay cloud to be its own area, therefore isolating its link state changes from the rest of the network. This however is not a rule and depends on the customers network and their provider. If you are using a single PVC on an interface, and that PVC goes down, the interface goes down. This means that a link failure would be recognized. If running OSPF over subinterfaces, however, if a subinterface goes down, the interface remains up, and therefore, the router does not reflect that there is a connectivity problem. On non-broadcast networks where not all routers can communicate directly, you can break the non-broadcast network into logical subnets, with the routers on each subnet being able to communicate directly. Then, each separate subnet can be run as an NBMA network or a point to point network if each virtual circuit is defined as a separate logical subnet. However, this setting requires quite a bit of administrative overhead, and is prone to misconfiguration. It is probably better to run such a non- broadcast network in point-to-multipoint mode.

6-27

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Point-to-Multipoint mode neighborship

Fully-meshed or partially meshed Static neighbor statement Unique IP subnet Duplicate LSA packets RFC 2328 compliant

1999, Cisco Systems, Inc.

www.cisco.com

BSCN 6-47

OSPF in Point-to-Multipoint modePoint-to-multipoint networks are designed to work with partial mesh connectivity. In point-to-multipoint mode, OSPF treats all router-to-router connections over the non- broadcast network as if they are point-to-point links, that is no DR/BDRs are elected, nor is there an LSA generated for the network. In large Frame Relay networks, using point-to-multipoint mode reduces the amount of Frame Relay PVCs required for complete connectivity since you are not required to have fully meshed topology. In addition, not having a fully meshed topology also reduces the number of neighbor entries in your neighbor table. In contrast to NBMA networks, point-to-multipoint networks have the following properties:s

Does not require fully-meshed network - This environment allows for routing between two routers that are not directly connected, but are connected through a router that has virtual circuits to each. The router that interconnects the non-adjacent neighbors is the one configured for point-to-multipoint. The other routers, assuming that they only have connections to the target router, should be configured for point-to-point. If, however, a spoke router was interconnected to the hub router and another spoke router, then it would be configured as point-to-multipoint as well. Requires static neighbor configuration- In a broadcast network, a multicasted hello packet is used to identify the routers neighbors. In a pointto- multipoint, you must statically define neighbors using the neighbor command, particularly since not all routers are adjacent.

s

Using the neighbors command, you specify the neighbor by its IP address-number and modify, if necessary, the cost of the link to the neighbor. In a broadcast network, the cost of the link to each neighbor isConfiguring OSPF in a Single Area 6-28

Copyright 1999, Cisco Systems, Inc.

equal, but in a point-to-multipoint, the cost can be statically configured to reflect the different bandwidths of each link.s

Uses unique IP subnets - When using subinterfaces, it requires a unique subnet for each point-to-point connection- can use ip unnumbered for this. Duplicates LSA packet - When flooding out a non-broadcast interface (when either in NBMA or point-to- multipoint mode) the LSA update or LSA ACK packet is replicated in order to be sent to each of the interface's neighbors, as defined in the neighbors table.

s

6-29

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Additional Cisco modes neighborship

Broadcast mode Point-to-point subinterface mode

1999, Cisco Systems, Inc.

www.cisco.com

BSCN 6-48

Cisco additional modesThe Broadcast mode approach is a workaround for using the "neighbor" command which statically lists all existing neighbors. The interface will be logically set to broadcast and will behave as if the router were connected to a LAN. DR and BDR election will still be performed so special care should be taken to assure either a full mesh topology or a static selection of the DR based on the interface priority. The point-to-point subinterface mode, the same physical interface can be split into multiple logical interfaces, with each subinterface being defined as point-topoint. This was originally created in order to handle better issues caused by split horizon over NBMA and vector based routing protocols. A point-to-point subinterface has the properties of any physical point-to-point interface. As far as OSPF is concerned, an adjacency is always formed over a point-to-point subinterface with no DR or BDR election, as explained earlier in the section on point-to-point neighborship.

Copyright 1999, Cisco Systems, Inc.

Configuring OSPF in a Single Area

6-30

Adjacencies creationPoint-to-Point interfaces coming up: No election%LINK-3-UPDOWN: Interface Serial1, changed state to up OSPF: Interface Serial1 going Up OSPF: Rcv hello from 192.168.0.11 area 0 from Serial1 10.1.1.2 OSPF: End of hello processing OSPF: Build router LSA for area 0, router ID 192.168.0.10 OSPF: Rcv DBD from 192.168.0.11 on Serial1 seq 0x20C4 opt 0x2 flag 0x7 len 32 state INIT OSPF: 2 Way Communication to 192.168.0.11 on Serial1, state 2WAY OSPF: Send DBD to 192.168.0.11 on Serial1 seq 0x167F opt 0x2 flag 0x7 len 32 OSPF: NBR Negotiation Done. We are the SLAVE OSPF: Send DBD to 192.168.0.11 on Serial1 seq 0x20C4 opt 0x2 flag 0x2 len 72

Ethernet interface coming up: ElectionOSPF: 2 Way Communication to 192.168.0.10 on Ethernet0, state 2WAY OSPF: end of Wait on interface Ethernet0 OSPF: DR/BDR election on Ethernet0 OSPF: Elect BDR 192.168.0.12 OSPF: Elect DR 192.168.0.12 DR: 192.168.0.12 (Id) BDR: 192.168.0.12 (Id) OSPF: Send DBD to 192.168.0.12 on Ethernet0 seq 0x546 opt 0x2 flag 0x7 len 32 OSPF: DR/BDR election on Ethernet0 OSPF: Elect BDR 192.168.0.11 OSPF: Elect DR 192.168.0.12 DR: 192.168.0.12 (Id) BDR: 192.168.0.11 (Id) 1999, Cisco Systems, Inc.

www.cisco.com

BSCN 6-49

Adjacencies creationOn this two debug output screen, you can see how no election is performed on a point-to-point network. The DBD are exchanged as soon as the two routers can communicate. On a Ethernet segment, an election takes place prior to any routing exchanges.

6-31

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

OSPF over NBMA SummaryMODE Preferred Topology Subnet Address Same Adjacency Manual configuration DR/BDR elected Automatic No DR/BDR Automatic DR/BDR elected Automatic No DR/BDR RFC or Cisco RFC RFC

Non-broadcast Fully Meshed Point-toMultipoint Broadcast Point-to-Point Subinterface

Star Fully Meshed

Same Same Different for each subint.

Cisco

Any

Cisco

1999, Cisco Systems, Inc.

www.cisco.com

BSCN 6-50

OSPF over NBMA SummaryThe above table provides a concise comparison between the different modes of operation for OSPF over NBMA.OSPF has two new features related to point-to-multipoint networks with IOS Note 11.3a: point-to-multipoint broadcast networks: no need to specify neighbors. However, you can specify neighbors with the neighbor command, in which case you should specify a cost to that neighbor. point to multipoint nonbroadcast networks: you now use the neighbor command to identify neighbors . You can find more information on the subject at www.cisco.com with the keywords: OSPF Point-to-Multipoint Network with Separate Costs per Neighbor.

Copyright 1999, Cisco Systems, Inc.

Configuring OSPF in a Single Area

6-32

Written Exercise: OSPF Operation Objective: Explain why OSPF is better than RIP in a large internetwork. Objective: Explain how OSPF discovers, chooses, and maintains routes. Task: Answer the following questions. 1 List three reasons why OSPF operates better than RIP in a large internetwork. ______________________________________________________________ ______________________________________________________________ ______________________________________________________________

2

What does a router do when it receives an LSU? ______________________________________________________________ ______________________________________________________________ ______________________________________________________________

3

Identify when the exchange protocol and the flooding protocol are used, and describe how each operates. ______________________________________________________________ ______________________________________________________________ ______________________________________________________________ ______________________________________________________________

4

Write a brief description of the following: Internal router _________________________________________________ LSU ________________________________________________________

DDP __________________________________________________________ Hello packet _________________________________________________

5

Match the term with the statement most closely describing it. Write the letter of the description next to the term. ____area ____Full state ____DR A) The router responsible for route synchronization. B) Indicates routers can route information. C) Indicates routers can discover link state information.

____Exchange state D) A collection of routers and networks.

6

Name the two RFC-compliant modes for OSPF over Non-broadcast Multiaccess network:. ______________________________________________________________

6-33

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

______________________________________________________________ Name the two additional Cisco modes for OSPF over NBMA: ______________________________________________________________ ______________________________________________________________

Copyright 1999, Cisco Systems, Inc.

Configuring OSPF in a Single Area

6-34

Configuring OSPF in a Single AreaThe following section discusses how to configure OSPF in a Single Area

Configuring OSPF on Internal RoutersBroadcast Network AE0 10.64.0.2 10.64.0.1 E0

Point-to-Point Network BS0 10.2.1.2 10. 2.1.1 S1

C

interface Ethernet0 ip address 10.64.0.1 255.255.255.0 ! router ospf 1 network 10.0.0.0 0.255.255.255 area 0

interface Ethernet0 ip address 10.64.0.2 255.255.255.0 ! interface Serial0 ip address 10.2.1.2 255.255.255.0 router ospf 50 network 10.2.1.2 0.0.0.0 area 0 network 10.64.0.2 0.0.0.0 area 0

Can assign network or interface address. 1999, Cisco Systems, Inc.

www.cisco.com

BSCN 6-53

Configuring OSPF on Internal RoutersTo configure OSPF, do the following:Step 1

Enable OSPF on the router.router(config)#router ospf process-id

process-idAn internally used number to identify if you have multiple OSPF processes running within a single router. The process-id need not match process-ids on other routers. Running multiple OSPF processes on the same router is not recommended because it creates multiple database instances that add extra overhead.Step 2

Identify which IP networks on the router are part of the OSPF network. For each network, you must identify to what area the networks belong. The network value can vary in that it can be the network address supported by the router, or the specific interface addresses configured. The router knows how to interpret the address by comparing the address to the wildcard mask.router(config-router)#network address wildcard-mask area area-id

network area Command address

Description Can be the network address, subnet, or the address of the interface. Instructs router to know which links to advertise, which links to listen to advertisements on, and what networks to advertise. An inverse mask used to determine how to read the address. The mask has wildcard bits where 0 is a match and 1 is dont care; for example, 0.0.255.255 indicates a match in the first two bytes.Copyright 1999, Cisco Systems, Inc.

wildcard-mask

6-35

Building Scalable Cisco Networks

area area-id

If specifying the interface address, use mask 0.0.0.0. Specifies the area to be associated with the address. Can be a number or can be similar to an IP address A.B.C.D. For a single area, the ID must equal 0.

Copyright 1999, Cisco Systems, Inc.

Configuring OSPF in a Single Area

6-36

Configuring Optional CommandsBogus Loopback Address Ex: 1.1.1.1 Not in OSPF table Saves address space Cannot use ping Real Loopback Address Ex: 131.108.17.5 In OSPF table Uses address space Can use ping Network 131.108.0.0

Router ID: Number by which the router is known to OSPF Default: The largest IP address on an active interface at the moment of OSPF process startup Can be overridden by a loopback interface: highestIP address of any active loopback interface 1999, Cisco Systems, Inc.

www.cisco.com

BSCN 6-54

Configuring Optional CommandsThe following commands can be used to modify OSPF behavior:s

Modifying the OSPF router ID to a loopback address:router(config-if)#interface loopback number

The highest IP address used as the router ID can be overridden by configuring an IP address on a loopback interface. OSPF is more reliable if a loopback interface is configured because it is always active and cannot go down like a real interface. So it is recommended that you use the loopback address on all key routers, at least. If you plan to publish your loopback address with the network area command, make sure you use a private IP address. Note that a loopback address requires a different subnet for each router. Pros and cons exist in using a made-up or bogus address as opposed to using real subnet addresses. In addition to reliability, a bogus address saves on real IP addresses, but the address does not appear in the OSPF table, so it cannot be pinged. This decision represents a trade-off between the ease of debugging the network and conservation of address space. To determine the router ID of a router, type show ip ospf interface.s

Modifying router priorityChanging the OSPF priority on an interface is done using the following interface command:router(config-if)#ip ospf priority number (from 0 to 255)

The default is 1. A priority value of 0 indicates an interface cannot be elected as DR or BDR.

6-37

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Configuring Optional Commands (cont.)TrafficToken Ring

CiscoRouter(config-if)#

Non-Cisco

ip ospf cost cost

Assigns a cost to an outgoing interface May be required for interoperability Use default cost between Cisco devices

1999, Cisco Systems, Inc.

www.cisco.com

BSCN 6-55

Configuring Optional Commands (cont.)s

Modifying the link costOverride the default cost value assigned to an OSPF interface.router(config-if)#ip ospf cost cost

costA number from 1 to 65535 that indicates the metric assigned to the interface. Path cost is the total of the costs assigned to all interfaces that forward traffic along the path to the destination. Ciscos OSPF default cost assignment is based on the bandwidth of the link. Other vendors might use a different mechanism to assign OSPF cost to a link, so you may have to change the default cost because all interfaces connected to the same link must agree on the links cost. In general, the path cost in Cisco routers is calculated using the formula:108/Bandwidth. Using this formula, the following are some example default costs: 56-kbps serial linkDefault cost is 1785 T1 (1.544-Mbps serial link)Default cost is 64 EthernetDefault cost is 10 16-Mbps Token RingDefault cost is 6On serial lines, the default bandwidth is 1.544 Mbps. If the line is a slower speed, Note use the bandwidth command to specify the real link speed. The cost of the link will then change to correspond to the bandwidth you configured.

Copyright 1999, Cisco Systems, Inc.

Configuring OSPF in a Single Area

6-38

Configuring OSPF over Frame RelayRouter(config-if)#

ip ospf network {non-broadcast | point-to-multipoint | broadcast}

Non-broadcast mode Point-to-Multipoint mode Broadcast mode Point-to-point subinterface mode

1999, Cisco Systems, Inc.

www.cisco.com

BSCN 6-56

Configuring OSPF over Frame RelayOSPF over Frame Relay can be configured in four different modes:s

RFC compliant modes:

Non-broadcast mode (RFC compliant) Point-to-Multipoint mode (RFC compliant) Broadcast mode (additional Cisco mode) Point-to-point mode (this mode is achieved through the subinterface point-to-point configuration) (additional Cisco mode)

The following command is used to specify the ospf network configuration (not necessarily the physical configuration): router(config-if)#ip ospf network {non-broadcast | point-tomultipoint | broadcast}Ip ospf network Command Non-broadcast Point-to-multipoint Broadcast Description Sets the network type to non-broadcast Sets the network type to point-to-multipoint Sets the network type to broadcast

6-39

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Configuring OSPF in Non-broadcast modeRouter(config-router)#

Neighbor ip-address priority number poll-interval secR1(config)#interface Serial0 R1(config-if)#ip address 10.1.1.1 255.255.255.0 R1(config-if)#encapsulation frame-relay R1(config-if)#ip ospf network non-broadcast R1(config)#router ospf 1 R1(config-router)#network 10.1.1.0 0.0.0.255 area 0 R1(config-router)#neighbor 10.1.1.2 R1(config-router)#neighbor 10.1.1.3 R1(config-router)#neighbor 10.1.1.4

1999, Cisco Systems, Inc.

Non-broadcast mode by default, so no need for this command Neighbor statements necessary www.cisco.com

BSCN 6-57

Configuring OSPF in NBMA modeThe selection of the DR becomes an issue in a NBMA mode because the DR and BDR need to have full physical connectivity with all routers that exist on the cloud. Also, because of the lack of broadcast capabilities, the DR and BDR need to have a static list of all other routers attached to the cloud. This is achieved using the neighbor command. The neighbor commend is somewhat obsolete with the introduction of means of setting the interface Network Type to whatever we want irrespective of what the underlying physical media is. Different methods can be used to avoid the complications of configuring static neighbors and having specific routers becoming DRs or BDRs on the non-broadcast cloud. This is explained in the following section. The neighbor command is used to configure OSPF routers interconnecting to nonbroadcast networks: router(config-router)#neighbor ip address [priority number] [pollinterval seconds] [cost number]

Neighbor Command

Description Interface IP address of the neighbor (Optional) 8-bit number indicating the router priority value of the nonbroadcast neighbor associated with the IP address specified. The default is 0. This keyword does not apply to point-to-multipoint interfaces.

Ip addressPriority

Poll-interval

(Optional) Unsigned integer value reflecting the poll interval. RFC 1247 recommends that this value be much larger than the hello interval. TheConfiguring OSPF in a Single Area 6-40

Copyright 1999, Cisco Systems, Inc.

Cost

default is 120 seconds (2 minutes). This keyword does not apply to point-to-multipoint interfaces. (Optional) Assigns a cost to the neighbor, in the form of an integer from 1 to 65535. Neighbors with no specific cost configured will assume the cost of the interface, based on the ip ospf cost command. On point-to-multipoint interfaces, this is the only keyword and argument that make sense. This keyword does not apply to NBMA networks.

6-41

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Configuring OSPF in Point-to-Multipoint modeR1(config)#interface Serial0 R1(config-if)#ip address 10.1.1.1 255.255.255.0 R1(config-if)#encapsulation frame-relay R1(config-if)#ip ospf network point-to-multipoint R1(config)#router ospf 1 R1(config-router)#network 10.1.1.0 0.0.0.255 area 0

No need for DR and neighbor statements OSPF exchanges additional LSUs Can be done with Star topology 1999, Cisco Systems, Inc.

www.cisco.com

BSCN 6-58

Configuring OSPF in Point-to-Multipoint modeAn OSPF point-to-multipoint interface is defined as a numbered point-to-point interface having one or more neighbors. The cloud is configured as one subnet. No need to worry about DRs and neighbor statements. OSPF point-to-multipoint works by exchanging additional link-state updates that contain a number of information elements that describe connectivity to the neighboring routers.

Copyright 1999, Cisco Systems, Inc.

Configuring OSPF in a Single Area

6-42

Configuring OSPF in Broadcast modeR1(config)#interface Serial0 R1(config-if)#ip address 10.1.1.1 255.255.255.0 R1(config-if)#encapsulation frame-relay R1(config-if)#ip ospf network broadcast R1(config)#router ospf 1 R1(config-router)#network 10.1.1.0 0.0.0.255 area 0

No need for DR and neighbor statements Full mesh topology required or a static selection of the DR based on priority

1999, Cisco Systems, Inc.

www.cisco.com

BSCN 6-59

Configuring OSPF in Broadcast modeThis approach is a workaround for using the "neighbor" command which statically lists all existing neighbors. This configuration works best with a fully-meshed network.

6-43

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Configuring OSPF in Point-to-Point subinterface modeR1(config)#interface Serial0 R1(config-if)#no ip address R1(config-if)#encapsulation frame-relay R1(config)#interface Serial0.1 point-to-point R1(config-if)#ip address 10.1.1.1 255.255.255.0 R1(config-if)#frame-relay interface-dlci 51 R1(config)#interface Serial0.2 point-to-point R1(config-if)#ip address 10.1.2.1 255.255.255.0 R1(config-if)#frame-relay interface-dlci 52 R1(config)#router ospf 1 R1(config-router)#network 10.1.0.0 0.0.255.255 area 0

OSPF considers each subinterface as a physical point-to-point network Adjacency is automatic 1999, Cisco Systems, Inc.

www.cisco.com

BSCN 6-60

Configuring OSPF in Point-to-Point subinterface modeTo configure subinterfaces on a physical interface, do the following: 1. Select the interface that you want to create subinterfaces on and get into the interface configuration mode. 2. It is recommended that you remove any network-layer address assigned to the physical interface and assign the network layer address to the subinterface. 3. Configure Frame Relay encapsulation, as discussed in the Configuring Basic Frame Relay section. 4. Select the subinterface you want to configure: router(config)#interface serial number.subinterface-number {multipoint | pointto-point}interface serial Command .subinterface-number Description Subinterface number in the range 1 to 4294967293. The interface number that precedes the period (.) must match the interface number to which this subinterface belongs. Select this if routing IP and you want all routers in same subnet. Select this if you want each pair of point-to-point routers to have its own subnet.

multipoint point-to-point

Copyright 1999, Cisco Systems, Inc.

Configuring OSPF in a Single Area

6-44

Verifying OSPF OperationThe following section describes commands to use to verify OSPF operation.

Verifying OSPF OperationRouter#

show ip protocol

Verifies OSPF is configuredRouter#

show ip route

Displays all the routes learned by the routerRouter#

show ip ospf interface

Displays area ID and adjacency informationwww.cisco.com

1999, Cisco Systems, Inc.

BSCN 6-62

Verifying OSPF OperationThe following commands can be used to verify OSPF operation and statistics. The show ip protocol displays parameters about timers, filters, metrics, networks, and other information for the entire router. The show ip route displays the routes known to the router and how they were learned. This is one of the best ways to determine connectivity between the local router and the rest of the internetwork. The show ip ospf interface verifies that interfaces have been configured in the intended areas. If no loopback address is specified, the interface with the highest address is taken as the router ID. It also gives the timer intervals including the hello interval and shows the neighbor adjacencies.

6-45

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Verifying OSPF Operation (cont.)Router#

show ip ospf

Displays OSPF timers and statisticsRouter#

show ip ospf neighbor detail

Displays information about DR/BDR and neighborsRouter#

show ip ospf database

Displays the link-state database

1999, Cisco Systems, Inc.

www.cisco.com

BSCN 6-64

Verifying OSPF Operation (cont.)The show ip ospf displays the number of times the shortest path first (SPF) algorithm has been executed. It also shows the link-state update interval, assuming no topological changes have occurred. The show ip ospf neighbor detail displays details list of neighbors, their priorities, and their state, for example, init, exstart, or full. The show ip ospf database displays the contents of the topological database maintained by the router. The command also shows the router ID and the OSPF process ID. A number of database types can be shown with this command using keywords. Refer to the Cisco IOS Command Reference, Part 1 manual for details about the keywords.

Copyright 1999, Cisco Systems, Inc.

Configuring OSPF in a Single Area

6-46

Verifying OSPF Operation (cont.)Router#

clear ip route *

Allows you to clear the IP routing tableRouter#

debug ip ospf

Displays router interaction during the hello, exchange, and flooding processes

1999, Cisco Systems, Inc.

www.cisco.com

BSCN 6-69

Verifying OSPF Operation (cont.)The following commands and their associated options can be used when troubleshooting OSPF. These will be discussed further in the Configuring OSPF lab exercise.s

Reset the IP routing table using the following options:p2r2#clear ip route ? * Delete all routes A.B.C.D Destination network route to delete

s

Debug a variety of OSPF operations using the following debug options:p2r2#debug ip ospf ? adj OSPF events OSPF flood OSPF lsa-generation OSPF packet OSPF retransmission OSPF spf OSPF tree OSPF adjacency events events flooding lsa generation packets retransmission events spf database tree

6-47

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

show ip ospf interface

R2#sh ip ospf int e0 Ethernet0 is up, line protocol is up Internet Address 192.168.0.12/24, Area 0 Process ID 1, Router ID 192.168.0.12, Network Type BROADCAST, Cost: 10 Transmit Delay is 1 sec, State DROTHER, Priority 1 Designated Router (ID) 192.168.0.11, Interface address 192.168.0.11 Backup Designated router (ID) 192.168.0.13, Interface address 192.168.0.13 Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 Hello due in 00:00:04 Neighbor Count is 3, Adjacent neighbor count is 2 Adjacent with neighbor 192.168.0.13 (Backup Designated Router) Adjacent with neighbor 192.168.0.11 (Designated Router) Suppress hello for 0 neighbor(s)

1999, Cisco Systems, Inc.

www.cisco.com

BSCN 6-63

Show ip ospf interface commandThe show ip ospf interface command displays OSPF-related interface information:

Router>show ip ospf interface [type number]Show ip ospf interface Command Description

Type Number

(optional) Interface type (Optional) Interface number

Copyright 1999, Cisco Systems, Inc.

Configuring OSPF in a Single Area

6-48

Show ip ospf neighbor Multiaccess and Point-to-PointNeighbor ID 192.168.0.13 192.168.0.14 192.168.0.11 192.168.0.12 Pri 1 1 1 1 State 2WAY/DROTHER FULL/BDR 2WAY/DROTHER FULL/DR Dead Time Address 00:00:31 192.168.0.13 00:00:38 192.168.0.14 00:00:36 192.168.0.11 00:00:38 192.168.0.12 Interface Ethernet0 Ethernet0 Ethernet0 Ethernet0

OSPF over Ethernet - Multiaccess network

Neighbor ID 192.168.0.11

Pri State 1 FULL/ -

Dead Time Address 00:00:39 10.1.1.2

Interface Serial1

OSPF over HDLC - Point-to-Point network

1999, Cisco Systems, Inc.

www.cisco.com

BSCN 6-65

Show ip ospf neighbor command multiaccess and point-to-point modeThe show ip ospf neighbor OSPF-neighbor information on a per-interface basis:

Router>show ip ospf neighbor [type number] [neighbor-id] [detail]

Show ip ospf neighbor Command

Description

Type number Neighbor-iddetail

(optional) Interface type (Optional) Interface number (Optional) Neighbors ID. (Optional) Displays all neighbors given in detail (list all neighbors).

6-49

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Show ip ospf neighbor (cont.) NBMA network

Neighbor ID 192.168.0.12 192.168.0.13 192.168.0.11

Pri State Dead Time Address 1 FULL/DROTHER 0:01:56 10.1.1.2 0 FULL/DROTHER 0:01:34 10.1.1.3 1 FULL/BDR 0:01:56 10.1.1.1

Interface Serial0 Serial0 Serial0

OSPF over Frame Relay - Non-broadcast mode using the neighbor command

1999, Cisco Systems, Inc.

www.cisco.com

BSCN 6-66

Show ip ospf neighbor command (cont.) Non-broadcast modeIf this example, though not visible, the neighbor statement was used under the router ospf command, so the adjacencies could be established.

Copyright 1999, Cisco Systems, Inc.

Configuring OSPF in a Single Area

6-50

Show ip ospf neighbor (cont.) NBMA network

Neighbor ID 192.168.0.14 192.168.0.13 192.168.0.12

Pri 1 1 1

State Dead Time Address Interface FULL/DR 00:00:30 10.1.1.4 Serial0 FULL/DROTHER 00:00:36 10.1.1.3 Serial0 FULL/DROTHER 00:00:39 10.1.1.2 Serial0

OSPF over Frame Relay - Broadcast mode

1999, Cisco Systems, Inc.

www.cisco.com

BSCN 6-67

Show ip ospf neighbor command (cont.) Broadcast mode

6-51

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

show ip ospf databaseR2#show ip ospf database OSPF Router with ID (192.168.0.12) (Process ID 1)

Router Link States (Area 0) Link ID ADV Router 192.168.0.10 192.168.0.10 192.168.0.11 192.168.0.11 192.168.0.12 192.168.0.12 192.168.0.13 192.168.0.13 192.168.0.14 192.168.0.14 Age 817 817 816 816 817 Seq# Checksum Link count 0x80000003 0xFF56 1 0x80000003 0xFD55 1 0x80000003 0xFB54 1 0x80000003 0xF953 1 0x80000003 0xD990 1

Net Link States (Area 0) Link ID ADV Router Age 192.168.0.14 192.168.0.14 812 Seq# Checksum 0x80000002 0x4AC8

1999, Cisco Systems, Inc.

www.cisco.com

BSCN 6-68

Show ip ospf database commandWhen using the show ip ospf database command, you wish to confirm that your router is aware of all segment in your area. You are also seen the advertising router, the DR.

Copyright 1999, Cisco Systems, Inc.

Configuring OSPF in a Single Area

6-52

Debug ip ospf adj192.168.0.14 on Ethernet0, state 2WAY OSPF: end of Wait on interface Ethernet0 OSPF: DR/BDR election on Ethernet0 OSPF: Elect BDR 192.168.0.14 OSPF: Elect DR 192.168.0.14 DR: 192.168.0.14 (Id) BDR: 192.168.0.14 (Id) OSPF: Send DBD to 192.168.0.14 on Ethernet0 seq 0x11DB opt 0x2 flag 0x7 len 32 OSPF: Build router LSA for area 0, router ID 192.168.0.11 OSPF: Neighbor change Event on interface Ethernet0 OSPF: Rcv DBD from 192.168.0.14 on Ethernet0 seq 0x1598 opt 0x2 flag 0x7 len 32 state EXSTART OSPF: NBR Negotiation Done. We are the SLAVE OSPF: Send DBD to 192.168.0.14 on Ethernet0 seq 0x1598 opt 0x2 flag 0x2 len 52 OSPF: Rcv DBD from 192.168.0.14 on Ethernet0 seq 0x1599 opt 0x2 flag 0x3 len 92 state EXCHANGE OSPF: Exchange Done with 192.168.0.14 on Ethernet0 OSPF: Send DBD to 192.168.0.14 on Ethernet0 seq 0x159A opt 0x2 flag 0x0 len 32 OSPF: Synchronized with 192.168.0.14 on Ethernet0, state FULL OSPF: Build router LSA for area 0, router ID 192.168.0.11 OSPF: Neighbor change Event on interface Ethernet0 OSPF: DR/BDR election on Ethernet0 OSPF: Elect BDR 192.168.0.13 OSPF: Elect DR 192.168.0.14 DR: 192.168.0.14 (Id) BDR: 192.168.0.13 (Id)

1999, Cisco Systems, Inc.

www.cisco.com

BSCN 6-70

Debug ip ospf adj commandWhen using the debug ip ospf adj command to debug adjacency, you wish to monitor the election of the DR and BDR as shown on the screen capture. Be advised that the command is really: debug ip ospf adj

6-53

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

SummaryOSPF is a scalable, standards-based linkstate routing protocol Link-state protocol OSPF benefits include: No hop count limit Mulitcasts routing updates Faster convergence Better path selectionwww.cisco.com

1999, Cisco Systems, Inc.

BSCN 6-71

Summary

Copyright 1999, Cisco Systems, Inc.

Configuring OSPF in a Single Area

6-54

Case Study OSPF Single Area ConsiderationsEthernet

Process ID = 109

Area 0Area 0 Process ID = 31 Frame Relay Area 0 Process ID = 63

Point-to-Point

PID = 16

Requires Internal Route RedistributionPID = 17 Point-to-Point PID = 18

PID = 19

1999, Cisco Systems, Inc.

www.cisco.com

BSCN 6-73

OSPF Single Area ConsiderationsFollowing are some points to consider when designing an OSPF network:s s

Which router should be the DR/BDR? Should I use the priority command? For NBMA, what would be the advantages and disadvantages of each of the following mode in terms of IP subnet addresses and how would the adjacency be done:

Non-broadcast Point-to-Multipoint Broadcast Point-to-point subinterface

s

If my router is running two separate OSPF Process, do I wish to redistribute the routes learned on one ID to the next Process ID? (Redistribution will be discussed later in the course).

6-55

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Answers to Written Exercise: OSPF OperationTask: Answer the following questions. 1 List three reasons why OSPF operates better than RIP in a large internetwork. Refer to the list of reasons in the What Is OSPF? section. 2 What does a router do when it receives an LSU? When each router receives the LSU, it does the following: If the entry already exists and the received LSU has the same information, it resets the aging timer on the LSA entry and sends an LSAck to the DR. (Recall that the DR is the central point of contact during the flooding process.) If the entry already exists but the LSU includes new information, it sends a LSR to request all the information about the entry. If the entry already exists but the LSU includes older information, it sends an LSU with its information. 3 Identify when the exchange protocol and the flooding protocol are used, and describe how each operates. The exchange process is used to get neighboring routers into a Full state. To be initiated, two routers must agree on a master-slave relationship. The process enables them to synchronize their link-state databases using DDPs. Once in a Full state the exchange process does not get done again unless the Full state is changed to a different state. The flooding process is used anytime there is a change in a link-state, such as the link goes down or a new link is added to the network. In this process, all link-state changes are sent in LSU packets to the DR/BDR of the area. The DR is then responsible for forwarding the LSUs to all other routers in the network. 4 Write a brief description of the following: Internal routerA router that resides within an area and routes traffic. LSUA link-state update packet. This packet includes update information about link-state advertisements. DDPA database description packet. This packet is used during the exchange protocol and includes summary information about link-state entries. Hello packetUsed during the hello process, includes information that enables routers to establish themselves as neighbors.

5

Match the term with the statement most closely describing it. Write the letter of the description next to the term. ___D ___B ___A area Full state DR A) The router responsible for route synchronization. B) Indicates routers can route information. C) Indicates routers can discover link state information.Configuring OSPF in a Single Area 6-56

Copyright 1999, Cisco Systems, Inc.

___C

Exchange state D) A collection of routers and networks.

6

Name the two RFC-compliant modes for OSPF over Non-broadcast Multiaccess network:. Non-broadcast Point-to-Multipoint Name the two additional Cisco modes for OSPF over NBMA: Broadcast Point-to-point

6-57

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Copyright 1999, Cisco Systems, Inc.

Configuring OSPF in a Single Area

6-58

7

Interconnecting Multiple OSPF Areas

.

ObjectivesUpon completion of this chapter, you will be able to perform the following tasks: Describe the issues with interconnecting multiple areas and how OSPF addresses each Explain the differences between the possible types of areas, routers, and LSAs Configure a multiarea OSPF network Configure area as Stubby, Totally Stubby and Not-so-stubby-area Verify OSPF operation 1999, Cisco Systems, Inc.

www.cisco.com

BSCN7-2

ObjectivesThis chapter covers the use, operation, configuration, and verification of OSPF. Sections:s s s s s s s s s s s s

Objectives Creating Multiple OSPF Areas OSPF Operation across Multiple Areas Written Exercise: OSPF Operation across Multiple Areas Using and Configuring OSPF Multiarea Components Verifying OSPF Operation Summary Lab Exercise: Configuring a Multiarea Network Answers to Exercises Supplement AOSPF Multiarea Configuration Examples Supplement BVirtual Links Overview Supplement CNot-So-Stubby Areas (NSSA) Overview

Copyright 1999, Cisco Systems, Inc.

Interconnecting Multiple OSPF Areas

7-2

Creating Multiple OSPF AreasThis chapter presents OSPF capabilities. OSPF design is covered in the Cisco Note Internetwork Design course.

Issues with Maintaining a Large OSPF NetworkOSPF I am only receiving LSAs, no data. OSPF OSPF OSPF OSPF The SPF is running too often for me to route.

My routing table is too big, I am running low on memory.

1999, Cisco Systems, Inc.

www.cisco.com

BSCN7-4

Issues with Maintaining a Large Single-Area OSPF NetworkThus far you have seen how OSPF operates within a single area. What issues would arise if this single area ballooned into having 400 networks? The following issues, at a minimum, would need to be addressed:s

Frequent SPF calculationsWith such a large network, network changes are inevitable, so the routers would have to spend many more CPU cycles recalculating the routing table. Large routing tableEach router would need to maintain at least one entry for every network, that is, at least 400 networks. And assuming that there were multiple paths to 25 percent of the networks, then that is another 100 entries. Large link-state tableBecause the link-state table includes the complete topology of the network, each router would need to maintain an entry for every network in the area, even of the routes not selected for the routing table.

s

s

It is because of these kinds of issues that OSPF was written to allow large areas to be separated into smaller, more manageable areas that can still exchange routing information.

7-3

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

The Solution: OSPF Hierarchical RoutingArea 0

Area 1

Area 2

Autonomous System

Consists of areas and autonomous systems Minimizes routing update traffic 1999, Cisco Systems, Inc.

www.cisco.com

BSCN7-5

The Solution: OSPF Hierarchical RoutingOSPFs ability to separate a large internetwork into multiple areas is also referred to as hierarchical routing. Hierarchical routing enables you to separate large internetworks (autonomous system) into smaller internetworks that are called areas. With this technique, routing still occurs between the areas (called interarea routing), but many of the minute internal routing operations such as recalculating the database are kept within an area. For example, if area 1 is having problems with a link going up and down, routers in other areas need not continually run their SPF calculation because they are isolated from the area 1 problem. The hierarchical topology possibilities of OSPF have several important advantages:s

Reduced frequency of SPF calculationsBecause detailed route information is kept within each area, it is not necessary to flood all link-state changes to all other areas. Thus, not all routers need to run the SPF calculation, only those affected by the change. Smaller routing tablesWhen using multiple areas, detailed route entries for specific networks within an area are kept in the area. Instead of advertising these explicit routes outside the area, you can have the routes summarized into one or more summary addresses. Advertising these summaries reduces the amount of LSAs propagated between areas, but keeps all networks reachable. Reduced LSU overheadLSUs can contain a variety of LSA types, including link-state information and summary information. Rather than send an LSU about each network within an area, you can advertise a single or fewer summarized routes between areas to reduce the overhead associated with linkstate updates when they are crossing areas.

s

s

Copyright 1999, Cisco Systems, Inc.

Interconnecting Multiple OSPF Areas

7-4

OSPF Multiarea ComponentsAreas Routers LSAsafadjfjorqpoeru 39547439070713

Area 0 I am a backbone.

Internal

Type 1afadjfjorqpoeru 39547439070713

Type 2

Area 1 I am standard.

ABR

afadjfjorqpoeru 39547439070713

Type 3/4

Area 2 I am a stub.

ASBR

afadjfjorqpoeru 39547439070713

Type 5

Backbone 1999, Cisco Systems, Inc.

www.cisco.com

BSCN7-6

OSPF Multiarea ComponentsHierarchical routing enables routing efficiency because it allows you to control the types of routing information that you allow in and out of an area. The way OSPF enables different types of routing updates is to assign characteristics to each area and the routers connecting the areas. The characteristics an area and router have govern how they process routing information, including what types of LSUs a router can create, receive, and send. This subsection provides an overview of the following OSPF multiarea components; details about their usage and configuration appear in the following section:s s s

Types of areas Types of routers Types of LSAs

7-5

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Types of OSPF RoutersArea 1 Backbone Area 0 Area 2ABR and Backbone Router Backbone/ Internal Internal Routers Routers

Internal Routers ASBR and Backbone Router ABR and Backbone Router

External AS

1999, Cisco Systems, Inc.

www.cisco.com

BSCN7-11

Types of OSPF RoutersTo control the traffic types that go in and out of the various types of areas, you need certain types of OSPF routers. The router types are as follows:s

Internal routerAs already discussed, routers that have all interfaces in the same area are internal routers. Internal routers within the same area have identical link-state databases and run a single copy of the routing algorithm. Backbone routersRouters that sit on the perimeter of the backbone area. They have at least one interface connected to area 0.These routers maintain OSPF routing information using the same procedures and algorithms as internal routers. Area Border Router (ABR)Routers that have interfaces attached to multiple areas. These routers maintain separate link-state databases for each area to which they are connected, and route traffic destined for or arriving from other areas. ABRs are exit points for the area, which means routing information destined for another area can only get there via the local areas ABR. ABRs summarize information from their link-state databases of their attached areas and distribute the information into the backbone. The backbone ABRs then forward the information to all other connected areas. An area can have one or more ABR. Autonomous System Boundary Router (ASBR)Routers that have at least one interface into an external internetwork (another autonomous system), such as a non-OSPF network. These routers can import (referred to as redistribution) non-OSPF network information to the OSPF network, and visa versa.

s

s

s

A router can be more than one router type. For example, if a router interconnects to area 0 and area 1, as well as to a non-OSPF network, it would be both an ABR and ASBR.Copyright 1999, Cisco Systems, Inc.

Interconnecting Multiple OSPF Areas

7-6

A router has a separate link-state database for each area it is connected to. Therefore, a ABR would have a link-state database for Area 0 and another linkstate database for the other area it participates to. Two routers belonging to the same area have, for that one area, identical area link-state databases. Also, remember that Link-state databases are synchronized between pairs of adjacent routers, meaning that it is synchronized between a router and its DR/BDR

7-7

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Types of Link-State AdvertisementsArea 1DR

Area 0

Network RouterABR

ExternalASBR

External AS

Summary

p1r3#show ip ospf database OSPF Router with ID (10.64.0.1) (Process ID 1) Router Link States (Area 1) ADV Router Age Seq# Checksum Link count 10.1.2.1 651 0x80000005 0xD482 4 Net Link States (Area 1) ADV Router Age 10.64.0.1 538

Link ID 10.1.2.1

Link ID 10.64.0.1

Seq# Checksum 0x80000002 0xAD9A

Link ID 10.2.1.0 1999, Cisco Systems, Inc.

Summary Net Link States (Area 1) ADV Router Age Seq# Checksum 10.2.1.2 439 0x80000002 0xE6F8www.cisco.comBSCN7-12

Types of Link-State AdvertisementsFollowing are the types of LSAs that can be included in an LSU:

Copyright 1999, Cisco Systems, Inc.

Interconnecting Multiple OSPF Areas

7-8

LSA Type 1

Name

Description

Router link entry (record) (O-OSPF)

Generated by each router for each area it belongs to. It describes the states of the router's link to the area. These are only flooded within a particular area. The link status and cost are two of the descriptors provided. Generated by DRs in multiaccess networks. They describe the set of routers attached to a particular network. Flooded within the area that contains the network only. Originated by ABRs. Describes the links between the ABR and the internal routers of a local area. These entries are flooded throughout the backbone area to the other ABRs. Type-3 describes routes to networks within the local area and are sent to the backbone area. Type-4 describes reachability to ASBRs. These link entries are not flooded through totally stubby areas. Originated by the ASBR. Describes routes to destinations external to the autonomous system. Flooded throughout an OSPF autonomous system except for stub and totally stubby areas.

2

Network link entry (O-OSPF)

3 or 4

Summary link entry (IA-OSPF Inter area)

5

Autonomous system external link entry (E1-OSPF external type-1) (E2-OSPF external type-2)

All LSA types, except the AS-external-LSAs (LS type = 5), are flooded throughout Note a single area only.

7-9

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Calculating Costs for Summary and AS External RoutesArea 1E1

Area 0E1

R5

10

R4

10

R3E1

10

R1

1785 1785 R 5s Cost to: AS1 (E1) via R1 = 1815 AS1 (E1) via R3 = 1805 AS1 R 3s Cost to: AS1 (E1) via R1 = 1795 AS1 (E1) via R3 = 1785

1999, Cisco Systems, Inc.

www.cisco.com

BSCN7-14

Calculating Costs for Summary and AS External RoutesHow you calculate the cost for summary and external routes is as follows:s

Calculating the cost for summary routes The cost of a summary route is the smallest cost of a given interarea route that appears in the summary plus the cost of the ABR link to the backbone. So if the ABR link to the backbone was 50, and the summary router had two interarea routes, one at cost 49 and the other at cost 50, the total cost associated with the summary route would be 99. This calculation is done automatically for each summary route.

s

Calculating the cost of external routes The cost of an external route differs depending on the external type configured on the ASBR. You configure the router to generate one of the following external packet types: Type-1 (E1)If a packet is an E1, then the metric is calculated by adding the external cost to the internal cost of each link the packet crosses. Use this packet type when you have multiple ASBRs advertise a route to the same autonomous system. Type-2 (E2)(The default.) If a packet is an E2, then the packet will always have the external cost assigned, no matter where in the area it crosses. Use this packet type if only one router is advertising a route to the autonomous system. Type-2 routes are preferred over type-1 routes unless two same-cost routes exist to the destination.

When different routing protocols exchange routing information, it is referred to as Note redistribution. Redistribution is discussed in the Optimizing Routing Update Operation chapter.

Copyright 1999, Cisco Systems, Inc.

Interconnecting Multiple OSPF Areas

7-10

Types of AreasStub Area Backbone Area 0 Totally Stubby Area

Does not accept external LSAs.

Interconnects areas; accepts all LSAs.www.cisco.com

Does not accept external or summary LSAs.BSCN7-18

1999, Cisco Systems, Inc.

Types of AreasThe characteristics you assign an area controls the type of route information that it can receive. The area types possible are as follows:s

Standard areaAn area that operates as discussed in the Configuring OSPF chapter. This area can accept link updates and route summaries. Backbone area (transit area)When interconnecting multiple areas, the backbone area is the central entity to which all other areas connect. The backbone area is always labeled 0. All other areas must connect to this area in order to exchange and route information. The OSPF backbone has all of the properties of a standard OSPF area. Stub areaRefers to an area that does not accept information about routes external to the autonomous system (that is, the OSPF internetwork) such as routes from non-OSPF sources. If routers need to route to networks outside the autonomous system, they use a default route. A default route is noted as 0.0.0.0. Totally stubby areaAn area that does not accept external autonomous system (AS) routes and summary routes from other areas internal to the autonomous system. Instead, if the router needs to send a packet to a network external to the area, it sends it using a default route.

s

s

s

The following page shows example routing tables for some of the area types listed.

7-11

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Routing Table Results with Different LSAsFollowing is a comparison of routing tables that result when using stub and totally stubby areas.

Copyright 1999, Cisco Systems, Inc.

Interconnecting Multiple OSPF Areas

7-12

OSPF Operation across Multiple AreasThis section summarizes how routers generate link information, flood information, and build their routing tables when operating within a multiarea environment.OSPF router operation is complex and accounts for numerous possible scenarios Note based on the nature of the network. This section provides a basic overview; refer to the OSPF version 2 RFC for more detailed information

Forwarding Packets in a Multiarea NetworkArea 50 Area 1Internal ABR1 BBoneafadjfjorqpoeru 39547439070713

Area 0ABR2 Internal

Data

To Destination Network

To ABR1

To Backbone To ABR2

1999, Cisco Systems, Inc.

www.cisco.com

BSCN7-21

Forwarding Packets in a Multiarea NetworkBefore reviewing how ABRs and other router types process route information, you should know how a packet makes its way across multiple areas. In general, the path a packet must take is as follows:s

If the packet is destined for a network within an area, then it is forwarded from the internal router, through the area to the destination internal router. If the packet is destined for a network outside the area, it must go through the following path: The packet goes from the source network to an ABR. The ABR sends the packet through the backbone area to the ABR of the destination network. All packets must cross the backbone when being forwarded from one area to another.

s

7-13

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

The destination ABR then forwards the packet through the area to the destination network.

Copyright 1999, Cisco Systems, Inc.

Interconnecting Multiple OSPF Areas

7-14

Flooding LSUs to Multiple AreasRIP Area 1Internal ABR1 BBoneafadjfj orqpoeru 39547439070713 afadjfj orqpoeru 39547439070713 afadjfj orqpoeru 39547439070713

Area 50-Stub Area 0ABR2 Internal

Type 1

Type 3

Type 3

afadjfj orqpoeru 39547439070713

afadjfj orqpoeru 39547439070713

afa 39 djfjor 5 47 q 43 poer 90 70 u 71 3

Type 5

Ty

pe 5

Default

1999, Cisco Systems, Inc.

www.cisco.com

BSCN7-24

Flooding LSUs to Multiple AreasABRs are responsible for generating routing information about each area to which they are connected and flooding the information through the backbone area to the other areas to which they are connected. The general process for flooding is as follows: 1. The intra-area routing process, as discussed in the Configuring OSPF in a Single Area chapter, occurs. Note that the entire intra-area must be synchronized before the ABR can begin sending summary LSAs. 2. The ABR reviews the resulting link-state database and generates summary LSAs. By default, the ABR sends summary LSAs for each network that it knows about. To reduce the number of summary LSA entries, you can configure route summarization so that a single IP address can represent multiple networks. To use route summarization, your areas need to use contiguous IP addressing, as discussed in the Extending IP Addressing Using VLSMs chapter. The better your IP address plan, the lower the number of summary LSAs entries an ABR sends to advertise. 3. The summary LSAs (types 3 and 4) are placed in an LSU and distributed through all ABR interfaces, with the following exceptions: If the interface is connected to a neighboring router that is in a state below the exchange state, then the summary LSA is not forwarded. If the interface is connected to a totally stubby area, then the summary LSA is not forwarded. If the summary LSA includes a type-5 (external) route and the interface is connected to a stub or totally stubby area, then the LSA is not sent to that area.7-15 Building Scalable Cisco Networks Copyright 1999, Cisco Systems, Inc.

Flooding LSUs to Multiple Areas (cont.)Routing Table Intra-area routes Interarea routes External (non-OSPF routes) Area 1

Area 1

Area 0

Area 1

RIP

1999, Cisco Systems, Inc.

www.cisco.com

BSCN7-25

Flooding LSUs to Multiple Areas (cont.)4. Once an ABR or ASBR receives summary LSAs, it adds them to their link-state databases, and floods them to their local area. The internal routers then assimilate the information into their databases. Note that to reduce the number of route entries internal routers maintain, you can define the area as stub, totally stubby, or not so stubby.

Updating the Routing TableOnce all router types receive the routing updates, they must add them to their linkstate databases and recalculate their routing tables. The order in which paths are calculated is as follows: 1. All routers first calculate the paths to destinations within their area and add these entries into the routing table. These are the type-1 and type-2 LSAs. 2. All routers then calculate the paths to the other areas within the internetwork. These paths are the interarea route entries, or type-3 and type -4 LSAs. If a router has an interarea route to a destination and an intra-area route to the same destination, the intra-area route is kept. 3. All routers, except those that are in a form of stub area, then calculate the paths to the AS external (type-5) destinations. At this point, a router can get to any network within or outside the OSPF autonomous system.

Copyright 1999, Cisco Systems, Inc.

Interconnecting Multiple OSPF Areas

7-16

Virtual Links Overview Meeting the Backbone Area RequirementsArea 0 (Backbone)

Virtual LinkArea 1 Area 2

Area 3

Transit Area

Backbone center of communication Virtual links provide path to backbone Avoid configuring virtual links if possible 1999, Cisco Systems, Inc.

www.cisco.com

BSCN7-27

Meeting the Backbone Area RequirementsOSPF has certain restrictions when multiple areas are configured. One area must be defined as area 0, the backbone area. It is called the backbone because all communication must go through it. That is, all areas should be physically connected to area 0 so that the routing information injected into area 0 can be disseminated to other areas. There are situations, however, where a new area is added after the OSPF internetwork has been designed and configured and it is not possible to provide that new area with direct access to the backbone. In these cases, a virtual link can be defined to provide the needed connectivity to the backbone area. The virtual link provides the disconnected area a logical path to the backbone. The virtual link has two requirements:s s

It must be established between two routers that share a common area. One of these two routers must be connected to the backbone.

When virtual links are used, they require special processing during the SPF calculation. That is, the real next hop router must be determined so the true cost to get to a destination across the backbone can be calculated.

7-17

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Meeting the Backbone Area Requirements (cont.)Area 1

Transit Area

Area 2

Area 0 Area 3

Area 0

Link discontiguous backbone Merged networks Redundancy Point-to-Point Links 1999, Cisco Systems, Inc.

www.cisco.com

BSCN7-28

Meeting the Backbone Area Requirements (cont.)Virtual links serve the following purposes:s

Linking an area that does not have a physical connection to the backbone. This linking could occur when two organizations merge, for example. Patching the backbone in case discontinuity of area 0 occurs.

s

The graphic illustrates the second purpose. Discontinuity of the backbone might occur if, for example, two companies, each running OSPF, are trying to merge the two separate networks into one with a common area 0. The alternative would be to redesign the entire OSPF network and create a unified backbone. Another reason for creating a virtual link is to add redundancy in cases where a router failure causes the backbone to be split into two. In the graphic, the disconnected area 0s are linked via a virtual link through the common area 3. If a common area does not already exist, one can be created to become the transit area. For adjacency purposes, OSPF treats two routers joined by a virtual-links if they were connected by an unnumbered point-to-point backbone network.

Copyright 1999, Cisco Systems, Inc.

Interconnecting Multiple OSPF Areas

7-18

Written Exercise: OSPF Operation across Multiple AreasObjective: Describe the issues with interconnecting multiple areas and how OSPF addresses these issues. Objective: Compare the function of the different router, area, and LSA types used by OSPF. 1 Define hierarchical routing and explain what internetwork problems it solves. ______________________________________________________________ ______________________________________________________________ 2 An internal router will receive type-5 LSAs if it is what type of area? ______________________________________________________________ ______________________________________________________________ 3 What area types are connected to the backbone area? ______________________________________________________________ ______________________________________________________________ 4 The backbone must be configured as what area? ______________________________________________________________ 5 Write a brief description of the following: Type-1 LSA _________________________________________________ Type-2 LSA _________________________________________________ Type-3/4 LSAs _________________________________________________ Type-5 LSA _________________________________________________

6

Describe the path a packet must take in order to get from one area to another. ______________________________________________________________ ______________________________________________________________

7

When is a default route injected into an area? ______________________________________________________________ ______________________________________________________________

7-19

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Using and Configuring OSPF Multiarea ComponentsThis section presents how to configure OSPF for Multiarea

Configuring OSPF ABRsArea 0 AE0 10.64.0.2 10.64.0.1 E0

ABR BS0 10.2.1.2

Area 110. 2.1.1 S1

C

interface Ethernet0 ip address 10.64.0.1 255.255.255.0 ! router ospf 77 network 10.0.0.0 0.255.255.255 area 0

interface Ethernet0 ip address 10.64.0.2 255.255.255.0 ! interface Serial0 ip address 10.2.1.2 255.255.255.0 router ospf 50 network 10.2.1.2 0.0.0.0 area 1 network 10.64.0.2 0.0.0.0 area 0

1999, Cisco Systems, Inc.

www.cisco.com

BSCN7-31

Configuring OSPF ABRsThere are no special commands to make a router an ABR or ASBR. The router takes on this role by virtue of the areas to which it is connected. As a reminder, the basic OSPF configuration steps are as follows:Step 1

Enable OSPF on the router.router(config)#router ospf process-id

Step 2

Identify which IP networks on the router are part of the OSPF network. For each network, you must identify what area the network belongs to. When configuring multiple OSPF areas, make sure to associate the correct network addresses with the desired area ID, as shown in the graphic.router(config-router)#network address wildcard-mask area area-id

Step 3

(Optional) If the router has at least one interface connected into a nonOSPF network, perform the proper configuration steps. At this point the router will be acting as an ASBR. How the router exchanges (redistributes) non-OSPF route information with the other OSPF routers is discussed in the Optimizing Routing Update Operation chapter.

Copyright 1999, Cisco Systems, Inc.

Interconnecting Multiple OSPF Areas

7-20

Refer to the Configuring OSPF for a Single Area chapter for details about basic Note OSPF configuration commands.

7-21

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Using Stub and Totally Stubby AreasArea 50Stub RIP Area 0 Area 1Totally Stubby

Internal Non-Cisco Routerafadjfj orqpoeru 39547439070713

ABR1

ASBR

BBone

ABR2

Internal

afadjfj orqpoeru 39547439070713

afadjfj orqpoeru 39547439070713

afadjfj orqpoeru 39547439070713

Summary

Summary

Summary

Defaultafadjfj orqpoeru 39547439070713

afadjfj orqpoeru 39547439070713

afadjfj orqpoeru 39547439070713

afadjfj orqpoeru 39547439070713

Default

External

External

Default

1999, Cisco Systems, Inc.

www.cisco.com

BSCN7-32

Using Stub and Totally Stubby AreasOSPF allows areas to be configured as stub and totally stubby areas. Their differences are as follows:s

Configuring a stub area reduces the size of the link-state database inside an area and as a result reduces the memory requirements of routers inside that area. External networks (type-5 LSAs), such as those redistributed from other protocols into OSPF, are not allowed to be flooded into a stub area. Routing from these areas to the outside world is based on a default route (0.0.0.0). A default route means that if a packet is addressed to a network that is NOT in an internal routers route table, the router automatically forwards the packet to the ABR that sent a 0.0.0.0 LSA, which allows routers within the stub to reduce the size of their routing tables because a single default route replaces the many external routes. A stub area is typically created when you have a hub and spoke topology, with the spoke being the stub area, such as a branch office. In this case, the branch office does not need to know about every network at the headquarters site, instead it can use a default route to get there.

s

To further reduce the number of routes in a table, you can create a totally stubby area, which is a Cisco-specific feature. A totally stubby area is a stub area that blocks external type-5 LSAs and summary (type 3/4) LSAs (interarea routes) from going into the area. This way, intra-area routes and the default of 0.0.0.0 are the only routes known to the stub area. ABRs inject the default summary link 0.0.0.0 into the totally stubby area. Each router picks the closest ABR as a gateway to everything outside the area. Totally stubby areas further minimize routing information (as compared to stub areas) and increase stability and scalability of OSPF internetworks. This

Copyright 1999, Cisco Systems, Inc.

Interconnecting Multiple OSPF Areas

7-22

is typically a better solution than creating stub areas, unless the target area uses a mix of Cisco and non-Cisco routers.

7-23

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Stub and Totally Stubby Area RestrictionsArea 20.0.0.0R3 R4

Single Exit Point

XExternal AS

Typically single exit point into area, if multiple exit points, suboptimal paths may be selected An ASBR cannot be internal to stub Area is not the backbone Area 0 1999, Cisco Systems, Inc.

www.cisco.com

BSCN7-33

Stub and Totally Stubby Area RestrictionsAn area could be qualified as a stub or totally stubby when:s

There is a single exit point from that area, or if there are multiple exits (ABRs), routing to outside of the area does not have to take an optimal path. If the area has multiple exits, one or more ABR will inject a default into the stub area. In this situation, routing to other areas or autonomous systems could take a suboptimal path in reaching the destination by going out of the area via an exit point that is farther to the destination than other exit points. All OSPF routers inside the stub area (ABRs and internal routers) are configured as stub routers so that they will become neighbors and exchange routing information. The configuration commands for creating stub networks are covered later in this chapter. The area is not needed as a transit area for virtual links. (Virtual links are discussed in Supplement B at the end of this chapter.) No ASBR is internal to the stub area. The area is not the backbone area (area 0).

s

s

s s

These restrictions are made because a stub/totally stubby area is mainly configured not to carry external routes, and any of the situations described cause external links to be injected in that area.

Copyright 1999, Cisco Systems, Inc.

Interconnecting Multiple OSPF Areas

7-24

Configuring Stub and Totally Stubby AreasRouter(config-router)#

area area-id stub [ no-summary ]

Creates a stub areaRouter(config-router)#

area area-id default-cost cost

Specifies cost for default route sent into stub area

1999, Cisco Systems, Inc.

www.cisco.com

BSCN7-34

Configuring Stub and Totally Stubby AreasTo configure an area as stub or totally stubby, do the following:Step 1 Step 2

Configure OSPF, as described in the Configuring OSPF ABRs section. Define an area as stub/totally stubby by adding this command to ALL routers within the area:router(config-router)#area area-id stub [no summary]

area stub Command area-id

Description Identifier for the stub/totally stubby area. The identifier can be either a decimal value or an IP address. (Only for ABRs connected to totally stubby areas.) Prevents an ABR from sending summary link advertisements into the stub area. Use this option for creating a totally stubby area.

no-summary

Step 3

(Optional. for ABRs only) Define the cost of the default route that is injected in the stub/totally stubby area.

7-25

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

OSPF Stub Area Configuration ExampleExternal AS192.168.14.1 E0R3

192.168.15.1 S0 192.168.15.2 S0R4

Area 0

Stub Area 2R3# interface Ethernet 0 ip address 192.168.14.1 255.255.255.0 interface Serial 0 ip address 192.168.15.1 255.255.255.252 router ospf 100 network 192.168.14.0 0.0.0.255 area 0 network 192.168.15.0 0.0.0.255 area 2 area 2 stub 1999, Cisco Systems, Inc.

R4# interface Serial 0 ip address 192.168.15.2 255.255.255.252 router ospf 15 network 192.168.15.0 0.0.0.255 area 2 area 2 stub

www.cisco.com

BSCN7-35

router(config-router)#area area-id default-cost cost

area default-cost Command area-id cost

Description Identifier for the stub area. The identifier can be either a decimal value or an IP address. Cost for the default summary route used for a stub/totally stubby area. The acceptable value is a 24-bit number. The default cost is 1.

OSPF Stub Area Configuration ExampleIn this example, area 2 is defined as the stub area. No external routes from the external autonomous system will be forwarded into the stub. The last line in each configuration, area 2 stub, defines the stub area. The area stub default-cost has not been configured on R3, so this router will advertise 0.0.0.0 (the default route) with a default cost metric of 1 plus any internal costs. Each router in the stub must be configured with the area stub command. The only routes that will appear in R4s routing table are intra-area routes (designated with an O in the routing table), the default route, and interarea routes (both designated with an IA in the routing table; the default route will also be denoted with an asterisk).The area stub command determines whether the routers in the stub become Note neighbors. This command must be included in all routers in the stub if they are to exchange routing information.

Copyright 1999, Cisco Systems, Inc.

Interconnecting Multiple OSPF Areas

7-26

OSPF Totally Stubby Configuration ExampleExternal AS192.168.14.1 E0R3

Area 0

192.168.15.1 S0 192.168.15.2 S0

Totally Stubby Area 2R4#

R4

R3# router ospf 100 network 192.168.14.0 0.0.0.255 area 0 network 192.168.15.0 0.0.0.255 area 2 area 2 stub no-summary

router ospf 15 network 192.168.15.0 0.0.0.255 area 2 area 2 stub

1999, Cisco Systems, Inc.

www.cisco.com

BSCN7-36

OSPF Totally Stubby Configuration ExampleIn this example, the keyword no-summary has been added to the area stub command on R3. This keyword causes summary routes (interarea) to also be blocked from the stub. Each router in the stub picks the closest ABR as a gateway to everything outside the area. The only routes that will appear in R4s routing table are intra-area routes (designated with an O in the routing table) and the default route. No interarea routes (designated with an IA in the routing table) will be included.It is only necessary to configure the no-summary keyword on the totally stubby Note border routers because the area is already configured as stub.

7-27

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

NSSA OverviewNSSA 1

4 310.10.0.0/16 10.11.0.0/16 20.0.0.0/8Type-5

10.10.0.0/16 10.11.0.0/16 20.0.0.0/8 RIP or EIGRP 1 10.10.0.0/16 10.11.0.0/16 20.0.0.0/8 Branch OfficeType-7

External AS

A19.2 kbps 172.19.92.0

B

Backbone Area 1 172.19.89.0/24 Central Site

2

Exchange 10.10.0.0, 10.11.0.0, and 20.0.0.0 to advertise to outside areas

1999, Cisco Systems, Inc.

www.cisco.com

BSCN7-37

Not-So-Stubby Areas (NSSA) OverviewNSSA was first introduced in Cisco IOS Release 11.2. It is based on RFC 1587, The OSPF NSSA Option. NSSA enables you to make a hybrid stub area in that the area can accept some autonomous system external routes, referred to as type-7 LSAs. Use a NSSA if you are an Internet service provider (ISP) or a network administrator that must connect a central site using OSPF to a remote site using a different protocol, such as RIP or EIGRP. You can use NSSA to simplify the administration of this kind of topology. Prior to NSSA, the connection between the corporate site ABR and the remote router used RIP or EIGRP, which meant maintaining two routing protocols. Now, with NSSA, you can extend OSPF to cover the remote connection by defining the area between the corporate router and the remote router as an NSSA, as shown in the graphic. In the graphic, router A is defined as an ASBR. It is configured to exchange any routes within the RIP/EIGRP domain to the NSSA. Following is what happens when using an NSSA: 1 2 3 4 Router A receives RIP or EGRP routes for networks 10.10.0.0/16, 10.11.0.0/16, and 20.0.0.0/8. Router A, connected to the NSSA, imports the non-OSPF routes as type-7 LSAs into the NSSA. Router B, an ABR between the NSSA and the backbone area 0, receives the type-7 LSAs. After the SPF calculation on the forwarding database, router B translates the type-7 LSAs into type-5 LSAs and then floods them throughout backbone area 0.

It is at this point that router B could have summarized routes 10.10.0.0/16 and 10.11.0.0/16 as 10.0.0.0/8, or could have filtered one or more of the routes.Copyright 1999, Cisco Systems, Inc. Interconnecting Multiple OSPF Areas 7-28

Configuring NSSArouter ospf 1 redistribute rip subnets network 172.19.92.0.0.0.255 area 1 area 1 nssa ! router ospf 1 summary-address 10.0.0.0.255.0.0.0 tag 8 network 172.19.89.0.0.0.255 area 0 network 172.19.92.0.0.0.255 area 1 area 1 nssa !

172.19.92.0/24 RIP or EIGRP 10.10.0.0/16 10.11.0.0/16 20.0.0/8 NSSA1 A 19.2kbps 200.0.0.62 Router ID B Backbone Area 0 172.19.88.0/24

200.0.0.63 Router ID

1999, Cisco Systems, Inc.

www.cisco.com

BSCN7-38

Configuring NSSAThe steps used to configure OSPF NSSA are as follows:Step 1

On the ABR connected to the NSSA, configure OSPF, as described in the Configuring OSPF ABRs section. Configure an area as NSSA.router(config-router)#area area-id nssa

Step 2

Every router within the same area must agree that the area is NSSA, otherwise the routers will not be able to communicate with each other. Therefore, configure this command on every router in the NSSA area.Step 3

(Optional) Control the summarization or filtering during the translation. The example shows how router B will summarize routes using the following command:router(config-router)#summary-address address mask prefix mask [notadvertise]

The redistribute command shown in the graphic instructs the router to import RIP Note packets into the OSPF network. Redistribution is discussed in detail in the Optimizing Routing Update Operation chapter.

7-29

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Multiple Area NBMA environmentArea 0

R1 Area 1 Frame Relay

1999, Cisco Systems, Inc.

www.cisco.com

BSCN7-39

Multiple Area NBMA environmentThe networks located at the corporate headquarters are in Area 0 while the FullyMeshed Frame Relay network and each of the regional site networks are assigned to Area 1. One benefit of this design is that it eliminates the flooding of ExternalLSAs into the Frame Relay network since OSPF does not flood External-LSAs into Stub areas, in this case Area 1. Router R1 functions as an ABR which keeps topology changes in Area 0 from causing a topological recalculation in Area. With this topology, LAN segment must participate in Area 1 or else Virtual Links would need to be configured so LAN segments Area would connect to the Backbone area.

Copyright 1999, Cisco Systems, Inc.

Interconnecting Multiple OSPF Areas

7-30

Multiple Area NBMA environment (cont.)Area 1

R1 Area 0 Frame Relay

Area 2 Area 3www.cisco.com

Area 4

1999, Cisco Systems, Inc.

BSCN7-40

Multiple Area NBMA environment (cont.)Another possible OSPF Area configuration involves putting all Frame Relay interfaces in Area 0. This permits the location of stub or transit areas at each remote site and at Headquarters, but causes External-LSAs to be flooded throughout the Frame Relay network and will result in a larger number of routers performing recalculation if any topology change takes place in Area 0.

7-31

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Using Route SummarizationArea 0 Backbone Summarization ABRs Area 1

x Minimizes number of routing table entries Localizes impact of a topology change

1999, Cisco Systems, Inc.

www.cisco.com

BSCN7-41

Using Route SummarizationSummarizing is the consolidation of multiple routes into one single advertisement. Proper summarization requires contiguous addressing. Route summarization is different than an LSA summary route. Route summarization directly affects the amount of bandwidth, CPU, and memory resources consumed by the OSPF process. With summarization, if a network link fails, the topology change will not be propagated into the backbone (and other areas by way of the backbone). As such, flooding outside the area will not occur. There are two types of summarization:s

Interarea route summarizationInterarea route summarization is done on ABRs and applies to routes from within each area. It does not apply to external routes injected into OSPF via redistribution. In order to take advantage of summarization, network numbers within areas should be assigned in a contiguous way so as to be able to consolidate these addresses into one range. This graphic illustrates where interarea summarization occurs. External route summarizationExternal route summarization is specific to external routes that are injected into OSPF via redistribution. Here again, it is important to ensure that external address ranges that are being summarized are contiguous. Summarization overlapping ranges from two different routers could cause packets to be sent to the wrong destination. Only ASBRs can summarize external routes. These types of routes cannot be summarized by any other router type.

s

Copyright 1999, Cisco Systems, Inc.

Interconnecting Multiple OSPF Areas

7-32

Supporting VLSM

Hierarchical Addressing Scheme Efficient Route Summarization Reduces LSAs Save CPU

1999, Cisco Systems, Inc.

www.cisco.com

BSCN7-42

Supporting VLSMBecause OSPF supports variable-length subnet masking (VLSM), you can really develop a true hierarchical addressing scheme. This hierarchical addressing results in very efficient summarization of routes throughout the network. The operation and benefits of route summarization have been discussed in a previous chapter. At this point though, you should realize the importance of proper summarization in a network. Not using summarization, every specific-link LSA will be propagated into the OSPF backbone and beyond, causing unnecessary network traffic and router overhead. Whenever an LSA is sent, all affected OSPF routers will have to recompute their LSA database and routes using the SPF algorithm. OSPF will provide some added benefits if you design the network with summarization. For example, only summary-link LSAs will propagate into the backbone (area 0). This is very important because it prevents every router from having to rerun the SPF algorithm, increases the network's stability, and reduces unnecessary traffic. OSPF can carry multiple subnet information for the same major network, but other protocols such as RIP and IGRP cannot. Discontiguous subnets are supported by OSPF because subnets masks are part of the link-state database. If the same major network crosses the boundaries of an OSPF and RIP domain, VLSM information redistributed into RIP or IGRP will be lost and static routes will have to be configured in the RIP or IGRP domains.

7-33

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Using Route Summarization (cont.)Area 1A

ABRB

Area 0C

Summarization Routing Table for BO 131.108.8.0 O 131.108.12.0 O 131.108.16.0 O 131.108.20.0 O 131.108.24.0 O 131.108.28.0 255.255.252.0 255.255.252.0 255.255.252.0 255.255.252.0 255.255.252.0 255.255.252.0

LSAs sent to Router CIA 131.108.8.0 255.255.248.0 IA 131.108.16.0 255.255.240.0

Interarea (IA) summary link carries mask One entry can represent several subnets

1999, Cisco Systems, Inc.

www.cisco.com

BSCN7-43

Using Route Summarization (cont.)In order to take advantage of summarization, as discussed in the Extending IP Addresses Using VLSMs chapter, network numbers in areas should be assigned in a contiguous way to be able to group these addresses into one range. For example, referring to the table, the list of six networks in router Bs routing table can be summarized into two summary address advertisements. The third octet of each address is shown in binary here, to illustrate which addresses can be summarized: Bit value 128 64 32 16 The first two addresses can be summarized using a /21 prefix The last four addresses can be summarized using a /20 prefix 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 1 8 1 1 0 0 1 1 4 0 1 0 1 0 1 2 0 0 0 0 0 0 1 0 0 0 0 0 0 = = = = = = 8 12 16 20 24 28

Actual Mask is /22

Refer to the Extending IP Addresses Using VLSMs chapter for details on Note summarization.

Copyright 1999, Cisco Systems, Inc.

Interconnecting Multiple OSPF Areas

7-34

Configuring Route SummarizationRouter(config-router)#

area area-id range address mask

Consolidates IA (intra-area) routes on an ABRRouter(config-router)#

summary-address address mask

Consolidates external routes (interarea) on an ASBR 1999, Cisco Systems, Inc.

www.cisco.com

BSCN7-44

Configuring Route SummarizationSummarization is off by default. To configure route summarization on the ABR, do the following:Step 1 Step 2

Configure OSPF as discussed in the Configuring OSPF ABRs section. Instruct the ABR to summarize routes for a specific area before injecting them into a different area.router(config-router)#area area-id range address mask

area range Command area-id address mask

Description Identifier of the area about which routes are to be summarized. Summary address designated for a range of addresses. IP subnet mask used for the summary route.

To configure route summarization on an ASBR to summarize external routes, do the following:Step 1 Step 2

Configure OSPF, as discussed in the Configuring OSPF ABRs section. Instruct the ASBR to summarize external routes before injecting them into the OSPF domain.router(config-router)#summary-address address mask

summary-address Command address mask7-35 Building Scalable Cisco Networks

Description Summary address designated for a range of addresses. IP subnet mask used for the summary route.Copyright 1999, Cisco Systems, Inc.

Route Summarization Configuration ExampleArea 0 Interface Addresses (255.255.255.0 mask)172.16.96.0 - 172.16.127.0 255.255.255.0 172.16.96.1 172.16.127.1R2 R1 R2

Interface Addresses (255.255.255.0 mask)

172.16.32.1 172.16.32.0 - 172.16.63.0 255.255.255.0

172.16.64.1

172.16.64.0 - 172.16.95.0 255.255.255.0

Area 1R1# router ospf 100 network 172.16.32.1 0.0.0.0 area 1 network 172.16.96.1 0.0.0.0 area 0 area 0 range 172.16.96.0 255.255.224.0 area 1 range 172.16.32.0 255.255.224.0

Area 2R2# router ospf 100 network 172.16.64.1 0.0.0.0 area 2 network 172.16.127.1 0.0.0.0 area 0 area 0 range 172.16.96.0 255.255.224.0 area 2 range 172.16.64.0 255.255.224.0

1999, Cisco Systems, Inc.

www.cisco.com

BSCN7-45

Route Summarization Configuration ExampleThis example shows that route summarization can occur in both directions. In the configuration on the left:s

area 0 range 172.16.96.0 255.255.224.0Identifies area 0 as the area containing the range of networks to be summarized into area 1. The ABR R1 is summarizing the range of subnets from 172.16.96.0 to 172.16.127.0 into one range: 172.16.96.0 255.255.224.0. This summarization is achieved by masking the first three left-most bits of subnet 96 using the mask 255.255.224.0. This summarization was successful because we are summarizing two distinct subnet ranges into the backbone: 32 to 63 and 64 to 95.

s

area 1 range 172.16.32.0 255.255.224.0Identifies area 1 as the area containing the range of networks to be summarized into area 0. The ABR R1 is summarizing the range of subnets from 172.16.32.0 to 172.16.63.0 into one range: 172.16.32.0 255.255.224.0.

The configuration on the right works exactly the same way. Note that, depending on your network topology, you may not want to summarize area 0 networks. For example, if you have more that one ABR between an area and the backbone area, sending a summary LSA with the explicit network information will ensure that the shortest path is selected. If you summarize the addresses, a suboptimal path selection may occur.

Copyright 1999, Cisco Systems, Inc.

Interconnecting Multiple OSPF Areas

7-36

Configuring Virtual LinksRouter(config-router)#

area area-id virtual-link router-id

Creates a virtual linkremoterouter#show ip ospf interface ethernet 0 Ethernet0 is up, line protocol is up Internet Address 10.64.0.2/24, Area 0 Process ID 1, Router ID 10.64.0.2, Network Type BROADCAST, Cost: 10 Transmit Delay is 1 sec, State DR, Priority 1 Designated Router (ID) 10.64.0.2, Interface address 10.64.0.2 Backup Designated router (ID) 10.64.0.1, Interface address 10.64.0.1

1999, Cisco Systems, Inc.

www.cisco.com

BSCN7-46

Configuring Virtual LinksTo configure a virtual link, do the following:Step 1 Step 2

Configure OSPF, as described in the Configuring OSPF ABRs section. On each router that will make the virtual link, create the virtual link. The routers that make the links are the ABR that connects the remote area to the transit area and the ABR that connects the transit area to the backbone area.router(config-router)#area area-id virtual-link router-id

area virtual-link Command area-id

Description Area ID assigned to the transit area for the virtual link (decimal or dotted-decimal format). There is no default. Router ID of the virtual link neighbor.

router-id

If you do not know the neighbors router ID, you can Telnet to it and type the show ip ospf command.

7-37

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

OSPF Virtual Link Configuration ExampleRouter ID 10.3.10.5

Area 1Router ID 10.7.20.123

R1

Token Ring

R2

Area 0

Area 3 R2: router ospf 63 network 10.3.0.0 0.0.0.255 area 1 network 10.7.0.0 0.0.0.255 area 3 area 1 virtual-link 10.3.10.5 R1: router ospf 100 network 10.2.3.0 0.0.0.255 area 0 network 10.3.2.0 0.0.0.255 area 1 area 1 virtual-link 10.7.20.123

1999, Cisco Systems, Inc.

www.cisco.com

BSCN7-47

OSPF Virtual Link Configuration ExampleIn this example, area 3 does not have a direct physical connection to the backbone (area 0), which is an OSPF requirement because the backbone is a collection point for LSAs. ABRs forward summary LSAs to the backbone, which in turn forwards the traffic to all areas. All interarea traffic transits the backbone. To provide connectivity to the backbone, a virtual link must be configured between R2 and R1. Area 1 will be the transit area and R1 will be the entry point into area 0. R2 will have a logical connection to the backbone through the transit area. Both sides of the virtual link must be configured.s

R2: area 1 virtual-link 10.3.10.5With this command, area 1 is defined to be the transit area and the router ID of the other side of the virtual link is configured.

R1: area 1 virtual-link 10.7.20.123With this command, area 1 is defined to be the transit area and the router ID of the other side of the virtual link is configured.

Copyright 1999, Cisco Systems, Inc.

Interconnecting Multiple OSPF Areas

7-38

Verifying OSPF OperationThis section present the commands used to verify OSPF operation

Show ip ospf commandRouter#

show ip ospf border-routers

Lists the ABRs in the autonomous systemRouter#

show ip ospf virtual-links

Displays the status of the virtual linkRouter#

show ip ospf process-id

Displays statistics about each area to which the router is connectedRouter#

show ip ospf database

Displays the contents of the OSPF tables 1999, Cisco Systems, Inc.

www.cisco.com

BSCN7-49

Show ip ospf commandThe same show commands listed in the Configuring OSPF for a Single Area chapter can be used to verify OSPF operation in multiple areas. Some additional commands include:s

show ip ospf border-routersDisplays the internal OSPF routing table entries to an ABR. show ip ospf virtual-linksDisplays parameters about the current state of OSPF virtual links. show ip ospf process-idDisplays information about each area to which the router is connected, and indicates if the router is an ABR, ASBR, or both. show ip ospf databaseDisplays the contents of the topological database maintained by the router. Several keywords can be used with this command to get specific information about links: show ip ospf [process-id area-id] database [network]Displays network link-state information. show ip ospf [process-id area-id] database [summary]Displays summary information about router link states. show ip ospf [process-id area-id] database [asbr-summary]Displays information about ASBR link-states. show ip ospf [process-id area-id] database [external]Displays information about autonomous system external link states.

s

s

s

7-39

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

show ip ospf [process-id area-id] database [database-summary] Displays database summary information and totals. The Configuring a Mutliarea Network lab exercise covers these commands in more detail.

Copyright 1999, Cisco Systems, Inc.

Interconnecting Multiple OSPF Areas

7-40

SummaryOSPF components that make it useful in a large internetwork include: Various types of areas including stub, totally stubby, and transit Various types of routers including ABRs and ASBRs Various types of link-state advertisements

1999, Cisco Systems, Inc.

www.cisco.com

BSCN7-50

Summary

7-41

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Case StudyFollowing is a case study related to OSPF.

Case Study - OSPF MultiareaArea 0

Frame Relay Network

FDDI

Area 3 Area 11 Gigabit Ethernet Fast Ethernet Ethernet Serial 1999, Cisco Systems, Inc.

Area 16

www.cisco.com

BSCN7-52

Case Study OSPF MultiareaAs your organization grows, the network must be able to keep pace. Your network and its initial design must enable it to expand accordingly. A network that cannot keep pace with the organization's needs is not much use. Following are some points about Multiarea OSPF networks.s

Hierarchical topology: Core Router, Distribution router, Access Router. The benefits of hierarchical network include:

Scalable.. Ease of Implementation. Ease of Troubleshooting Predictability Protocol Support Manageability

s

Route summarization

Be sure that your network addressing scheme is configured so that the range of subnets assigned within an area is contiguous. Create an address space that will permit you to split areas easily as your network grows.

Copyright 1999, Cisco Systems, Inc.

Interconnecting Multiple OSPF Areas

7-42

s

Plan ahead for the addition of new routers to your OSPF environment

DR/BDR functionality: Any device running OSPF is eligible to become the DR or BDR. NBMA issues: Due to the lack of broadcast capability, some configuration information may be necessary to aid in the discovery of neighbors Ease of configuration: Simplicity in the topology will translate in simplicity of management

s

s

7-43

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Answers to Written Exercise: OSPF Operation across Multiple Areas1 Define hierarchical routing and explain what internetwork problems it solves. OSPFs ability to separate a large internetwork into multiple areas is also referred to as hierarchical routing. Hierarchical routing enables you to separate your large internetwork (autonomous system) into smaller internetworks that are called areas. The advantages include smaller routing tables, reduced frequency of SPF calculations, and reduced LSU overhead.

2

An internal router will receive type-5 LSAs if it is what type of area? If it is an area that is NOT configured for stubby or totally stubby.

3

What area types are connected to the backbone area? All area types are connected to the backbone.

4

The backbone must be configured as what area? The backbone area must always be area 0.

5

Write a brief description of the following:Name Description

LSA Type 1

Router link entry (record) (O-OSPF)

Generated by each router for each area it belongs to. It describes the states of the routers link to the area. These are only flooded within a particular area. The link status and cost are two of the descriptors provided. Generated by DRs in multiaccess networks. They describe the set of routers attached to a particular network. Flooded within the area that contains the network only. Originated by ABRs. Describes the links between the ABR and the internal routers of a local area. These entries are flooded throughout the backbone area to the other ABRs. Type-3 describes routes to networks within the local area that are sent to the backbone area. Type-4 describes routes from the ABR to the ASBR. These link entries are not flooded through totally stubby areas. Originated by the ASBR. Describes routes to destinations external to the autonomous system. Flooded throughout an OSPF autonomous system except for stub and totally stubby areas.

2

Network link entry (O-OSPF)

3 or 4

Summary link entry (IA-OSPF interarea)

5

Autonomous system external link entry (E1-OSPF external type-1) (E2-OSPF external type-2)

Copyright 1999, Cisco Systems, Inc.

Interconnecting Multiple OSPF Areas

7-44

6

Describe the path a packet must take in order to get from one area to another. The packet must go through the interarea, through the ABR, through the backbone area, through the next ABR, and then through the internal routers to its final destination.

7

When is a default route injected into an area? When the area is configured for stub or totally stubby.

7-45

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

8

Configuring EIGRP

.

Objectives

ObjectivesUpon completion of this chapter, you will be able to perform the following tasks: Describe Enhanced IGRP features and operation Configure Enhanced IGRP Describe Enhanced IGRPs usage in scalable internetworks Verify Enhanced IGRP operation

1999, Cisco Systems, Inc.

www.cisco.com

BSCN8-2

ObjectivesThis chapter presents Enhanced IGRP configuration. Sections:s s s s s s s s s s s

Objectives Enhanced IGRP Overview Enhanced IGRP Operation Written Exercise: EIGRP Overview Configuring EIGRP Using EIGRP in Scalable Internetworks Verifying Enhanced IGRP Operation Summary Case Study Enhanced IGRP Lab Exercise: Configuring EIGRP Answers to Exercises

Copyright 1999, Cisco Systems, Inc.

Configuring EIGRP

8-2

Enhanced IGRP Overview

Enhanced IGRP Overviewwww.cisco.com

1999, Cisco Systems, Inc.

8-3

Enhanced IGRP Overview

8-3

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

What Is Enhanced IGRP (EIGRP)?IP Routing Protocols AppleTalk Routing Protocol IPX Routing Protocols Enhanced IGRP IP Routing Protocols AppleTalk Routing Protocol IPX Routing Protocols

Enhanced IGRP supports: Rapid convergence Reduced bandwidth usage Multiple network-layer protocols 1999, Cisco Systems, Inc.

www.cisco.com

BSCN8-4

What Is Enhanced IGRP (EIGRP)?Enhanced IGRP (EIGRP) is a Cisco proprietary protocol that combines the advantages of link-state and distance vector routing protocols. As a hybrid protocol, EIGRP includes the following features:s

Rapid convergenceEIGRP uses the Diffusing Update Algorithm (DUAL) to achieve rapid convergence. A router running Enhanced IGRP stores backup routes, when available, for destinations so it can quickly adapt to alternate routes. If no appropriate route or backup route exists in the local routing table, EIGRP queries its neighbors to discover an alternative route. These queries are propagated until an alternate route is found. Reduced bandwidth usageEIGRP does not make periodic updates. Instead, it sends partial updates about a route when the path changes or the metric for that route changes. When path information changes, the DUAL algorithm sends an update about that link only, rather than the entire table. In addition, the information is sent only to the routers that need it, in contrast to link-state protocol operation, which sends a change update to all routers within an area. Multiple network-layer supportEIGRP supports AppleTalk, IP, and Novell NetWare through the use of protocol dependent modules (PDMs). These modules are responsible for network-layer-specific protocol requirements.Only TCP/IP implementations of Enhanced IGRP will be covered in this class.

s

s

Note

Copyright 1999, Cisco Systems, Inc.

Configuring EIGRP

8-4

EIGRP FeaturesAdvanced distance vector 100% loop free Fast convergence Easy configuration Less network design constraints than OSPF

1999, Cisco Systems, Inc.

www.cisco.com

BSCN8-5

EIGRP FeaturesEIGRP has its roots as a distance vector routing protocol and, as such, is predictable in its behavior. Like its predecessor IGRP, EIGRP is easy to configure and is adaptable to a wide variety of network topologies. What makes EIGRP an advanced distance vector protocol is its addition of several link-state features, such as dynamic neighbor discovery. EIGRP offers superior performance over IGRP because of its rapid convergence and its guarantee of a loop-free topology at all times. These improvements are the key to the name Enhanced IGRP.

8-5

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

EIGRP Features (cont.)Incremental updates Supports VLSM and discontiguous networks Classless routing Compatible with existing IGRP networks Protocol independent (supports IPX and AppleTalk)

1999, Cisco Systems, Inc.

www.cisco.com

BSCN8-6

EIGRP Features (cont.)EIGRP is compatible with existing IGRP networks and, at the same time, offers clear advantages in its default behavior. Changes in topology trigger routing updates (rather than periodic announcements) and the information exchanged between routers is limited to only the affected routes. Because EIGRP is a classless routing protocol it advertises a routing mask for each destination network. This feature enables EIGRP to support discontiguous subnetworks and variable length subnet masks (VLSM). An additional feature that brings great value to multiprotocol networks is EIGRPs ability to support IPX and AppleTalk protocols. EIGRPs rapid convergence and sophisticated metric structure offer superior performance and stability when implemented in IPX and AppleTalk networks.

Copyright 1999, Cisco Systems, Inc.

Configuring EIGRP

8-6

Advantages of EIGRPUses multicast instead of broadcast Utilize link bandwidth and delay EIGRP Metric = IGRP Metric x 256 (32 bit Vs. 24 bit)

Unequal cost paths load balancing More flexible than OSPF Full support of distribute list Manual summarization can be done in any interface at any router within network 1999, Cisco Systems, Inc.

www.cisco.com

BSCN8-7

Advantages of EIGRPEIGRP offers many advantages over traditional distance vector routing protocols. One of the most significant advantages is in the area of bandwidth utilization. EIGRPs operational traffic is primarily multicast rather than broadcast in nature. As a result, end stations are unaffected by routing updates and requests for topology information. Enhanced IGRP uses the same algorithm for metric calculation as does IGRP, but the value is represented in 32-bit format to give it additional granularity when selecting routes to destination networks. EIGRP supports unequal metric load balancing that allows administrators to more fully distribute traffic flow in their networks. Some of EIGRPs operational characteristics are borrowed from link-state protocols. For example, EIGRP allows administrators to create summary routes anywhere within the network rather than the traditional distance vector approach of performing classful summarization only at major network boundaries. In addition, EIGRP supports bi-directional route redistribution from other routing domains at the process level.

8-7

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

EIGRP Support for Different TopologiesD A

Rest of the CoreB

S0C

Frame Relay

E

S1

F

G

Enhanced IGRP supports Multiaccess (ie. LANs) Point-to-point (ie. HDLC) NBMA (ie. Frame Relay) 1999, Cisco Systems, Inc.

H

www.cisco.com

BSCN8-8

EIGRP Support for Different TopologiesEnhanced IGRP was designed to operate well in both LAN and WAN environments. In multiaccess topologies, such as Ethernet and Token Ring, neighbor relationships are formed and maintained using reliable multicasting. Wide area network support for dedicated, point-to-point, links and non-broadcast multiaccess (NBMA) topologies is a standard for EIGRP. Differences in media type is accounted for in the formation of neighbor adjacencies across WAN links.

Copyright 1999, Cisco Systems, Inc.

Configuring EIGRP

8-8

EIGRP Support for IP Addresses/16D

World /24

A

B

C

/30

M

N

O

P

R

S

/27

Enhanced IGRP supports Variable length subnet masks (VLSM) Hierarchical designs 1999, Cisco Systems, Inc.

www.cisco.com

BSCN8-9

EIGRP Support for IP AddressesEIGRP supports IP address implementation in both hierarchical and nonhierarchical designs. To further the efficient allocation of addresses in the network, EIGRP supports variable length subnet masks (VLSM). This allows different masks to be applied to different segments based upon the host requirements for each link. Secondary addresses can be applied to interfaces to solve particular addressing issues, although all routing overhead will be generated through the primary interface address.

8-9

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

EIGRP Support for Route Summarization172.16.0.0 /24 192.168.42.0 /27 10.0.0.0 /18

172.16.0.0 /16

172.16.0.0 /16 192.168.42.0 /24

Enhanced IGRP performs route summarization Classful network boundaries (default) Arbitrary network boundaries (manual) 1999, Cisco Systems, Inc.

www.cisco.com

BSCN8-10

EIGRP Support for Route SummarizationAs an advanced distance vector protocol, EIGRP supports route summarization at major network boundaries as the default. Administrators can configure manual summarization on arbitrary network boundaries in order to shrink the size of the routing table. Enhanced IGRP supports the creation of supernets or aggregated blocks of addresses (networks).

Copyright 1999, Cisco Systems, Inc.

Configuring EIGRP

8-10

EIGRP TerminologyNeighbor TableAppleTalk Neighbor TableIPX Destination Next Hop Neighbor Next Hop DestinationTableIP Router Next Hop Router Interface Router Topology TableAppleTalk Destination TableIPX Topology 1 Next Router 1/Cost Topology Destination 1TableIP Destination 1Next Router 1/Cost Next Router 1/Cost Destination Successor Destination 11 Next Router 1/Cost Destination 1 Feasible Successor Routing TableAppleTalk Routing TableIPX Destination 1 Next Router X Routing 1 Next Router X Destination 1 Next Router X Destination TableIP Destination Next Router Destination 1 1 Successor X 1999, Cisco Systems, Inc.

www.cisco.com

BSCN8-15

EIGRP TerminologyThis section introduces you to a variety of terms related to EIGRP used throughout this chapter:s

Neighbor tableEach EIGRP router maintains a neighbor table that lists adjacent routers. This table is comparable to the adjacencies database used by OSPF. It serves the same purpose, to ensure bi-directional communication between each of the directly connected neighbors. There is a neighbor table for each protocol that EIGRP supports. Topology tableEach EIGRP router maintains a topology table for each configured routing protocol. This table includes route entries for all destinations that the router has learned. All learned routes to a destination are maintained in the topology table. Routing tableEIGRP chooses the best (successor) routes to a destination from the topology table and places these routes in the routing table. The router maintains one routing table for each network protocol. SuccessorA route selected as the primary route to use to reach a destination. Successors are the entries kept in the routing table. Feasible successorA backup route. These routes are selected at the same time the successors are identified, but they are kept in a topology table, discussed later on this page. Multiple feasible successors for a destination can be retained.

s

s

s

s

8-11

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Enhanced IGRP Operation

Enhanced IGRP Operation 1999, Cisco Systems, Inc.

www.cisco.com

8-16

Enhanced IGRP Operation

Copyright 1999, Cisco Systems, Inc.

Configuring EIGRP

8-12

EIGRP PacketsHello: Establish neighbor relationships Update: Send routing updates Query: Ask neighbors about routing information Reply: Response to query about routing information Ack: Acknowledgement of a reliable packet

1999, Cisco Systems, Inc.

www.cisco.com

BSCN8-17

EIGRP PacketsEIGRP supports five generic packet types. Hello: Hello packets are used for neighbor discovery. They are sent as multicasts and carry a zero acknowledgment number. Update: An Update is sent to communicate the routes that a particular router has converged on. These are sent as multicasts when a new route is discovered, or when convergence has completed (and the route is Passive). They are also sent as unicasts when neighbors start up in order to synchronize the topology tables (since Updates are not sent periodically as in IGRP). Queries: When a router is performing route computation, and it does not have a feasible successor, it will send a Query packet to its neighbors asking if they have a feasible successor for the destination. Queries are always multicast. Replies: A Reply packet is sent in response to a Query packet. Replies are unicast to the originator of the Query. ACK: The ACK is used for acknowledging other types of packets described below. ACKs are Hello packets that are sent as unicasts, and contain a non-zero acknowledgment number.

8-13

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

EIGRP Neighbor RelationshipTwo routers become neighbors when they see each others Hello packet Hello address = 224.0.0.10

Hellos sent once every five seconds on the following links: Broadcast Media: Ethernet, Token Ring, FDDI, etc. Point-to-point serial links: PPP, HDLC, point-to-point Frame Relay/ATM subinterfaces Multipoint circuits with bandwidth greater than T1: ISDN PRI, SMDS, Frame Relay 1999, Cisco Systems, Inc.

www.cisco.com

BSCN8-18

EIGRP Neighbor RelationshipWhen EIGRP is configured on an interface, the router sends periodic multicast Hello packets on that interface. When a router running an EIGRP process with the same Autonomous System number receives another routers Hello packet, it establishes a neighbor relationship (Adjacency). Hello packets are sent at various time intervals depending on the media. They default to once every 5 seconds over a LAN and dedicated or higher-speed WAN links. When a router is configured for EIGRP it dynamically discovers other routers directly connected to it. Each router maintains information that it has learned from its neighboring routers. This information is maintained in the Neighbor Table. The address and the interface through which the neighbor can be reached is also recorded. The Neighbor Table also maintains an entry known as the HoldTime. A router, as part of its Hello message, reports the HoldTime. HoldTime is the amount of time the router treats the neighbor as reachable and operational.

Copyright 1999, Cisco Systems, Inc.

Configuring EIGRP

8-14

EIGRP Neighbor Relationship (cont.)Hellos sent once every 60 seconds on the following links: Multipoint circuits with bandwidth less than T1: ISDN BRI, Frame Relay, SMDS, etc.

Neighbor declared dead when no EIGRP packets are received within hold interval Not only Hello can reset the hold timer

Hold time by default is three times the hello time

1999, Cisco Systems, Inc.

www.cisco.com

BSCN8-19

EIGRP Neighbor Relationship (cont.)Hello packets are sent out less frequently on lower-speed links, such as multipoint serial interfaces. Hellos are generated at 60-second intervals on this type of interface. The Hello mechanism is also used to discover the loss of their neighbors. This is done dynamically and quickly. If a Hello packet is not heard before the expiration of the HoldTime, then a topology change is detected. The neighbor adjacency is deleted, and all topology table entries learned from that neighbor are removed (as if the neighbor had sent an Update stating that all of the routes are unreachable. This may cause routes to enter Active State). This enables the routes to quickly reconverge if an alternate feasible route is available. The rate at which hello packets are sent is called the hello interval, and can be adjusted per interface with the ip eigrp hello-interval command. The amount of time that a router will consider a neighbor up without receiving a hello (or some other eigrp packet) is called the hold time, and is typically three times the hello interval - so the hold times are 15 seconds and 180 seconds by default. HoldTime is calculated as 3 x Hello time interval, but it can also be configured. The hold time can be adjusted with the "ip eigrp hold-time" interface command.If you change the hello interval, the hold time is not automatically adjusted to Note account for this change you must manually adjust the hold time to reflect the configured hello interval.

8-15

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

EIGRP Neighbor Relationship (cont.)EIGRP will form neighbors even though hello time and hold time dont match EIGRP sources Hello packets from primary address of the interface EIGRP will not form neighbor if K-values are mismatched EIGRP will not form neighbor if AS numbers are mismatched Passive interface configuration might be required for compatibility (IGRP vs. EIGRP) 1999, Cisco Systems, Inc.

www.cisco.com

BSCN8-20

EIGRP Neighbor Relationship (cont.)It is possible for two routers to become EIGRP neighbors even though the hello and hold timers do not match. The hold time is included in the hello packets so each neighbor should remain up correctly even though the hello interval and hold timers do not match. EIGRP will not build peer relationships over secondary addresses because all EIGRP traffic uses the primary address of the interface. In addition, peer relationships will not be formed if the neighbor resides in a different autonomous system or if the metric-calculation mechanism (K values) is mis-aligned for that link. K values are discussed later in this section. If you suspect that the network difficulties are caused by neighbor-related problems, follow these suggestions: Running show ip eigrp neighbor several times in a row can give you a good idea of what the hello interval and hold timers are for the given neighboring router. The Hold column should never get above the hold time, and should never get below the hold time minus the hello interval (unless, of course, you are losing hello packets). If the Hold column usually ranges between 10 and 15 seconds, the hello interval is 5 seconds and the hold time is 15 seconds. If the Hold column usually has a wider range - between 120 and 180 seconds the hello interval is 60 seconds and the hold time is 180 seconds. If the numbers do not seem to fit one of the default timer settings, check the interface in question on the neighboring router - the hello and hold timers have probably been configured manually.

Copyright 1999, Cisco Systems, Inc.

Configuring EIGRP

8-16

What Is in a Neighbor Table?p2r2

p2r2#show ip eigrp neighbors IP-EIGRP neighbors for process 400 H Address Interface Hold Uptime SRTT (sec) (ms) 1 172.68.2.2 To0 13 02:15:30 8 0 172.68.16.2 Se1 10 02:38:29 29

RTO Q Seq Cnt Num 200 0 9 200 0 6

1999, Cisco Systems, Inc.

www.cisco.com

BSCN8-21

What Is in a Neighbor Table?Like OSPF, EIGRP routers multicast hello packets to discover neighbor routers and to exchange route updates. If you recall, adjacent routers are the only ones that can exchange routing information. Each router builds a neighbor table from hello packets that it receives from adjacent EIGRP routers running the same networklayer protocol. EIGRP maintains a neighbor table for each configured network-layer protocol. The table includes the following key elements:s s

Neighbor addressThe network-layer address of the neighbor. QueueIndicates the number of packets waiting in queue to be sent. If this value is constantly higher than zero, then there may be a congestion problem. A zero means that there are no EIGRP packets in the queue. Smooth Round Trip TimerIndicates the average time it takes to send and receive packets from a neighbor. This timer is used to determine the retransmit interval (RTO). Hold TimeThe interval to wait without receiving anything from a neighbor before considering the link unavailable. Originally, the expected packet was a hello packet, but in current Cisco IOS software releases, any EIGRP packets received after the first hello will reset the timer.

s

s

8-17

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

EIGRP Reliable Transport ProtocolEIGRP reliable packets are packets that requires explicit acknowledgement: Update Query Reply

EIGRP unreliable packets are packets that do not require explicit acknowledgement: Hello Ack 1999, Cisco Systems, Inc.

www.cisco.com

BSCN8-22

EIGRP Reliable Transport ProtocolReliable Transport Protocol (RTP) is responsible for guaranteed, ordered delivery of Enhanced IGRP packets to all neighbors. It supports intermixed transmission of multicast or unicast packets. For efficiency, only certain Enhanced IGRP packets are transmitted reliably. On a multi-access network that has multicast capabilities, such as Ethernet, it is not necessary to send hello packets reliably to all neighbors individually. For that reason, Enhanced IGRP sends a single multicast hello packet containing an indicator that informs the receivers that the packet need not be acknowledged. Other types of packets, such as updates, indicate in the packet that acknowledgment is required. RTP contains a provision for sending multicast packets quickly when unacknowledged packets are pending, which helps ensure that convergence time remains low in the presence of varying speed links. All packets carrying routing information (Update/Query/Reply) must be sent reliably, since they are not sent periodically. Assigning a sequence number to each reliable packet, and requiring an explicit acknowledgment for that sequence number provides reliability. Acknowledgments and Hello packets, which help provide the reliability mechanism, by their nature, are not sent reliably.

Copyright 1999, Cisco Systems, Inc.

Configuring EIGRP

8-18

EIGRP Reliable Transport Protocol (cont.)The router keeps a neighbor list and a retransmission list for every neighbor Each reliable packet (Update, Query, Reply) will be retransmitted when packet is not acked Neighbor relationship is reset when retry limit (limit = 16) for reliable packets is reached

1999, Cisco Systems, Inc.

www.cisco.com

BSCN8-23

EIGRP Reliable Transport Protocol (cont.)RTP is also tasked with ensuring that on-going communication is maintained between neighboring routers. As such, a retransmission list is maintained for each neighbor. This list indicates packets (that require acknowledgement) to which responses have not yet been received. Reliable packets that have not been acknowledged will be retransmitted up to a maximum of 16 times. EIGRPs reliability mechanism ensures delivery of critical route information to neighboring routers. This information is required to allow EIGRP to maintain a loop-free topology at all times.

8-19

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

EIGRP Reliable Transport Protocol (cont.)EIGRP transport has window size of one (stop and wait mechanism)Every single reliable packet needs to be acknowledged before the next sequenced packet can be sent If one or more peers are slow in acknowledging, all other peers suffer from this

Solution: The nonacknowledged multicast packet will be retransmitted as a unicast to the slow neighbor 1999, Cisco Systems, Inc.

www.cisco.com

BSCN8-24

EIGRP Reliable Transport Protocol (cont.)The use of reliable multicast traffic is efficient and effective. A potential delay exists on multiaccess media where multiple neighbors exist. The next reliable multicast packet cannot be transmitted until all peers have acknowledged the previous multicast. If one or more peers are slow to respond, it adversely effects all peers by delaying the next transmission. RTP is designed to handle exceptions just like the one described here. Neighbors that are slow to respond to multicasts will have the nonacknowledged multicast packets retransmitted as unicast packets. This allows the reliable multicast operation to proceed without delaying communication with other peers.

Copyright 1999, Cisco Systems, Inc.

Configuring EIGRP

8-20

Discovering RoutesA 1Hello

BI am router A, who is on the link?

Here is my routing information.

Update

2

4Topology Table

3 5

Ack

Thanks for the information!

Update Here is my route information.

Thanks for the information!

Ack

6

Converged 1999, Cisco Systems, Inc.

www.cisco.com

BSCN8-30

Discovering RoutesThe neighbor establishment and discovering routes processes occur at the same time in EIGRP. A high-level description of the process is as follows: 1. A new router (router A) comes up on the link and sends out a hello through all interfaces. 2. Routers receiving the hello reply with update packets that contain all the routes they have in their routing table, except those learned through that interface (split horizon). In addition, these update packets have the Init bit set, indicating that this is the initialization process. An Update packet includes information about the routes a neighbor is aware of, including the metric that the neighbor is advertising for each destination. 3. Router A replies to each neighbor with an Ack packet, indicating that it received the update information. 4. Router A ports all update packets in its topology table. The topology table includes all destinations advertised by neighboring (adjacent) routers. It is organized such that each destination is listed, along with all the neighbors that can get to the destination, and their associated metric. 5. Router A then exchanges update packets with each of its neighbors. 6. Upon receiving the update packets, each router sends an Ack packet to router A. When all updates are received, the router is ready to choose the primary and backup routes to keep in the topology table.

8-21

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

EIGRP Route SelectionIPA B

IP T1 19.2 T1 AppleTalk IPX T1C D

AppleTalk IPX

EIGRP uses a composite metric to pick the best path 1999, Cisco Systems, Inc.

www.cisco.com

BSCN8-31

EIGRP Route SelectionEIGRP route selection is perhaps what distinguishes it most from other routing protocols. Its key characteristics are as follows:s

EIGRP selects primary and backup routes that are kept in the topology table (up to six per destination). The primary routes are then moved to a routing table. Like OSPF, EIGRP supports several types of routes: internal, external (that is, non-EIGRP), and summary routes.

s

EIGRP uses the same composite metric as IGRP to determine the best path. The metric can be based on five criteria. The default criteria used are: BandwidthThe smallest bandwidth between source and destination DelayCumulative interface delay along the path Additional criteria that can be used follow. These criteria are not recommended for use because they typically result in frequent recalculation of the topology table. ReliabilityWorst reliability between source and destination based on keepalives LoadingWorst load on a link between source and destination based on bits per second MTUSmallest MTU in path

s

EIGRP uses the DUAL algorithm to calculate the best route to a destination. DUAL selects routes based on the composite metric and assures that the selected routes are loop-free.

Copyright 1999, Cisco Systems, Inc.

Configuring EIGRP

8-22

EIGRP Metrics CalculationMetric = [K1 x BW + (K2 x BW) / (256 - Load) + K3 x Delay] x [K5 / (Reliability + K4)] By Default: K1 = 1, K2 = 0, K3 = 1, K4 = K5 = 0

Delay is sum of all the delays of the link along the paths Delay = Delay/10

Bandwidth is the lowest bandwidth of the link along the paths Bandwidth = 10000000/Bandwidth

1999, Cisco Systems, Inc.

www.cisco.com

BSCN8-32

EIGRP Metrics CalculationEIGRP uses the following formula to calculate a metric: Metric = [K1*bandwidth + (K2*bandwidth)/(256 - load) + K3*delay] * [K5/(reliability + K4)] In basic terms, the values K1, K2, K3, K4, and K5 represent Bandwidth, Load, Delay, MTU, and Reliability respectively. K values are carried in Hello packets. Mismatched K values can cause a neighbor to be reset. (Only K1 and K3 are used, by default, in metric complilation). These K values shouldn't be modified without extremely careful planning. Changing these values can cause your network to fail to converge. Some modifications to the values are made for purposes of use in the metric calculation. For example, the format of the Delay and Bandwidth values is different than those displayed by the show interface command. The EIGRP Delay value is divided by 10 to represent it in tens of uSec rather than in uSec as in the sho int display. Likewise, EIGRPs Bandwidth is the inverse of 107 (unlike OSPFs inverse of 109) rather than shown as Kbits in the sho int display. For example, EIGRP values Ethernet Delay as 100 (not as 1000 uSec) and Bandwidth as 1000 (not as 10000K). Enhanced IGRP represents its metrics in a 32-bit format vice the 24-bit representation used by IGRP. This representation allows a more granular decision to be made when calculating successor (and feasible successor) routes. When integrating IGRP routes into an EIGRP domain, multiply the IGRP metric by 256 to get the approximate EIGRP-equivalent metric.

8-23

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Choosing RoutesNetwork 7 (20)H

(10)G C

(10)B

(1)FDDI

A

D

(100)40 31 230

E

(100)30 21 220

F

(10)

Destination Feasible. Dist. Advert. Dist. Neighbor

Router As Routing Table7 31 B

Topology Table

7 7 7

H B D

B is current successor (lowest FD) H is the feasible successor (AD < FD) D is not a feasible successor (AD > FD) 1999, Cisco Systems, Inc.

www.cisco.com

BSCN8-35

Choosing RoutesEIGRP uses the following process to determine what routes to keep in the topology and route tables: 1. DUAL is run on the topology table to determine the best and loop-free primary and backup routes to each destination. Best is the lowest cost route that is calculated by adding the cost between the next-hop router and the destination (referred to as advertised distance) to the cost between the local router and the next-hop router (referred to as feasible distance). For example, in the graphic, from router A, the advertised distance to network 7 using router B is 21, and the feasible distance is 31 because of the additional link cost between routers A and B, which is 10. The next-hop router(s) selected as the best path is referred to as the successor. Multiple successors can exist, if they have the same feasible distance and use different next-hop routers. All successors are added to the route table. In the graphic, router B is the successor for network 7. The next-hop router(s) for the backup path is referred to as the feasible successor. If the successors route is no longer valid and a suitable feasible successor exists, this feasible successor replaces an invalid successor in the routing table without a recomputation. More than one feasible successor can be kept at one time. These routes need not have the same feasible distance, but their advertised distance must be less than the feasible distance of the successor route. 2. The successors and feasible successors are kept in the topology table, along with all other routes, referred to as possible successors. The only routes removed are those that have a metric of infinity (unreachable).

Copyright 1999, Cisco Systems, Inc.

Configuring EIGRP

8-24

Maintaining Routes - PassiveNet 7 (20)H

(10)G C

(10)B

(1)FDDI

ATopology Table

(10)D

(100) 40 31

E

(100)Advert. Dist.

F Neighbor State

Destination Feasible Dist.

7 7

30 21

H B

P P

1

2

Router As Routing Table7 40 H

1999, Cisco Systems, Inc.

www.cisco.com

BSCN8-36

Maintaining Routes - PassiveWhen there is a change in the network, the router that learned about the change advertises it to its neighbors by multicasting an update packet with the change. If the update packets are to notify the neighbors that a router was added to the network, then the process described in the previous Discovering Neighbors and Discovering Routes sections occurs. But if the update packet says that a link has a worse metric, or is no longer available, the router must find an alternative path. To obtain an alternative path, the router that lost the link looks for a new feasible successor in its topology table. If a feasible successor exists, it is promoted to a successor and added to the routing table, and used. The topology table is then recalculated to determine if there are any new feasible successors, based on the new successors feasible distance. If a feasible successor is found, the route remains passive and no interaction with neighboring routers is required. This operation represents the most rapid type of convergence for EIGRP. An example of this condition is demonstrated in the graphic above.

8-25

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Maintaining Routes - ActiveNet 7 (10) (20)H G

(10) (10)

ATopology Table at A

D

E

(100)

(100)

F

Destination Feasible Dist.

Advert. Dist.

Neighbor

State

7 A

40

30

H

P

A

1

2At the same time Topology Table at D

Query

Do you have feasible successor to network 7?

Destination Feasible Dist.

Advert. Dist.

Neighbor

State

7 D

40

30

H

P

A

1

2 1999, Cisco Systems, Inc.

Query

Do you have feasible successor to network 7?www.cisco.comBSCN8-37

Maintaining Routes ActiveWhen a link fails and if a feasible successor is not available, the following process is followed: 1. The router (router A) flags the failed route as in an active state in the topology table. When routes are operating well, they are in passive state. 2. Router A looks for an alternative path by sending out a query packet to all its neighbors to learn if they have a path to the given destination. The query packet is multicast out every interface except the one from which the dead link was learned about, thus following the split horizon rule. Because the router expects a reply to the query from each neighbor, it tracks the sending and receiving of these packets from each neighbor from the topology table. In the graphic, for example, no feasible successor exists, because no routers advertised distance is less than router Bs feasible distance. As a result, router A must query its neighbors to find new successors and feasible successors. The route to network 7 changes from passive to active state. Router D also used router B as the next-hop router to reach network 7. Router D flags the failed route as in an active state in the topology table and attempts to locate a new route to network 7.

Copyright 1999, Cisco Systems, Inc.

Configuring EIGRP

8-26

Maintaining Routes - Active (cont.)Destination Feasible Dist. Advert. Dist. Neighbor State

Topology Table at E

7 7

120 140

20 40Here is a successor to network 7.

F D EReply

P P

3

Topology Table at D

Destination Feasible Dist.

Advert. Dist.

Neighbor

State

7

220Here is a successor to network 7.

120 DReply

E

A

P

4State

Topology Table at A

Destination Feasible Dist.

Advert. Dist.

Neighbor

7

230

220

D

A

P

5

1999, Cisco Systems, Inc.

www.cisco.com

BSCN8-38

Maintaining Routes Active (cont.)3. If a neighbor has a feasible successor that does not use the querying router, or no route at all to the destination, it unicasts a Reply packet to the requestor indicating the appropriate information. If a neighbor that receives the query is using the querying router as its feasible successor, then it sends its own Query packet to its neighbors, which creates a query ripple effect through the network until a major network boundary is met with, a manual summarization is met with, or the router is on the autonomous system boundary. 4. When the query router receives replies it reacts, based on the answer in the reply: If the reply included a successor or feasible successor, the information is put into its topology table and the querying router waits until all replies are received. Then it recalculates the topology table and adds the successor(s) to the routing table. The route returns to a passive state in the topology table and routing can continue.

If none of the replies includes a successor or feasible successor, the querying router removes the active route from its topology and routing tables. In addition, the router console receives a message indicating that no route was found.

In the graphic, Router D receives a reply from router E about an alternate path to network 7 and goes from active to passive on network 7. Router D sends a unicast reply to A indicating an alternate path and A updates its topology table by moving the route from an active to passive state.

8-27

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Removing RoutesNet 7 (10)D E F G

A

(10)

(100)L

(100)M

(10)N

(100)

(100)

1

Query

Do you have feasible successor to network 7?

2I have no route to network 7.Reply

Query

Do you have feasible successor to network 7?

I have no route to network 7.

Reply

3Topology Table at A

4

Destination Advert. Distance Feasible Dist. Neighbor

State

Entry for network 7 removed 1999, Cisco Systems, Inc.

www.cisco.com

BSCN8-39

Removing RoutesIf one or more routers to which a query is sent do not respond with a reply within the active time of 180 seconds, EIGRP tears down the neighbor relationship with this rogue router and puts routes that used the rogue router into an active state. Then the querying router generates queries for the route(s) it lost through the rogue router. The reason for these additional queries is that other valid routes (in addition to the route that was just lost) may be reachible through the rogue router and path information about those routes must be relearned. In the graphic, when the link at router D fails, router A goes active on the route to network 7 and queries router L. Router L has no other route to network 7 and generates a query to router M. Router M has no other route to network 7 and generates a query to router N. Each router replies that no additional route to network 7 is available. Router L and router D reply to A indicating no additional path to network 7 is available. As a result, router A removes the entry for network 7 from its topology table.

Copyright 1999, Cisco Systems, Inc.

Configuring EIGRP

8-28

EIGRP DUALDiffusing update algorithm (DUAL) Finite-State-Machine Tracks all routes advertised by neighbors Select loop-free path using a successor and remembers any feasible successors If successor lost Use feasible successor If no feasible successor Query neighbors and recompute new successor 1999, Cisco Systems, Inc.

www.cisco.com

BSCN8-40

EIGRP DUALThe DUAL finite state machine embodies the decision process for all route computations. It tracks all routes advertised by all neighbors. The distance information, known as a metric, is used by DUAL to select efficient loop-free paths. DUAL selects routes to be inserted into a routing table based on feasible successors. A successor is a neighboring router used for packet forwarding that has a least cost path to a destination that is guaranteed not to be part of a routing loop. When there are no feasible successors but there are neighbors advertising the destination, a recompilation must occur. This is the process where a new successor is determined. The amount of time it takes to recalculate the route affects the convergence time. Even though the recompilation is not processor-intensive, try to avoid recompilation if it is not necessary. When a topology change occurs, DUAL tests for feasible successors. If there are feasible successors, it uses any it finds in order to avoid any unnecessary recompilation.

8-29

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

DUAL Example (Start)(a)

C(a)

A

EIGRP Topology Cost (3) via B Cost (3/1) via D Cost (4/2) via E Cost (4/3)

(fd) (Successor) (fs)

(1) B (1) D

D(a)

EIGRP Topology Cost (2) (fd) via B Cost (2/1) (Successor) via C Cost (5/3) EIGRP Topology Cost (3) (fd) via D Cost (3/2) (Successor) via C Cost (4/3)

(2) C

(2) (1)

(1) E

E(a)

1999, Cisco Systems, Inc.

www.cisco.com

BSCN8-41

DUAL Example (Start)In the graphic, the topology table indicates the following: fd feasible distance equals the sum of the links to reach (a) Cost link cost of the path to (a) (with hops shown, as well) Successor forwarding path to (a), path cost equal to fd fs feasible successor, an alternate path The sample network is stable and converged.

Copyright 1999, Cisco Systems, Inc.

Configuring EIGRP

8-30

DUAL Example(a) C EIGRP Topology (a) Cost (3) (fd) via B Cost (3/1) (Successor) via D Cost (4/2) (fs) via E Cost (4/3)

A

(1) B (1)

D(a) D

X(1)

EIGRP Topology Cost (2) (fd) via B Cost (2/1) (Successor) via C Cost (5/3) EIGRP Topology Cost (3) (fd) via D Cost (3/2) (Successor) via C Cost (4/3)

(2) C

(2) (1)

E(a) E

1999, Cisco Systems, Inc.

www.cisco.com

BSCN8-42

DUAL ExampleRouters B and D detect the link failure. Upon being notified of the link failure, DUAL performs the following steps in the graphic: At D: Marks the path to (a) through B as unusable

8-31

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

DUAL Example(a) C EIGRP Topology (a) Cost (3) (fd) via B Cost (3/1) (Successor) via D via E Cost (4/3)

A

(1) B (2) Q (1) D

D EIGRP Topology (a) **ACTIVE** Cost (-1) (fd) **ACTIVE** (fd) **ACTIVE** (fd) via E (q) via C Cost (5/3) (q) EEIGRP Topology Cost (3) (fd) via D Cost (3/2) (Successor) via C Cost (4/3)

(2) C

(1) Q E

(a)

1999, Cisco Systems, Inc.

www.cisco.com

BSCN8-43

DUAL ExampleThe following steps occur in the graphic: At D: Has no feasible successor to (a) Sets the metric to (a) as unreachable (-1 is unreachable) Goes active on (a) Sends query to C and E for alternate path Marks C and E as having a query pending (q) At E: Marks the path to (a) through D as unusable

Copyright 1999, Cisco Systems, Inc.

Configuring EIGRP

8-32

DUAL Example(a) C EIGRP Topology (a) Cost (3) (fd) via B Cost (3/1) (Successor) via D via E

A

(1) B (2) (1) Q 1999, Cisco Systems, Inc.

D R

D EIGRP Topology (a) **ACTIVE** Cost (-1) (fd) **ACTIVE** **ACTIVE** via E (q) via C Cost (5/3) E EIGRP Topology (a) **ACTIVE** Cost (-1) (fd) **ACTIVE** **ACTIVE** via D via C Cost (4/3) (q)BSCN8-44

(2) C

(1) E

www.cisco.com

DUAL ExampleThe following steps occur in the graphic: At D: Receives reply from C, no change to path to (a) Removes query flag from C Stays active on (a), awaiting reply from E (q) At E: Has no feasible successor to (a) Generates query to C Marks C as query pending (q)

8-33

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

DUAL Example(a) C EIGRP Topology (a) Cost (3) (fd) via B Cost (3/1) (Successor) via D via E

A

(1) B (2) (1) R 1999, Cisco Systems, Inc.

D

D EIGRP Topology (a) **ACTIVE** Cost (-1) (fd) **ACTIVE** **ACTIVE** via E (q) via C Cost (5/3) E(a) EIGRP Topology Cost (4) (fd) via C Cost (4/3) (Successor) via D

(2) C

(1) E

www.cisco.com

BSCN8-45

DUAL ExampleThe following steps occur in the graphic: At D: At E: Stays active on (a), awaiting reply from E (q) Receives reply from C Removes query flag from C Calculates new fd and installs new successor route in table

Copyright 1999, Cisco Systems, Inc.

Configuring EIGRP

8-34

DUAL Example(a) C EIGRP Topology (a) Cost (3) (fd) via B Cost (3/1) (Successor) via D via E

A

(1) B R (2) C (2) (1) (1) E D

D(a)

EIGRP Topology Cost (5) (fd) via C Cost (5/3) (Successor) via E Cost (5/4) (Successor) EIGRP Topology Cost (4) (fd) via C Cost (4/3) (Successor) via D

E(a)

1999, Cisco Systems, Inc.

www.cisco.com

BSCN8-46

DUAL ExampleThe following steps occur in the graphic: At D: Receives reply from E Removes query flag from E Calculates new fd Installs new successor routes in table. Two routes match the fd and both are marked as successor.

8-35

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

DUAL Example(a) C EIGRP Topology (a) Cost (3) (fd) via B Cost (3/1) (Successor) via D via E

A

(1) B (2) (1) D

D(a)

EIGRP Topology Cost (5) (fd) via C Cost (5/3) (Successor) via E Cost (5/4) (Successor) EIGRP Topology Cost (4) (fd) via C Cost (4/3) (Successor) via D

(2) C

(1) E

E(a)

1999, Cisco Systems, Inc.

www.cisco.com

BSCN8-47

DUAL ExampleThe following steps occur in the graphic: At D: Two successor routes in the topology table for (a). Both successor routes should be listed in the routing table and equal cost load balancing should be in effect.

The network is stable and converged.

Copyright 1999, Cisco Systems, Inc.

Configuring EIGRP

8-36

DUAL Example (Start)(a)

C(a)

A

EIGRP Topology Cost (3) via B Cost (3/1) via D Cost (4/2) via E Cost (4/3)

(fd) (Successor) (fs)

(1) B (1) D

D(a)

EIGRP Topology Cost (2) (fd) via B Cost (2/1) (Successor) via C Cost (5/3) EIGRP Topology Cost (3) (fd) via D Cost (3/2) (Successor) via C Cost (4/3)

(2) C

(2) (1)

(1) E

E(a)

1999, Cisco Systems, Inc.

www.cisco.com

BSCN8-48

DUAL Example (Start)In the graphic, the original topology (prior to the link failure) shows Es traffic passing through D and B.

8-37

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

DUAL Example (End)(a)

C(a)

A

EIGRP Topology Cost (3) (fd) via B Cost (3/1) (Successor) via D via E EIGRP Topology Cost (5) (fd) via C Cost (5/3) (Successor) via E Cost (5/4) (Successor) EIGRP Topology Cost (4) (fd) via C Cost (4/3) (Successor) via D

(1) B (2) (1) D

D(a)

(2) C

(1) E

E(a)

1999, Cisco Systems, Inc.

www.cisco.com

BSCN8-49

DUAL Example (End)In the graphic, the new topology is represented and shows Ds and Es traffic passing through C and B.

Copyright 1999, Cisco Systems, Inc.

Configuring EIGRP

8-38

Written Exercise: EIGRP OverviewObjective: Describe EIGRP features and operation. Task: In this exercise, you can test your understanding of EIGRP by matching terms with statements. Place the letter of the description in front of the term that the statement describes. A statement may describe several terms.

Term _____ _____ _____ _____ _____ _____ _____ _____ 1. Successor 2. Feasible successor 3. Hello 4. Topology table 5. IP 6. Update 7. AppleTalk 8. Routing table

Statement A) A network protocol that EIGRP supports. B) A table that contains feasible successor information. C) Administrative distance determines routing information that is included in this table. D) A neighbor router that has the best path to a destination. E) A neighbor router that has the best alternative path to a destination. F) An algorithm used by EIGRP that assures fast convergence. G) A multicast packet used to discover neighbors. H) A packet sent by EIGRP routers when a new neighbor is discovered and when a change occurs.

_____ _____

9. DUAL 10. IPX

8-39

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Configuring EIGRP

Configuring EIGRP

1999, Cisco Systems, Inc.

www.cisco.com

8-51

Configuring EIGRP

Copyright 1999, Cisco Systems, Inc.

Configuring EIGRP

8-40

Configuring EIGRP for IPAS=1093.1.0.0 1.1.0.0B

Token Ring

1.4.0.0 2.7.0.0

2.6.0.0E

T0A

S1 S2

2.5.0.0 2.2.0.0D

S0

2.1.0.0

1.2.0.0

C

2.3.0.0Token Ring

2.4.0.0

router eigrp 109 network 1.0.0.0 network 2.0.0.0

Network 3.0.0.0 is not configured on router A because it is not directly connected to router A 1999, Cisco Systems, Inc.

www.cisco.com

BSCN8-52

Configuring EIGRP for IPPerform the following steps to configure EIGRP for IP:Step 1

Enable EIGRP and define the autonomous system.router(config)#router eigrp autonomous-system-number

autonomous-system-numberThe number that identifies the autonomous system, it is used to indicate all routers that belong within the internetwork. This value must match on all routers within the internetwork.Step 2

Indicate which networks are part of the EIGRP autonomous system.router(config-router)#network network-number

network-numberThe network number determines which interfaces of the router are participating in EIGRP, and which networks are advertised by the router.Step 3

If using serial and HDLC links, especially for Frame Relay or SMDS, elect the interface to have the bandwidth used for routing updates changed. If you do not change the bandwidth for these interfaces, EIGRP assumes that the bandwidth on the link is of T1 speed. If the link is slower, the router may not be able to converge, or routing updates might become lost. Define bandwidth of a link for the purposes of sending routing update traffic on the link.router(config-if)#bandwidth kilobits

Step 4

kilobitsIntended bandwidth in kilobits per second. For generic serial interfaces (PPP or HDLC) set the bandwidth to the line speed. For Frame Relay on point-to-point, set it to the CIR, or for multipoint connections set it to the sum of all CIRs.Copyright 1999, Cisco Systems, Inc.

8-41

Building Scalable Cisco Networks

EIGRP Summarization AutomaticPurpose: Smaller routing tables, smaller updates, Query boundary Auto summarization: On major network boundaries, subnetworks are summarized to a single classful (major) network Auto summarization is turned on by default150.150.X.X 151.151.X.X

150.150.0.0/16www.cisco.com

1999, Cisco Systems, Inc.

BSCN8-53

EIGRP Summarization - AutomaticSome of the features of EIGRP are characteristic of pure distance vector operation. The need to summarize routes at a major network boundary is an example of distance vector behavior. Distance-vector protocols cannot assume the mask for non-directly connected networks because routing masks are not exchanged by the routing updates. In addition to the restrictions imposed by the lack of mask information, summarizing routes at major (classful) boundaries creates smaller routing tables. Smaller routing tables, in turn, make the routing update process less bandwidth intensive. Routing protocols from Cisco that are based upon distance-vector principles have auto summarization enabled by default.

Copyright 1999, Cisco Systems, Inc.

Configuring EIGRP

8-42

EIGRP Summarization ManualManual summarization Configurable on per interface basis in any router within network When summarization is configured on an interface, the router immediate creates a route pointing to null zero with administrative distance of five Loop prevention mechanism When the last specific route of the summary goes away, the summary is deleted The minimum metric of the specific routes is used as the metric of the summary route 1999, Cisco Systems, Inc.

www.cisco.com

BSCN8-54

EIGRP Summarization - ManualThe lack of ability to create summary routes at arbitrary boundaries with a major network has been a drawback of distance-vector protocols since their inception. EIGRP has the added functionality to allow administrators to turn off auto summarization and to create one or more summary routes within their network. For manual summarization to be effective, blocks of contiguous addresses (subnets) must come together at a common router so that a single summary route can be advertised by one interface. The number of subnets that can be represented by a summary route is directly related to the number of bits by which the subnet mask has been pulled back towards the major network (natural) mask. The formula of 2n, where n equals the number of bits by which the subnet mask has been reduced, indicates how many subnets can be represented by a single summary route. For example, if the summary mask contains three less bits than the subnet mask then eight subnets can be aggregated into one advertisement. When specifying summary routes the administrator only needs to specify the IP address of the summary route and the routing mask. The IOS software for EIGRP handles many of the details surrounding proper implementation. The IOS handles details about metrics, loop prevention and removal of the route from the routing table when the summary route is no longer valid.

8-43

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Configuring Summarization(config-router)#

no auto-summary

Turns off auto summarization for the EIGRP process(config-if)#

ip summary-address eigrp

Creates a summary address to be generated by this interface 1999, Cisco Systems, Inc.

www.cisco.com

BSCN8-55

Configuring SummarizationEIGRP automatically summarizes routes at the classful boundary. In some cases, however, you may not want autosummarization to occur. For example, if you have discontiguous networks, you need to turn off summarization to minimize router confusion. To turn off automatic summarization, initiate the following command:router(config-router)#no auto-summary

Use the ip summary-address command to manually create a summary route at an arbitrary network boundary within an EIGRP domain. ip summary-address eigrp Command Description as-number address Autonomous system number of the network being summarized. The IP address being advertised as the summary address. This address does not need to be aligned on Class A, B, or C boundaries. The IP mask being used to create the summary address.

mask

Copyright 1999, Cisco Systems, Inc.

Configuring EIGRP

8-44

Summarizing EIGRP Routes192.168.4.2 172.16.1.0A

10.0.0.0C

S0 World

172.16.2.0

B

router eigrp 1 network 10.0.0.0 network 172.16.0.0 no auto-summary

router eigrp 1 network 10.0.0.0 network 192.168.4.0 ! int s0 ip address 192.168.4.2 255.255.255.0 ip summary-address eigrp 1 172.16.0.0 255.255.0.0

1999, Cisco Systems, Inc.

www.cisco.com

BSCN8-57

Summarizing EIGRP RoutesIn the configuration example, routers A and B have turned off automatic route summarization for the 172.16.1 and 172.16.2 subnets as those advertisements pass into network 10.0.0.0. These discontiguous subnets will now be included in the routing tables of routers in the 10.0.0.0 network. At router C, a manual summary route has been created to represent all subnets belonging to network 172.16.0.0 as a single entry in its advertisements to the rest of the world. If you want to summarize networks in an address that you define, do the following:Step 1 Step 2

Select the interface that will propagate the route summary. Specify the format of the route summary and the autonomous system into which it needs to be injected.

Note that, for manual summarization, the summary is advertised only if a component (an entry that is represented in the summary) of the summary is present in the routing table.

8-45

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

EIGRP Load BalancingRoutes with metric equal to the minimum metric, will be installed in the routing table (Equal Cost Load Balancing) Up to six entries in the routing table for the same destinationNumber of entries is configurable Default is 4

1999, Cisco Systems, Inc.

www.cisco.com

BSCN8-58

EIGRP Load BalancingLoad balancing is the ability of a router to distribute traffic over all its network ports that are the same distance from the destination address. Good load-balancing algorithms use both line speed and reliability information. Load balancing increases the utilization of network segments, thus increasing effective network bandwidth. For IP, by default IOS does balance between equal-cost paths. Equal-cost load balancing cannot be disabled, as this is equivalent to removing certain routes from the routing table. When a packet is process switched, load balancing over equal-cost paths is on a per-packet basis. When packets are fast switched, load balancing over equal-cost paths is on a per-destination basis. Remember for testing, dont ping to/from the routers with the fast switching interfaces, because these packets will obviously be process switched rather than fast switched and might lead to confusing results.

Copyright 1999, Cisco Systems, Inc.

Configuring EIGRP

8-46

EIGRP Unequal Cost Load BalancingEIGRP offers unequal cost load balancingVariance command

Variance allows the router to include routes with a metric smaller than multiplier times the minimum metric route to that destinationMultiplier is the number specified by the variance command

1999, Cisco Systems, Inc.

www.cisco.com

BSCN8-59

EIGRP Unequal Cost Load BalancingEIGRP can balance traffic across multiple routes that have different metrics. The amount of load balancing that is performed can be controlled by the "variance subcommand. The multiplier is a metric value that is used for load balancing. This value can be from 1-128. The default is 1, which means equal cost load balancing. The multiplier defines the range of metric values that will be accepted for load balancing. In our example on the following page, the value is 40. This value is used in the procedure for determining the "feasibility" of a potential route. A route is feasible if the next router in the path is closer to the destination than the current router and if the metric for the entire path is within the variance. Only paths that are feasible can be used for the load balancing and included in the routing table. The two feasibility conditions are: Local best metric > Best metric learned from the next router The "multiplier" * Local best metric for the destination > Metric through the next router If both of these conditions are met, the route is called feasible and it can be added to the routing table.

8-47

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Variance Example20 10 E(config)#

B

10 10 A Network Z

20

C

25

variance 2 D

Router E will choose router C to get to network Z because FD=20 With variance of 2, router E will also choose router B to get to network Z (20 + 10) < (2 x [FD]) Router D will not be used to get to network Z (45 > 40) 1999, Cisco Systems, Inc.

www.cisco.com

BSCN8-60

Variance ExampleIn the graphic, router E will use router C as the successor because its feasible distance is lowest (20). With the variance command applied to router A, the path through router B meets the criteria for load balancing. In this case, the feasible distance through B is less than twice the feasible distance for the successor (C). Router D will not considered for load balancing because the feasible distance through D is greater than twice the feasible distance for the successor (C). Another Example: If there were four paths to a given destination, and the metrics for these paths were: Path 1: 1100 Path 2: 1100 Path 3: 2000 Path 4: 4000 The router would, by default, place traffic on both paths 1 and 2. Using EIGRP, you can use the variance command to instruct the router to also place traffic onto paths 3 and 4. Traffic will be placed on any link that has a metric less than the best path multiplied by the variance. To load balance over paths 1, 2, and 3, you would use variance 2, because 1100 x 2 = 2200, which is greater than the metric through path 3. Similarly, to also add path 4, you would issue variance 4 under the router eigrp process in configuration mode.

Copyright 1999, Cisco Systems, Inc.

Configuring EIGRP

8-48

Configuring WAN LinksEIGRP supports different WAN links Point-to-point NBMA Multipoint Point-to-point

EIGRP configurations must address Bandwidth utilization Overhead traffic associated with router operation 1999, Cisco Systems, Inc.

www.cisco.com

BSCN8-61

Configuring WAN LinksEnhanced IGRP has been designed to operate well in WAN environments. It is scalable on both point-to-point links and NBMA links. Due to the inherent differences in operational characteristics of the links listed above, taking the default configuration parameters for all WAN links may not be the best option. A solid understanding of EIGRP operation coupled with a knowledge of available link speeds can yield an efficient, reliable, scalable router configuration.

8-49

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

EIGRP Bandwidth Utilization(config-if)#

ip bandwidth-percent eigrp as-number

Specifies what percentage of bandwidth EIGRP packets will be able to utilize on this interface Uses up to 50% of the link bandwidth for EIGRP packets, by defaultUsed for greater EIGRP load control 1999, Cisco Systems, Inc.

www.cisco.com

BSCN8-62

EIGRP Bandwidth UtilizationBy default, EIGRP will use up to 50% of the bandwidth of an interface or sub interface, as set with the "bandwidth" parameter. This percentage can be changed on a per interface basis by using the following interface subcommands:router (config-if)#ip bandwidth-percent eigrp

In the above commands, nnn is the percentage of the configured bandwidth that EIGRP is allowed to use. Note that this can be set to greater than 100. This is useful if the bandwidth is configured artificially low for routing policy reasons. For example,interface serial0 bandwidth 20 ip bandwidth-percent eigrp 1 200

This configuration would allow EIGRP to use 40Kbps (200% of the configured bandwidth) on the interface. It is essential to make sure that the line is provisioned handle the configured capacity.

Copyright 1999, Cisco Systems, Inc.

Configuring EIGRP

8-50

Bandwidth over WAN InterfacesBandwidth utilization over point-to-point subinterfaces using Frame Relay Treats bandwidth as T1, by default Best practice is to manually configure bandwidth as the CIR of the PVC

1999, Cisco Systems, Inc.

www.cisco.com

BSCN8-63

Bandwidth over WAN InterfacesIn the Cisco IOS, point-to-point Frame Relay subinterfaces are assumed to be operating at full T1 link speed. In many implementations only fractional T1 speeds are available and, as a result, when configuring these types of interfaces, set the bandwidth to match the contracted CIR.

8-51

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Bandwidth over WAN Interfaces (cont.)

Bandwidth over multipoint Frame Relay, ATM, SMDS, and ISDN PRI: EIGRP uses the bandwidth on the main interface divided by the number of neighbors on that interface to get the bandwidth information per neighbor 1999, Cisco Systems, Inc.

www.cisco.com

BSCN8-64

Bandwidth over WAN Interfaces (cont.)When configuring multipoint interfaces, especially for Frame Relay, it is important to understand that the bandwidth is shared equally by all neighbors. EIGRP configuration should reflect the correct percentage of the actual available bandwidth on the line.

Copyright 1999, Cisco Systems, Inc.

Configuring EIGRP

8-52

Bandwidth over WAN Interfaces (cont.)Each PVC might have different CIR, this might create EIGRP packet pacing problem Multipoint interfaces: Convert to point-to-point configuration Manually configure bandwidth = (lowest CIR x number of PVC) ISDN PRI: Use Dialer Profile (treat as point-to-point link)

1999, Cisco Systems, Inc.

www.cisco.com

BSCN8-65

Bandwidth over WAN Interfaces (cont.)Each installation has a unique topology and with that comes unique configurations. Differing CIR values often require a hybrid configuration that blends the characteristics of point-to-point circuits with multipoint circuits. When configuring multipoint interfaces, configure the bandwidth to represent the minimum CIR times the number of circuits. This approach may not fully utilize the higher-speed circuits but it certainly ensures that the circuits with the lowest CIR will not be overdriven. If the topology has a small number of very low-speed circuits, these interfaces should be defined as point-to-point so that their bandwidth can be set to match the provisioned CIR.

8-53

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

EIGRP WAN Configuration Pure MultipointC interface serial 0 encap frame-relay bandwidth 224

S0T1 CIR 56

Frame RelayCIR 56

CIR 56 CIR 56

E F G

H

All VCs share bandwidth evenly: 4 x 56 = 224 1999, Cisco Systems, Inc.

www.cisco.com

BSCN8-66

EIGRP WAN Configuration Pure MultipointIn the graphic, the interface has been configured for a bandwidth of 224 Kbps. In a pure multipoint topology, each circuit will be allocated one quarter of the configured bandwidth on the interface and this 56K allocation matches the provisioned CIR of each circuit.

Copyright 1999, Cisco Systems, Inc.

Configuring EIGRP

8-54

EIGRP WAN Configuration Hybrid MultipointC interface serial 0 encap frame-relay bandwidth 224

S0T1 CIR 256 BW 224 CIR 256 BW 224 E F

Frame Relay

CIR 56 BW 56 CIR 256 BW 224 H G

Lowest CIR x # of VC: 56 x 4 = 224 1999, Cisco Systems, Inc.

www.cisco.com

BSCN8-67

EIGRP WAN Configuration Hybrid MultipointIn the graphic, one of the circuits has been provisioned for a 56K CIR while the other circuits have been provisioned for a much higher rate. This interface has been configured for a bandwidth that represents the lowest CIR multiplied by the number of circuits being supported. This configuration protects against overwhelming the slowest speed circuit in the topology.

8-55

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

EIGRP WAN Configuration Hybrid Multipoint (Preferred)C interface serial 0.1 multipoint bandwidth 768 interface serial 0.2 point-to-point bandwidth 56

S0T1 CIR 256 BW 256 CIR 256 BW 256 E F

Frame Relay

CIR 56 BW 56 CIR 256 BW 256 H G

Configure lowest CIR VC as point-to-point, specify BW = CIR Configure higher CIR VCs as multipoint, combine CIRs 1999, Cisco Systems, Inc.

www.cisco.com

BSCN8-68

EIGRP WAN Configuration Hybrid Multipoint (Preferred)In the graphic, a hybrid solution is presented. There is only one lower speed circuit and the other circuits are all provisioned to the same CIR. The preferred configuration shows the low-speed circuit being configured as pointto-point in an attempt to match the bandwidth with the CIR value. The remaining circuits are designated as multipoint and their respective CIRs are added together to form the bandwidth for the interface. We should be reminded that in multipoint interfaces the bandwidth is shared equally amongst all circuits. Combining three CIRs of 256 Kbps and then dividing the 768 by three again matches the bandwidth allocation to the link capacity.

Copyright 1999, Cisco Systems, Inc.

Configuring EIGRP

8-56

EIGRP WAN Configuration Pure Point-to-PointHub and Spoke with 10x VCsC interface serial 0.1 point-to-point bandwidth 25 ip bandwidth-percent eigrp 63 110 --interface serial 0.10 point-to-point bandwidth 25 ip bandwidth-percent eigrp 63 110 CIR 56 BW 25 CIR 56 BW 25 H interface serial 0 bandwidth 25 ip bandwidth-percent eigrp 63 110

S0256

Frame Relay

CIR 56 BW 25 CIR 56 BW 25

E F G

Configure each VC as point-to-point, specify BW = 1/10 of link capacity Increase EIGRP utilization to 50% of actual VC capacity 1999, Cisco Systems, Inc.

www.cisco.com

BSCN8-69

EIGRP WAN Configuration Pure Point-to-PointThe graphic illustrates a common hub and spoke topology with ten virtual circuits out to the remotes. This topology is characteristic of an oversubscribed Frame Relay network. The circuits are provisioned as 56K links but there is not sufficient bandwidth at the interface to support the allocation. In a pure point-to-point topology, all virtual circuits are treated equally and are configured for exactly one tenth (25 Kbps) of the available link speed. Enhanced IGRPs default utilization is 50% of the configured bandwidth on the circuit. In an attempt to ensure that EIGRP packets are delivered through the Frame Relay network, each subinterface has the EIGRP allocation percentage raised to 110% of the specified bandwidth. This adjustment results in EIGRP packets receiving approximately 28 Kbps of the provisioned 56 Kbps on each circuit. This effective restores the 50-50 ratio that was tampered with when the bandwidth was set to an artificially low value.

8-57

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

EIGRP Command EnhancementsRecent command additions improve ease of configuration Classless networking Neighbor control Stub routers

1999, Cisco Systems, Inc.

www.cisco.com

BSCN8-70

EIGRP Command EnhancementsA number of new features are in the works for EIGRP in order to make it even more scalable and flexible. The next few slides will briefly explain some of these features.Note Refer to the release notes to see the final form of the features!

Copyright 1999, Cisco Systems, Inc.

Configuring EIGRP

8-58

Classless Network Statements(config-router)#

network ip-address wildcard-mask

Selects interfaces to participate in the EIGRP process Allows for supernetted interfaces Provides more granular control of interfacesUses a wildcard mask to determine matching bit strings

1999, Cisco Systems, Inc.

www.cisco.com

BSCN8-71

Classless Network StatementsProvides similar functionality to OSPF wildcard bits. In the past, supernetted interfaces were required to be redistributed as connected (showed up as externals.) With this feature, supernetted interfaces can be included natively, as internal routes. Refer to the example on the following page to demonstrate a supernetted route. This feature also allows you to identify which interfaces are to be included under the EIGRP process. In the past, you could only define the major network and then would have to put passive-interface in for every interface that you didnt intend to run EIGRP on. For reference only! This feature is integrated in 12.0(03.00.02)PI04 12.0(03.04)T 12.0(03.04)PI5.1.

8-59

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Classless Network Configuration10.4.17.0 /24 192.31.42.0 /27 192.31.44.0 /27 192.168.12.0 /27 router eigrp 1 network 10.1.0.0 0.0.255.255 network 192.31.0.0 0.0.255.255 On the left, enables upper two serial links for EIGRP On the right, enables two Ethernets for EIGRP, but not the serial link to the external domain 1999, Cisco Systems, Inc.

OSPF Domain

10.1.1.0 /24 10.1.2.0 /24

www.cisco.com

BSCN8-72

Classless Network ConfigurationIn the graphic, the network statements applied to the EIGRP process contain a wildcard mask (similar to OSPF configurations) to further delineate interface participation in the EIGRP routing process. When the wildcard mask of 0.0.255.255 applied to the interfaces in the left-hand cloud, it selects only interfaces that match 192.31 in the first two octets. The upper two serial interfaces match the network criteria and will route EIGRP packets. The first two octets of the address on the serial link leading to the OSPF domain do not match the requirement set down by the network 10.1.0.0 0.0.255.255 statement. As a result, EIGRP Hellos and updates will not be sent into the OSPF domain. In the right-hand cloud, both Ethernet interfaces have been selected to route EIGRP because their interface addresses start with 10.1The ability to specify classless networks at the interface level is a new feature first Note made available in IOS release 12.0.

Copyright 1999, Cisco Systems, Inc.

Configuring EIGRP

8-60

Neighbor Control(config-router)#

eigrp neighbor auto-discovery [interface]

Defines how neighbors are discovered(config-router)#

neighbor ip-address

Permits explicit definition of neighbors Provides supports non-broadcast media (Classical IP on ATM) 1999, Cisco Systems, Inc.

www.cisco.com

BSCN8-73

Neighbor ControlIn the past, EIGRP would allow you to define neighbor statements; they just didnt actually do anything! Now you will be able to define explicit neighbors for testing and security, and will now allow you to run EIGRP over networks that dont support broadcasts/multicasts, such as Classical IP over ATM. Also, by being able to select neighbors on multiaccess interfaces, this command provides additional security and screening from external routes.

8-61

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Neighbor Control ConfigurationOSPF Domain B 10.4.17.11 E0 A C 10.4.17.3 10.4.17.1 router eigrp 1 no eigrp neighbor auto-discovery e0 neighbor 10.4.17.7 EIGRP neighbor relationship will only be formed with router D 1999, Cisco Systems, Inc.

D 10.4.17.7

www.cisco.com

BSCN8-74

Neighbor Control ConfigurationIn the example above, the automatic neighbor discovery mechanism using the multicast hellos has been disabled on interface Ethernet 0. The neighbor statement requires EIGRP to use unicast addressing to establish a neighbor relationship with router D whose address is also part of the neighbor statement. In this topology, disabling automatic neighbor discovery helps to enforce the security policy of keeping the two routing domains (EIGRP and OSPF) separate and distinct.

Copyright 1999, Cisco Systems, Inc.

Configuring EIGRP

8-62

Stub Routers(config-router)#

stub [connected] [static] [summary] [receive-only]

Defines how router participates in route advertisements Defined on remote routers Restricts route advertisement to connected, static, summary, or none Queries are not propagated to stub routers

1999, Cisco Systems, Inc.

www.cisco.com

BSCN8-75

Stub RoutersEIGRP stub support will allow you simply define your remote routers to advertised only as connected, static, summary, or none (depending on the configuration) back to the distribution layer. This will eliminate the problem with routes reflecting through the remote routers as if they were intended to be transit. This problem is especially prevalent in redundant topologies. This would take the place of defining the distribute-list out on the remote routers advertising only local routes. Additionally, the distribution layer router will see in the received hello that the remote is a stub, so it will not send a query to the remote about any route loss in the remainder of the network. This is a major improvement, since there has not been any way up to now to stop queries from flowing to the remotes!

8-63

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Normal Query OperationDistribution Layer10.1.80/24

Remote Sites

Queries Replies

XB

C

D A E

1999, Cisco Systems, Inc.

www.cisco.com

BSCN8-76

Normal Query OperationThe graphic above indicates normal query operation in a redundant, two-layer design model. When a link fails at the distribution layer and no feasible successor is available, router B send queries out all interfaces except the link that failed. Upon receipt of the query, the remotes generate queries of their own because they have no route to the failed link. These queries are reflected back up to the distribution layer by the redundant topology. The result is similar to a broadcast storm reported in bridged topologies, but at least there is a limit to this flurry of query activity.

Copyright 1999, Cisco Systems, Inc.

Configuring EIGRP

8-64

Reduced Query Traffic Stub Router ConfigurationDistribution Layer Queries Replies10.1.80/24

Remote Sites

XB

C

D A ERemote Routers (Router C, D, and E) Are All Defined as Stub Routers 1999, Cisco Systems, Inc.

router eigrp 1 stub connectedBSCN8-77

www.cisco.com

Reduced Query Traffic Stub Router ConfigurationWhen the stub command is applied to the remotes, excessive query activity is terminated. The announcement of stub configuration is carried in the Hello packets generated by the remotes. Because the remotes have no transit function when defined as a stub, the distribution routers suppress queries to the remotes when searching for an alternate to the lost route. Notice from the arrows on the graphic that the query activity is limited to the distribution layer which represents a considerable bandwidth savings.

8-65

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Using Enhanced IGRP in Scalable Internetworks

Using Enhanced IGRP in Scalable Internetworks 1999, Cisco Systems, Inc.

www.cisco.com

8-78

Using Enhanced IGRP in Scalable Internetworks

Copyright 1999, Cisco Systems, Inc.

Configuring EIGRP

8-66

Factors That Influence EIGRP ScalabilityEIGRP is not plug and play for large networks Limit EIGRP query range! Quantity of routing information exchanged between peersAdvertise major network or default route to regions or remotes

1999, Cisco Systems, Inc.

www.cisco.com

BSCN8-79

Factors That Influence EIGRP ScalablilityThe following factors (and others) impact how scalable a network is: The amount of information being exchanged between neighbors. If more information is passed than necessary for routing to function correctly, EIGRP will have to work harder at neighbor startup and reacting to changes in the network. When a change occurs in the network, the amount of resources consumed by EIGRP will be directly related to the number of routers that must be involved in the change. The depth of the topology is also a factor in how scalable a network is. This describes the situation where you have to propagate the information through many hops (depth) for convergence. A Multinational network without summarization is an example of this type of condition. The number of alternative paths through the network can also impact scalability in a network. A network should provide alternative paths in order to avoid single points of failure. Too much complexity (alternative paths), however, can also create problems with EIGRP converging.

8-67

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

EIGRP Query ProcessQueries are sent out when a route is lost and no feasible successor is available The lost route is now in active state Queries are sent out to all of its neighbors on all interfaces except the interface to the successor If the neighbor does not have the lost route information, queries are sent out to their neighbors 1999, Cisco Systems, Inc.

www.cisco.com

BSCN8-80

EIGRP Query ProcessEIGRP is Advanced Distant Vector. It relies on its neighbor(s) to provide routing information If a route is lost and no feasible successor is available, EIGRP needs to converge fast, its only mechanism for fast convergence is to actively query for the lost route to its neighbors. Whenever a router loses a route and does not have a feasible successor in its topology table it will look for an alternative path to the destination. This is known as going active on a route. It will query its neighbors to determine if they have an alternate path. It will not however, send queries out the interface that it had the original route through. If any of the queried neighbors have an alternative path, they will reply that they do. If not, then they will query each of their neighbors for an alternative path. The queries will then propagate out through the network. If a router has an alternate route it will answer the query and not propagate it further. This will stop the spread of the query through that branch of the network. The query may still spread through other portions of the network.

Copyright 1999, Cisco Systems, Inc.

Configuring EIGRP

8-68

EIGRP Query Process (cont.)The router will have to get ALL of the replies from the neighbors before the router calculates the successor information If any neighbor fails to reply the query in three minutes, this route is stuck in active and the router resets the neighbor that fails to reply Solution for stuck in active is to: Limit query range, also known as query scoping 1999, Cisco Systems, Inc.

www.cisco.com

BSCN8-81

EIGRP Query Process (cont.)Due to the reliable multicast approach used by EIGRP when searching for an alternate to a lost route, it is imperative that a reply be received for each query generated in the network. If after a route goes active and the query sequence are initiated, the only way the route can come out of the active state is receive a reply for every generated query. If any neighbor fails to reply to a query, the route stays active at the querying router. This condition is known as stuck in active and it can be difficult to isolate the actual cause of why the replies were not received. A Supplement is provided in Appendix A to assist in troubleshooting stuck in active conditions. One way to help avoid the stuck in active condition is to limit the scope of queries propagation through the network. By keeping the query packets close to the source, we are reducing the chance of an isolated failure in another part of the network from restricting the convergence process on the local router.

8-69

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

EIGRP Query RangeAutonomous System Boundaries Contrary to popular belief, queries are not bounded by AS boundaries. Queries from AS 1 will be propagated to AS 2

A AS 2 Query for X

B AS 1 Reply for X

C

Network X

X1

Query for X

3 1999, Cisco Systems, Inc.

2www.cisco.com

BSCN8-82

EIGRP Query RangeMany networks have been implemented using multiple EIGRP AS to sort of simulate OSPF areas. With mutual redistribution between the different AS Cisco used to recommend this design a number of years ago. While this approach does change the way the network behaves, it is not doing what most think it does. Many think that using multiple EIGRP AS will bound the query range, decreasing the chances of a stuck-in-active route. This is only sort of true. If a query reaches the edge of the AS (where routes are redistributed into another AS), the original query will indeed be answered. A new query will be initiated in the other AS. However, we havent really stopped the query process. Weve just changed who will be affected if something bad happens and we get stuck on the route. Instead of the AS where the route went active, the SIA would occur in the other AS. However, if things are bad enough that an SIA was going to happen if it were all one AS, its not likely that the multiple AS will change the timing enough to stop it. Another misconception is that having multiple AS protects one AS from route flaps in another AS. If components are passed between AS, this isnt true. Transitions in routes from one AS will be felt in the other AS, as well.

Copyright 1999, Cisco Systems, Inc.

Configuring EIGRP

8-70

EIGRP Query Range (cont.)Summarization pointAuto or manual summarization is the best way to bound queries Requires a good address allocation schemeB Summarizes 130.0.0.0/8 to A 130.130.1.0/24 129.x.x.x A B Query for 130.130.1.0/24 C 130.x.x.x

X

3

1Query for 130.130.1.0/24BSCN8-83

Reply with Infinity and the Query Stops Here! 1999, Cisco Systems, Inc.

2www.cisco.com

EIGRP Query Range (cont.)The best solution to control queries is to reduce the range of queries. This is done by summarization. The query range by itself, however, is not a common reason for stuck in active routes being reported. The most common reason for stuck in active routes is that some router on the network cannot answer a query for some reason, such as: The router is too busy to answer the query (generally high cpu utilization) The router is having memory problems, and cannot allocate the memory to process the query or build the reply packet the circuit between the two routers is not good A lot of packets are being lost between the routers, but enough packets are getting through to keep the neighbor relationship up, and some queries or replies are not Unidirectional links (a link on which traffic can only flow in one direction due to a failure)

8-71

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Limiting Size/Scope of Updates/QueriesEvaluate routing requirementsWhat routes are needed where?

Once needs are determined Use summary address Use distribute lists

1999, Cisco Systems, Inc.

www.cisco.com

BSCN8-84

Limiting Size/Scope of Updates/QueriesVery seldom do remote routers need to know all of the routes being advertised in the entire network. The network manager needs to look at what information is necessary to properly route user traffic to where it needs to go. There are trade-offs between how much information is supplied to the remote routers to provide the desired level of path selection. In other words, maximum stability/scalability is felt when the remote routers only use a default route to reach the core. If some component knowledge needs to be allowed so that optimum path selection can take place for those targets, then a business decision needs to be made. Once the minimum requirements are determined, either summary-address statements need to be added on the outbound interfaces of the routers or distribute-list statements need to be added to the router process. These mechanisms are used to limit what information is provided to the end system.

Copyright 1999, Cisco Systems, Inc.

Configuring EIGRP

8-72

Limiting Updates/QueriesExampleDistribution LayerQueries Replies10.1.8.0/24

Remote Sites

X

C

B D A E

1999, Cisco Systems, Inc.

www.cisco.com

BSCN8-85

Limiting Updates/Queries - ExampleIn the sample network above, each dual-homed remote router would be seen as a valid alternative path to 10.1.8.0 from router A unless information-hiding techniques are used. Once the query process starts, each path receives duplicate convergence traffic due to the redundancy designed into the topology. This topology and the reflective nature of the query traffic was described in detail in an earlier section of this chapter.

8-73

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Limiting Updates/QueriesRealityRemote routers are fully involved in convergence Most remotes are never intended to be transit Convergence complicated through lack of information hiding

1999, Cisco Systems, Inc.

www.cisco.com

BSCN8-86

Limiting Updates/Queries - RealityIn the example on the previous page, not only are the remote routers required to respond to questions (queries) from the distribution layer, they also continue the search by reflecting the queries back toward the distribution layer. This significantly complicates the convergence process on the network. With our example of only two distributions and three remotes, its not all that significant. On a real network with possibly hundreds of remotes, it can be brutal. In most networks the designer put dual legs to remotes in order to improve their uptime reaching the remainder of the network. Rarely if ever does a designer desire for traffic to go from the distribution layer to the remote and back, so why is convergence acting as if this is a valid alternative path? We didnt tell it any different, that's why. The design of this sample network is sound, but due to the nature of the selected routing protocols behavior, it involves the remote routers in the convergence decision. The remote routers have too much information in their topology tables. Several ways to solve this condition are presented on the following pages.

Copyright 1999, Cisco Systems, Inc.

Configuring EIGRP

8-74

Limiting Updates/QueriesBetterDistribution LayerQueries Replies10.1.8.0/24

Remote Sites

X

C

B D Aip summary-address eigrp 1 10.0.0.0 255.0.0.0 on all outbound interfaces to remotes 1999, Cisco Systems, Inc.

E

www.cisco.com

BSCN8-87

Limiting Updates/Queries - BetterWith the summary-address commands on the outbound interfaces of router A and router B, some route components are not sent to the remote routers at all, so they will not reflect the routes back to the distribution layer. This approach reduces the convergence traffic by absorbing the reflective aspects caused by the redundant topology. Likewise, if the distribute-list out commands were installed at the remote routers their advertisements would be limited to only those networks that exist at that remote site. Therefore, they wont even reflect the summary route from router A back to router B, nor will they reflect the summary route from router B back to router A. This will minimize the part the remote routers play in the update and query process and will increase the stability and scalability of this network.

8-75

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Limiting Updates/QueriesBestDistribution Layer Queries Replies10.1.80/24

Remote Sites

XB

C

D A ERemote Routers (Router C, D, and E) Are All Defined as Stub Routers 1999, Cisco Systems, Inc.

router eigrp 1 stub connectedBSCN8-88

www.cisco.com

Limiting Updates/Queries - BestIn the previous example, weve decreased the role of the remotes so that they dont propagate the queries back to the distribution layer, so convergence is significantly simplified. It can still create problems is a massive number of queries are sent to the remotes at once, however. A new feature (stub routers) will decrease the remotes role even farther, by removing the remote routers from the query path entirely! As described earlier in this section, the stub command was created to handle situations and topologies similar to this example. The distribution layer routers (A and B), once neighbor relationships are formed with the remote routers, would suppress route components (also known as information hiding) advertisements to routers C, D, and E. This approach eliminates the remote routers from the convergence process, speeds convergence and increases overall network stability.Note The stub command is only available on IOS release 12.0 and later.

Copyright 1999, Cisco Systems, Inc.

Configuring EIGRP

8-76

Limiting Updates/Queries SummaryConvergence simplified by adding the summary-address statementsRemote routers just reply when queried, do not forward queries

In recent IOS releases, use the stub command on remote routers

1999, Cisco Systems, Inc.

www.cisco.com

BSCN8-89

Limiting Updates/Queries - SummaryAs seen by the preceding examples, even sound network designs can require additional configuration commands to optimize bandwidth utilization and to reduce convergence time. In earlier releases of the IOS, the most effective method to restrict the scope of queries was the establishment of route summarization boundaries. In more recent releases of the IOS the stub router command, severely limits the bandwidth consumed by the query process, especially in redundant topologies.

8-77

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

EIGRP Scalability RulesEIGRP is a very scalable routing protocol if proper design methods are used: Good allocation of address space Each region should have an unique address space so route summarization is possible Have a tiered network design model (Core, Distribution, Access) 1999, Cisco Systems, Inc.

www.cisco.com

BSCN8-90

EIGRP Scalability RulesEIGRP possesses many features that allow the creation of large to very large internetworks. As with any large network, good, solid design principles are the foundation upon which the infrastructure rests. Address allocation is critical to any design effort because, irregardless of the advanced routing protocol selected, logical blocks of addresses are a requirement for route summarization to occur. Having a two- or three-layered hierarchy with routers positioned by function rather than by geography greatly assists traffic flow and route distribution.

Copyright 1999, Cisco Systems, Inc.

Configuring EIGRP

8-78

Nonscalable NetworkExampleCore1.1.1.0 1.1.2.0 2.2.3.0 3.3.4.0 2.2.1.0 3.3.2.0 3.3.3.0 1.1.4.0

3.3.1.0 2.2.2.0 1.1.3.0Token Ring Token Ring

1.1.1.0 3.3.4.0Token Ring

2.2.1.0

1.1.4.0Token Ring

3.3.1.0Token Ring

1.1.2.0

2.2.3.0 2.2.2.0

1.1.3.0

Token Ring

3.3.4.0 3.3.3.0

Bad addressing schemeSubnets are everywhere throughout entire network

Queries not bounded 1999, Cisco Systems, Inc.

www.cisco.com

BSCN8-91

Nonscalable Network - ExampleThe graphic indicates a topology where addresses (subnets) are randomly assigned or at least assigned by historical requirements. In this example, multiple subnets from different major networks are located in each cloud. The number of routes injected into the core is far greater than necessary because route summarization is not possible. In addition, due to the random assignment of addresses, query traffic cannot be localized to any portion of the network and that fact delay convergence time.

8-79

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Scalable NetworkExampleCore 1.0.0.0 2.0.0.01.1.1.0 1.1.4.0Token Ring Token Ring

3.0.0.0

3.3.1.0 2.2.1.0Token Ring Token Ring

3.3.4.0Token Ring

1.1.2.0

1.1.3.0 2.2.2.0

2.2.3.0

Token Ring

3.3.4.0 3.3.3.0

Readdress the networkEach region has its own block of addresses

Queries bounded by using ip summary-address eigrp command 1999, Cisco Systems, Inc.

www.cisco.com

BSCN8-92

Scalable Network - ExampleThis graphic illustrates a more well-designed network. Subnet addresses form individual major networks are localized with each of the clouds. This allows for the creation of summary routes to be injected into the core. As an added benefit, the summary routes act a boundary for the queries generated by a topology change.

Copyright 1999, Cisco Systems, Inc.

Configuring EIGRP

8-80

Tiered Network DesignSummarized Routes Other Regions Core Other Regions Summarized Routes Distribution Layer Summarized Routes Summarized Routes Other Regions Summarized Routes Other Regions

Summarized Routes

Access Layer 1999, Cisco Systems, Inc.

www.cisco.com

BSCN8-93

Tiered Network DesignA tiered network model provides benefits at all layers of the hierarchical model. At the core: Summarized routes reduce the size of the routing table in the core routers. These smaller tables make for efficient lookups that speed user traffic on its way to its final destination. This reinforces the concept of a high-speed switching core. At the distribution layer: Summarized routes at the distribution layer help select the most efficient path for user traffic from different regions by reducing the number of entries that need to be checked. At the access layer: Proper allocation of blocks of addresses to remote offices enables local traffic to remain local and not to unnecessarily burden other portions of the network.

8-81

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

More EIGRP Scalability RulesProper network resources Sufficient memory on the router Sufficient bandwidth on WAN interfaces

Proper configuration of the bandwidth statement over WAN interfaces, especially over Frame Relay Avoid blind mutual redistribution between two routing protocols or two EIGRP processes

1999, Cisco Systems, Inc.

www.cisco.com

BSCN8-94

More EIGRP Scalability RulesEnhanced IGRP will operate more efficiently is some common network design principles are followed. Routers located at convergence points within the network must be equipped to sufficient memory to buffer a large number of packets and to support numerous processes related to routing large volumes of traffic. Especially in hub and spoke topologies, adequate bandwidth is required on WAN links. There should be enough bandwidth to allow necessary router overhead traffic from interfering with or competing with normal user generated traffic. If reliable EIGRP packets are lost due to contention for bandwidth, a lack of convergence is a far greater problem than application delays experienced by some users. Multiple autonomous systems or routing domains can share route information through the redistribution process. Proper implementation of redistribution requires route filters to prevent feedback loops from forming. It is strongly recommended that redistribution between multiple ASs or multiple routing protocols be accompanied by route filters.

Copyright 1999, Cisco Systems, Inc.

Configuring EIGRP

8-82

Verifying Enhanced IGRP Operation

Verifying Enhanced IGRP Operation 1999, Cisco Systems, Inc.

www.cisco.com

8-95

Verifying Enhanced IGRP Operation

8-83

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Verifying Enhanced IGRP OperationRouter#

show ip eigrp neighborsRouter#

Displays the neighbors discovered by IP Enhanced IGRP Displays the IP Enhanced IGRP topology table Displays current Enhanced IGRP entries in the routing table Displays the parameters and current state of the active routing protocol process Displays the number of IP Enhanced IGRP packets sent and received

show ip eigrp topologyRouter#

show ip route eigrpRouter#

show ip protocolsRouter#

show ip eigrp traffic

1999, Cisco Systems, Inc.

www.cisco.com

BSCN8-96

Verifying Enhanced IGRP OperationThe following show commands can be used to verify EIGRP operation: Command show ip eigrp neighbors show ip eigrp topology Description Displays neighbors discovered by EIGRP. Displays the EIGRP topology table. This command shows the topology table, the active/passive state of routes, the number of successors, and the feasible distance to the destination. Displays the current EIGRP entries in the routing table. Displays the parameters and current state of the active routing protocol process. This command shows the EIGRP autonomous system number. It also displays filtering and redistribution numbers as well as neighbors and distance information. Displays the number of EIGRP packets sent and received. This command displays statistics on hello, updates, queries, replies, and acknowledgments.

show ip route eigrp show ip protocols

show ip eigrp traffic

The lab exercise Configuring EIGRP enables you to practice using some of these commands.

Copyright 1999, Cisco Systems, Inc.

Configuring EIGRP

8-84

Summary

SummaryEnhanced IGRP is an advanced routing protocol that uses the DUAL algorithm Enhanced IGRP has the following features: Converges rapidly Incremental updates Routes IP, IPX, and AppleTalk Summarizes routes

1999, Cisco Systems, Inc.

www.cisco.com

BSCN8-97

Summary

8-85

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Case Study Configuring EIGRP

Case Study

1999, Cisco Systems, Inc.

www.cisco.com

8-98

Case Study - Enhanced IGRP

Copyright 1999, Cisco Systems, Inc.

Configuring EIGRP

8-86

Case Study - Enhanced IGRPAutonomous System 400

Frame Relay Network

Class CRedundant PVCs to each

Class B Gigabit Ethernet Fast Ethernet Ethernet Serial 1999, Cisco Systems, Inc.

www.cisco.com

BSCN8-99

Case Study Enhanced IGRPThe case study illustrates some key features within Enhance IGRP, such as:s s s s s s s

Only routers within the same AS exchange route information Support for VLSM and discontiguous subnets Automatic route summarization at major network boundaries Manual route summarization at arbitrary network boundaries Support for various WAN topologies, including NBMA Efficient bandwidth utilization for overhead routing operations Support for hierarchical designs

8-87

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Lab Exercise: Configuring EIGRP

Lab Exercise

1999, Cisco Systems, Inc.

www.cisco.com

8-100

Exercise: Configuring EIGRP

Copyright 1999, Cisco Systems, Inc.

Configuring EIGRP

8-88

Answers to Exercises 1999, Cisco Systems, Inc.

www.cisco.com

8-101

Answers to Exercises

8-89

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Copyright 1999, Cisco Systems, Inc.

Configuring EIGRP

8-90

9

Configuring Basic Border Gateway Protocol (BGP)

OverviewThis chapter introduces the Border Gateway Protocol (BGP), including the fundamentals of BGP operation This chapter includes the following topics:s s s s s s s s s s

Objectives BGP Overview When Not To Use BGP BGP Terminology BGP Operation Written Exercise: BGP Operation Configuring BGP Verifying BGP Summary Review questions

.

ObjectivesThis section lists the chapters objectives.

ObjectivesUpon completion of this chapter, you will be able to perform the following tasks: Describe BGP features and operation Describe how to connect to another AS using an alternative to BGP, static routes Explain how BGP policy-based routing functions within an AS Explain how BGP peering functions Describe and configure External and Internal BGP Describe BGP synchronization Given a set of network requirements, configure a BGP environment and verify proper operation (within described guidelines) of your routers 1999, Cisco Systems, Inc.

www.cisco.com

BSCN9-2

Upon completion of this chapter, you will be able to perform the following tasks:s s

Describe BGP features and operation Describe how to connect to another Autonomous System (AS) using an alternative to BGP, static routes Explain how BGP policy-based routing functions within an Autonomous System Explain how BGP peering functions Describe and configure External and Internal BGP Describe BGP synchronization Given a set of network requirements, configure a BGP environment and verify proper operation (within described guidelines) of your routers

s

s s s s

Notes to reviewers: Compared to the Design Document, topics in this chapter have been significantly re-ordered Note and new topics have been added, in order that for all of the concepts required be explained, and the contents flow better. The objective and contents from chapter 10 on static routes was moved to this chapter as it fits better here.

9-2 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

BGP OverviewThis section provides an overview of BGP. Understanding BGP first requires an understanding of autonomous systems.

Autonomous SystemsIGPs: RIP, IGRP, OSPF, EIGRP EGPs: BGP

Autonomous System 100

Autonomous System 200

An autonomous system (AS) is a collection of networks under a a single technical administration IGPs operate within an autonomous system EGPs connect different autonomous systems 1999, Cisco Systems, Inc.

www.cisco.com

BSCN9-4

One way to categorize routing protocols is by whether they are interior or exterior:s

Interior gateway protocols (IGPs)Routing protocols used to exchange routing information within an autonomous system. RIP, IGRP, OSPF and EIGRP are examples of IGPs. Exterior gateway protocols (EGPs)used to connect between autonomous systems. Border Gateway Protocol (BGP) is an example of an EGP.

s

BGP is an inter-domain routing protocol, also known as an EGP. All of the routing protocols we have seen so far in this course are interior routing protocols, also known as IGPs. BGP version 4, BGP-4, is the latest version of BGP and is defined in RFC 1771. As noted in this RFC, the classic definition of an autonomous system is a set of routers under a single technical administration, using an interior gateway protocol and common metrics to route packets within the AS, and using an exterior gateway protocol to route packets to other ASs. Nowadays, ASs may use more than one IGP, with potentially several sets of metrics. The important characteristic of an AS from the BGP point of view is that the AS appears to other ASs to have a single coherent interior routing plan and presents a consistent picture of what destinations are reachable through it. All parts of the AS must be connected to each other. The Internet Assigned Numbers Authority (IANA) is the umbrella responsible for allocating autonomous system numbers. Specifically, the American Registry forCopyright 1999, Cisco Systems, Inc. Configuring Basic Border Gateway Protocol 9-3

Internet Numbers (ARIN) has the jurisdiction for assigning numbers for the Americas, Caribbean, and Africa. Reseaux IP Europeennes-Network Information Center (RIPE-NIC) administers the numbers for Europe, and the Asia Pacific-NIC (AP-NIC) administers the autonomous system numbers for the Asia-Pacific region. This autonomous system designator is a 16-bit number, with a range of 1 to 655535. RFC 1930 provides guidelines for the use of AS numbers. A range of AS numbers, 64512 through 65530, is reserved for private use, much like the private IP addresses discussed in chapter 4.Using the IANA-assigned autonomous system number rather than some other Note number is only needed if your organization plans to use an EGP such as BGP.

9-4 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

BGP Is Used Between ASsBGP AS 100BB

AS 200

C

BGPA

F

AS 400

BGPD

AS 300

E

BGP is used between autonomous systems Guarantees exchange of loop-free routing information 1999, Cisco Systems, Inc.

www.cisco.com

BSCN9-5

The main goal of BGP is to provide an inter-domain routing system that guarantees the loop-free exchange of routing information between autonomous systems. Routers exchange information about paths to destination networks. BGP is a successor of EGP, the Exterior Gateway Protocol. (Note the reuse of the EGP acronym). The EGP protocol was developed to isolate networks from each other, as the beginnings of the Internet grew. There are many RFCs relating to BGP-4, including: 1771, 1772, 1773, 1774, 1863, 1930, 1965, 1966, 1997, 1998, 2042, 2283, 2385, and 2439. BGP-4 has many enhancements over earlier protocols. It is used extensively in the Internet today to connect ISPs and to connect enterprises to ISPs.

Copyright 1999, Cisco Systems, Inc.

Configuring Basic Border Gateway Protocol 9-5

When To Use BGPBGP is most appropriate when at least one of the following conditions exist:zAn AS allows packets to transit through it to reach other ASs. zAn AS has multiple connections to other ASs zThe flow of traffic entering and leaving your AS must be manipulated. zThe effects of BGP are well understood.

1999, Cisco Systems, Inc.

www.cisco.com

BSCN9-6

BGP was designed to allow Internet Service Providers (ISPs) to communicate and exchange packets. These ISPs have multiple connections to one another, and have agreements to exchange updates. BGP is the protocol that is used to implement these agreements between two or more ASs. BGP, if not properly controlled and filtered, has the potential to allow an outside AS to affect your routing decisions. This chapter and the next will focus on how BGP operates and how to configure it properly, so you can prevent this from happening.

9-6 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

When Not To Use BGPThis section discusses when BGP is not appropriate and the use of the alternative, static routes.

When NOT To USE BGPBGP is not always appropriate, dont use BGP if you have one of the following conditions:zA single connection to the Internet or other AS zRouting policy and route selection are not a concern for your AS zLack of memory or processor power on BGP routers to handle constant updates zLimited understanding of route filtering and BGP path selection process zLow bandwidth between ASs

Use static routes instead 1999, Cisco Systems, Inc.

www.cisco.com

BSCN9-7

BGP is not always the appropriate solution to interconnect ASs. For example, if only one path exists, a default route would be appropriate. Using BGP would not accomplish anything except to use router CPU resources and memory. If the routing policy that will be implemented in an AS is consistent with policy implemented in the ISP AS, it is not necessary or even desirable to configure BGP in that AS. The use of static routes to connect to another AS is reviewed in the next few pages.

Copyright 1999, Cisco Systems, Inc.

Configuring Basic Border Gateway Protocol 9-7

Static Route Command ReviewRouter(config)#

ip route prefix mask {address | interface } [ distance ]

Creates a static route Can establish a floating route

1999, Cisco Systems, Inc.

www.cisco.com

BSCN9-8

Use the ip route command to define a static route entry in the IP routing table. ip route Command prefix mask address interface distance Description IP route prefix and mask for the destination to be entered into the IP routing table. IP address of the next hop that can be used to reach the destination network. Identifies the local router outbound interface to be used to reach the destination network. Administrative distance.

As discussed in an earlier chapter, if there is more than one route to a destination, the administrative distance determines which one will be put in the routing table, with the lower administrative distance preferred. By default, the administrative distance of a static route specified with the address parameter is set to 1. The default administrative distance of a static route specified with the interface parameter is set to 0. You can establish a floating static route by using an administrative distance larger than the default distance used by the dynamic routing protocol. A floating static route is a statically configured route that can be overridden by dynamically learned routing information. Thus, a floating static route can be used to create a path of last resort that is used only when no dynamic information is available.

9-8 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

RIP Static Route Example

10.1.1.0RIP 172.16.0.0A SO 10.1.1.1 10.1.1.2

ISP AS200 Service Provider Running BGP

ip route 0.0.0.0 0.0.0.0 S0 ! router rip network 172.16.0.0

1999, Cisco Systems, Inc.

www.cisco.com

BSCN9-9

The route 0.0.0.0 is a default route in the IP routing table. If there is no matching route for the destination IP address in the routing table, then the 0.0.0.0 will match the address and cause the packet to be routed out interface serial 0.

Copyright 1999, Cisco Systems, Inc.

Configuring Basic Border Gateway Protocol 9-9

OSPF Example

10.1.1.0OSPF 172.16.0.0A SO 10.1.1.1 10.1.1.2

ISP AS200 Service Provider Running BGP

ip route 0.0.0.0 0.0.0.0 S0 ! router ospf 111 network 172.16.0.0 0.0.255.255 area 0 default-information originate always

OSPF default configuration using a static route 1999, Cisco Systems, Inc.

www.cisco.com

BSCN9-10

The default-information originate always command in OSPF propagates a default route into the OSPF routing domain. The configuration in this example has an effect similar to the previous RIP example. The always keyword causes the default route to always be advertised, whether or not the router has a default route. This ensures that the default route will get advertised into OSPF.

9-10 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

BGP TerminologyBGP has a lot of concepts that become clearer if you understand the terminology. This section discusses BGP characteristics, the concepts of BGP neighbors, internal and external BGP, policy-based routing, and BGP attributes.

BGP CharacteristicsBGP is a distance-vector protocol with enhancements: Reliable updates - BGP runs on top of TCP (port 179) Incremental, triggered updates only Periodic keepalives to verify TCP connectivity Rich metrics (called path vectors or attributes) Designed to scale to huge internetworks

1999, Cisco Systems, Inc.

www.cisco.com

BSCN9-11

What type of protocol is BGP? In an earlier chapter we discussed the characteristics of distance vector, link state and hybrid routing protocols. BGP is a distance vector protocol, but is has many differences to the likes of RIP. BGP uses TCP as its transport protocol, which provides connection-oriented reliable delivery. In this way, BGP assumes that its communication is reliable and therefore it doesnt have to implement any retransmission or error recovery mechanisms. BGP uses TCP port 179. Two routers speaking BGP form a TCP connection with one another and exchange messages to open and confirm the connection parameters. These two routers are called peer routers or neighbors. Once the connection is made, full routing tables are exchanged. However since the connection is reliable, BGP routers need only send changes (incremental updates) after that. Periodic routing updates are also not required on a reliable link, so triggered updates are used. BGP sends keepalive messages, similar to the hello messages sent by OSPF and EIGRP. BGP routers exchange network reachability information, called path vectors, made up of path attributes, including a list of the full path (of BGP AS numbers) that a route should take in order to reach a destination network. This path information is used in constructing a graph of ASs that is loop free and where routing policies can be applied in order to enforce some restrictions on the routing behavior. The path is loop free because a router running BGP will not accept a routing update that already includes its AS number in the path list, since this would mean that theCopyright 1999, Cisco Systems, Inc. Configuring Basic Border Gateway Protocol 9-11

update has already passed through its AS, and accepting it again would result in a routing loop.

9-12 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

TablesIGP Routing Protocol IP BGP BGP Routing Protocol

BGP has its own table, in addition to the IGP Routing Table Information can be exchanged between the two tables 1999, Cisco Systems, Inc.

www.cisco.com

BSCN9-12

BGP keeps its own table, for storing BGP information received from and sent to other routers. This table is separate from the IP routing table in the router. The router can be configured to share information between the two tables.

Copyright 1999, Cisco Systems, Inc.

Configuring Basic Border Gateway Protocol 9-13

Peers = Neighborsneighbors

AS 200

B C

neighbors A

AS 100

Any two routers that have formed a TCP connection in order to exchange BGP routing information are called peers or neighbors. 1999, Cisco Systems, Inc.

www.cisco.com

BSCN9-14

As mentioned, BGP peers are routers with which a router has established a BGP connection. BGP peers are also known as neighbors and can be either internal to the AS or external to the AS.

9-14 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Internal BGP (IBGP)IBGP neighbors

AS 200

B C

neighbors A

AS 100

When BGP neighbors belong to the same AS Neighbors do not have to be directly connected 1999, Cisco Systems, Inc.

www.cisco.com

BSCN9-15

When BGP is running between routers within one AS it is termed internal BGP (IBGP). IBGP is run within an AS in order to exchange BGP information within the AS, so that it can be passed to other autonomous systems. Routers running IBGP do not have to be directly connected to each other, so long as they can reach each other (usually because an IGP is running within the AS).

Copyright 1999, Cisco Systems, Inc.

Configuring Basic Border Gateway Protocol 9-15

External BGP (EBGP)IBGP neighbors

AS 200

B C

EBGP neighbors A

AS 100

When BGP neighbors belong to different ASs Neighbors should be directly connected 1999, Cisco Systems, Inc.

www.cisco.com

BSCN9-16

When BGP is running between routers in different ASs it is termed external BGP (EBGP). Routers running EBGP are usually directly connected to each other.

9-16 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Policy-Based RoutingBGP allows administrators to define policies, or rules, for how data will flow through the ASs BGP and associated tools cannot express all routing policies BGP does not enable one AS to send traffic to a neighbor AS intending that the traffic take a different route from that taken by traffic originating in the neighbor AS

However, BGP can support any policy conforming to (i.e. implementable by) the hop-by-hop routing paradigm 1999, Cisco Systems, Inc.

www.cisco.com

BSCN9-17

BGP allows policy decisions at the AS level to be enforced. This setting of policies, or rules, for routing is known as policy-based routing. BGP specifies that a BGP router can advertise to its peers in neighboring ASs only those routes that it itself uses. This rule reflects the "hop-by-hop" routing paradigm generally used throughout the current Internet. Some policies cannot be supported by the "hop-by-hop" routing paradigm and thus require techniques such as source routing to enforce. For example, BGP does not enable one AS to send traffic to a neighboring AS, intending that the traffic take a different route from that taken by traffic originating in the neighboring AS. On the other hand, BGP can support any policy conforming to the "hop-by-hop" routing paradigm. Since the current Internet uses only the "hop-by-hop" routing paradigm and since BGP can support any policy that conforms to that paradigm, BGP is highly applicable as an inter-AS routing protocol for the current Internet.

Copyright 1999, Cisco Systems, Inc.

Configuring Basic Border Gateway Protocol 9-17

BGP AttributesBGP metrics are called path attributes. Characteristics of attributes include: Well-known versus optional Mandatory versus discretionary Transitive versus non-transitive Partial

1999, Cisco Systems, Inc.

www.cisco.com

BSCN9-18

Routers send BGP update messages about destination networks. These update messages include information called attributes. Some terms define how these attributes are implemented: An attribute is either well-known or optional, mandatory or discretionary, transitive or non-transitive. An attribute may also be partial. Not all combinations of these characteristics are valid. In fact, path attributes fall into four separate categories: 1. Well-known mandatory 2. Well-known discretionary 3. Optional transitive 4. Optional non-transitive Only optional transitive attributes may be marked as partial. These characteristics are described on the following pages.

9-18 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Well-known AttributesWell-known attributes must be recognized by all compliant BGP implementations are propagated to other neighbors HQ

Well-known mandatory attributes must be present in all update messages

Well-known discretionary attributes could be present in update messages

1999, Cisco Systems, Inc.

www.cisco.com

BSCN9-19

A well-known attribute is one that all BGP implementations must recognize. These attributes are propagated to BGP neighbors. A mandatory attribute must appear in the description of a route. A discretionary attribute does not need to appear.

Copyright 1999, Cisco Systems, Inc.

Configuring Basic Border Gateway Protocol 9-19

Optional AttributesOptional attributes recognized by some implementations (could be private), expected not to be recognized by everyone recognized optional attributes are propagated to other neighbors based on their meaning

Optional transitive attributes if not recognized, marked as partial and propagated to other neighbors

Optional non-transitive attributes discarded if not recognized 1999, Cisco Systems, Inc.

www.cisco.com

BSCN9-20

An optional attribute need not be supported by all BGP implementations. If it is supported it may be propagated to BGP neighbors. A transitive attribute that is not implemented in a router can be passed to other BGP routers untouched. In this case, the attribute is marked as partial. A nontransitive attribute must be deleted by a router that has not implemented the attribute.

9-20 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

BGP AttributesBGP Attributes include: AS-path Next-hop Local preference MED Origin

1999, Cisco Systems, Inc.

www.cisco.com

BSCN9-21

The attributes defined by BGP include: Well-known mandatory attributes: AS-path Next-hop Origin Well-known discretionary attributes: Local preference Atomic aggregate Optional transitive attributes: Aggregator Communities Optional non-transitive attribute: Multi-Exit-Discriminator (MED) In addition, Cisco has defined a Weight attribute for BGP. Each of the attributes shown on the graphic is expanded upon in the following pages. The other attributes are explained in later sections in this chapter or in the following chapter.

Copyright 1999, Cisco Systems, Inc.

Configuring Basic Border Gateway Protocol 9-21

AS-Path AttributeAS 100 192.168.1.0A B

AS 200 192.168.2.0

AS 300 192.168.3.0

C

A list of ASs that a route has traversedFor example, on Router B the path to 192.168.1.0 is the AS sequence 300 200 1999, Cisco Systems, Inc.

www.cisco.com

BSCN9-22

The AS-path attribute is a well-known mandatory attribute. Whenever a route update passes through an AS, the AS number is prepended to that update. The ASpath attribute is actually the list of AS numbers that a route has traversed in order to reach a destination. The components of this list can be AS-SEQUENCEs, which are ordered lists, or AS-SETs, which are unordered sets. An AS-SEQUENCE is an ordered mathematical set of all the ASs that have been traversed. The need for AS-SETs is discussed in the CIDR and Aggregate Addresses section later in this chapter. In the graphic, network 192.168.1.0 is advertised by Router A in AS 100. When that route traverses AS 300, Router C will prepend its own AS number to it. So when 192.168.1.0 reaches Router B, it will have two AS numbers attached to it. From Router Bs perspective the path to reach 192.168.1.0 is (300,100). The same applies for 192.168.2.0 and 192.168.3.0. Router As path to 192.168.2.0 will be (300,200) i.e. traverse AS 300 and then AS 200. Router C will have to traverse path (200) in order to reach 192.168.2.0 and path (100) in order to reach 192.168.1.0.

9-22 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Next-Hop Attribute172.20.0.0 172.20.10.1

AS

B 200 10.10.10.1

172.20.10.2 C

10.10.10.2 A

172.16.0.0

AS 100

Next-Hop to reach a networkRouter A will advertise network 172.16.0.0 to Router B in EBGP, with a next hop of 10.10.10.2 Router B advertises 172.16.0.0 in IBGP to Router C keeping 10.10.10.2 as the next hop address 1999, Cisco Systems, Inc.

www.cisco.com

BSCN9-23

The BGP next-hop attribute is a well-known mandatory attribute that indicates the next hop IP address that is to be used to reach a destination. For EBGP, the next hop is the IP address of the neighbor specified who sent the update. In the graphic, Router A will advertise 172.16.0.0 to Router B, with a next hop of 10.10.10.2 and Router B will advertise 172.20.0.0 to Router A with a next hop of 10.10.10.1. For IBGP, the protocol states that the next hop advertised by EBGP should be carried into IBGP. Because of that rule, Router B will advertise 172.16.0.0 to its IBGP peer Router C, with a next hop of 10.10.10.2 (Router As address). Therefore Router C knows the next hop to reach 172.16.0.0 is 10.10.10.2, not 172.20.10.1 as you might expect. It is therefore very important that Router C knows how to reach the 10.10.10.0 subnet, either via an IGP or a static route; otherwise it will drop packets destined to 172.16.0.0 because it would not be able to get to the next hop address for that network.

Copyright 1999, Cisco Systems, Inc.

Configuring Basic Border Gateway Protocol 9-23

Next-Hop on Multi-Access Network172.20.0.0 10.10.10.1 B 172.30.0.0

AS 200

10.10.10.2 C EBGP 10.10.10.3 A 172.16.0.0

AS 100

In a multi-access networkRouter B will advertise network 172.30.0.0 to Router A in EBGP, with a next hop of 10.10.10.2, not 10.10.10.1 This avoids an unnecessary hop 1999, Cisco Systems, Inc.

www.cisco.com

BSCN9-24

When running BGP over a multi-access network such as ethernet, a BGP router will use the appropriate address as the next-hop address, to avoid inserting additional hops into the network. This feature is sometimes called third party next-hop. For example, in the graphic, assume that Router B and C in AS 200 are running an IGP. Router B can reach network 172.30.0.0 via 10.10.10.2. Router B is running BGP with Router A. When Router B sends a BGP update to Router A regarding 172.30.0.0 it will use as the next hop 10.10.10.2 and not its own IP address (10.10.10.1). This is because the network between the three routers is a multiaccess network and it makes more sense for Router A to use Router C as a next hop to reach 172.30.0.0 rather than making an extra hop via Router B.

9-24 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Next-Hop on NBMA Network172.20.0.0 10.10.10.1 B 172.30.0.0

AS 200

10.10.10.2 C EBGP

FR172.16.0.0 A

10.10.10.3

AS 100

In an NBMA networkBy default, Router B will advertise network 172.30.0.0 to Router A in EBGP, with a next hop of 10.10.10.2, not 10.10.10.1. Can be overridden 1999, Cisco Systems, Inc.

www.cisco.com

BSCN9-25

If the common media between routers is a NBMA (Non Broadcast Media Access) media, then complications may occur. For example, in the graphic we change the last example so that the three routers are connected by Frame Relay. Router B can still reach network 172.30.0.0 via 10.10.10.2. When Router B sends a BGP update to Router A regarding 172.30.0.0 it will use as the next hop 10.10.10.2 and not its own IP address (10.10.10.1). A problem will arise if Router A and Router C do not know how to communicate directly; i.e. if Routers A and C do not have a map to each other. Router A will not know how to reach the next hop address on Router C. This behavior can be overridden in Router B by configuring it to advertise itself as the next hop address for routes sent to Router A.

Copyright 1999, Cisco Systems, Inc.

Configuring Basic Border Gateway Protocol 9-25

Local Preference AttributeAS 690 172.16.0.0 AS 1755 AS 1880

A

Local pref = 200

Needs to go to 690AS 666B Local pref = 150

AS 200

Paths with highest preference value are most desirablePreference configured on routers Preference sent to internal BGP neighbors only 1999, Cisco Systems, Inc.

www.cisco.com

BSCN9-26

Local preference is a well-known discretionary attribute that provides an indication to routers in the AS about which path is preferred to exit the AS. A path with a higher local preference is more preferred. The local preference is an attribute that is configured on a router and exchanged only among routers within the same AS. The default value for local preference on a Cisco router is 100. For example, in the graphic AS 200 is receiving updates about network 172.16.0.0 from two directions. Assume the local preference on Router A is set to 200 and the local preference on Router B is set to 150. Since the local preference information is exchanged within AS 200, all traffic in AS 200 addressed to network 172.16.0.0 will be sent to Router A as an exit point from AS 200.

9-26 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

MED AttributeAS 200172.20.0.0 B MED = 150 C MED = 200

A

172.16.0.0

AS 100

Paths with lowest MED (also called the metric) value are most desirableMED configured on routers MED sent to external BGP neighbors only 1999, Cisco Systems, Inc.

www.cisco.com

BSCN9-27

The Multi-exit-discriminator (MED) attribute, also called the metric, is an optional non-transitive attribute. The MED was known as the Inter-AS attribute in BGP-3. The MED is an indication to external neighbors about the preferred path into an AS. This is a dynamic way to influence another AS on which way it should choose in order to reach a certain route, if there are multiple entry points into an AS. A lower value of a metric is more preferred. Unlike local preference, the MED is exchanged between ASs. The MED is carried into an AS and used there, but is not passed onto the next AS. When the same update is passed on to another AS, the metric will be set back to its default of 0. By default a router will compare the MED attribute only for paths from neighbors in the same AS. For example, in the graphic, Router B has set the MED attribute to 150 and Router C has set the MED attribute to 200. When Router A receives updates from Routers B and C, it will pick Router B as the best next hop because 150 is less than 200.

Copyright 1999, Cisco Systems, Inc.

Configuring Basic Border Gateway Protocol 9-27

Origin AttributeIGP (i)Network command

EGP (e)Redistributed from EGP

Incomplete (?)Redistributed from IGP or static

1999, Cisco Systems, Inc.

www.cisco.com

BSCN9-28

The origin is a well-known mandatory attribute that defines the origin of the path information. The origin attribute can be one of three values:s

IGP: The route is interior to the originating AS. This normally happens when the network command (discussed later in this chapter) is used to advertise the route via BGP. An origin of IGP is indicated with an "i" in the BGP table. EGP: The route is learned via the EGP (Exterior Gateway Protocol). This is indicated with an "e" in the BGP table. Incomplete: The origin of the route is unknown or is learned via some other means. This usually occurs when a route is redistributed into BGP. An incomplete origin is indicated with a "?" in the BGP table.

s

s

9-28 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Weight Attribute (Cisco only)AS 200B D C

AS 400172.20.0.0

AS 300

Weight = 200

A

Weight = 150

AS 100

Paths with highest Weight value are most desirableWeight configured on routers, on a per neighbor basis Weight not sent to any BGP neighbors 1999, Cisco Systems, Inc.

www.cisco.com

BSCN9-29

The weight attribute is a Cisco defined attribute, used for the path selection process. The weight is configured locally to a router and is not propagated to any other routers. The weight can have a value from 0 to 65535. Paths that the router originates have a weight of 32768 by default and other paths have a weight of zero by default. Routes with a higher weight are preferred when multiple routes exist to the same destination. In the graphic, Router B and Router C learn about network 172.20.0.0 from AS 400 and will propagate the update to Router A. Router A has two ways to reach 172.20.0.0 and has to decide which way to go. In the example, Router A sets the weight of updates coming from Router B to 200 and the weight of those coming from Router C to 150. Since the weight for Router B is higher than the weight for Router C, we will force Router A to use Router B as a next hop to reach 172.20.0.0.

Copyright 1999, Cisco Systems, Inc.

Configuring Basic Border Gateway Protocol 9-29

BGP SynchronizationSynchronization Rule:Do not advertise a route to an external neighbor until a matching route has been learnt from an IGP Ensures consistency of information throughout the AS Avoids black holes within the AS Safe to turn off when there is a full IBGP mesh

1999, Cisco Systems, Inc.

www.cisco.com

BSCN9-30

The BGP synchronization rule states that a BGP router should not advertise a route to an external neighbor unless that route is local or is learnt from the IGP. If your autonomous system is passing traffic from one AS to another AS, BGP should not advertise a route before all routers in your AS have learned about the route via IGP. BGP will wait until IGP has propagated the route within the AS and then will advertise it to external peers. This is done so that all routers in the AS are synchronized and will be able to route traffic that the AS advertises to other ASs that it is able to route. BGP synchronization is on by default. If all routers in the AS were running BGP, only then would it be safe to turn it off.

9-30 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

BGP Synchronization (contd)C

AS 10

A

EBGP

AS 1E

D

IBGP B EBGP

AS 2 172.16.0.0

Assume BGP info is not redistributed into AS 10; Routers C and D are not running BGP.

If synchronization is on (the default) then Router A would not use or advertise the route to 172.16.0.0, until it receives the matching route via an IGP Router E would not hear about 172.16.0.0

If synchronization is off then Router A would use and advertise the route it receives via BGP. Router E would hear about 172.16.0.0 If Router E sends traffic for 172.16.0.0, Router C would drop the packets since it has no route to 172.16.0.0 1999, Cisco Systems, Inc.

www.cisco.com

BSCN9-31

The synchronization rule also results in other behavior on BGP routers. In the example in the graphic, assume that Routers C and D are not running BGP and do not receive any of the routes that Routers A and B learn from BGP. (Sharing information between routing protocols is called redistribution and is covered in chapter 13). Specifically, they do not know about the network 172.16.0.0 that Router B learns from AS 2. Router B will advertise the route to 172.16.0.0 to Router A using IBGP. By default Router A will not use the route to 172.16.0.0, nor will it advertise that route to Router E in AS 1. Note that Router B will use the route to 172.16.0.0 and will install it in its routing table. If synchronization is turned off in AS 10, Router A can use the route to 172.16.0.0, will install the route in its routing table, and will advertise it to Router E. This is where the problem occurs. Router E now may send traffic destined for network 172.16.0.0. Router E will send the packets to Router A; Router A will forward them to Router C. Router C has not learnt a route to 172.16.0.0 and therefore will drop the packets. If all of the routers in AS 10 were running IBGP, turning off synchronization would not create this problem.

Copyright 1999, Cisco Systems, Inc.

Configuring Basic Border Gateway Protocol 9-31

BGP OperationThis section describes the operation of the BGP protocol.

BGP Packet TypesBGP Defines the following message types: OPEN includes hold time and BGP Router ID

KEEPALIVE UPDATE information for one single path only (could be to multiple networks) includes path attributes and networks

NOTIFICATION when error detected BGP connection closed after sent 1999, Cisco Systems, Inc.

www.cisco.com

BSCN9-33

BGP peers will initially exchange their full BGP routing tables. From then on incremental updates are sent as the routing table changes. Keepalive packets are sent to ensure that the connection is alive between the BGP peers, and notification packets are sent in response to errors or special conditions. After a TCP connection is established, the first message sent by each side is an OPEN message. If the OPEN message is acceptable, a KEEPALIVE message confirming the OPEN is sent back. Once the OPEN is confirmed, the BGP connection is established and UPDATE, KEEPALIVE, and NOTIFICATION messages may be exchanged. An OPEN Message includes the following information:s

Hold time: maximum number of seconds that may elapse between the receipt of successive KEEPALIVE and/or UPDATE messages by the sender. Upon receipt of an OPEN message, the router calculates the value of the Hold Timer to use by using the smaller of its configured Hold Time and the Hold Time received in the OPEN message. BGP Router Identifier (Router ID): This 32-bit field indicates the BGP Identifier of the sender. The BGP Identifier is an IP address assigned to that router and is determined on startup. The BGP router ID is chosen the same way that the OSPF router ID is chosen it is highest active IP address on the router, unless a loopback interface with an IP address exists, in which case it is the highest such loopback IP address.

s

9-32 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

BGP does not use any transport protocol-based keep-alive mechanism to determine if peers are reachable. Instead, KEEPALIVE messages are exchanged between peers often enough as not to cause the Hold Timer to expire. If the negotiated Hold Time interval is zero, then periodic KEEPALIVE messages will not be sent. KEEPALIVE message consists of only message header. An UPDATE message has information on one single path only; multiple paths require multiple messages. All of the attributes in the message refer to that path, and the networks are those that can be reached through it. An UPDATE message may include the following fields:s

Withdrawn Routes: A list of IP address prefixes for routes that are being withdrawn from service, if any. Path Attributes: These path attributes are the AS-Path, origin, local preference, etc. discussed earlier in this chapter. Each path attribute includes the attribute type, attribute length, attribute value. The attribute type consists of the attribute flags followed by the attribute type code. Network Layer Reachability Information: This field contains a list of IP address prefixes that can be reached by this path.

s

s

A NOTIFICATION message is sent when an error condition is detected. The BGP connection is closed immediately after sending it. Notification messages include an error code, an error subcode, and data related to the error.

Copyright 1999, Cisco Systems, Inc.

Configuring Basic Border Gateway Protocol 9-33

Route Selection Decision ProcessConsider only (synchronized) routes with no AS loops and a valid next-hop, then :Prefer highest weight (local to router) Prefer highest local preference (global within AS) Prefer route originated by the local router Prefer shortest AS path Prefer lowest origin code (IGP < EGP < incomplete) Prefer lowest MED (from other AS) Prefer EBGP path over IBGP path Prefer the path through the closest IGP neighbor Prefer the path with the lowest neighbor BGP router id 1999, Cisco Systems, Inc.

www.cisco.com

BSCN9-34

After BGP receives updates about different destinations from different autonomous systems, the protocol decides which path to choose in order to reach a specific destination. BGP will choose only a single path to reach a specific destination. The decision process is based on the attributes discussed earlier in this chapter. When faced with multiple routes to the same destination, BGP chooses the best route for routing traffic toward the destination. The following process summarizes how BGP on a Cisco router chooses the best route. 1. If the path is internal, synchronization is on and route is not synchronized, do not consider it. 2. If the Next-Hop address of a route is not reachable do not consider it. 3. Prefer the route with the highest Weight. (Recall that the weight is Cisco proprietary and is local to the router only). 4. If multiple routes have the same Weight, prefer the route with the highest Local Preference. (Recall that the local preference is used within an AS). 5. If multiple routes have the same Local Preference, prefer the route that was originated by the local router. 6. If multiple routes have the same Local Preference, or if no route was originated by the local router, prefer the route with the shortest AS path. 7. If the AS path length is the same, prefer the lowest origin code (IGP 172.16.0.0 *> 192.168.1.0 *> 192.168.2.0 Next Hop 10.1.1.1 10.1.1.1 0.0.0.0 Metric LocPrf Weight Path 0 200 i 0 0 200 i 0 32768 i

1999, Cisco Systems, Inc.

www.cisco.com

BSCN9-50

This example output is taken from Router A in BGP Example #2. The status codes are shown at the beginning of each line of output and the origin codes are shown at the end of each line of output. From the example output, we can see that Router A learnt about two networks from 10.1.1.1. The path it will use to get to these networks is via AS 200, and the routes have origin codes of IGP.

Copyright 1999, Cisco Systems, Inc.

Configuring Basic Border Gateway Protocol 9-51

Show ip bgp summary

RTRA#show ip bgp sum BGP table version is 5, main routing table version 5 3 network entries and 3 paths using 363 bytes of memory 3 BGP path attribute entries using 372 bytes of memory BGP activity 3/0 prefixes, 3/0 paths 0 prefixes revised. Neighbor 10.1.1.1 V AS MsgRcvd MsgSent 14 13 TblVer 5 InQ OutQ Up/Down 0 0 00:08:03 State/PfxRcd 2

4 200

1999, Cisco Systems, Inc.

www.cisco.com

BSCN9-51

This example output is taken from Router A in BGP Example #2. Router A has one neighbor, 10.1.1.1. It speaks BGP version 4 with that neighbor, who is in AS 200. Router A has received 14 messages from and sent 13 messages to 10.1.1.1. The TblVer is the last version of the BGP database that was sent to that neighbor. There are no messages in either the input or output queue. The BGP session has been established for 8 minutes and 3 seconds. Router A has received two prefixes from neighbor 10.1.1.1.

9-52 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Show ip bgp neighborsRTRA#sh ip bgp nei BGP neighbor is 10.1.1.1, remote AS 200, external link Index 1, Offset 0, Mask 0x2 BGP version 4, remote router ID 172.16.10.1 BGP state = Established, table version = 5, up for 00:10:47 Last read 00:00:48, hold time is 180, keepalive interval is 60 seconds Minimum time between advertisement runs is 30 seconds Received 16 messages, 0 notifications, 0 in queue Sent 15 messages, 1 notifications, 0 in queue Prefix advertised 1, suppressed 0, withdrawn 0 Connections established 1; dropped 0 Last reset 00:16:35, due to Peer closed the session 2 accepted prefixes consume 64 bytes 0 history paths consume 0 bytes --More--

1999, Cisco Systems, Inc.

www.cisco.com

BSCN9-52

This example output is taken from Router A in BGP Example #2. This command is used to display information about the BGP connections to neighbors. In the example, the BGP state is Established which means that the neighbors have established a TCP connection and the two peers have agreed speak BGP with each other.

Copyright 1999, Cisco Systems, Inc.

Configuring Basic Border Gateway Protocol 9-53

Debug ip bgpRTRA#debug ip bgp updates BGP updates debugging is on RTRA#clear ip bgp * 3w5d: BGP: 10.1.1.1 computing updates, neighbor version 0, table version 1, starting at 0.0.0.0 3w5d: BGP: 10.1.1.1 update run completed, ran for 0ms, neighbor version 0, start version 1, throttled to 1, check point net 0.0.0.0 3w5d: BGP: 10.1.1.1 rcv UPDATE w/ attr: nexthop 10.1.1.1, origin i, aggregated by 200 172.16.10.1, path 200 3w5d: BGP: 10.1.1.1 rcv UPDATE about 172.16.0.0/16 3w5d: BGP: nettable_walker 172.16.0.0/16 calling revise_route 3w5d: BGP: revise route installing 172.16.0.0/16 -> 10.1.1.1 3w5d: BGP: 10.1.1.1 rcv UPDATE w/ attr: nexthop 10.1.1.1, origin i, metric 0, path 200 3w5d: BGP: 10.1.1.1 rcv UPDATE about 192.168.1.0/24 3w5d: BGP: nettable_walker 192.168.1.0/24 calling revise_route 3w5d: BGP: revise route installing 192.168.1.0/24 -> 10.1.1.1

1999, Cisco Systems, Inc.

www.cisco.com

BSCN9-53

This example output is taken from Router A in BGP Example #2. The output in the graphic shows update messages being received from neighbor 10.1.1.1. Further output after that displayed in the graphic is provided below, showing Router A sending updates to its neighbor. RTRA# 3w5d: BGP: 10.1.1.1 computing updates, neighbor version 1, table version 3, starting at 0.0.0.0 3w5d: BGP: 10.1.1.1 update run completed, ran for 0ms, neighbor version 1, start version 3, throttled to 3, check point net 0.0.0.0 3w5d: BGP: nettable_walker 192.168.2.0/24 route sourced locally 3w5d: BGP: 10.1.1.1 computing updates, neighbor version 3, table version 4, starting at 0.0.0.0 3w5d: BGP: 10.1.1.1 send UPDATE 192.168.2.0/24, next 10.1.1.2, metric 0, path 100 3w5d: BGP: 10.1.1.1 1 updates enqueued (average=52, maximum=52) 3w5d: BGP: 10.1.1.1 update run completed, ran for 0ms, neighbor version 3, start version 4, throttled to 4, check point net 0.0.0.0

9-54 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

SummaryThis section summaries the tasks you learned to complete in this chapter

SummaryAfter completing this chapter, you should be able to perform the following tasks:Describe BGP features and operation Describe how to connect to another AS using an alternative to BGP, static routes Explain how BGP policy-based routing functions within an Autonomous System Explain how BGP peering functions

1999, Cisco Systems, Inc.

www.cisco.com

BSCN9-55

Copyright 1999, Cisco Systems, Inc.

Configuring Basic Border Gateway Protocol 9-55

Summary (contd)After completing this chapter, you should be able to perform the following tasks:Describe BGP synchronization Given a set of network requirements, configure a BGP environment and verify proper operation (within described guidelines) of your routers

1999, Cisco Systems, Inc.

www.cisco.com

BSCN9-56

9-56 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Review QuestionsAnswer the following questions.

Review Questions1. Describe the BGP synchronization rule. What command disables synchronization? 2. What are the four BGP message types? 3. How does BGP-4 support CIDR? 4. What command is used to activate a BGP session with another router? 5. What command is used to display information about the BGP connections to neighbors? 1999, Cisco Systems, Inc.

www.cisco.com

BSCN9-57

Copyright 1999, Cisco Systems, Inc.

Configuring Basic Border Gateway Protocol 9-57

10

Implementing BGP in Scalable ISP Networks

OverviewThis chapter starts with a discussion of problems that may occur when scaling IBGP. Various solutions, including route reflectors, policy control using prefix lists, communities, and Ciscos peer groups are explained. Connecting an AS with more than one BGP connection is known as multi-homing, and different ways to accomplish this are explored. Configuration of all of these BGP features is included in this chapter. This chapter includes the following topics:s s s s s s s s s s s s

Objectives Scalability problems with IBGP Route Reflectors Policy Control Written Exercise: BGP Route Reflectors and Policy Control Route Maps Communities Peer groups Multi-homing Redistribution with IGPs Case Study: Multi-homed BGP Summary

.

s

Review questions

10-2 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

ObjectivesThis section lists the chapters objectives.

Objectives

Upon completion of this chapter, you will be able to perform the following tasks: Describe the scalability problems associated with Internal BGP Explain and configure BGP Route Reflectors Describe and configure policy control in BGP using prefix lists Describe and configure BGP Communities and Peer Groups

1999, Cisco Systems, Inc.

www.cisco.com

BSCN10-2

Upon completion of this chapter, you will be able to perform the following tasks:s s s s s s

Describe the scalability problems associated with Internal BGP Explain and configure BGP Route Reflectors Describe and configure policy control in BGP using prefix lists Describe and configure BGP Communities and Peer Groups Describe methods to connect to multiple ISPs using routes BGP Explain the use of redistribution between BGP and Interior Gateway Protocols (IGPs) Given a set of network requirements, configure a multi-homed BGP environment and verify proper operation (within described guidelines) of your routers

s

Note to reviewers: Compared to the design document, the 5th objective was changed; static routes moved to Note chapter 9. Route Maps topic moved to this chapter from later chapter (needed for Communities discussion).

Copyright 1999, Cisco Systems, Inc.

Implementing BGP in Scalable ISP Networks 10-3

Objectives (contd)Describe methods to connect to multiple ISPs using BGP Explain the use of redistribution between BGP and Interior Gateway Protocols (IGPs) Given a set of network requirements, configure a multi-homed BGP environment and verify proper operation (within described guidelines) of your routers

1999, Cisco Systems, Inc.

www.cisco.com

BSCN10-3

10-4 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Scalability Problems with IBGPThis section discusses scalability problems with IBGP.

BGP Split HorizonA

AS 100B

XC

BGP split horizon: Routes learned via IBGP are never propagated to other IBGP peers

Therefore need full mesh IBGP 1999, Cisco Systems, Inc.

www.cisco.com

BSCN10-5

Chapter 9 discussed many BGP concepts, including IBGP and EBGP. Another rule governing IBGP behavior is the BGP split horizon rule. This BGP rule specifies that routes learned via IBGP are never propagated to other IBGP peers. Similar to the distance vector routing protocol split horizon rule, BGP split horizon is necessary to ensure that routing loops are not started within the AS. The result is that a full mesh of IBGP peers is required within an AS.

Copyright 1999, Cisco Systems, Inc.

Implementing BGP in Scalable ISP Networks 10-5

Full Mesh IBGP Problem# IBGP sessions = n(n-1)/2 1000 routers means nearly half a million IBGP sessions!

13 Routers => 78 IBGP Sessions!

1999, Cisco Systems, Inc.

www.cisco.com

BSCN10-6

As the graphic illustrates though, a full mesh of IBGP is not scalable. With only 13 routers, 78 IBGP sessions would need to be maintained. As the number of routers increases, so does the number of sessions required, governed by the formula: n(n-1)/2 where n= the number of routers.

10-6 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Full Mesh IBGPFull Mesh IBGP: Avoids routing information loops Does not scale many TCP sessions duplicate routing traffic

Solutions include: Route Reflectors

1999, Cisco Systems, Inc.

www.cisco.com

BSCN10-7

As well as the number of BGP TCP sessions that must be created and maintained, the routing traffic may also be a problem. Depending on the AS topology, traffic may be duplicated many times on some links as it travels to each IBGP peer. For example, if the physical topology of a large AS includes some WAN links, the IBGP sessions running over those links may be consuming a significant amount of bandwidth. A solution to this problem is the use of route reflectors, discussed in the next section.

Copyright 1999, Cisco Systems, Inc.

Implementing BGP in Scalable ISP Networks 10-7

Route ReflectorsThis section describes what a route reflector is, how it works, and how to configure it.

Route ReflectorsRoute Reflector

A

AS 100

B

C

Modifies BGP split horizon rule 1999, Cisco Systems, Inc.

www.cisco.com

BSCN10-9

Route reflectors modify the BGP split horizon rule by allowing the router configured as the route reflector to propagate routes learned by IBGP to other IBGP peers. This saves on the number of BGP TCP sessions that must be maintained, and also reduces the BGP routing traffic.

10-8 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Route Reflector Benefits Solves the IBGP full mesh problem used mainly by ISPs when number of internal neighbor statements becomes excessive Packet forwarding is not affected Can have multiple route reflectors for redundancy Can have multiple levels of route reflectors Normal BGP peers can co-exist Easy migration 1999, Cisco Systems, Inc.

www.cisco.com

BSCN10-10

With a BGP route reflector configured, full mesh of IBGP peers is no longer required. The route reflector is allowed to propagate IBGP routes to other IBGP peers. Route reflectors are used mainly by ISPs when the number of internal neighbor statements becomes excessive. Route reflectors reduce the number of BGP neighbor relationships in an AS by having key routers duplicate updates to their route reflector clients. Route reflectors do not affect the paths that IP packets follow; only how the routing information is distributed is affected. Within an AS there can be multiple route reflectors, both for redundancy and for grouping to further reduce the number of IBGP sessions required. Migrating to route reflectors involves a minimal configuration, and does not have to be done all at once since non-route-reflector routers can co-exist with route reflectors within an AS.

Copyright 1999, Cisco Systems, Inc.

Implementing BGP in Scalable ISP Networks 10-9

Route Reflector TerminologyTerminology Route reflector Client Cluster Non-client Originator ID Cluster ID 1999, Cisco Systems, Inc.

www.cisco.com

BSCN10-11

A route reflector is a router that is configured to be the router that is allowed to advertise (or reflect) routes that it learnt via IBGP to other IBGP peers. The route reflector will have a partial IBGP peering with other routers, which are called clients. Peering between the clients is not needed because the route reflector will pass advertisements between the clients. The combination of the route reflector and its clients is called a cluster. Other IBGP peers of the route reflector that are not clients are called non-clients. Two techniques prevent routing loops in route reflector configurations. The originator-ID is an optional, non transitive BGP attribute that is created by the route reflector. This attribute carries the router ID of the originator of the route in the local AS. If, because of poor configuration, the update comes back to the originator, the originator ignores it. Usually a cluster has a single route reflector, in which case the cluster is identified by the router ID of the route reflector. To increase redundancy and avoid single points of failure, a cluster might have more than one route reflector. When a cluster has more than one route reflector, all of the route reflectors in the cluster need to be configured with a cluster ID. The cluster ID allows route reflectors to recognize updates from other route reflectors in the same cluster.

10-10 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Route Reflector Design

Divide AS into multiple clusters At least one route reflector and few clients per cluster Route reflectors are fully meshed with IBGP Use single IGP, to carry next hop and local routes

1999, Cisco Systems, Inc.

www.cisco.com

BSCN10-12

The AS can be divided into multiple clusters, each having at least one route reflector and a few clients. Multiple route reflectors can exist in one cluster for redundancy. The route reflectors must be fully meshed with BGP to ensure that all routes learnt will be propagated throughout the AS. An IGP is still used, just as it was before route reflectors were introduced, in order to carry local routes and next hop addresses.

Copyright 1999, Cisco Systems, Inc.

Implementing BGP in Scalable ISP Networks 10-11

Route Reflector Design ExampleX

AS 100B D E F

A C G H

IBGP connections EBGP connections

1999, Cisco Systems, Inc.

www.cisco.com

BSCN10-13

The graphic provides an example of a BGP route reflector design.Note The physical connections within AS 100 are not shown in the graphic.

Routers B, D, E and F form one cluster. Routers C, G and H form another cluster. Router A forms a third cluster. Routers A, B and C are all route reflectors and are fully meshed with BGP. Note that the routers within a cluster are not fully meshed.

10-12 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Route Reflector OperationRoute Reflector Operation Reflector receives updates from clients and non-clients Reflector selects best path If best path is from client reflect to non-clients If best path is from non-client reflect to clients

1999, Cisco Systems, Inc.

www.cisco.com

BSCN10-14

When a route reflector receives an update, it takes the following actions, depending on the type of peer that sent the update:s

If the update is from a non-client peer, it sends the update to all clients in the cluster. If the update is from a client peer, it sends the update to all non-client peers and to all client peers. If the update is from an EBGP peer, it sends the update to all non-client peers and to all client peers.

s

s

For example, in the graphic on the previous page, if Router Cs

receives an update from Router A (a non-client), it will send it to Routers G and H. receives an update from Router H (a client), it will send it to Router G as well as to Routers A and B. receives an update from Router X (via EBGP), it will send it to Routers G and H as well as to Routers A and B.

s

s

Copyright 1999, Cisco Systems, Inc.

Implementing BGP in Scalable ISP Networks 10-13

Route Reflector Migration TipsWhere to place the route reflectors? Follow the physical topology! This will guarantee that the packet forwarding wont be affected

Configure one route reflector at a time Eliminate redundant IBGP sessions Place one route reflector per cluster 1999, Cisco Systems, Inc.

www.cisco.com

BSCN10-15

When migrating to using route reflectors, the first consideration is which routers should be the reflectors and which should be the clients. Following the physical topology in this design decision will ensure that the packet forwarding paths will not be affected. Not following the physical topology (for example configuring route reflector clients that are not physically connected to the route reflector) may result in routing loops. Configure one route reflector at a time, and then delete the redundant IBGP sessions between the clients.

10-14 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Route Reflector ConfigurationRouter(config-router)#

neighbor ip-address route-reflector-client

Configures the router as a BGP route reflector and configures the specified neighbor as its client

1999, Cisco Systems, Inc.

www.cisco.com

BSCN10-16

The neighbor route-reflector-client command is used to configure the router as a BGP route reflector and configure the specified neighbor as its client. neighbor route-reflector-client Command ip address Description IP address of the BGP neighbor being identified as a client.

Copyright 1999, Cisco Systems, Inc.

Implementing BGP in Scalable ISP Networks 10-15

Route Reflector ExampleRoute Reflector A AS 2 AS3 B 172.16.12.1 C172.16.17.2

AS1

RTRA(config)# router bgp 2 RTRA(config-router)# neighbor 172.16.12.1 remote-as 2 RTRA(config-router)# neighbor 172.16.12.1 route-reflector-client RTRA(config-router)# neighbor 172.16.17.2 remote-as 2 RTRA(config-router)# neighbor 172.16.17.2 route-reflector-client

1999, Cisco Systems, Inc.

www.cisco.com

BSCN10-17

In the graphic Router A is configured as a route reflector in AS 2. The neighbor route-reflector-client commands are used to configure which neighbors will be route reflector clients. In this example, both Routers B and C will be route reflector clients.

10-16 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Verifying Route ReflectorsRTRA#sh ip bgp neigh BGP neighbor is 172.16.12.1, Index 1, Offset 0, Mask 0x2 Route-Reflector Client BGP version 4, remote router ID 192.168.101.101 BGP state = Established, table version = 1, up for 00:05:42 Last read 00:00:42, hold time is 180, keepalive interval is 60 seconds Minimum time between advertisement runs is 5 seconds Received 14 messages, 0 notifications, 0 in queue Sent 12 messages, 0 notifications, 0 in queue Prefix advertised 0, suppressed 0, withdrawn 0 Connections established 2; dropped 1 Last reset 00:05:44, due to User reset 1 accepted prefixes consume 32 bytes 0 history paths consume 0 bytes --More- 1999, Cisco Systems, Inc.

remote AS 2, internal link

www.cisco.com

BSCN10-18

The show ip bgp neighbor command indicates that a particular neighbor is a route reflector client. The example output in the graphic is from Router A in the previous example and shows that 172.16.12.1 (Router B) is a route reflector client of Router A.

Copyright 1999, Cisco Systems, Inc.

Implementing BGP in Scalable ISP Networks 10-17

Policy ControlThis section describes how a routing policy is applied to a BGP network, using distribute lists and prefix lists.

Policy ControlTo restrict routing information to/from neighbors use Distribute lists (using access lists) or Prefix lists

1999, Cisco Systems, Inc.

www.cisco.com

BSCN10-20

Note to reviewers: this section assumes the student knows how access lists work (which they should know from Note ICND) but chapters 11 and 12 are on access lists. Should those chapters be done before this one?

If you want to restrict the routing information that the Cisco IOS software learns or advertises, you can filter BGP routing updates to and from particular neighbors. To do this, you can either define an access list or a prefix list, and apply it to the updates.

10-18 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Distribute Lists192.168.2.0 172.30.0.0

AS 200B 10.10.10.2 10.10.20.2 C

AS 300

172.30.0.0

172.30.0.0

10.10.10.1

Router A can prevent updates about 172.30.0.0 from going to AS 200 1999, Cisco Systems, Inc.

In the example in the graphic, Router C is advertising network 172.30.0.0 to Router A. If we wanted to stop those updates from propagating to AS 200, an access-list could be applied on Router A to filter those updates when Router A is talking to Router B.

XAwww.cisco.com

10.10.20.1

AS 100

192.168.1.0

BSCN10-21

Copyright 1999, Cisco Systems, Inc.

Implementing BGP in Scalable ISP Networks 10-19

Configuring Distribute ListsRouter(config-router)#

neighbor {ip-address|peer-group-name} distribute-list access-list-number in|out

Configures the router to distribute BGP neighbor information as specified in an access list Can use standard or extended access lists

1999, Cisco Systems, Inc.

www.cisco.com

BSCN10-22

The neighbor distribute-list command is used to distribute BGP neighbor information as specified in an access list. neighbor distribute-list Command ip address peer-group-name Description IP address of the BGP neighbor for which routes will be filtered. Name of a BGP peer group (peer groups are covered later in this chapter). Number of a standard or extended access list. It can be an integer from 1 to 199. (A named access-list can also be referenced). Indicates that the access list is applied to incoming advertisements from the neighbor. Indicates that the access list is applied to outgoing advertisements to the neighbor.

access-list-number

in

out

10-20 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Distribute List ExampleRtrA(config)#router bgp 100 RtrA(config-router)# network 192.168.1.0 RtrA(config-router)# neighbor 10.10.10.2 remote-as 200 RtrA(config-router)# neighbor 10.10.20.2 remote-as 300 RtrA(config-router)# neighbor 10.10.10.2 distribute-list 1 out RtrA(config-router)# exit RtrA(config)# access-list 1 deny 172.30.0.0 0.0.255.255 RtrA(config)# access-list 1 permit 0.0.0.0 255.255.255.255

1999, Cisco Systems, Inc.

www.cisco.com

BSCN10-23

The configuration in this example is for Router A in the graphic two pages Note previously.

Router A has two neighbors, Router B (10.10.10.2 in AS 200) and Router C (10.10.20.2 in AS 300). When Router A sends updates to neighbor Router B, the neighbor distribute-list statement specifies that it will use the access-list 1 to determine which updates are to be sent. Access-list 1 specifies that any route starting with 172.30, i.e. the route to 172.30.0.0, should not be sent (it is denied in the access-list). All other routes will be sent to Router B. (Recall that since access-lists have an implicit deny any at the end, the permit statement is required in the access-list in order for the other routes to be sent).

Copyright 1999, Cisco Systems, Inc.

Implementing BGP in Scalable ISP Networks 10-21

IP ACL Usage in Distribute-list Standard IP access list matches a routes network number Extended access list is used to filter out more specific routes Extended IP access list matches the routes network number (source IP address) and subnet mask (destination IP address) allows for filtering of more specific routes this is different interpretation than in other uses of extended access lists! 1999, Cisco Systems, Inc.

www.cisco.com

BSCN10-24

As shown in the previous example, a standard IP access-list can be used to control the sending of updates about a specific network number. If, however, a router wants to control updates about subnets and supernets of a network with a distribute-list, extended access-lists would be required.When an IP extended access-list is used with a distribute-list, the parameters Note have different meanings than when the extended access-list is used in other ways. The next page explains the differences.

10-22 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

IP Extended ACL Usage in Distribute-listMeaning of arguments in extended access list in distribute-list:access-list permit ip means: means: Example: access-list 101 ip permit 172.0.0.0 0.255.255.255 255.0.0.0 0.0.0.0

means: permit only 172.0.0.0/8 1999, Cisco Systems, Inc.

www.cisco.com

BSCN10-25

The syntax of the IP extended access-list is the same as usual, with a source address and wildcard, and a destination address and wildcard. However, the meanings of these parameters are different. The source parameters are used to indicate the address of the network whose updates are to be permitted or denied. The destination parameters are used to indicate the subnet mask of that network. The wildcard parameters indicate, for the network and subnet mask, which bits are relevant. Network/subnet mask bits corresponding to wildcard bits set to 1 are ignored during comparisons, and network/subnet mask bits corresponding to wildcard bits set to 0 are used in comparisons. If the example access-list shown was used with a neighbor distribute-list command, it would allow only the supernet 172.0.0.0/8 to be advertised. For example, assume that Router A had routes to networks 172.20.0.0/16 and 172.30.0.0/16, and also had an aggregated route to 172.0.0.0/8. The use of this access list would allow only the supernet 172.0.0.0/8 to be advertised; networks 172.20.0.0/16 and 172.30.0.0/16 would not be advertised.

Copyright 1999, Cisco Systems, Inc.

Implementing BGP in Scalable ISP Networks 10-23

Prefix ListsNew in IOS Release 12.0Prefix lists can be used as an alternative to access lists in many BGP route filtering commands. Advantages are: Significant performance improvement Support for incremental modifications More user-friendly command-line interface Greater flexibility

1999, Cisco Systems, Inc.

www.cisco.com

BSCN10-26

As discussed, distribute lists make use of access lists in order to do route filtering. However, access-lists were originally designed to do packet filtering. Prefix lists, introduced in Release 12.0 of the Cisco IOS, can be used as an alternative to access lists in many BGP route filtering commands. The advantages of using prefix lists include:s

A significant performance improvement over access-lists in loading and route lookup of large lists. Support for incremental modifications. Compared to the normal access-list where one no command will erase the whole access-list, a prefix-list can be modified incrementally. More user-friendly command-line interface. As we just saw, the command-line interface for using extended access lists to filter BGP updates is difficult to understand and use. Greater flexibility.

s

s

s

10-24 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Filtering With Prefix ListsMatch prefix of routes with prefix in list Empty prefix list permits all routes Permit = use route Router begins the search at the statement at the top of the prefix list, with the lowest sequence number When there is a match, rest of list ignored Implicit deny is assumed at end of a prefix list

1999, Cisco Systems, Inc.

www.cisco.com

BSCN10-27

Filtering by prefix list involves matching the prefixes of routes with those listed in the prefix list, similar to using access lists. Whether a prefix is permitted or denied is based upon the following rules:s s

An empty prefix list permits all prefixes. If a prefix is permitted, the route is used. If a prefix is denied, the route is not used. Prefix lists consist of statements with sequence numbers. The router will begin the search for a match at the top of the prefix list, which is the statement with the lowest sequence number. Once a match occurs, the router does not need to go through the rest of the prefix list. For efficiency, you may want to put the most common matches (permits or denies) near the top of the list by specifying the sequence number. An implicit deny is assumed if a given prefix does not match any entries of a prefix list.

s

s

s

Copyright 1999, Cisco Systems, Inc.

Implementing BGP in Scalable ISP Networks 10-25

Configuring Prefix ListsRouter(config)#

ip prefix-list list-name [seq seq-value] deny|permit network/len [ge ge-value] [le le-value]

Creates a prefix-listRouter(config-router)#

neighbor {ip-address|peer-group-name} prefix-list prefix-listname in|out

Configures the router to distribute BGP neighbor information as specified in a prefix list 1999, Cisco Systems, Inc.

www.cisco.com

BSCN10-28

The ip prefix-list command is used to create a prefix-list. ip prefix-list Command list-name seq-value Description Name of the prefix list that will be created. Sequence number of the prefix-list statement, used to determine the order in which the statements are processed when filtering. The action taken once a match is found. The prefix to be matched and the length of the prefix. The network is a 32-bit address; the length is a decimal number. Used to specify the range of the prefix length to be matched, for prefixes that are more specific than network/len. The range is assumed to be from ge-value to 32 if only the ge attribute is specified. Used to specify the range of the prefix length to be matched, for prefixes that are more specific than network/len. The range is assumed to be from len to le-value if only the le attribute is specified.

deny|permit network/len

ge-value

le-value

Both ge and le are optional. They can be used to specify the range of the prefix length to be matched for prefixes that are more specific than network/len. The value range is: len < ge-value < le-value best, i internal Origin codes: i - IGP, e - EGP, ? - incomplete Network *> 10.10.10.0/24 *> 10.10.20.0/24 * *> *> 172.25.0.0 * * *> 1999, Cisco Systems, Inc.

Next Hop 0.0.0.0 0.0.0.0 10.10.20.1 10.10.10.2 10.10.10.2 10.10.20.1 10.10.10.2 10.10.20.1

Metric LocPrf Weight Path 0 0 0 32768 i 32768 i 0 300 200 i 0 200 i 0 200 250 i 0 300 250 i 0 200 300 i 0 0 300 iBSCN10-77

172.20.0.0

172.30.0.0

www.cisco.com

In this example, Router A will select the route via 10.10.10.2 (Router B) to get to 172.20.0.0 and the route via 10.10.20.1 (Router C) to get to 172.30.0.0, since these paths have the shortest AS-path length (of one AS). Router A has 2 paths to 172.25.0.0, and they both have the same AS-path length (there are two ASs in each path). In this case, with all other attributes being equal, Router A will select the path that has the lowest BGP Router ID value. Router A therefore chooses the path through 10.10.10.2 (Router B) to get to 172.25.0.0 in AS 250.

10-74 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Example 2 Configuration Change WeightsRtrA(config)# router bgp 100 RtrA(config-router)# network 10.10.10.0 mask 255.255.255.0 RtrA(config-router)# network 10.10.20.0 mask 255.255.255.0 RtrA(config-router)# neighbor 10.10.10.2 remote-as 200 RtrA(config-router)# neighbor 10.10.10.2 weight 100 RtrA(config-router)# neighbor 10.10.20.1 remote-as 300 RtrA(config-router)# neighbor 10.10.20.1 weight 150

1999, Cisco Systems, Inc.

www.cisco.com

BSCN10-78

In this example configuration, Router A is configured with two EBGP neighbors, Router B (10.10.10.2) and Router C (10.10.20.1). The weights used for routes from each neighbor have been changed from their default of zero; routes received from 10.10.10.2 (Router B) will have a weight of 100 while routes received from 10.10.20.1 (Router C) will have a weight of 150.

Copyright 1999, Cisco Systems, Inc.

Implementing BGP in Scalable ISP Networks 10-75

Results 2 - Change WeightsRtrA#sh ip bgp BGP table version is 9, local router ID is 172.16.10.1 Status codes: s suppressed, d damped, h history, * valid, > best, i internal Origin codes: i - IGP, e - EGP, ? - incomplete Network *> 10.10.10.0/24 *> 10.10.20.0/24 *> 172.20.0.0 * *> 172.25.0.0 * *> 172.30.0.0 * 1999, Cisco Systems, Inc.

Next Hop 0.0.0.0 0.0.0.0 10.10.20.1 10.10.10.2 10.10.20.1 10.10.10.2 10.10.20.1 10.10.10.2

Metric LocPrf Weight Path 0 0 0 32768 i 32768 i 150 300 200 i 100 200 i 150 300 250 i 100 200 250 i 0 150 300 i 100 200 300 iBSCN10-79

www.cisco.com

In this example, since the weight for Router C is higher than the weight for Router B, we will force Router A to use Router C as a next hop to reach all external routes. Recall that the weight attribute is looked at before the AS-path length, so the AS-path length will be ignored in this case.

10-76 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Redistribution with IGPsChapter 13 discusses route redistribution and how it is configured. Here we examine specifics of when redistribution between BGP and IGPs is appropriate.

BGP and IGPsIGP Routing Protocol IP BGP BGP Routing Protocol

BGP has its own table, in addition to the IGP Routing Table Information can be exchanged between the two tables 1999, Cisco Systems, Inc.

www.cisco.com

BSCN10-81

As noted earlier, a router running BGP keeps a table of BGP information, separate from the IP routing table. Information in the tables can be exchanged between the BGP protocol and the IGP protocol running in the routers

Copyright 1999, Cisco Systems, Inc.

Implementing BGP in Scalable ISP Networks 10-77

Advertising Networks Into BGPThree ways: Using the network command Redistributing static routes use null 0 Redistributing dynamic IGP routes Redistribution from the IGP is NOT recommended as it may cause instabilitywww.cisco.com

1999, Cisco Systems, Inc.

BSCN10-82

Route information is sent from an Autonomous System into BGP in one of three ways:s

Using the network command. As already discussed, for BGP the network command allows BGP to advertise a network that is already in the IP table. The list of network commands must include all of the networks in the AS that you want to advertise. Redistributing static routes into BGP. Redistribution is when a router running different protocols advertises routing information received between the protocols. Static routes in this case are considered to be a protocol, and static information is advertised to BGP. Redistributing dynamic IGP routes into BGP. This solution is not recommended as it may cause instability.

s

s

The following pages examine the last two bullets in more detail.

10-78 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Redistributing Static Routes Into BGPAggregate static routes point to null0Example:router bgp 100 redistribute static ! ip route 192.168.0.0 255.255.0.0 null 0

Use aggregate-address instead 1999, Cisco Systems, Inc.

www.cisco.com

BSCN10-83

Redistribution of static routes configured to the null 0 interface into BGP is done to advertise aggregate routes rather than specific routes from the IP table. Any route redistributed into BGP must already be known in the IP table. Using the static route to null 0 is a way of fooling the process into believing that a route actually exists for the aggregate. A static route to null 0 is not necessary if you are using a network command with a non-aggregated network, i.e. a network that exists in the IP table. The use of null 0 may seem to be strange, since a static route to null 0 means discard any information for this network. This will usually not be a problem since the router doing the redistribution has a more specific route to the destination networks, and these will be used to route any traffic that comes into the router. A problem with using this method of aggregation is that if the router looses access to the more specific routes, it would still be advertising the static aggregate, thus creating a black hole. The preferred method is to use the aggregate-address command. With this command as long as a more specific route exists in the BGP table, then the aggregate gets sent. If the aggregating router looses connection to the networks being aggregated, then they disappear from the BGP table and hence the BGP aggregate does not get sent.

Copyright 1999, Cisco Systems, Inc.

Implementing BGP in Scalable ISP Networks 10-79

Redistributing Dynamic IGP Routes Into BGP

Redistributing into BGP from IGPNot recommended, unstable routes Include only local routes Filter out other routes can be complex

1999, Cisco Systems, Inc.

www.cisco.com

BSCN10-84

Redistributing from an IGP into BGP is not recommended because any change in the IGP routes, for example if a link goes down, may cause a BGP update. This method could result in unstable BGP tables. If redistribution is used, care must be taken that only local routes are redistributed. For example, routes learned from other ASs (that were learnt by redistributing BGP into the IGP) must not be sent out again from the IGP, or routing loops could result. Configuring this filtering can be complex.

10-80 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Advertising From BGP Into IGPDone with redistribution, if necessary For ISP ASsredistribution not done

For other ASsredistribution can be done, but filter use default routes instead

1999, Cisco Systems, Inc.

www.cisco.com

BSCN10-85

Route information is sent from BGP into an Autonomous System by redistribution of the IGP routes into BGP. Since BGP is an external routing protocol, care must be taken when exchanging information with internal protocols due to the amount of information in BGP tables. For ISP autonomous systems, redistributing into BGP is not normally required. Other ASs may use redistribution, but the number of routes will mean that filtering will normally be required. Each of these situations is examined on the next two pages.

Copyright 1999, Cisco Systems, Inc.

Implementing BGP in Scalable ISP Networks 10-81

ISP - No Redistribution From BGP Into IGPRedistribution into IGP not requiredAll routers run BGP; IBGP full mesh IBGP carries exterior routes IGP carries local information only, and next-hop information Use no synchronization

AdvantagesCarry fewer routes in IGP BGP converges faster 1999, Cisco Systems, Inc.

www.cisco.com

BSCN10-86

An ISP typically has all routers in the AS running BGP. This would of course be a full mesh IBGP environment, and IBGP would be used to carry the EBGP routes across the AS. All of the routers in the AS would be configured with the no synchronization command, so that synchronization between IGP and BGP is not required. The BGP information would then not need to be redistributed into the IGP. The IGP would only need to route information local to the AS, and routes to the next-hop addresses of the BGP routes. One advantage of this approach is that the IGP protocol does not have to be concerned with all of the BGP routes, BGP will take care of them. BGP will also converge faster in this environment since it doesnt have to wait for the IGP to advertise the routes.

10-82 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Non-ISP - Redistribution From BGP Into IGPRedistribution into IGP required ifNot all routers run BGP Require external route knowledge

Many routes - filtering likely required AlternativesDefault routes

1999, Cisco Systems, Inc.

www.cisco.com

BSCN10-87

A non-ISP AS typically would not have all routers in the AS running BGP, and may not have a full mesh IBGP environment. If this is the case, and knowledge of external routes is required inside the AS, then redistribution of BGP into the IGP would be necessary. However, due to the number of routes that would be in the BGP tables, filtering will normally be required. As discussed in the multi-homing section, an alternative to receiving full routes from BGP is that the ISP could send only default routes, or default routes and some external routes to the AS.

Copyright 1999, Cisco Systems, Inc.

Implementing BGP in Scalable ISP Networks 10-83

Case Study: Multi-homed BGPRecall that throughout this course we have been using a case study of JKL Corporation to discuss various aspects of scalable routing. The case studies are used to review key concepts, to discuss critical issues surrounding network operation, and to provide a focus for the lab exercises.

Case Study - Multi-homed BGPInternetIBGP IBGP

Autonomous System 4304

Autonomous System 521

Autonomous System 1673

EBGP

EBGP

ISP #1

ISP #2

Enterprise - Corporation JKL

Ethernet (within AS 4304 only) Serial (all other links) 1999, Cisco Systems, Inc.

www.cisco.com

BSCN10-89

In this case study, we will look at how JKL will connect to the Internet. As shown in the graphic, JKL has two ISP connections, to AS 4304 and AS 1673. The following topics are some considerations to discuss with the class during the case study:s

The hierarchical topology within JKL, including scaling issues:s s s

Which routers will be running BGP? Where in the hierarchy will the ISP connections be made? How does JKLs topology approach differ from an ISP approach?

s

Exchange of route informations

Recall that JKL is using OSPF, VLSM and route summarization. JKL has a class B public address. How will JKLs routes be advertised to the Internet? How will JKL learn routes of external ASs?

s s

Synchronization issuess

Should JKL use synchronization between BGP and OSPF, or can it be turned off?Copyright 1999, Cisco Systems, Inc.

10-84 Building Scalable Cisco Networks

s

Implementing policy controlss s

What policies might JKL have and why? How would these policies be implemented?

s

Ease of configurations s

How difficult would the policies be to implement? Are there alternatives how easy would they be to implement?

Copyright 1999, Cisco Systems, Inc.

Implementing BGP in Scalable ISP Networks 10-85

SummaryThis section summaries the tasks you learned to complete in this chapter

SummaryAfter completing this chapter, you should be able to perform the following tasks:Describe the scalability problems associated with Internal BGP Explain and configure BGP Route Reflectors Describe and configure policy control in BGP using prefix lists Describe and configure BGP Communities and Peer Groups

1999, Cisco Systems, Inc.

www.cisco.com

BSCN10-85

10-86 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Summary (contd)After completing this chapter, you should be able to perform the following tasks:Describe methods to connect to multiple ISPs using static routes, default routes, and BGP Explain the use of redistribution between BGP and Interior Gateway Protocols (IGPs) Given a set of network requirements, configure a multi-homed BGP environment and verify proper operation (within described guidelines) of your routers 1999, Cisco Systems, Inc.

www.cisco.com

BSCN10-86

Copyright 1999, Cisco Systems, Inc.

Implementing BGP in Scalable ISP Networks 10-87

Review QuestionsAnswer the following questions.

Review Questions1. What is the command used to configure a router to distribute BGP information as specified in an access-list? 2. What is a route reflector cluster? 3. Route maps use ________ commands to test conditions and _______ commands to modify routes. 4. What is the command used to specify that the BGP communities attribute should be sent to a neighbor? 1999, Cisco Systems, Inc.

www.cisco.com

BSCN10-92

10-88 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Review Questions (contd)5. When would peer groups be useful? 6. What is BGP multi-homing? 7. What command is used to assign a weight to a neighbor connection? 8. What is the preferred method to use to advertise an aggregated route from an AS into BGP?

1999, Cisco Systems, Inc.

www.cisco.com

BSCN10-93

Copyright 1999, Cisco Systems, Inc.

Implementing BGP in Scalable ISP Networks 10-89

11

Managing Traffic and Access

ObjectivesUpon completion of this chapter, you will be able to perform the following tasks: Describe the functions of access lists Describe how routing updates can be optimized

1999, Cisco Systems, Inc.

www.cisco.com

BSCN11-2

ObjectivesThis chapter discusses network congestion causes and presents ways to control network congestion. Sections:s s s s s s s s

Objectives Congestion Overview Managing Traffic Congestion IP Access List Usage Optimizing Routing Updates Summary Written Exercise: Managing Traffic and Access Answers to Exercise

11-2

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Congestion OverviewNetwork Traffic Bandwidth of the Link

Congestion occurs when the data traffic exceeds the data-carrying capacity of the link Congestion anywhere in the path results in delays for user applications 1999, Cisco Systems, Inc.

www.cisco.com

BSCN11-3

Congestion OverviewCongestion can occur when the amount of network traffic transmitted on a particular medium exceeds the bandwidth of that medium. The users of the network perceive the network to be slow, but may not understand the cause of the slowness. Temporary congestion can be expected in every network. Periodic congestion often occurs because of the bursty nature of todays network applications. Causes of chronic congestion should be identified and remedied. Serial lines are generally where congestion is experienced.

Copyright 1999, Cisco Systems, Inc.

Managing Traffic and Access

11-3

Traffic in an IP NetworkIP Network IP Network

Sources of data and overhead traffic: User applications Routing protocol updates Domain name server (DNS) requests Encapsulated protocol transport 1999, Cisco Systems, Inc.

www.cisco.com

BSCN11-4

Traffic in an IP NetworkAn IP network has many sources of data traffic and overhead traffic:s

User applicationsData traffic is usually generated by user applications. These applications initiate file transfers using the File Transfer Protocol (FTP) and Trivial File Transfer Protocol (TFTP). Electronic mail is another common source of data traffic; it uses the Simple Mail Transfer Protocol (SMTP). Routing protocol updatesRouting protocols send updates periodically or when routing information changes. Domain Name System (DNS) requestsOverhead traffic is generated when the traffic is not directly related to user applications. Examples of overhead traffic are routing updates and broadcast requests, such as for a DNS. Encapsulated protocol transportNoncontiguous networks can be joined by encapsulating the network traffic in IP packets and sending that traffic across the IP network. If the two noncontiguous networks generate large amounts of traffic, slow links in the IP network could become congested.

s

s

s

11-4

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Other Traffic in a Multiprotocol NetworkDNS ZIP SNMP ARP FTP IGRP GNS NBP Watchdog SDLC SAP Telnet Bandwidth of the LinkIP Network IPX Network AppleTalk Network IP Network

IPX Network AppleTalk Network

Sources of data and overhead traffic: All user applications All routing protocol updates All overhead broadcasts and multicasts All data link/physical-layer signaling 1999, Cisco Systems, Inc.

www.cisco.com

BSCN11-5

Other Traffic in a Multiprotocol NetworkA multiprotocol network has several different protocol suites active at the same time. All user data traffic for the different protocols is active at the same time, and many concurrent data transfers are taking place. In addition, the overhead traffic for each protocol requires a portion of the bandwidth of the medium. Although it was not mentioned earlier, there is some underlying traffic on the media associated with the lower layers of the OSI reference model. All of the following require some portion of the mediums data-carrying capacity:s

Address Resolution Protocol (ARP) to resolve logical-to-physical addressing issues Keepalives to maintain connectivity Tokens for accessibility Time To Live updates

s s s

Copyright 1999, Cisco Systems, Inc.

Managing Traffic and Access

11-5

Managing Traffic CongestionControl network congestion by: Filtering user and application traffic Filtering broadcast traffic Adjusting timers on periodic announcements Providing static entries in tables Controlling routing overhead traffic

1999, Cisco Systems, Inc.

www.cisco.com

BSCN11-6

Managing Traffic CongestionNetwork congestion results from too much traffic at one time. To resolve congestion, the traffic either must be reduced or rescheduled.s

Filtering user and application trafficYou can use access lists to filter user and application traffic. Traffic filters can keep some traffic from reaching critical links. Filtering broadcast trafficSome periodic broadcasts, such as SAP packets, have configurable transmission timers to lengthen the interval between broadcasts. Adjusting timers on periodic announcementsLengthening the timers reduces the overall traffic load on the link. For example, you can adjust the time between SAP updates. Providing static entries in tablesUsing static entries in a routing table can eliminate the need to dynamically advertise network routes across that link. This technique is very effective for serial lines. Controlling routing overhead trafficTraffic that is required to support the routing process can be reduced. Converting from a distance vector protocol to a link-state protocol will almost eliminate the periodic announcements made by distance vector protocols such as RIP.

s

s

s

s

11-6

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Filtering Traffic with Access ListsProper placement of access lists is key to controlling traffic flow Understand application requirements Centralized server or distributed tasks

Understand ACL processing requirements Adequate resources CPU and memory

Location Access/distribution layer Validate traffic where it enters network 1999, Cisco Systems, Inc.

www.cisco.com

BSCN11-7

Filtering Traffic with Access ListsAccess lists, as supported in the Cisco IOS, were originally designed as a security feature and have the additional benefit of providing traffic filtering capability. Proper placement of traffic filters is one of the key factors in effectively controlling traffic flow in a network. Before access lists can be implemented as effective traffic filters, you must study the requirements of the supported applications. Different applications have different needs and generate differing amounts of traffic, sometimes in a unidirectional fashion. Access control lists (ACLs) are a form of list processing and can require significant amounts of CPU processing cycles. The order of search criteria is critical because the top-down processing terminates when a matching condition occurs. The recommended approach is to place the most commonly occurring search criteria at the top of the list. In addition to knowing the direction of traffic flow, it is equally critical to apply traffic filters to the correct device or portion of the network. Traffic should be validated at the point where it enters the network. If a hierarchical model is in place, traffic validation should take place at either the access or distribution layer devices. Unwanted traffic needs to be removed from the network before it can reach the high-speed switching core because core devices cant tolerate delays associated with long table lookups. Also, ACLs should assigned to devices that have sufficient CPU and memory resources to handle the repeated, potentially lengthy table searches.

Copyright 1999, Cisco Systems, Inc.

Managing Traffic and Access

11-7

When to Use Access ListsAccess List

InternetUnsolicited requests

Place traffic filter here

Corporate Network

Solicited replies to prior requests from within

Access lists provide critical security at Internet access points 1999, Cisco Systems, Inc.

www.cisco.com

BSCN11-8

When to Use Access ListsAs mentioned earlier, it is important to validate traffic at the point where it enters the corporate network. For many companies, that entry point is traffic coming from the Internet. One of the challenges for an ACL (and the administrator that creates the ACL) is to block unwanted inbound traffic and at the same time to allow in requested data files. If a reliable file transfer mechanism, such as FTP, is in place, access lists can detect the difference between unsolicited requests and responses to requests that were previously generated from within the corporate network. If the arriving data is the result of a previously established session, then it falls in a category that the ACL can test for. Access lists also provide a logging capability to record the types of activity that the ACL rejected. Sometimes it is more important to know what information was rejected rather than what was accepted, especially when dealing with hackers. Using an access list on a perimeter router should only be a part of the corporate security policy. Several components, such as firewalls and proxy servers, should be concurrently implemented to help protect the corporate network from unwanted external access.

11-8

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

When to Use Access Lists (cont.)SalesAccess List

Finance

R&D

HR

Marketing

Secure Subnet

Access lists guard secure subnets 1999, Cisco Systems, Inc.

www.cisco.com

BSCN11-9

When to Use Access Lists (cont.)Access list can perform a function much like that of a security guard. Each packet can be checked before it is cleared to access a given subnet, such as the research and development (R & D) area shown in the graphic. Most access of this type is based upon the source address (where did this packet come from?) of the packet. Some areas of the network are more trusted than others and only traffic generated by the devices on the trusted subnets will allowed to pass into the secure area. Administrators need to take great care to allow traffic generated from within the secure subnet to return to that area, as well. See the discussion on the previous page about established connections.

Copyright 1999, Cisco Systems, Inc.

Managing Traffic and Access

11-9

When to Use Access Lists (cont.)Only allow FTP and E-mail traffic on this segment E-mail FTP

Access List

Access lists restrict application traffic on designated media segments 1999, Cisco Systems, Inc.

www.cisco.com

BSCN11-10

When to Use Access Lists (cont.)Extended IP access lists can detect the application used to generate the payload being carried by the packet. This functionality is critical to the attempts to limit only FTP and E-mail traffic access to the upper subnet displayed in the graphic. Most search mechanisms like this use well-known ports to identify key applications. For example, TCP port 25 supports E-mail using SMTP and FTP uses ports 20 and 21 to accomplish its data transfers.

11-10

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Other Access List UsesPriority and custom queuing

Queue List

Dial-on-demand routing

Route filteringRouting Table

Access lists are multipurpose

1999, Cisco Systems, Inc.

www.cisco.com

BSCN11-13

Other Access List UsesYou can use IP access lists to establish a finer granularity of control when differentiating traffic into priority and custom queues. An access list can also be used to identify interesting traffic that serves to trigger dialing in dial-on-demand routing (DDR). When acting as a distribute list, an access list can be used to control the contents of a routing update. Access lists are also a fundamental component of route maps, which filter and in some cases alter the attributes within a routing protocol update. Distribute lists and route maps provide different approaches to determining the information contained in a routing update.

Copyright 1999, Cisco Systems, Inc.

Managing Traffic and Access 11-11

Reducing Routing Update TrafficRouting update traffic can be reduced by: Replacing periodic updates with incremental Switch from distance vector to link-state Creating summary routes Shrinks size of routing table Configuring static and default routes Reduces number of routes propagated Filtering content of updates Reduces number of routes propagated 1999, Cisco Systems, Inc.

www.cisco.com

BSCN11-14

Reducing Routing Update TrafficRouting update traffic can be radically reduced by configuring a link-state protocol, such as OSPF, rather than a distance vector protocol, such as RIP. Distance vector protocols sent periodic updates that contain the entire routing table whereas linkstate protocols only sent incremental updates about a single route. The savings in bandwidth consumption will be realized on all links where the link-state protocol is configured. Normally, all subnets are included in the routing table and that information would be shared with peer routers in a link-state implementation. Summary routes representing a group of routes with a common prefix can be created to reduce the size of the routing table in area zero of a hierarchical designed OSPF network. Route filters can be applied to arriving updates and this mechanism can result in smaller routing tables. Smaller routing tables equate to less route information carried in periodic routing updates. Several mechanisms, including route maps and distribute lists, can be used to control the amount of information included in a routing update. Another way to reduce the size of a routing update is to create static route entries for the local router. The manually configured entries are significant only to the local device and are not propagated to neighboring devices in the periodic announcements.

11-12

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Optimizing Routing UpdatesRouting updates can be optimized by: Outbound route filter Summary route Passive interface Static route

Degree of optimization controlled by network policy on route awareness

1999, Cisco Systems, Inc.

www.cisco.com

BSCN11-15

Optimizing Routing UpdatesIn those cases when routing updates are sent, the size of the update stream can be reduced by the following methods:s

Apply route filter outboundan outbound route filter will selectively remove (according to the distribute-list statements) routes from the transmitted routing update. The routing table will indicate more routes than are actually transmitted to the neighboring router. The distribute-list can be applied to one or more transmitting interfaces. Create summary routethis action has no effect on the routing table of the router where the configuration was applied, but it does affect the content of the routing update. Summary routes reduce the update size by removing some of the subnet detail normally included in routing updates. Configure passive interfaceprevents the interface from generating regularly scheduled routing updates for the routing processes to which the interface is linked. Arriving routing updates will be accepted by this interface. Create static routemanually entered routes have significance on the router where the static entry was created. These route entries are not propagated to neighboring routers unless explicit redistribution statements are applied. As a result of not sending all entries in the routing table, the routing update becomes smaller.

s

s

s

Copyright 1999, Cisco Systems, Inc.

Managing Traffic and Access 11-13

Optimizing Routing Updates (cont.)Routing table content can be reduced by: Inbound route filter Default route

Requires administrative control of neighboring routers

1999, Cisco Systems, Inc.

www.cisco.com

BSCN11-16

Optimizing Routing Updates (cont.)There are several ways to shrink the size of the routing table on a router:s

Apply route filter inboundan inbound route filter will selectively remove (according to the distribute-list statements) routes from the arriving routing update. The distribute-list can be applied to an arriving interface or if route redistribution is occurring, at the input to the routing process receiving the routes. Create a default routeusing a default route allows much of the subnet detail to be removed from the local routing table. Most often, a distribute-list is placed on the neighboring routers outbound interface to suppress subnet details from arriving at the router that relies heavily on the default route.

s

11-14

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

SummaryTraffic congestion is caused by: Bursts of user application traffic Multicast and broadcast traffic Too much traffic on low-bandwidth links Network design issues

Traffic congestion can be overcome by: Filtering unwanted traffic Reducing the amount of overhead and broadcast traffic Controlling routing update traffic 1999, Cisco Systems, Inc.

www.cisco.com

BSCN11-17

Summary

Copyright 1999, Cisco Systems, Inc.

Managing Traffic and Access 11-15

Written Exercise: Managing Traffic and AccessObjective: Describe causes of network congestion. Task: In the space below, briefly describe each cause of network congestion.

User services

Router updates

DNS traffic

Novell SAP broadcasts

Objective: List solutions for controlling network congestion. Task: List five ways to control network congestion: 1.__________________________________

2. __________________________________

3. __________________________________

4. __________________________________

5.__________________________________ Note: Answers will vary for these exercises.

11-16

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Answers to Exercise 1999, Cisco Systems, Inc.

www.cisco.com

2-19

Answers to Exercise

Copyright 1999, Cisco Systems, Inc.

Managing Traffic and Access 11-17

Written Exercise: Managing Traffic and AccessAnswers will vary.

11-18

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Copyright 1999, Cisco Systems, Inc.

Managing Traffic and Access 11-19

12

Configuring IP Access Lists

ObjectivesUpon completion of this chapter, you will be able to perform the following tasks: Configure IP standard and extended access lists Limit virtual terminal, HTTP and SNMP access Verify access list operation Configure an alternative to using access lists 1999, Cisco Systems, Inc.

www.cisco.com

BSCN12-2

ObjectivesThis chapter discusses the following Cisco IOS software features useful in reducing unwanted traffic or controlling access in an IP environment: access lists, null interfaces, and helper addresses. Sections include:s s s s s s s s s s s s

Objectives Managing IP Traffic Overview Configuring IP Standard Access Lists Configuring IP Extended Access Lists Restricting Virtual Terminal, HTTP and SNMP Access Verifying Access List Configuration Written Exercise: Restricting Access Using an Alternative to Access Lists Written Exercise: Alternative to Access Lists Summary Case Study Filtering Traffic Answers to Exercises

12-2

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Managing IP Traffic OverviewFTP

X

Limit traffic and restrict network use

Broadcast

X 1999, Cisco Systems, Inc.

www.cisco.com

BSCN12-4

Managing IP Traffic OverviewIntegral to the task of managing IP traffic is eliminating unwanted traffic while still allowing appropriate user-access to necessary services. For many protocols, broadcasting is the primary method for locating services. Because routers inherently do not forward broadcasts, it is frequently necessary to help these broadcasts get forwarded onto the appropriate subnet where the server is located. The Cisco IOS software provides mechanisms for reducing unwanted traffic, for restricting network use to only authorized users, and for enabling broadcasts to be forwarded beyond the local router to the desired server. Access lists limit traffic and restrict network use, and helper addressing enables broadcast forwarding. Both access lists and helper addressing are covered in this chapter.

Copyright 1999, Cisco Systems, Inc.

IP Access Lists 12-3

Access List ApplicationsTransmission of packets on an interface

Virtual terminal line access (IP)

Access lists control packet movement through a network

1999, Cisco Systems, Inc.

www.cisco.com

BSCN12-6

Access List ApplicationsPacket filtering helps control packet movement through the network. Such control can help limit network traffic and restrict network use by certain users or devices. To permit or deny packets from crossing specified router interfaces, Cisco provides access lists. An IP access list is a sequential collection of permit and deny conditions that apply to IP addresses or upper-layer IP protocols. The following table shows the types of access lists and the available list numbers for IP:Type of Access List IP standard IP extended Bridge type-code IPX standard IPX extended IPX SAP Range 1 - 99 100 - 199 200 - 299 800 - 899 900 - 999 1000 - 1099

12-4

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Configuring IP Standard Access Lists

Configuring IP Standard Access Lists 1999, Cisco Systems, Inc.

www.cisco.com

12-7

Configuring IP Standard Access Lists

The Cisco IOS Release 10.3 introduced substantial additions to IP access lists. Caution These extensions are backward compatible. Migrating from existing releases to the Release 10.3 or later image will convert your access lists automatically. However, previous releases are not upwardly compatible with these changes. Thus, if you save an access list with the Release 10.3 or later image and then use older software, the resulting access list will not be interpreted correctly. This incompatibility can cause security problems. Save your old configuration file before booting Release 10.3 (or later) images in case you need to revert to an earlier version.

Copyright 1999, Cisco Systems, Inc.

IP Access Lists 12-5

IP Standard Access Lists OverviewDestination Address Source Address172.16.5.17 10.0.0.3

X

172.16.5.0

Use source address only Access list range: 1 to 99

1999, Cisco Systems, Inc.

www.cisco.com

BSCN12-8

IP Standard Access Lists OverviewStandard access lists permit or deny packets based only on the source IP address of the packet. The access list number range for defining standard access lists is 1 to 99. Standard access lists are easier to configure than their more robust counterparts, extended access lists.

12-6

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Inbound Access List ProcessingFor Standard IP Access ListsIncoming packet Access list on interface? Yes Next entry in list Yes More entries? No Does source address match? No Yes Do route table lookup No

Route to interface

Apply condition

Deny ICMP Message

Permit Process Packet

1999, Cisco Systems, Inc.

www.cisco.com

BSCN12-9

Inbound Access List ProcessingAn access list is a sequential collection of permit and deny conditions that apply to IP addresses. The router tests addresses against the conditions in an access list one by one. The first match determines whether the router accepts or rejects the packet. Because the router stops testing conditions after the first match, the order of the conditions is critical. If no conditions match, the router rejects the packet. For inbound standard access lists, after receiving a packet, the router checks the source address of the packet against the access list. If the access list permits the address, the router exits the access list and continues to process the packet. If the access list rejects the address, the router discards the packet and returns an ICMP Host Unreachable message. Note that the action taken if no more entries are found in the access list is to deny the packet, which illustrates an important concept to remember when creating access lists. The last entry in an access list is what is known as an implicit deny any. All traffic not explicitly permitted will be implicitly denied.When configuring access lists, order is important. Make sure that you list the entries in Note order from specific to general. For example, if you want to filter a specific host address, then permit all other addresses, make sure your entry about the specific host appears first.

Copyright 1999, Cisco Systems, Inc.

IP Access Lists 12-7

Outbound Access List ProcessingFor Standard IP Access ListsOutgoing packet Do route table lookup Access list on interface? Yes Next entry in list Yes More entries? No Does source address match? No Yes No

Apply condition Deny Permit

ICMP Message Forward Packet

1999, Cisco Systems, Inc.

www.cisco.com

BSCN12-10

Outbound Access List ProcessingFor outbound standard IP access lists, after receiving and routing a packet to a controlled interface, the router checks the source address of the packet against the access list. If the access list permits the address, the router transmits the packet. If the access list denies the address, the router discards the packet and returns an ICMP Host Unreachable message. The primary difference between a standard access list and an extended access list is that the latter may continue to check other information in the packet against the access list after the source address has been found to match.When configuring access lists, order is important. Make sure that you list the entries in Note order from specific to general. For example, if you want to filter a specific host address, then permit all other addresses, make sure your entry about the specific host appears first.

12-8

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

IP Addressing ReviewHigh-Order Bits 0 10 110 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 First Octet 1-126 128-191 192-223 Class A B C Standard Mask 255.0.0.0 255.255.0.0 255.255.255.0

Class B subnets

255.255.0.0 255.255.128.0 255.255.192.0 255.255.224.0 255.255.240.0 255.255.248.0 255.255.252.0 255.255.254.0 255.255.255.0 255.255.255.128 255.255.255.192 255.255.255.224 255.255.255.240 255.255.255.248 255.255.255.252 255.255.255.254www.cisco.com

0 1 2 3 4 5 6 7

Class C subnets

1999, Cisco Systems, Inc.

BSCN12-11

IP Addressing ReviewThe IP address is 32 bits in length and is made up of two parts:s s

Network number Host number

The address format is known as dotted-decimal notation. An example address is 131.108.122.204. Each bit in an octet has a binary weight, such as (128,...4,2,1). The minimum value for an octet is 0; it contains all zeros. The maximum value for an octet is 255; it contains all ones. The allocation of addresses is managed by a central authority. Network numbers are administered by the Internet Network Information Center (InterNIC). The NIC is also the main Request For Comments (RFCs) repository.

Copyright 1999, Cisco Systems, Inc.

IP Access Lists 12-9

Access Lists Use Wildcard MaskAddress 0.0.0.0 131.108.0.0/16 131.104.7.11/16 255.255.255.255 131.111.8.0 Mask 255.255.255.255 0.0.255.255 0.0.0.0 0.0.0.0 0.0.7.255 Matches any address network 131.108.0.0 host or subnet address exactly host 131.104.7.11 local broadcast only subnet 131.111.8.0 *

0 bit = must match bits in addresses 1 bit = no need to match bits in addresses* Assuming subnet mask of 255.255.248.0 1999, Cisco Systems, Inc.

www.cisco.com

BSCN12-16

Access Lists Use Wildcard MaskBoth standard and extended IP access lists use a wildcard mask. Like an IP address, a wildcard mask is a 32-bit quantity written in dotted-decimal format. Address bits corresponding to wildcard mask bits set to 1 are ignored in comparisons; address bits corresponding to wildcard mask bits set to 0 are used in comparisons. An alternative way to think of the wildcard mask is as follows: If a 0 bit appears in the mask, then the corresponding bit location in the access list address and the same location in the packet address must match (either both 0 or both 1). If a 1 bit appears in the mask, then the bit location in the packet will match whether it is 0 or 1, and the bit location in the access list address is ignored. For this reason, 1 bits in the mask are sometimes called dont care bits. An access list can contain an indefinite number of actual and wildcard addresses. A wildcard address has a non-zero address mask and thus potentially matches more than one actual address. Remember that the order of the access list statements is important, because the access list is not processed further after a match has been found.

12-10

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Access List Configuration TasksTo create an access list, perform the following tasks: Define an access list Apply the list to an interface

1999, Cisco Systems, Inc.

www.cisco.com

BSCN12-18

Access List Configuration TasksWhether you are creating a standard or extended access list, you will need to complete two tasks:Step 1

Create an access list in global configuration mode by specifying an access list number and access conditions. Define a standard IP access list using a source address and wildcard. Define an extended access list using source and destination addresses, as well as optional protocol-type information for finer granularity of control.

Step 2

Apply the access list in interface configuration mode to interfaces or terminal lines. After an access list is created, you can apply it to one or more interfaces. Access lists can be applied on either outbound or inbound interfaces.

Copyright 1999, Cisco Systems, Inc.

IP Access Lists 12-11

Standard Access List CommandsRouter(config)#

access-list access-list-number { permit | deny } { source [ source-wildcard ] | any }

Defines a standard access list (numbered 1-99)Router(config-if)#

ip access-group access-list-number { in | out }

Applies an access list to a specific interface

1999, Cisco Systems, Inc.

www.cisco.com

BSCN12-19

Standard Access List CommandsUse the access-list command to create an entry in a standard traffic filter list.access-list Command Description

access-list-number permit | deny source source-wildcard

Identifies the list to which the entry belongs; a number from 1 to 99. Indicates whether this entry allows or blocks traffic from the specified address. Identifies source IP address. (Optional) Identifies which bits in the address field are matched. It has a 1 in positions indicating dont care bits, and a 0 in any position that is to be strictly followed. If this field is omitted, the mask 0.0.0.0 is assumed. Uses address 0.0.0.0 and source wildcard 255.255.255.255 to match any address.

any

Use the ip access-group command to link an existing access list to an interface. Each interface may have both an inbound and an outbound access list (provided they are both standard or extended).ip access-group Command Description

access-list-number in | out

Indicates the number of the access list to be linked to this interface. Process packets arriving on/leaving from (default) this interface.

Eliminate the entire list by typing no access-list access-list number. Deapply the access list with the no ip access-group access-list-number command.12-12 Building Scalable Cisco Networks Copyright 1999, Cisco Systems, Inc.

Implicit MasksFor Standard IP Access Listscorrect common errors not needed access-list 1 permit 131.108.5.17 ! access-list 1 permit 0.0.0.0 access-list 1 permit 131.108.0.0 access-list 1 deny access-list 1 deny any 0.0.0.0 255.255.255.255

Omitted mask assumed to be 0.0.0.0 Last two lines unnecessary (implicit deny any)

1999, Cisco Systems, Inc.

www.cisco.com

BSCN12-20

Implicit MasksImplicit masks reduce typing and simplify configuration. Shown are three examples of implicit masks.The first line is an example of a specific host configuration. For standard access lists, if no mask is specified, the mask is assumed to be 0.0.0.0. The implicit mask makes it easier to enter a large number of individual addresses. When the symbolic name any is used, the mask 255.255.255.255 is implied. When a packet does not match any of the configured lines in an access list, the packet is denied by default because there is an invisible line at the end of the access list that is equivalent to deny any. Denying any is the same as configuring 0.0.0.0 255.255.255.255, so the last two lines are not needed. Common errors are found in the other access list lines:s

The second linepermit 0.0.0.0 would exactly match the address 0.0.0.0 and then permit it. In most cases, this address is illegal so this list would prevent all traffic from getting through (the implicit deny any). The third linepermit 131.108.0.0 is probably a configuration error. The intention is probably 131.108.0.0 0.0.255.255. The exact address 131.108.0.0 is reserved to refer to the network and would never be assigned to a host. Network and subnets are represented by explicit masks. As a result, nothing would get through with this list, again due to the implicit deny any. The fourth and fifth linesdeny any and deny 0.0.0.0 255.255.255.255 are unnecessary to configure because they duplicate the function of the default deny that occurs when a packet fails to match all of the configured lines in an access list.

s

s

Although not necessary, you may want to add one of these entries for record-keeping purposes.Copyright 1999, Cisco Systems, Inc. IP Access Lists 12-13

Configuration Principles Top-down processing Place more specific references first

Implicit deny any Unless access list ends with explicit permit any

New lines added to the end Cannot selectively add/remove lines

Undefined access list = permit any Need to create access list lines for implicit deny any 1999, Cisco Systems, Inc.

www.cisco.com

BSCN12-21

Configuration PrinciplesFollowing these general principles helps ensure the access lists you create have the intended results:s

Top-down processing

Organize your access list so that more specific references in a network or subnet appear before more general ones. Place more frequently occurring conditions before less frequent conditions.

s

Implicit deny any

Unless you end your access list with an explicit permit any, it will deny by default all traffic that fails to match any of the access list lines.

s

New lines added to the end

Subsequent additions are always added to the end of the access list. You cannot selectively add or remove lines when using numbered access lists, but you can when using IP named access lists (a Cisco IOS Release 11.2 feature).

s

Undefined access list = permit any

If you apply an access list with the access-group command to an interface before any access list lines have been created, the result will be permit any. The list is live, so if you enter only one line, it goes from a permit any to a deny most (because of the implicit deny any) as soon as you press Return. For this reason, create your access list before you apply it to an interface.

12-14

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Standard Access List Example36.48.0.3A E0 B C

InternetD

36.48.0.0

36.51.0.0

36.0.0.0Router(config)#access-list 2 permit 36.48.0.3 Router(config)#access-list 2 deny 36.48.0.0 0.0.255.255 Router(config)#access-list 2 permit 36.0.0.0 0.255.255.255 Router(config)#!(Note: all other access implicitly denied) Router(config)#interface ethernet 0 Router(config-if)#ip access-group 2 in

Who can connect to A? 1999, Cisco Systems, Inc.

www.cisco.com

BSCN12-22

Standard Access List ExampleCan host B communicate with host A? Yes. Permitted by the first line, which uses an implicit host mask. Can host C communicate with host A? No. Host C is in the subnet denied by the second line. Can host D communicate with host A? Yes. Host D is on a subnet that is explicitly permitted by the third line. Can users on the Internet communicate with host A? No. Users outside of this network are not explicitly permitted, so they are denied by default (implicit deny any).

Copyright 1999, Cisco Systems, Inc.

IP Access Lists 12-15

Location of Standard Access Lists10.3.0.1W 10.20.0.0 E0 X Y Z

A A

E1 E0

B B

E1

E0

C C

E1 E0

D D

E1

access-list 3 deny 10.30.0.1 access-list 3 permit any

On which router should the access list be configured to deny host Z access to network 10.20.0.0? How does location of a standard access list change the policy implemented?

1999, Cisco Systems, Inc.

www.cisco.com

BSCN12-23

Location of Standard Access ListsAccess list location can be more of an art than a science, but there are some general guidelines that we can discover by looking at this simple example. If the policy goal is to deny host Z access to a host on another network (called host V), and not to change any other access policy, on which router should the access list shown be configured and on which interface of that router? The access list would be placed on router A. The reason is that the standard access list can only specify the source address. Wherever in the path the traffic is denied, no hosts beyond can connect. The access list could be configured as an outbound list on E0, but it would most likely be configured as an inbound list on E1 so that packets to be denied would not have to be routed first. What would be the effect of placing the access list on other routers?s s

Router BHost Z could not connect with host W (and host V on another network). Router CHost Z could not connect with hosts W and X (and host V on another network). Router DHost Z could not connect with hosts W, X, and Y (and host V on another network).

s

For standard access lists, place them as close to the destination router as possible to exercise the most control.

12-16

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Configuring Extended Access Lists

Configuring IP Extended Access Lists 1999, Cisco Systems, Inc.

www.cisco.com

12-24

Configuring Extended Access Lists

Copyright 1999, Cisco Systems, Inc.

IP Access Lists 12-17

IP Extended Access List OverviewSales

InternetFTP Telnet

Manufacturing

SMTP

Accounting

Control traffic by application, not just address

1999, Cisco Systems, Inc.

www.cisco.com

BSCN12-25

IP Extended Access List OverviewStandard access lists offer quick configuration and low overhead in limiting traffic based on source address within a network. Extended access lists provide a higher degree of control by enabling filtering based on the session-layer protocol, destination address, and application port number. These features make it possible to limit traffic based on the uses of the network.

12-18

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Extended Access List ProcessingAccess list? Does not match Yes Source address Match Match Match No

Destination address

Protocol? *

Protocol options? * Match Apply condition Next entry in list Deny ICMP Message * If present in access list 1999, Cisco Systems, Inc.

Permit Forward Packet

www.cisco.com

BSCN12-26

Extended Access List ProcessingEvery condition tested must match in order for the line of the access list to match and the permit or deny condition to be applied. As soon as one parameter or condition fails, the next line in the access list is compared. The extended access list checks source address, protocol, and destination address. Depending on the protocol configured, there may be more protocol-dependent options tested. For example, a TCP port may be checked, which allows routers to filter at the application layer.

Copyright 1999, Cisco Systems, Inc.

IP Access Lists 12-19

Extended IP Access List CommandRouter(config)#

access-list access-list-number { permit | deny } { protocol | protocol-keyword } { source source-wildcard | any } { destination destination-wildcard | any } [ protocol-specific options ] [ log ]

Defines an extended access list (numbered 100 to 199) Protocol keywords icmp, tcp, and udp define alternate syntax with protocolspecific options 1999, Cisco Systems, Inc.

www.cisco.com

BSCN12-27

Extended IP Access List CommandUse the access-list command to create an entry in a complex traffic filter list.access-list Command Description

access-list-number permit | deny protocol

A number from 100 to 199. Whether this entry is used to allow or block the specified address(es). ip, tcp, udp, icmp, igmp, gre, igrp, eigrp, ospf, nos, or a number in the range of 0 through 255. To match any Internet protocol, use the keyword ip. Some protocols have more options that are supported by an alternate syntax for this command.

source and destination IP addresses. source-wildcard and destination-wildcard any Wildcard masks of address bits that must match. 0s indicate bits that must match, 1s are dont care. Use this keyword as an abbreviation for a source and source-wildcard, and destination and destination-wildcard of 0.0.0.0 255.255.255.255. (Optional) Causes informational logging messages about the packet that matches the entry to be sent to the console. Exercise caution when using this keyword because it consumes CPU cycles.

log

12-20

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Extended Mask Keywordsaccess-list 101 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 ! (alternate configuration) access-list 101 permit ip any any

The keyword any can be used in place of the address 0.0.0.0. with mask 255.255.255.255access-list 101 permit ip 0.0.0.0 255.255.255.255 131.108.5.17 0.0.0.0 ! (alternate configuration) access-list 101 permit ip any host 131.108.5.17

The keyword host preceding an ip-address can be used in place of the mask 0.0.0.0

1999, Cisco Systems, Inc.

www.cisco.com

BSCN12-28

Extended Mask KeywordsThe keyword any in either the source or destination position matches any address and is equivalent to configuring 0.0.0.0 255.255.255.255. The keyword host in either the source or destination position causes the address that immediately follows it to be treated as if it were specified with a mask of 0.0.0.0. host 131.108.5.17 = 131.108.5.17 0.0.0.0

Copyright 1999, Cisco Systems, Inc.

IP Access Lists 12-21

ICMP Command SyntaxRouter(config)#

access-list access-list-number { permit | deny } icmp { source source-wildcard | any } { destination destination-wildcard | any } [ icmp-type [ icmp-code ] | icmp-message ]

Filters based on ICMP messages

1999, Cisco Systems, Inc.

www.cisco.com

BSCN12-29

ICMP Command SyntaxUse the access-list icmp command to create an entry in a complex traffic filter list. The protocol keyword icmp indicates that an alternate syntax is being used for this command and that protocol-specific options are available.access-list icmp Command Description

access-list-number permit | deny source and destination source-wildcard and destination-wildcard

A number from 100 to 199. Whether this entry is used to allow or block the specified address(es). IP addresses. Wildcard masks of address bits that must match. 0s indicate bits that must match, 1s are dont care. The keyword any used in place of either the source and destination, or wildcard masks can be used as a shortcut to typing 0.0.0.0 255.255.255.255. (Optional) Packets can be filtered by ICMP message type. The type is a number from 0 to 255. (Optional) Packets that have been filtered by ICMP message type can also be filtered by ICMP message code. The code is a number from 0 to 255. (Optional) Packets can be filtered by a symbolic name representing an ICMP message type or a combination of ICMP message type and ICMP message code. A list of these names is provided on the following graphic.

icmp-type icmp-code

icmp-message

12-22

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

ICMP Message and Type Namesadministratively-prohibited alternate-address conversion-error dod-host-prohibited dod-net-prohibited echo echo-reply general-parameter-problem host-isolated host-tos-redirect host-tos-unreachable host-unknown host-unreachable information reply mask-reply mask-request mobile-redirect net-redirect net-tos-redirect net-tos-unreachable net-unreachable network-unknown no-room-for-option option-missing packet-too-big parameter-problem port unreachable reassembly-timeout redirect router-advertisement router-solicitation source-quench source-route-failed time-exceeded traceroute ttl-exceeded unreachable

Names simplify configuration 1999, Cisco Systems, Inc.

www.cisco.com

BSCN12-30

ICMP Message and Type NamesCisco IOS Release 10.3 and later versions provide symbolic names that make configuration and reading of complex access lists easier. With symbolic names it is no longer critical to understand the meaning of message 8 and message 0 in order to filter the ping command. Instead, the configuration would use echo and echo-reply. Use the context-sensitive help feature by entering ? in the Cisco IOS user interface to verify available names and proper command syntax.

Copyright 1999, Cisco Systems, Inc.

IP Access Lists 12-23

TCP SyntaxRouter(config)#

access-list access-list-number { permit | deny } tcp { source source-wildcard | any } [ operator source-port | source-port ] { destination destination-wildcard | any } [ operator destination-port | destination-port ] [ established ]

Filters based on tcp/tcp port number or name

1999, Cisco Systems, Inc.

www.cisco.com

BSCN12-31

TCP SyntaxUse the access-list tcp command to create an entry in a complex traffic filter list. The protocol keyword tcp indicates that an alternate syntax is being used for this command and that protocol-specific options are available.access-list tcp Command Description

access-list-number permit | deny source and destination source-wildcard and destination-wildcard operator source-port and destination-port established

A number from 100 to 199. Whether this entry is used to allow or block the specified address(es). IP addresses. Wildcard masks of address bits that must match. 0s indicate bits that must match, 1s are dont care. (Optional) A qualifying condition. Can be: lt, gt, eq, neq. (Optional) A decimal number from 0 to 65535 or a name that represents a TCP port number. (Optional) A match occurs if the TCP datagram has the ACK or RST bits set. Use this if you want a Telnet or another activity to be established in one direction only.

12-24

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

TCP Port Namesbgp chargen daytime discard domain echo finger ftp control ftp-data gopher hostname irc klogin kshell lpd nntp pop2 pop3 sunrpc syslog tacacs-ds talk telnet time uucp whois www

Type ? to get port numbers corresponding to names Other port numbers found in Assigned Numbers RFCwww.cisco.com

1999, Cisco Systems, Inc.

BSCN12-32

TCP Port NamesUse the ? in place of the port number when entering the command in order to verify the port numbers associated with these protocol names. The current Assigned Numbers RFCs are 1700 and 1799.

Copyright 1999, Cisco Systems, Inc.

IP Access Lists 12-25

Reserved TCP Port NumbersDecimal 0 1-4 5 7 9 11 13 15 17 19 20 21 23 25 37 39 42 43 53 67 68 69 75 77 79 95 101 102 113 117 123 133-138 139 140-159 160-223 224-255 NetBios FINGER SUPDUP HOSTNAME ISO-TSAP AUTH UUCP-PATH NTP RJE ECHO DISCARD USERS DAYTIME NETSTAT QUOTE CHARGEN FTP-DATA FTP TELNET SMTP TIME RLP NAMESERVER NICNAME DOMAIN BOOTPS BOOTPC TFTP Keyword Description Reserved Unassigned Remote job entry Echo Discard Active users Daytime Who is up or NETSTAT Quote of the day Character generator File Transfer Protocol (data) File Transfer Protocol Terminal connection Simple Mail Transfer Protocol Time of day Resource Location Protocol Host name server Who is Domain name server Bootstrap protocol server Bootstrap protocol client Trivial File Transfer Protocol Any private dial-out service Any private RJE service Finger SUPDUP Protocol NIC host name server ISO-TSAP Authentication service UUCP path service Network Time Protocol Unassigned Session Service Unassigned Reserved Unassigned

12-26

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

UDP SyntaxRouter(config)#

access-list access-list-number { permit | deny } udp { source source-wildcard | any } [ operator source-port | source-port ] { destination destination-wildcard | any } [ operator destination-port | destination-port ]

Filters based on udp protocol or udp port number or name

1999, Cisco Systems, Inc.

www.cisco.com

BSCN12-33

UDP SyntaxThe access-list udp command creates an entry in a complex traffic filter list. The protocol keyword udp indicates that an alternate syntax is being used for this command and that protocol-specific options are available.access-list udp Command Description

access-list-number permit | deny source and destination source-wildcard and destination-wildcard any

A number from 100 to 199. Whether this entry is used to allow or block the specified address(es). IP addresses. Wildcard masks of address bits that must match. 0s indicate bits that must match, 1s are don't care. Use this keyword as an abbreviation for a source and source-wildcard, and destination and destination-wildcard of 0.0.0.0 255.255.255.255. (Optional) A decimal number from 0 to 65535 or a name that represents a UDP port number. (Optional) A qualifying condition. Can be: lt, gt, eq, neq.

source-port and destination-port operator

Copyright 1999, Cisco Systems, Inc.

IP Access Lists 12-27

UDP Port Namesbiff bootpc bootps discard dns dnsix echo mobile-ip nameserver netbios-dgm netbios-ns ntp rip snmp snmptrap sunrpc syslog tacasds-ds talk tftp time whois xdmcp

Type ? to get port numbers corresponding to the name Other port numbers found in Assigned Numbers RFC

1999, Cisco Systems, Inc.

www.cisco.com

BSCN12-34

UDP Port NamesUse the ? in place of the port number when entering the command in order to verify the port numbers associated with these protocol names.

12-28

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Reserved UDP Port NumbersDecimal 0 14 5 7 9 11 13 15 17 19 20 21 23 25 37 39 42 43 53 67 68 69 75 77 79 123 133-136 137 138 139-159 160-223 160 161 224-255 520 SNMP SNMP Trap Unassigned RIP NetBios NetBios FINGER NTP RJE ECHO DISCARD USERS DAYTIME NETSTAT QUOTE CHARGEN FTP-DATA FTP TELNET SMTP TIME RLP NAMESERVER NICNAME DOMAIN BOOTPS BOOTPC TFTP Keyword Description Reserved Unassigned Remote job entry Echo Discard Active users Daytime Who is up or NETSTAT Quote of the day Character generator File Transfer Protocol (data) File Transfer Protocol Terminal connection Simple Mail Transfer Protocol Time of day Resource Location Protocol Host name server Who is Domain name server Bootstrap protocol server Bootstrap protocol client Trivial File Transfer Protocol Any private dial-out service Any private RJE service Finger Network Time Protocol Unassigned Name Service Datagrams Service Unassigned Reserved

Copyright 1999, Cisco Systems, Inc.

IP Access Lists 12-29

Extended Access List Example 1Providing Internet Mail128.88.1.2 AE1

Internet

128.88.1.0

128.88.3.0

access-list 103 permit tcpany128.88.0.0 0.0.255.255 established access-list 103 permit tcp any host 128.88.1.2 eq smtp ! interface ethernet 1 ip access-group 103 in

1999, Cisco Systems, Inc.

www.cisco.com

BSCN12-35

Extended Access List Example 1In this example, Ethernet interface 1 is part of a Class B network with the address 128.88.0.0, and the mail hosts address is 128.88.1.2. The keyword established is used only for the TCP protocol to indicate an established connection. A match occurs if the TCP datagram has the ACK or RST bits set, which indicate that the packet belongs to an existing connection. If the ACK is not set, and the SYN is set, then someone on the Internet is initializing the session, in which case, the packet is denied.

12-30

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Extended Access List Example 2Also Providing DNS and Ping128.88.1.2 AS0

Internet

B

128.88.1.0 E0

E1

128.88.3.0

access-list 104 permit tcp any 128.88.0.0 0.0.255.255 established access-list 104 permit tcp any host 128.88.1.2 eq smtp access-list 104 permit udp any any eq dns access-list 104 permit icmp any any echo access-list 104 permit icmp any any echo-reply ! interface serial 0 ip access-group 104 in

1999, Cisco Systems, Inc.

www.cisco.com

BSCN12-36

Extended Access List Example 2This example also permits name/domain server packets and ICMP echo and echo-reply packets.

Copyright 1999, Cisco Systems, Inc.

IP Access Lists 12-31

Location of Extended Access Lists Minimize distance traveled by traffic that will be denied (and ICMP unreachable messages) Keep denied traffic off the backbone Select router to receive CPU overhead from access lists Consider number of interfaces affected Consider access list management and security Consider network growth impacts on access list maintenance 1999, Cisco Systems, Inc.

www.cisco.com

BSCN12-37

Location of Extended Access ListsBecause extended access lists can filter on more than source address, location is no longer a constraint. Frequently, policy decisions and goals are the driving force behind extended access list placement. If your goal is to minimize traffic congestion and maximize performance, you might want to push the access lists close to the source to minimize cross traffic and host unreachable messages. If your goal is to maintain tight control over access lists as part of your network security strategy, you might want to have them more centrally located. Notice how changing network goals will affect access list configuration.

12-32

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Restricting Virtual Terminal, HTTP and SNMP Access

Restricting Virtual Terminal, HTTP and SNMP Access 1999, Cisco Systems, Inc.

www.cisco.com

12-38

Restricting Virtual Terminal, HTTP and SNMP Access

Copyright 1999, Cisco Systems, Inc.

IP Access Lists 12-33

Virtual Terminal Access Overview

XRouter #

XRouter #

Standard and extended access lists will not block access from the router For security, virtual terminal (vty) access can be blocked to or from the router 1999, Cisco Systems, Inc.

www.cisco.com

BSCN12-39

Virtual Terminal Access OverviewStandard and extended access lists will block packets from going through the router. They are not designed to block packets that originate within the router. An outbound Telnet extended access lists does not prevent router-initiated Telnet sessions, by default. For security purposes, users can be denied virtual terminal (vty) access to the router, or users can be permitted vty access to the router but denied access to destinations from that router. Restricting virtual terminal access is less a traffic control mechanism than one technique for increasing network security. vty access is accomplished using the Telnet protocol. As a result, there is only one type of vty access list.

12-34

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

How to Control vty AccessPhysical port (E0)

0 Router #

1

2

3

4 Virtual ports (vty 0 through 4) Router #

Five virtual terminal lines (0 through 4) Set identical restrictions on all the virtual terminal lineswww.cisco.com

1999, Cisco Systems, Inc.

BSCN12-41

How to Control vty AccessJust as there are physical ports or interfaces such as E0 and E1, there are also virtual ports. These virtual ports are called virtual terminal lines. There are five such virtual terminal lines, numbered vty 0 through 4 because you cannot control on which virtual terminal line a user will connect.

Some experts recommend that you configure one of the vty terminal lines differently Note than the others. This way you will have a back door into the router.

Copyright 1999, Cisco Systems, Inc.

IP Access Lists 12-35

Virtual Terminal Line CommandsRouter(config)#

line vty { vty-number | vty-range }

Enters configuration mode for a terminal line or a range of linesRouter(config-line)#

access-class access-list-number { in | out }

Restricts incoming and outgoing connections between a particular virtual terminal line (into a device) and the addresses in an access list 1999, Cisco Systems, Inc.

www.cisco.com

BSCN12-42

Virtual Terminal Line CommandsUse the line vty command to place the router in line configuration mode.line vty Command Description

vty-number vty-range

Indicates the number of the line to be configured. Indicates the lines to which the configuration will apply.

Use the access-class command to link an existing access list to a terminal line or range of lines.access-class Command Description

access-list-number in out

Indicates the number of the access list to be linked to a terminal line. This is a decimal number from 1 to 99. Prevents the router from receiving incoming connections from the addresses in the access list. Prevents someone from initiating a Telnet to addresses defined in the access list.

12-36

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Virtual Terminal Access ExampleControlling Inbound Access

access-list 12 permit 192.89.55.0 0.0.0.255 ! line vty 0 4 access-class 12 in

Permits only hosts in network 192.89.55.0 to connect to the virtual terminal ports on the router

1999, Cisco Systems, Inc.

www.cisco.com

BSCN12-43

Virtual Terminal Access ExampleIn this example, we are permitting any device on network 192.89.55.0 to establish a virtual terminal (Telnet) session with the router. Of course, the user must know the appropriate passwords to enter user mode and privileged mode. Notice that identical restrictions have been set on all virtual terminal lines (0-4) because you cannot control on which virtual terminal line a user will connect. The implicit deny any still applies in an alternate application such as limiting virtual terminal access.

Copyright 1999, Cisco Systems, Inc.

IP Access Lists 12-37

Extended Access List Example 3Provides Web Access and Network Management Browser A 128.88.2.0 128.88.1.0E0

InternetNOCS0 E1

128.88.1.2DNS FTP E-mail

B 128.88.3.0

access-list 118 permit tcp any 128.88.0.0 0.0.255.255 eq www established access-list 118 permit tcp any host 128.88.1.2 eq smtp access-list 118 permit udp any any eq dns access-list 118 permit udp 128.8.3.0 0.0.0.255 128.8.1.0 0.0.0.255 eq snmp access-list 118 deny icmp any 128.8.0.0 0.0.255.255 echo access-list 118 permit icmp any any echo-reply ! interface ethernet 0 ip access-group 118 out 1999, Cisco Systems, Inc.

www.cisco.com

BSCN12-44

Extended Access List Example 3In the graphic, replies to queries from the client As browser will be allowed back into the corporate network. Browser queries from external sources are not explicitly allowed and will be discarded by the access list. Access list 118 allows mail to be delivered exclusively to the mail server and the name server resolves DNS requests. The right-hand subnet is controlled by the network management group and network management queries (SNMP) will be allowed to reach devices in the server farm. Attempts to ping the corporate network from outside will fail because the access list blocks the echo requests. However, the replies to echo requests generated from within the corporate network will be allowed to re-enter the network.

12-38

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Verifying Access List Configuration

Verifying Access List Configuration 1999, Cisco Systems, Inc.

www.cisco.com

12-45

Verifying Access List Configuration

Copyright 1999, Cisco Systems, Inc.

IP Access Lists 12-39

Access List show CommandsRouter#

show access-list

Displays access lists from all protocolsRouter#

show ip access-list [ access-list-number ]

Displays a specific IP access listRouter#

clear access-list counters [ access-list-number ]

Clears packet countsRouter#

show line

Displays line configuration 1999, Cisco Systems, Inc.

www.cisco.com

BSCN12-46

Access List show CommandsUse the show access-list command to display access lists from all protocols. Use the show ip access-list command to display IP access lists.show ip access-list Command Description

access-list-number

(Optional) Shows a specific list. If this option is not specified, then all IP access lists are displayed.

The system counts how many packets pass each line of an access list; the counters are displayed by the show access-list command. Use the clear access-list counters command in EXEC mode to clear the counters of an access list. Use the show line command to display information about terminal lines.

12-40

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

show ip access-lists Commandp1r1#show access-lists Extended IP access list 100 deny tcp host 10.1.1.2 host 10.1.1.1 eq telnet (3 matches) deny tcp host 10.1.2.2 host 10.1.2.1 eq telnet permit ip any any (629 matches)

Matches are shown for extended access lists

1999, Cisco Systems, Inc.

www.cisco.com

BSCN12-47

show ip access-lists CommandThe output from the show ip access-lists command displays the contents of previously defined IP access lists.

Copyright 1999, Cisco Systems, Inc.

IP Access Lists 12-41

Written Exercise

Written Exercise

1999, Cisco Systems, Inc.

www.cisco.com

12-48

Written Exercise

12-42

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Written Exercise: IP Extended Access ListsOutside World 172.16.1.3W E0 E1 A E0 E2 S0 E1

172.16.3.3X

172.16.1.0

172.16.2.0

172.16.3.0 172.16.4.0Z

DNS

FTP

WWW

Client

4.2 1999, Cisco Systems, Inc.

4.3

4.4

4.5BSCN12-49

www.cisco.com

Written Exercise: IP Extended Access ListsObjective: Configure IP extended access lists.

,

y ,

w.cc.cm wisoo w

Create an access list and place it in the proper location to satisfy the following requirements:s

Prevents all hosts on subnet 172.16.1.0/24 except host 172.16.1.3 from accessing the Web server on subnet 172.16.4.0 Prevents the outside world from pinging subnet 172.16.4.0 Allows all other hosts on all other subnets of network 172.16.0.0 (subnet mask 255.255.0.0) to queries to the DNS server on subnet 172.16.4.0 Prevents only host 172.16.3.3 from accessing subnet 172.16.4.0

s s

s

Write your configuration in the space below. Be sure to include the router name (A or B), interface name (E0, E1, or E2), and access list direction (in or out).

Copyright 1999, Cisco Systems, Inc.

IP Access Lists 12-43

Using an Alternative to Access Lists

Using an Alternative to Access Lists 1999, Cisco Systems, Inc.

www.cisco.com

12-50

Using an Alternative to Access Lists

12-44

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Null InterfaceRouting table Packet arrives Access list access-list ip permit 1.0.0.0 ... access-list ip deny 2.0.0.0 ... access-list ip permit 3.0.0.0 ... access-list ip deny 4.0.0.0 ... access-list ip permit 5.0.0.0 ... Null 0 E0 S0 S1 T0

Route to nowhere saves valuable CPU cycles 1999, Cisco Systems, Inc.

www.cisco.com

BSCN12-51

Null InterfaceAccess lists are processor-intensive. The router processes every line of an access list until a match is found. There is an alternative to using access lists if the policy is for unwanted traffic to be discarded every time. The alternative is to configure a null interface. A null interface saves CPU cycles. The null interface is a software-only interface that functions similarly to a null device used by operating systems. Message traffic that is not required (to be displayed) is directed to the null interface using a static route, where it is effectively dropped.

It is important to consider the location of the null interface because anytime a packet Note comes into the router to the defined destination, it will be dropped.

Copyright 1999, Cisco Systems, Inc.

IP Access Lists 12-45

Null Interface CommandRouter(config)#

ip route address mask null 0

Creates a static route to filter unwanted traffic Interface name is always null 0

1999, Cisco Systems, Inc.

www.cisco.com

BSCN12-52

Null Interface CommandUse the ip route command to establish static routes and specify the null interface (always null 0).ip route Command Description

address mask

IP address of the target network, subnet, or host. Network mask that lets you mask network, subnetwork, or host bits.

12-46

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Null Interface Example131.108.5.0Token 131.108.1.0 Ring

131.108.7.0 131.108.6.2

131.108.6.1

131.108.4.0

201.222.5.0

ip route 201.222.5.0 255.255.255.0 null 0

Eliminates traffic for 201.222.5.0 from WAN

1999, Cisco Systems, Inc.

www.cisco.com

BSCN12-53

Null Interface ExampleThe graphic shows:ip route 201.222.5.0 255.255.255.0 null 0 Command Description

201.222.5.0. 255.255.255.0 null 0

The destination IP address and the mask. The null interface to which traffic is forwarded.

The static route forwards traffic for network 201.222.5.0 to the null interface, which drops it.

Copyright 1999, Cisco Systems, Inc.

IP Access Lists 12-47

Written Exercise: Alternative to Access Lists172.16.20.0 172.16.12.0 172.16.16.0

Token Ring

192.168.2.0 255.255.255.0

Fill in the Blank

1999, Cisco Systems, Inc.

www.cisco.com

BSCN12-55

Written Exercise: Alternative to Access ListsObjective: Configure an alternative to using access lists. Write the configuration statement in the box above that sends all traffic bound for 192.168.2.0 to the null interface.

12-48

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Summary You can manage IP traffic by: Controlling packet transmission on each medium Using a static route to the null interface in place of an access list to minimize processing overhead Configuring helper addresses to forward broadcasts Standard access lists are easy to configure and require lower processing overhead Extended access lists provide greater control 1999, Cisco Systems, Inc.

www.cisco.com

BSCN12-56

Summary

Copyright 1999, Cisco Systems, Inc.

IP Access Lists 12-49

Case Study Traffic Filters

Case Study Traffic Filters 1999, Cisco Systems, Inc.

www.cisco.com

12-57

Case Study Traffic Filters

12-50

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Case Study - Traffic FiltersISP

Internet

Filter Private Addresses Web E-mail DNS Enterprise Corporation JKL

PIXSecure R & D Restrict Access Enable Web Access Enable Network Mangmnt HR, Accounting

Gig Enet Fast Enet Ethernet Serial 1999, Cisco Systems, Inc.

Browser

Private Address Space Network 10.0.0.0

NOC

www.cisco.com

BSCN12-58

Case Study Traffic FiltersThe graphic highlights several key concepts:s s s

Before filters can be applied, you must understand traffic flow in your network What steps are involved in implementing the corporate security policy How to control network functionality with access control lists

Copyright 1999, Cisco Systems, Inc.

IP Access Lists 12-51

Case Study - Traffic Filters (cont.)Web E-mail

DNS

PIXSecure R & D Enable Web Access

Future PlansPublic Area Enable Network Mangmnt

Browser

NOC

1999, Cisco Systems, Inc.

www.cisco.com

BSCN12-59

Case Study Traffic Filters (cont.)Key points related to the graphic:s s s s

Secure areas must be protected Network management requires access to all areas of the network Security policy involves several platforms and operating systems Web access complicates the security policy

12-52

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Answers to Exercises 1999, Cisco Systems, Inc.

www.cisco.com

12-60

Answers to Exercises

Copyright 1999, Cisco Systems, Inc.

IP Access Lists 12-53

12-54

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

13

Optimizing Routing Update Operation

OverviewThis chapter discusses different ways to control routing update information. Route redistribution to interconnect networks that use multiple routing protocols is explained. Controlling information between the protocols can be accomplished using filters, changing of administrative distance, and configuring metrics. The configuration of each of these techniques is provided. Policy-based routing using route-maps is explained and configured. This chapter includes the following topics:s

Objectives

Note to reviewers: Route summarization (review) was a topic that was included in the design document for this Note chapter; however this topic has been covered many times already in the course so I didnt cover it again here.s s s s s s s s

Redistribution Between Multiple Routing protocols Configuring Redistribution Controlling Routing Update Traffic Verifying Redistribution Operation Written Exercise: Redistribution and Controlling Routing Update Traffic Policy-based Routing Using Route-Maps Verifying Policy-Based Routing Case Study: Redistribution

.

s s

Summary Review Questions

13-2 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

ObjectivesThis section lists the chapters objectives.

ObjectivesUpon completion of this chapter, you will be able to perform the following tasks: Select and configure the different ways to control route update traffic Configure route redistribution in a network that does not have redundant paths between dissimilar routing processes Configure route redistribution in a network that has redundant paths between dissimilar routing processes 1999, Cisco Systems, Inc.

www.cisco.com

BSCN13-2

Upon completion of this chapter, you will be able to perform the following tasks:s s

Select and configure the different ways to control routing update traffic Configure route redistribution in a network that does not have redundant paths between dissimilar routing processes Configure route redistribution in a network that has redundant paths between dissimilar routing processes Resolve path selection problems that result in a redistributed network Verify route redistribution Configure policy-based routing using route-maps Given a set of network requirements, configure redistribution between different routing domains and verify proper operation (within described guidelines) of your routers Given a set of network requirements, configure policy-based routing within your pod and verify proper operation (within described guidelines) of your routers

s

s s s s

s

Copyright 1999, Cisco Systems, Inc.

Optimizing Routing Update Operation 13-3

Objectives (contd) Resolve path selection problems that result in a redistributed network Verify route redistribution Configure policy-based routing using route-maps Given a set of network requirements, configure redistribution between different routing domains and verify proper operation (within described guidelines) of your routers Given a set of network requirements, configure policy-based routing within your pod and verify proper operation (within described guidelines) of your routers 1999, Cisco Systems, Inc.

www.cisco.com

BSCN13-3

13-4 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Redistribution Between Multiple Routing ProtocolsThis section explains when multiple protocols may be needed in a network, and discusses how redistribution works between the protocols. How to plan and design redistribution solutions for your network is beyond the scope of this course because creating a design is very dependent on your network topology and traffic patterns.

When Do You Use Multiple Routing Protocols? Interim during conversion Application-specific protocols One size does not always fit all Political boundaries Groups that do not work and play nicely with others Mismatch between devices Multivendor interoperability Host-based routers 1999, Cisco Systems, Inc.

www.cisco.com

BSCN13-5

Thus far, we have looked at networks that use a single routing protocol. There are times, however, when you will need to use multiple routing protocols. Some reasons why you may need multiple protocols are as follows:s

When you are migrating from an older IGP to a new IGP, multiple redistribution boundaries may exist until the new protocol has displaced the old protocol completely. Dual existence of protocols is effectively the same as a long-term coexistence design. When you want to use another protocol but need to keep the old protocol due to the needs of host systems. Different departments might not want to upgrade their routers or they might not implement a sufficiently strict filtering policy. In these cases you can protect yourself by terminating the other routing protocol on one of your routers. If you have a mixed router vendor environment, you can use a Cisco-specific protocol in the Cisco portion of the network and then use a common protocol to communicate with non-Cisco devices.

s

s

s

Copyright 1999, Cisco Systems, Inc.

Optimizing Routing Update Operation 13-5

What Is Redistribution?ASBR

AS 200 IGRP 172.16.0.0

S1C

S0 AB

AS 300 EIGRP 192.168.5.0

I I I I

IP Routing Table 192.168.5.0 172.16.1.0 172.16.2.0 172.16.3.0

S1 advertises routes from EIGRP to IGRP S0 advertises routes from IGRP to EIGRP

IP Routing Table D EX D D D 172.16.0.0 192.168.5.8 192.168.5.16 192.168.5.24

Routes are learned from another routing protocol when a router redistributes the information between the protocols 1999, Cisco Systems, Inc.

www.cisco.com

BSCN13-7

When any of these situations arises, Cisco routers allow internetworks using different routing protocols (referred to as autonomous systems) to exchange routing information through a feature called route redistribution. Redistribution is defined as the ability for boundary routers connecting different autonomous systems to exchange and advertise routing information received from one autonomous system to the other autonomous system.The term autonomous system as used here denotes internetworks using different Note routing protocols. These routing protocols may be IGPs and/or EGPs. This is a different use of the term Autonomous System than is used when discussing BGP.

Within each autonomous system the internal routers have complete knowledge about their network. The router interconnecting autonomous systems is called an autonomous system boundary router (ASBR). In the example shown in the graphic, AS 200 is running IGRP and AS 300 is running EIGRP, and the internal routers within each autonomous system have complete knowledge about their networks. Router A is the ASBR. Router A has both IGRP and Enhanced IGRP processes active and is responsible for advertising routes learned from one autonomous system into the other autonomous system. In this example, Router A learns about network 192.168.5.0 from Router B via the EIGRP protocol running on its S0 interface. It passes that information to Router C on its S1 interface via IGRP. Routing information is also passed the other way, from IGRP into EIGRP. Router B's routing table shows that it has learnt about network 172.16.0.0 via EIGRP (as indicated by the D in the routing table) and that the route is external to this autonomous system (as indicated by the EX in the routing table). Router13-6 Building Scalable Cisco Networks Copyright 1999, Cisco Systems, Inc.

Cs routing table shows that it has learnt about network 192.168.5.0 via IGRP (as indicated by the I in the routing table). Note that there is no indication in IGRP if the route is external to the autonomous system. Note that in this case the routes that are exchanged are summarized on the network class boundary. Recall from the route summarization discussion in chapters 3 and 4 that EIGRP and IGRP automatically summarize routes on the network class boundary.

Copyright 1999, Cisco Systems, Inc.

Optimizing Routing Update Operation 13-7

Redistribution Implementation ConsiderationsRIP172.16

EIGRP172.16

RIP 172.16.0.0 RIP172.16ASBR

AS 300 EIGRP

ASBR

EIGRP172.16

Routing feedback Suboptimal path selection Routing loops Incompatible routing information Inconsistent convergence time 1999, Cisco Systems, Inc.

www.cisco.com

BSCN13-8

Redistribution, although powerful, increases the complexity and potential for routing confusion, so it should only be used when absolutely necessary. The key issues that arise when using redistribution are as follows:s

Routing feedback (loops)Depending on how you employ redistribution, routers can send routing information received from one autonomous system back into that same autonomous system. The feedback is similar to the routing loop problem that occurs in distance vector technologies. Incompatible routing informationBecause each routing protocol uses different metrics to determine the best path, for example RIP uses hops and OSPF uses cost, path selection using the redistributed route information may not be optimal. Because the metric information about a route cannot be translated exactly into a different protocol, the path a router chooses may not be the best. Inconsistent convergence timeDifferent routing protocols converge at different rates. For example, RIP converges slower that EIGRP, so if a link goes down, the EIGRP network will learn about it before the RIP network.

s

s

To understand why some of these problems may occur, you must first understand how Cisco routers select the best path when more than one routing protocol is running, and how they convert the metrics used when importing routes from one autonomous system into another. These topics are discussed in the following pages.

13-8 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Selecting the Best Route Different protocols use different metrics Metrics are difficult to compare algorithmically Therefore, need a selection process:1Which protocol do you believe the most? Use the administrative distance 2Then decide which metric is the best 1999, Cisco Systems, Inc.

www.cisco.com

BSCN13-9

Most routing protocols have metric structures and algorithms that are not compatible with other protocols. In a network where multiple routing protocols are present, the exchange of route information and the ability to select the best path across the multiple protocols is critical. In order for routers to select the best path when they learn two or more routes to the same destination from different routing protocols, Cisco uses two parameters:s

Administrative distanceAs we saw in chapter 3, administrative distance is used to rate the believability of a routing protocol. Each routing protocol is prioritized in order of most to least believable (reliable) using a value called administrative distance. This criterion is the first a router uses to determine which routing protocol to believe if more than one protocol provides route information for the same destination. A routing metricThe metric is a value representing the path between the local router and the destination network. The metric is usually a hop or cost value, depending on the protocol being used.

s

The following pages discuss these two path selection tools in more detail.

Copyright 1999, Cisco Systems, Inc.

Optimizing Routing Update Operation 13-9

Which Protocol to Believe?Route Source Default Distance 0 1 5 20 90 100 110 115 120 140 170 200 255BSCN13-10

Connected Interface Static Route Enhanced IGRP Summary Route External BGP Internal Enhanced IGRP IGRP OSPF IS-IS RIP EGP External Enhanced IGRP Internal BGP Unknown 1999, Cisco Systems, Inc.

www.cisco.com

The table in the graphic lists the default believability (administrative distance) of the protocols that Cisco supports. For example, if a router received a route to network 10.0.0.0 from IGRP and then received a route to the same network from OSPF, the router would use the administrative distance to determine that IGRP is more believable, and would add the IGRP version of the route to the routing table. When using route redistribution, there may occasionally be a need to modify the administrative distance of a protocol so that it will be preferred. For example, if you want the router to select RIP-learned routers rather than IGRP-learned routes to the same destination, then you must increase the administrative distance for IGRP or decrease the administrative distance for RIP. Modifying the administrative distance is discussed in the Controlling Routing Update Traffic section later in this chapter.

13-10 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Seed MetricThe first, or seed, metric for a route is derived from being directly connected to a router interface But redistributed routes are not physically connected Use default-metric command to establish the seed metric for the route Once a compatible metric is established, the metric will increment just like any other route Set default metric larger than the largest native metricwww.cisco.com

1999, Cisco Systems, Inc.

BSCN13-11

Once the most believable protocol is determined for each destination and the routes are added to the routing table, a router may advertise the routing information to other protocols if configured to do so. If the router was advertising a link directly connected to one of its interfaces, the initial or seed metric used would be derived from the characteristics of that interface and the metric would increment as the routing information passed to other routers. However, redistributed routes are not physically connected to a router; they are learnt from other protocols. If an ASBR wants to redistribute information between routing protocols, it must be able to translate the metric of the received route from the source routing protocol into the other routing protocol. For example, if an ASBR receives a RIP route, the route will have hop count as a metric. To redistribute the route into OSPF, the router must translate the hop count into a cost metric that will be understood by other OSPF routers. This cost metric, referred to as the seed or default metric, is defined during configuration. Once the seed metric for a redistributed route is established, the metric will increment normally within the autonomous system. (The exception to this is OSPF E2 routes, as discussed previously, which hold their default metric regardless of how far they are propagated across an autonomous system.) When configuring a default metric for redistributed routes, the metric should be set to a value larger than the largest metric within the receiving autonomous system, to help prevent routing loops. Configuring default metrics is discussed distance is discussed in the Controlling Routing Update Traffic section later in this chapter.

Copyright 1999, Cisco Systems, Inc.

Optimizing Routing Update Operation 13-11

Redistribution Supports All ProtocolsRtrA(config-router)#redistribute ? bgp Border Gateway Protocol (BGP) connected Connected egp Exterior Gateway Protocol (EGP) eigrp Enhanced Interior Gateway Routing Protocol (EIGRP) igrp Interior Gateway Routing Protocol (IGRP) isis ISO IS-IS iso-igrp IGRP for OSI networks mobile Mobile routes odr On Demand stub Routes ospf Open Shortest Path First (OSPF) rip Routing Information Protocol (RIP) static Static routes

1999, Cisco Systems, Inc.

www.cisco.com

BSCN13-12

As the graphic shows for IP, all protocols are supported by redistribution. Before implementing redistribution, consider the following points:s

You can only redistribute protocols that support the same protocol stack. For example, you can redistribute between IP RIP and OSPF because they both support the TCP/IP stack. But you cannot redistribute between IPX RIP and OSPF because IPX RIP supports the IPX/SPX stack and OSPF does not. How you configure redistribution varies among protocols and among combinations of protocols. For example, redistribution occurs automatically between IGRP and EIGRP when they have the same autonomous system number, but it must be configured between EIGRP and RIP.

s

13-12 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Redistribution and EIGRPEnhanced IGRPIP AppleTalk IPX IP AppleTalk IPX

IPX RIP redistribution with Enhanced IGRP is enabled by default AppleTalk RTMP redistribution is enabled by default Redistribution of IGRP in the same autonomous system is automatic; manual if different autonomous system Other protocols require manual redistribution 1999, Cisco Systems, Inc.

www.cisco.com

BSCN13-13

EIGRP, because it supports multiple routing protocols, can be used to redistribute with IP, IPX, and AppleTalk routing protocols (within the same protocol stack). Consider the following when redistributing EIGRP with these protocols:s

In the IP environment, IGRP and EIGRP have a similar metric structure and therefore redistribution is straightforward. For migration purposes, when IGRP and Enhanced IGRP are both running in the same autonomous system, redistribution is automatic. When redistributing between different autonomous systems, redistribution must be configured for Enhanced IGRP, just as it is required for IGRP. All other IP routing protocols, both internal and external, require that redistribution be configured in order to communicate with EIGRP. By design, EIGRP automatically redistributes route information with Novell RIP. Beginning with Cisco IOS Release 11.1, EIGRP can be configured to redistribute route information with NLSP. EIGRP for AppleTalk understands RTMP updates, and redistribution is enabled by default.

s

s

s

Copyright 1999, Cisco Systems, Inc.

Optimizing Routing Update Operation 13-13

Configuring RedistributionThis section describes how to configure redistribution between multiple protocols.

Configuring RedistributionWhat do I need to determine before configuring redistribution?

Identify the ASBRs, where the protocols will run Determine which protocol is the core and which is the edge Determine the directions you want to redistribute the protocols 1999, Cisco Systems, Inc.

www.cisco.com

BSCN13-17

Configuring route redistribution can be very simple or very complex, depending on the mix of protocols that you want to redistribute. The commands used to enable redistribution and assign metrics vary slightly depending on the protocols being redistributed. The following steps are generic enough to apply to virtually all protocol combinations. However, the commands used to implement the steps may vary. It is highly recommended that you review the Cisco IOS documentation for the configuration commands that apply to the specific protocols that you want to redistribute.In this section the terms core and edge are generic terms used to simplify the Note discussion about redistribution. Step 1 Step 2

Locate the ASBR that redistribution needs to be configured on. Determine which routing protocol is the core or backbone protocol. Usually this is OSPF or EIGRP. Determine which routing protocol is the edge or short-term (if you are migrating) protocol. Access the routing process into which you want routes redistributed. Typically, you start with the backbone routing process. For example, to access OSPF, do the following:router(config)#router ospf process-id

Step 3

Step 4

13-14 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Configuring Redistribution intoOSPFRtrA(config-router)#router ospf 1 RtrA(config-router)#redistribute eigrp ? Autonomous system number RtrA(config-router)#redistribute eigrp 100 ? metric Metric for redistributed routes metric-type OSPF/IS-IS exterior metric type for redistributed routes route-map Route map reference subnets Consider subnets for redistribution into OSPF tag Set tag for routes redistributed into OSPF

1999, Cisco Systems, Inc.

www.cisco.com

BSCN13-18

Step 5

Configure the router to redistribute routing updates from the edge protocol into the backbone protocol. This command varies, depending on the protocols. The command shown here is for redistributing updates into OSPF:router(config-router)#redistribute protocol [process-id] [metric metricvalue] [metric-type type-value] [route-map map-tag] [subnets] [tag tagvalue]

redistribute Command protocol

Description Source protocol from which routes are being redistributed. It can be one of the following keywords: connected, bgp, eigrp, egp, igrp, isis, iso-igrp, mobile, odr, ospf, static, or rip. For bgp, egp, eigrp or igrp, this is an autonomous system number For ospf, this is an OSPF process ID. An optional parameter used to specify the metric used for the redistributed route. When redistributing into protocols other than OSPF, if this value is not specified and no value is specified using the default-metric router configuration command, the default metric is 0 and routes may not be redistributed. With OSPF, the default metric is 20. Use a value consistent with the destination protocol, in this case OSPF cost. An optional OSPF parameter that specifies the external link type associated with the default route advertised into the OSPF routing domain.Optimizing Routing Update Operation 13-15

process-id

metric-value

type-value

Copyright 1999, Cisco Systems, Inc.

This value can be 1 for type-1 external routes or 2 for type-2 external routes. The default is a type-2 external route. map-tag Optional identifier of a configured route-map to be interrogated to filter the importation of routes from this source routing protocol to the current routing protocol. An optional OSPF parameter that specifies that subnetted routes should also be redistributed. Only routes that are not subnetted are redistributed if the subnets keyword is not specified. Optional 32-bit decimal value attached to each external route. This is not used by the OSPF protocol itself. It may be used to communicate information between Autonomous System Boundary Routers.

subnets

tag-value

13-16 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Configuring Redistributioninto EIGRPRtrA(config-router)#router eigrp 100 RtrA(config-router)#redistribute ospf ? Process ID RtrA(config-router)#redistribute ospf 1 ? match Redistribution of OSPF routes metric Metric for redistributed routes route-map Route map reference

1999, Cisco Systems, Inc.

www.cisco.com

BSCN13-19

The command shown here is for redistributing updates into EIGRP:router(config-router)#redistribute protocol [process-id] [match {internal | external1 | external2} [metric metric-value] [route-map map-tag]

redistribute Command protocol

Description Source protocol from which routes are being redistributed. It can be one of the following keywords: connected, bgp, eigrp, egp, igrp, isis, iso-igrp, mobile, odr, ospf, static, or rip. For bgp, egp, eigrp or igrp, this is an autonomous system number For ospf, this is an OSPF process ID. Optional, for OSPF, the criteria by which OSPF routes are redistributed into other routing domains. It can be one of the following: internal: redistribute routes that are internal to a specific autonomous system. external 1: redistribute routes that are external to the autonomous system, but are imported into OSPF as type 1 external route. external 2: redistribute routes that are external to the autonomous system, but are imported into OSPF as type 2 external route.

process-id

match

metric-value

An optional parameter used to specify the metric used for the redistributed route. When redistributing into protocols other than OSPF, if this value is not specified and no value is specified using the default-metric router configuration command, the default metric is 0 and routes may not be redistributed. Use aOptimizing Routing Update Operation 13-17

Copyright 1999, Cisco Systems, Inc.

value consistent with the destination protocol (see the description of the default metric command in this section for a description of the EIGRP metric). map-tag Optional identifier of a configured route-map to be interrogated to filter the importation of routes from this source routing protocol to the current routing protocol.

13-18 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Configuring Default MetricRouter(config-router)#

default-metric bandwidth delay reliability loading mtu

Used for redistributing into IGRP or Enhanced IGRPRouter(config-router)#

default-metric number

Used for redistributing into OSPF, RIP, EGP, or BGP

1999, Cisco Systems, Inc.

www.cisco.com

BSCN13-20

Step 6

Define the default seed metric that the router uses when redistributing routes into a routing protocol.s

When redistributing into IGRP or EIGRP use the top command shown in the graphic. Description Minimum bandwidth of the route in kilobits per second. Route delay in tens of microseconds. Likelihood of successful packet transmission expressed in a number from 0 to 255, where 255 means the route is 100% reliable. Effective loading of the route expressed in a number from 1 to 255, where 255 means the route is 100% loaded. Maximum transmission unit (MTU)the maximum packet size along the route in bytes, an integer greater than or equal to 1.

default-metric Command bandwidth delay reliability

loading

mtu

s

When redistributing into OSPF, RIP, EGP, and BGP use the lower command shown in the graphic. Description The value of the metric, such as the number of hops for RIP.

default-metric Command numberStep 7

Exit the routing process.

Copyright 1999, Cisco Systems, Inc.

Optimizing Routing Update Operation 13-19

Configuring Redistribution

Edge Protocol

Redistribute Default or Static

Core Protocol

Redistribute and Filter

Redistribute and Change Administrative Distance

1999, Cisco Systems, Inc.

www.cisco.com

BSCN13-21

Step 8

Enter configuration mode for the other routing process, usually the edge or short-term process. Depending on your network, this configuration will vary because you want to employ some techniques to reduce routing loops. For example, you may do any of the following:s

Step 9

Redistribute a default route about the core autonomous system into the edge autonomous system. Redistribute multiple static routes about the core autonomous system into the edge autonomous system. Redistribute all routes from the core autonomous system into the edge autonomous system, then assign a distribution filter to filter out inappropriate routes. Redistribute all routes from the core autonomous system into the edge autonomous system, then modify the administrative distance associated with the received routes so that they are not the selected routes when multiple routes exist for the same destination. In some cases, the route learned by the native protocol is better, but may have a less believable administrative distance. Refer to the Redistribution Example Using distance later in this chapter for an example of this scenario.

s

s

s

Redistribution of static and default information are discussed in the following pages. Filtering and changing the administrative distance are discussed in the Controlling Routing Update Traffic section later in this chapter.

13-20 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Using and Configuring Static RoutesRouter(config)#

ip route prefix mask address [ distance ] [tag tag] [permanent]

Defines a path using a next hop address Use if have a route to the defined address Requires redistributionRouter(config)#

ip route prefix mask interface [ distance ] [tag tag] [permanent]

Defines a path using an interface Use if do not have a route to the next hop address Automatically redistributed in some cases

1999, Cisco Systems, Inc.

www.cisco.com

BSCN13-23

Static routes are routes that you can manually configure on the router. Static routes are used most often to:s

Define specific routes to use when two autonomous systems must exchange routing information, rather than having entire routing tables exchanged. Define routes to destinations over a WAN link to eliminate the need for a dynamic routing protocol. That is, when you do not want routing updates to enable or cross the link.

s

The commands to configure static routes for IP are shown in the graphic and their use is discussed in the following steps:Step 1

Determine which networks you want defined as static. For example, if you are configuring static routes on a WAN router that is connecting to a branch office, you probably want to select the networks at the branch office. Determine the next-hop router to the destination networks or the local routers interface that connects to the remote router. Configure the static route on each router. For IP, use the ip route command. Description The route prefix for the destination The prefix mask for the destination. The IP address of the next-hop router that can be used to reach that network. The network interface to use to get to the destination network.

Step 2 Step 3

ip route Command prefix mask address interface

Copyright 1999, Cisco Systems, Inc.

Optimizing Routing Update Operation 13-21

distance

Optional administrative distance to assign to this route. (Recall that administrative distance refers to how believable the routing protocol is). Optional value that can be used as a match value in route-maps. Specifies that the route will not be removed even if the interface associated with the route goes down.

tag permanent

Static routes pointing to an interface should only be used on point-to-point Note interfaces since on other interfaces the router will not know which specific address to send the information to. On point-to-point interfaces the information will be sent to the only other device on the network.

13-22 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Static Route Example10.1.0.0

router rip passive-interface Serial1 network 10.0.0.0 ! ip route 172.16.0.0 255.255.0.0 Serial1

p1r2

p2r2

172.16.0.0

p1r2#sh ip rout Gateway of last resort is not set 10.0.0.0 255.255.255.0 is subnetted, 2 subnets C 10.1.3.0 is directly connected, Serial1 C 10.1.1.0 is directly connected, Serial0 S 172.16.0.0 is directly connected, Serial1

1999, Cisco Systems, Inc.

www.cisco.com

BSCN13-24

The example in the graphic shows a static route configured on Router p1r2. P1r2 will use its interface serial 1 to get to network 172.16.0.0/16. As shown in the routing table for p1r2, static routes pointing to an interface are treated as directly connected networks. When configuring static routes, keep in mind the following considerations:s

When using static routes, all participating routers must have static routes defined so that they can advertise the remote networks. This requirement is necessary because static routes replace routing updates. If you want a router to advertise a static route in a routing protocol, you may need to redistribute it.

s

Static route entries must be defined for all routes that a router is responsible for. To reduce the number of static route entries, you can define a default static route, for example ip route 0.0.0.0 0.0.0.0 s1. When using RIP, default static routes are advertised (redistributed) automatically.

Copyright 1999, Cisco Systems, Inc.

Optimizing Routing Update Operation 13-23

Using and Configuring Default-Network10.64.0.2/24 172.68.0.0/24 10.1.0.0/24p1r3 p2r2

10.64.0.1/24

p2r2: router rip network 10.0.0.0 network 172.68.0.0 ! ip classless ip default-network 172.68.0.0

p1r3#show ip route Gateway of last resort is 10.64.0.2 to network 0.0.0.0 10.0.0.0/8 is variably subnetted, 7 subnets, 2 masks R 10.2.3.0/24 [120/1] via 10.64.0.2, 00:00:05, Ethernet0 C 10.64.0.0/24 is directly connected, Ethernet0 R 172.68.0.0/16 [120/1] via 10.64.0.2, 00:00:16, Serial0 R* 0.0.0.0/0 [120/1] via 10.64.0.2, 00:00:05, Ethernet0

1999, Cisco Systems, Inc.

www.cisco.com

BSCN13-25

Cisco lets you configure default routes for other protocols. For example, when you create a default route on a router running RIP, the router advertises an address of 0.0.0.0. When a router receives this default route, it will forward any packets destined to a destination that does not appear in its routing table to the default route you configured. When running RIP, you can create the default route by using the ip defaultnetwork command. If the router has a directly connected interface onto the network specified in the ip default-network command, RIP will generate (or source) a default route to its RIP neighbor routers. The ip default-network command is used as a method of distributing default route information to other routers. This command provides no functionality for the router on which it is configured. ip default-network Command network-number Description The number of the destination network

Other protocols behave differently than RIP with the ip route 0.0.0.0 0.0.0.0 and Note ip default-network commands. For example, EIGRP will not redistribute default routes by default. However, if the network 0.0.0.0 command is added to the EIGRP configuration, it will redistribute a default route as the result of the ip route 0.0.0.0 0.0.0.0 command, but not as the result of the ip default-network command. Refer to Cisco IOS documentation for further information.

13-24 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Redistribution Example Using ip default-networkS1:10.1.1.1/24P1R1

S0:10.1.2.1/24 S1:10.1.2.2/24 E0:172.6.31.5/24

S0:10.1.1.2/24P1R2

P1R3

S1:10.1.3.1/24 S0:10.1.3.2/24

S1:10.2.1.1/24P2R1

RIP

S0:10.2.2.1/24 S1:10.2.2.2/24P2R3

OSPFS0:10.2.1.2/24P2R2

E0:172.6.31.6/24

S1:10.2.3.1/24

S0:10.2.3.2/24

RIP 1999, Cisco Systems, Inc.

www.cisco.com

BSCN13-26

This example demonstrates how you can redistribute in one direction and use a default route in the other direction, instead of redistributing in both directions. The graphic illustrates an internetwork that uses three autonomous systems. In this case, OSPF is the core protocol and RIP is the edge protocol. The following pages illustrate how to:s

Allow the OSPF backbone to know all the routes in each autonomous systemThis is done by configuring redistribution on the ASBRs so that all RIP routes are redistributed into OSPF. Allow the RIP autonomous systems to know only about their internal routes, and use a default route to networks that are not in the autonomous system This is done by configuring a default route on the ASBRs. The default route is advertised by the ASBRs into the RIP autonomous systems.

s

This redistribution example shows one way to configure redistribution. Many other Note ways exist, so you must understand your network topology and requirements in order to choose the best solution.

Copyright 1999, Cisco Systems, Inc.

Optimizing Routing Update Operation 13-25

Redistribution Example Using ip default-network (contd)P1R1-Internalinterface Serial0 ip address 10.1.2.1 255.255.255.0 bandwidth 64 ! interface Serial1 ip address 10.1.1.1 255.255.255.0 clockrate 56000 ! ! router rip network 10.0.0.0 ! ip classless

P1R3-ASBR Must be enabled ! for subnets. router ospf 200 redistribute rip metric 10 subnets network 172.6.31.5 0.0.0.0 area 0 ! router rip network 10.0.0.0 ! no ip classless ip default-network 10.0.0.0 !

Must be on all RIP/IGRP routers if want to use default route to get to unknown subnets of directly connected networks 1999, Cisco Systems, Inc.

www.cisco.com

BSCN13-27

The graphic illustrates the configurations for one of the ASBRs and a router in one of the RIP networks. Points about each configuration are as follows:s

Internal RIP router (P1R1) No redistribution configuration is necessary because the intent is not to have this router learn about external routes. The ip classless command is required on all RIP/IGRP routers that must use a default route to get to other subnets of network 10.0.0.0 (for example the 10.2.x.0 subnets). This command allows the software to forward packets that are destined for unrecognized subnets of directly connected networks. The packets are forwarded to the best supernet route, which may be the default route. When this feature is disabled, the software discards the packets when the router receives packets for a subnet that numerically falls within its subnetwork addressing scheme, if there is no such subnet number in the routing table

Note ip classless is on by default in Cisco IOS Release 12.0; it is off by default in earlier releases.s

ASBR (P1R3) When redistributing into OSPF, you need the subnets keyword so that subnetted networks will be redistributed. Define the default network to be advertised to the edge protocols.

Comprehensive examples of this configuration and outputs appear in Appendix A, Note Supplement B, One-Way Redistribution Configuration Examples.13-26 Building Scalable Cisco Networks Copyright 1999, Cisco Systems, Inc.

Redistribution Example Using ip default-network (cont'd)ASBR IP routing tableRIPP1R3#show ip routeP1R3

OSPF

* 10.0.0.0/24 is subnetted, 6 subnets C 10.1.3.0 is directly connected, Serial0 O E2 10.2.1.0 [110/10] via 172.6.31.6, 00:44:56, Ethernet0 C 10.1.2.0 is directly connected, Serial1 R 10.1.1.0 [120/1] via 10.1.3.1, 00:00:05, Serial0 [120/1] via 10.1.2.1, 00:00:17, Serial1 O E2 10.2.2.0 [110/10] via 172.6.31.6, 00:44:56, Ethernet0 O E2 10.2.3.0 [110/10] via 172.6.31.6, 00:44:56, Ethernet0 172.6.0.0/24 is subnetted, 1 subnets C 172.6.31.0 is directly connected, Ethernet0

1999, Cisco Systems, Inc.

www.cisco.com

BSCN13-28

The graphic illustrates one of the ASBR routing tables after redistribution was enabled on both ASBRs. For comparison, an example of the routing table prior to redistribution is as follows:P1R3#show ip route 10.0.0.0/24 10.1.3.0 10.1.2.0 10.1.1.0 is subnetted, 3 subnets is directly connected, Serial0 is directly connected, Serial1 [120/1] via 10.1.3.1, 00:00:16, Serial0 [120/1] via 10.1.2.1, 00:00:28, Serial1 172.6.0.0/24 is subnetted, 1 subnets 172.6.31.0 is directly connected, Ethernet0

C C R

C

Notice that in the before output the 10.2.0.0/24 networks do not appear. They appear once redistribution is configured on P2R2.

Copyright 1999, Cisco Systems, Inc.

Optimizing Routing Update Operation 13-27

Redistribution Example Using ip default-network (cont'd)Internal router IP routing tableP1R1#show ip route P1R1

RIPR C C R* 10.0.0.0/24 is subnetted, 3 subnets 10.1.3.0 [120/1] via 10.1.1.2, 00:00:24, Serial1 [120/1] via 10.1.2.2, 00:00:10, Serial0 10.1.2.0 is directly connected, Serial0 10.1.1.0 is directly connected, Serial1 0.0.0.0/0 [120/1] via 10.1.2.2, 00:00:10, Serial0

Router forwards packets destined to 10.2.0.0/24 networks using the default route 1999, Cisco Systems, Inc.

www.cisco.com

BSCN13-29

The graphic illustrates one of the internal routing tables after the default route was configured on the ASBR. Using this routing table, P1R1 can successfully ping any network in the other RIP autonomous system, for example:P1R1#ping 10.2.2.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.2.2.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 68/68/68 ms P1R1#

13-28 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Controlling Routing Update TrafficThis section discusses why redistributed routing protocol traffic should be controlled, and the mechanisms used to control it.

Redistribution Implementation GuidelinesIGRP/OSPF

IGRP

Redistribute

OSPF

Default or Static

IGRP

Redistribute

OSPF

Redistribute and Filter or Change Administrative Distance 1999, Cisco Systems, Inc.

www.cisco.com

BSCN13-31

At a high level, Cisco recommends you consider employing the following guidelines when using redistribution:s

The overriding recommendation is to be familiar with your network and your network traffic. There are many ways to implement redistribution, so knowing your network will enable you to make the best decision. Do not overlap routing protocolsDo not run two different protocols in the same internetwork. Rather, have distinct boundaries between networks that use different protocols. One-way redistributionTo avoid routing loops, and problems with varying convergence time, only allow routes to be exchanged in one direction, not both directions. In the other direction, you should consider using a default route. Two-way redistributionIf you must allow two-way redistribution, enable a mechanism to reduce the chances of routing loops. Examples of mechanisms covered in this chapter are default routes, route filters, and modification of the metrics advertised. With these types of mechanisms, you can reduce the chances of routes imported from one autonomous system being re-injected into the same autonomous system as new route information.

s

s

s

Copyright 1999, Cisco Systems, Inc.

Optimizing Routing Update Operation 13-29

Controlling Routing Update Traffic172.16.12.1

How can we prevent routing update traffic from crossing some of these links?

172.16.3.2

Trans 172.16.2.2

172.16.3.1 R200 172.16.7.2

T-1172.16.1.1 172.16.1.2 Cen 172.16.5.1

172.16.2.1

172.16.4.1 172.16.4.2 Rem 172.16.11.1 172.16.5.2

64Kb172.16.7.1

T-1 Frame Relay

64KbR300 172.16.6.1 R100 172.16.6.2

172.16.9.1

172.16.10.1

1999, Cisco Systems, Inc.

www.cisco.com

BSCN13-32

Thus far, we have discussed a variety of routing protocols and how they propagate routing information throughout an internetwork. There are times, however, when you do not want routing information propagated, for example:s

When using an on-demand WAN linkYou may want to minimize, or stop entirely, the exchange of routing update information across this type of link, otherwise the link will remain up constantly. When you want to prevent routing loopsMany companies have large enough networks where redundant paths are prominent. In some cases, for example, when a path is learned to the same destination by two different routing protocols, you may want to filter the propagation of one of the paths.

s

This section discusses several ways you can control or prevent routing update exchange and propagation:s

Passive interfacePrevents all routing updates from being sent through an interface. For EIGRP and OSPF, this method includes Hello protocol packets. Route update filteringUse access lists to filter route update traffic about specific networks. Changing administrative distanceChange the administrative distance to affect which protocol the router believes.

s

s

Two other methods of controlling traffic were presented earlier:s

Default routesInstructs the router that if it does not have a route for a given destination, send the packet to the default route. Static routesA route to a destination that you configured in the router.

s

13-30 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Using and Configuring passive-interfaceRouter(config-router)#

passive-interface type number

Prevents routing protocol updates from being generated on the interface

1999, Cisco Systems, Inc.

www.cisco.com

BSCN13-33

The passive-interface command prevents all routing updates for a given routing protocol from being sent into a network, but does not prevent the specified interface from receiving updates. When using the passive-interface command in a network using a link-state routing protocol, the command prevents the router from establishing a neighbor adjacency with other routers connected to the same link as the one specified in the command. An adjacency cannot be established because the Hello protocol is used to verify bi-directional communication between routers. If a router is configured to not send updates, then it cannot participate in bi-directional communication. To configure a passive interface, regardless of the routing protocol, do the following:Step 1 Step 2

Select the router and routing protocol that requires the passive interface. Determine which interface(s) you do not want routing update traffic to be sent through. Configure using the passive interface command. Description Type of interface and interface number that will not send routing updates.

Step 3

passive-interface Command type number

This capability is typically used in conjunction with other capabilities, as you will Note see in this chapter.

Copyright 1999, Cisco Systems, Inc.

Optimizing Routing Update Operation 13-31

Using Route FiltersRouting Update Determine interface. Is there a filter for this interface? No Process packet normally. Yes Is there an entry for this address? YesProcess entry according to filter configuration.

No End Drop packet

End

1999, Cisco Systems, Inc.

www.cisco.com

BSCN13-38

The Cisco IOS software can filter incoming and outgoing routing updates by using access lists. In general, the process the router uses is as follows: 1. 2. The router receives a routing update or is getting ready to send an update about one or more networks. The router looks at the interface involved with the action. For example, if it is an incoming update, then the interface on which it arrived is checked. If it is an update that must be advertised, the interface out of which it should be advertised is checked. 3. 4. The router determines if a filter is associated with the interface. If a filter is associated with the interface, the router views the access list to learn if there is a match for the given routing update. If a filter is not associated with the interface, the packet is processed as normal. 5 If there is a match, then the route entry is processed as configured. If no match is found in the access list, the implicit deny any at the end of the access list will cause the update to be dropped.Filtering routing updates was also discussed in chapter 10 for BGP. The ideas Note here are the same, although the commands used are different than those used for BGP, as shown on the next page.

13-32 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Configuring Route FilteringFor Outbound UpdatesRouter(config-router)#

distribute-list access-list-number | name out [ interface-name l routing-process | autonomous-system number ]

For Inbound UpdatesRouter(config-router)#

distribute-list access-list-number | name in [ type number ]

Use a standard access list to permit or deny routes Access list can be applied to transmitted (outbound) or received (inbound) routing updates

1999, Cisco Systems, Inc.

www.cisco.com

BSCN13-41

You can filter routing update traffic for any protocol by defining an access list and applying it to specific routing protocol. To configure a filter, do the following:Step 1 Step 2 Step 3

Identify the network addresses you want to filter and create an access list. Determine if you want to filter them on an incoming or outgoing interface. To assign the access list to filter outgoing routing updates, use the distribute-list out command.

distribute-list out Command Description access-list-number | name out interface-name routing-process Standard access list number or name. Applies the access list to outgoing routing updates. Optional interface name out which updates will be filtered. Optional name of the routing process, or the keyword static or connected, from which updates will be filtered. Optional autonomous system number of routing process.

autonomous-system-number

Or, to assign the access list to filter incoming routing updates, use the distribute-list in command: distribute-list in Command access-list-number | name Description Standard access list number or name.

Copyright 1999, Cisco Systems, Inc.

Optimizing Routing Update Operation 13-33

in type number

Applies the access list to incoming routing updates. Optional interface type and number from which updates will be filtered.

13-34 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

IP Route Filtering Configuration ExampleS0 172.16.0.0 10.0.0.0 Arouter eigrp 1 network 172.16.0.0 network 192.168.5.0 distribute-list 7 out s0 ! access-list 7 permit 172.16.0.0 0.0.255.255

192.168.5.0

B

Hides network 10.0.0.0 using interface filtering

1999, Cisco Systems, Inc.

www.cisco.com

BSCN13-42

The following describes some of the commands shown in the example in the graphic: Commanddistribute-list 7 out s0

Description Applies access list 7 as a route redistribution filter on EIGRP routing updates sent on interface serial 0.

access-list 7 permit 172.16.0.0 0.0.255.255

7 permit 172.16.0.0 0.0.255.255

Access list number. Routes matching the parameters can be forwarded. Network number and wildcard mask used to qualify source addresses. The first two address octets must match and the rest are masked.

The distribute-list out command applies access list 7 to outbound packets. The access list only allows routing information about network 172.16.0.0 to be distributed out the S0 interface. As a result, network 10.0.0.0 is hidden.

Copyright 1999, Cisco Systems, Inc.

Optimizing Routing Update Operation 13-35

IP Static Route Filtering Configuration Example192.168.7.10 172.16.0.0A BB

192.168.7.18 10.0.0.0 S0C

passive-interface s0D D EE

passive-interface s0

ip route 10.0.0.0 255.0.0.0 192.168.7.18 ip route 172.16.0.0 255.255.0.0 192.168.7.10 ! router eigrp 1 network 192.168.7.0 default-metric 10000 100 255 1 1500 redistribute static distribute-list 3 out static ! access-list 3 permit 10.0.0.0 0.255.255.255www.cisco.com

1999, Cisco Systems, Inc.

BSCN13-43

The example in the graphic shows a static route being redistributed and filtered into EIGRP. The following describes some of the commands shown in the example in the graphic: Command 10.0.0.0 255.0.0.0 192.168.7.18redistribute static

Description Defines the IP address and subnet mask of the destination network. Defines the next-hop address to use to reach the destination. Assigns routes learned from static entries in the routing table to be redistributed into Enhanced IGRP. Filters routes learned from static entries by using access list 3, before those routes are passed to the Enhanced IGRP process. The access list is list number 3. Routes that match the parameters will be advertised.

ip route 10.0.0.0 255.0.0.0 192.168.7.18

distribute-list 3 out static

access-list 3 permit 10.0.0.0 0.255.255.255

3 permit

10.0.0.0 0.255.255.255 Packets about IP addresses that match the first octet of 10.0.0.0 will be forwarded.Configure static route redistribution on one router only to eliminate the possibility Note of routing loops created by static route redistribution on routers with parallel routes between networks.

13-36 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

In this example, the 10.0.0.0 route is passed to routers D and E. The static route to 172.16.0.0 is filtered (denied by the implicit deny at the end of the access list).

Copyright 1999, Cisco Systems, Inc.

Optimizing Routing Update Operation 13-37

Modifying Administrative DistanceRouter(config-router)#

distance weight [ address mask [ access-list-number | name ] [ ip ]

Used for all protocols except EIGRP and BGP redistributionRouter(config-router)#

distance eigrp internal-distance external-distance

Used for EIGRP redistribution

1999, Cisco Systems, Inc.

www.cisco.com

BSCN13-44

In some cases, you will find that a router will select a suboptimal path because it believes a routing protocol that, although it has a better administrative distance, has a poorer route. One way to make sure that routes from the desired routing protocol are selected is to give the undesired routing protocol a larger administrative distance. Use the commands shown in the graphic to change the default administrative distances. For all protocols except EIGRP and BGP, use the distance command: distance Command weight address Description Administrative distance, an integer from 10 to 255 (the values 0 to 9 are reserved for internal use.) Optional IP address. Allows filtering of networks according to the IP address of the router supplying the routing information Optional wildcard mask for IP address. A bit set to 1 in the mask argument instructs the software to ignore the corresponding bit in the address value. Number or name of standard access list to be applied to the incoming routing updates. Allows filtering of the networks being advertised. Optional, specifies IP-derived routes for IS-IS.

mask

access-list-number | name

ip

For EIGRP use the distance eigrp command. distance eigrp Command Description internal-distance Administrative distance for Enhanced IGRP internal routes. Internal routes are those that areCopyright 1999, Cisco Systems, Inc.

13-38 Building Scalable Cisco Networks

learned from another entity within the same autonomous system. external-distance Administrative distance for Enhanced IGRP external routes. External routes are those for which the best path is learned from a neighbor external to the autonomous system.

Copyright 1999, Cisco Systems, Inc.

Optimizing Routing Update Operation 13-39

Redistribution Example Using distance172.16.12.1 172.16.3.2 T1 172.16.1.1R200 Trans

172.16.2.2 172.16.2.1

172.16.3.1

172.16.1.2Cen

172.16.4.1S0.2

172.16.7.2

172.16.5.1S0.1

T1 Frame Relay

172.16.4.2

64 kbpsRem

172.16.7.1R300

172.16.11.1

64 kbps172.16.6.1 172.16.6.2R100

172.16.5.2

172.16.9.1

172.16.10.1

1999, Cisco Systems, Inc.

www.cisco.com

BSCN13-45

This example uses RIP and IGRP to illustrate how a router can make a poor path selection due to the default administrative distance values given to RIP and IGRP in a redundant network. The example also illustrates one possible way of correcting the problem. The graphic illustrates the network prior to using multiple routing protocols. The R200 and Cen routers are the primary focus of this example, as are networks 172.16.6.0, 172.16.9.0, and 172.16.10.0. The configuration output and routing tables appear on the following pages.This example uses RIP and IGRP for simplicity. These and other protocol Note combinations can have the same problems occur, depending on the network topology, which is one reason Cisco highly recommends that you study your network topology prior to implementing redistribution, and to monitor it after it is enabled.

There are a number of ways to correct path selection problems in a redistribution Note environment. The purpose of this example is to show how a problem can occur, where it appears, and one possible way of resolving it.

13-40 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Redistribution Example Using distance (cont'd)With only IGRP running everywhere:Cen#show ip route Cen

IGRP

I I I C C I I

172.16.0.0/24 is subnetted, 11 subnets 172.16.9.0 [100/158813] via 172.16.1.1, 00:00:02, TokenRing1 172.16.10.0 [100/8976] via 172.16.5.2, 00:00:02, Serial0.1 172.16.11.0 [100/8976] via 172.16.4.2, 00:00:02, Serial0.2 172.16.4.0 is directly connected, Serial0.2 172.16.5.0 is directly connected, Serial0.1 172.16.6.0 [100/160250] via 172.16.5.2, 00:00:02, Serial0.1 172.16.3.0 [100/8539] via 172.16.2.2, 00:00:02, TokenRing0 [100/8539] via 172.16.1.1, 00:00:03, TokenRing1

Administrative Distance 1999, Cisco Systems, Inc.

Metricwww.cisco.comBSCN13-46

First, we have only IGRP running in all of the routers in the network. The graphic shows a portion of the routing table on the Cen router. Following is the complete IP routing table for the Cen router:Cen#show ip route 172.16.0.0/24 is subnetted, 11 subnets 172.16.12.0 [100/1188] via 172.16.2.2, 00:00:02, TokenRing0 172.16.9.0 [100/158813] via 172.16.1.1, 00:00:02, TokenRing1 172.16.10.0 [100/8976] via 172.16.5.2, 00:00:02, Serial0.1 172.16.11.0 [100/8976] via 172.16.4.2, 00:00:02, Serial0.2 172.16.4.0 is directly connected, Serial0.2 172.16.5.0 is directly connected, Serial0.1 172.16.6.0 [100/160250] via 172.16.5.2, 00:00:02, Serial0.1 172.16.7.0 [100/158313] via 172.16.1.1, 00:00:02, TokenRing1 172.16.1.0 is directly connected, TokenRing1 172.16.2.0 is directly connected, TokenRing0 172.16.3.0 [100/8539] via 172.16.2.2, 00:00:02, TokenRing0 [100/8539] via 172.16.1.1, 00:00:03, TokenRing1

I I I I C C I I C C I

Note the administrative distance and the composite metrics for each learned link. Administrative distance refers to how believable the routing protocol is, and the composite metric is the value assigned to the link. Now consider that you want to split the network into two autonomous systems IGRP and RIP. Note that IGRP is more believable than RIP because it has an administrative distance of 100 and RIP has an administrative distance of 120.

Copyright 1999, Cisco Systems, Inc.

Optimizing Routing Update Operation 13-41

Redistribution Example Using distance (cont'd)172.16.12.1 172.16.3.2

Trans

172.16.2.2

172.16.3.1

T1172.16.1.1 172.16.1.2

172.16.2.1

IGRP

R200

Cen

S0.2172.16.4.1 T1 Frame Relay

RIP 172.16.7.264 kbps172.16.7.1

172.16.5.1

S0.1

172.16.4.2

Rem172.16.11.1

64 kbpsR300172.16.6.1 172.16.6.2

172.16.5.2

R100172.16.10.1

172.16.9.1

1999, Cisco Systems, Inc.

www.cisco.com

BSCN13-47

The graphic shows the network with RIP and IGRP autonomous systems. The configurations for two of the routers are shown on the next graphic.

13-42 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Redistribution Example Using distance (cont'd)Router Cenrouter rip redistribute igrp 1 passive-interface Serial0.2 passive-interface TokenRing0 passive-interface TokenRing1 network 172.16.0.0 default-metric 3 ! router igrp 1 redistribute rip passive-interface Serial0.1 network 172.16.0.0 default-metric 10 100 255 1 1500

Router R200router rip redistribute igrp 1 passive-interface Serial0 passive-interface TokenRing0 network 172.16.0.0 default-metric 3 ! router igrp 1 redistribute rip passive-interface Serial1 network 172.16.0.0 default-metric 10 100 255 1 1500

1999, Cisco Systems, Inc.

www.cisco.com

BSCN13-48

The configurations for the Cen and R200 routers are shown in the graphic. The passive interface commands are used to prevent routes from a particular routing protocol from being forwarded needlessly on links when the remote router cannot understand or is not using that protocol. Note in these configurations that RIP is being redistributed into IGRP and IGRP is being redistributed into RIP, on both routers.

Copyright 1999, Cisco Systems, Inc.

Optimizing Routing Update Operation 13-43

Redistribution Example Using distance (cont'd)With IGRP and RIP running :Cen#show ip route

RIP

Cen

IGRP

R R I C C R I

172.16.0.0/24 is subnetted, 11 subnets 172.16.9.0 [120/2] via 172.16.5.2, 00:00:01, Serial0.1 172.16.10.0 [120/1] via 172.16.5.2, 00:00:02, Serial0.1 172.16.11.0 [100/8976] via 172.16.4.2, 00:00:02, Serial0.2 172.16.4.0 is directly connected, Serial0.2 172.16.5.0 is directly connected, Serial0.1 172.16.6.0 [120/1] via 172.16.5.2, 00:00:02, Serial0.1 172.16.3.0 [100/8539] via 172.16.2.2, 00:00:02, TokenRing0 [100/8539] via 172.16.1.1, 00:00:02, TokenRing1

Cen has RIP and IGRP routes 1999, Cisco Systems, Inc.

www.cisco.com

BSCN13-49

The graphic shows the resulting routing table on the Cen router. The table lists the routes that are relevant to the discussion in this section. Notice that the Cen router learned RIP and IGRP routes. You can use the following graphic to trace some of the routes (this is a copy of the previous figure repeated here for your convenience):

Redistribution Example Using distance (cont'd)172.16.12.1 172.16.3.2

Trans

172.16.2.2

172.16.3.1

T1172.16.1.1 172.16.1.2

172.16.2.1

IGRP

R200

Cen

S0.2172.16.4.1 T1 Frame Relay

RIP 172.16.7.264 kbps172.16.7.1

172.16.5.1

S0.1

172.16.4.2

Rem172.16.11.1

64 kbpsR300172.16.6.1 172.16.6.2

172.16.5.2

R100172.16.10.1

172.16.9.1

1999, Cisco Systems, Inc.

www.cisco.com

BSCN13-50

13-44 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Redistribution Example Using distance (cont'd)With IGRP and RIP running :R200#show ip route Gateway of last resort is not set 172.16.0.0/24 is subnetted, 11 subnets 172.16.9.0 [100/1000163] via 172.16.1.2, 00:00:37, TokenRing0 172.16.10.0 [100/1000163] via 172.16.1.2, 00:00:37, TokenRing0 172.16.11.0 [100/9039] via 172.16.1.2, 00:00:37, TokenRing0 172.16.4.0 [100/8539] via 172.16.1.2, 00:00:37, TokenRing0 172.16.5.0 [100/8539] via 172.16.1.2, 00:00:37, TokenRing0 172.16.6.0 [100/1000163] via 172.16.1.2, 00:00:37, TokenRing0 172.16.3.0 is directly connected, Serial0

RIP

R200

IGRP

I I I I I I C

R200 includes suboptimal paths 1999, Cisco Systems, Inc.

www.cisco.com

BSCN13-51

The graphic shows the resulting routing table on the R200 router. The route table lists the routes that are relevant to the discussion in this section. Notice that all the routes are learned from IGRP, even though R200 is also connected to a RIP network. Notice too that if you trace some of the routes, such as to network 172.16.9.0, the router uses the long way via router Cen rather than via router R300.

Copyright 1999, Cisco Systems, Inc.

Optimizing Routing Update Operation 13-45

Redistribution Example Using distance (cont'd)Router Cen router rip redistribute igrp 1 network 172.16.0.0 default-metric 3 ! router igrp 1 redistribute rip network 172.16.0.0 default-metric 10 100 255 1 1500 distance 130 0.0.0.0 255.255.255.255 1 ! access-list 1 permit 172.16.9.0 access-list 1 permit 172.16.10.0 access-list 1 permit 172.16.6.0 Router R200 router rip redistribute igrp 1 network 172.16.0.0 default-metric 3 ! router igrp 1 redistribute rip network 172.16.0.0 default-metric 10 100 255 1 1500 distance 130 0.0.0.0 255.255.255.255 1 ! access-list 1 permit 172.16.9.0 access-list 1 permit 172.16.10.0 access-list 1 permit 172.16.6.0

1999, Cisco Systems, Inc.

www.cisco.com

BSCN13-52

Router R200 selected the poor paths because IGRP has a better administrative distance than RIP. To make sure that R200 selects the RIP routes, you can change the administrative distance, as shown in the graphic. The following describes some of the commands shown in the example in the graphic: Command 130 Description Defines the administrative distance that specified routes will be assigned.distance 130 0.0.0.0 255.255.255.255 1

0.0.0.0 255.255.255.255 Defines the source address of the router supplying the routing information, in this case any router. 1 Defines the access-list to be used to filter incoming routing updates to determine which will have their administrative distance changed. The access-list number. Allows all networks that match the address to be permitted, in this case to have their administrative distance changed. A network to be permitted, in this case to have its administrative distance changed.

access-list 1 permit 172.16.9.0

1 permit

172.16.9.0

Router R200, for example, is configured to assign an administrative distance of 130 to IGRP routes to networks 172.16.9.0, 172.16.10.0, and 172.16.6.0. In this way, when the router learns about these networks from RIP, the RIP-learned routes (with a lower administrative distance of 120) will be selected and put in the13-46 Building Scalable Cisco Networks Copyright 1999, Cisco Systems, Inc.

routing table. Note that the distance command is for IGRP-learned routes because it is part of the IGRP routing process configuration.

Copyright 1999, Cisco Systems, Inc.

Optimizing Routing Update Operation 13-47

Redistribution Example Using distance (cont'd)With IGRP and RIP running and filtering :R200#show ip route R R I I I R C

RIP

R200

IGRP

172.16.0.0/24 is subnetted, 11 subnets 172.16.9.0 [120/1] via 172.16.7.1, 00:00:19, Serial1 172.16.10.0 [120/2] via 172.16.7.1, 00:00:19, Serial1 172.16.11.0 [100/9039] via 172.16.1.2, 00:00:49, TokenRing0 172.16.4.0 [100/8539] via 172.16.1.2, 00:00:49, TokenRing0 172.16.5.0 [100/8539] via 172.16.1.2, 00:00:49, TokenRing0 172.16.6.0 [120/1] via 172.16.7.1, 00:00:19, Serial1 172.16.3.0 is directly connected, Serial0

R200 learns some RIP routes 1999, Cisco Systems, Inc.

www.cisco.com

BSCN13-53

The output in the graphic shows that Router R200 now has retained the better route to some of the networks by learning them from RIP. With this configuration, however, note the loss of routing information. For example, given the actual bandwidths involved, the IGRP path would have been better for the 172.16.10.0 network, so it may have made sense to not include 172.16.10.0 in the access-list. This example illustrates the importance of not only knowing your network prior to implementing redistribution, but also that you should view which routes the routers are selecting after redistribution is enabled. You should pay particular attention to routers that can select from a number of possible redundant paths to a network because they are more likely to select suboptimal paths.

13-48 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Verifying Redistribution OperationThis section discusses commands used to verify route redistribution.

Verifying Redistribution OperationRouter#

show ip route

Displays the contents of the IP routing tableRouter#

trace

Traces the path a packet takes

1999, Cisco Systems, Inc.

www.cisco.com

BSCN13-55

The best way to verify redistribution operation is to:s s

Know your network topology, particularly where redundant routes exist. Show the routing table of the appropriate routing protocol on a variety of routers in the internetwork. For example, check the routing table on the ASBR as well as some of the internal routers in each autonomous system. Perform a trace on some of the routes that go across the autonomous systems to verify that the shortest path is being used for routing. Make sure that you especially run traces to networks for which redundant routes exist. If you do encounter routing problems, use trace and debug commands to observe the routing update traffic on the ASBRs and internal routers.

s

s

Running debug requires extra processing by the router, so if the router is already Note overloaded, initiating debug is not recommended.

Copyright 1999, Cisco Systems, Inc.

Optimizing Routing Update Operation 13-49

Written Exercise: Redistribution and Controlling Routing Update TrafficObjectives:s s

Select and configure the different ways to control route update traffic. Configure route redistribution in a network that does not have redundant paths between dissimilar routing processes Configure route redistribution in a network that has redundant paths between dissimilar routing processes Resolve path selection problems that result in a redistributed network Verify route redistribution

s

s s

Task: Answer the following questions about redistribution and controlling routing update traffic. 1 List three reasons why you may use multiple routing protocols in a network. _____________________________________________________________ _____________________________________________________________ _____________________________________________________________ 2 What two parameters are used by routers to select the best path when they learn two or more routes to the same destination from different routing protocols? _____________________________________________________________ _____________________________________________________________ 3 What are the components of the EIGRP routing metric? _____________________________________________________________ _____________________________________________________________ _____________________________________________________________ 4 Consider that you have a dialup WAN connection between site A and site B. What can you do to prevent excess routing update traffic from crossing the list, but still have the boundary routers know the networks that are at the remote sites? _____________________________________________________________ _____________________________________________________________ 5 What command is used to cause RIP to source a default route? _____________________________________________________________ 6 If there is no filter associated with an interface, what happens to packets destined for that interface? _____________________________________________________________

13-50 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

7

What command can be used to discover the path that a packet takes through a network? _____________________________________________________________

8

How can a routing loop result in a network that has redundant paths between two routing processes? _____________________________________________________________ _____________________________________________________________ _____________________________________________________________

Copyright 1999, Cisco Systems, Inc.

Optimizing Routing Update Operation 13-51

Policy-Based Routing Using Route-MapsThis section describes what policy-based routing is and how to configure it using route-maps.

Policy-Based RoutingPolicy-based routing Allows you to implement policies that selectively cause packets to take different paths Can also mark traffic with different TOS Since IOS Release 11.0

1999, Cisco Systems, Inc.

www.cisco.com

BSCN13-58

In today's high performance internetworks, organizations need the freedom to implement packet forwarding and routing according to their own defined policies in a way that goes beyond traditional routing protocol concerns. By using policybased routing, introduced in Cisco IOS Release 11.0, policies that selectively cause packets to take different paths can be implemented. Policy-based routing also provides a mechanism to mark packets with different types of service (TOS). This feature can be used in conjunction with IOS queuing techniques so that certain kinds of traffic can receive preferential service.

13-52 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Policy-Based Routing BenefitsBenefits of Policy-Based Routing Source-Based Transit Provider Selection different users go different ways

Quality of Service (QoS) set precedence or TOS, used with queueing

Cost Savings use high cost links only when necessary

Load Sharing use multiple paths based on traffic characteristics 1999, Cisco Systems, Inc.

www.cisco.com

BSCN13-59

The benefits that can be achieved by implementing policy-based routing in the networks include:s

Source-Based Transit Provider SelectionInternet service providers and other organizations can use policy-based routing to route traffic originating from different sets of users through different Internet connections, across the policy routers. Quality of Service (QoS)Organizations can provide QoS to differentiated traffic by setting the precedence or type of service (TOS) values in the IP packet headers in routers at the periphery of the network and leveraging queuing mechanisms to prioritize traffic in the core or backbone of the network. This setup improves network performance by eliminating the need to classify the traffic explicitly at each WAN interface in the core or backbone of the network. Cost Savings An organization can direct the bulk traffic associated with a specific activity to use a higher bandwidth, high-cost link for a short time, and continue basic connectivity over a lower bandwidth, low-cost link for interactive traffic. For example, a dial-on-demand Integrated Services Digital Network (ISDN) line could be brought up in response to traffic to a finance server for file transfers selected by policy routing. Load SharingIn addition to the dynamic load-sharing capabilities offered by destination-based routing that the Cisco IOS software has always supported, network managers can now implement policies to distribute traffic among multiple paths based on the traffic characteristics.

s

s

s

Copyright 1999, Cisco Systems, Inc.

Optimizing Routing Update Operation 13-53

PoliciesApplied to incoming packets Implemented using route-maps Matching routes modified by set commands If match criteria met and route-map specified permit control routing as specified by the set action If match criteria met and route-map specified deny normal (destination based) routing If all sequences in the list checked and no matches normal (destination based) routing 1999, Cisco Systems, Inc.

www.cisco.com

BSCN13-60

Policy-based routing is applied to incoming packets. All packets received on an interface with policy-based routing enabled are considered for policy-based routing. The router passes the packets through a route-map. Based on the criteria defined in the route-map, packets are forwarded to the appropriate next hop. Routers normally forward packets to the destination addresses based on information in their routing tables. Instead of routing by the destination address, policy-based routing allows network administrators to determine and implement routing policies to allow or deny paths based on:s s s s

The identity of a particular end system The application being run The protocol in use The size of packets

As discussed in chapter 10, route-maps are complex access-lists. Each entry in a route-map statement contains a combination of match and set statements. The match statements define the criteria for whether appropriate packets meet the particular policy (that is, the conditions to be met). The set clauses define how the packets should be routed once they have met the match criteria. For each combination of match and set commands in a route-map statement, all sequential match statements must be met simultaneously by the packet for the set statements to be applied. There may be multiple sets of combinations of match and set commands in a full route-map statement. The route-map statements can also be marked as permit or deny. If the statement is marked as a deny, a packet meeting the match criteria is sent back through the normal forwarding channels (in other words, destination-based routing is performed). Only if the statement is marked as permit and the packet meets the

13-54 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

match criteria are all the set commands applied. If no match is found in the routemap then the packet is forwarded through the normal routing channel. If it is desired not to revert to normal forwarding and to drop a packet that does not match the specified criteria, then a set statement to route the packets to interface null 0 should be specified as the last entry in the route-map.

Copyright 1999, Cisco Systems, Inc.

Optimizing Routing Update Operation 13-55

Route-Map Configuration ReviewRouter(config)#

route-map map-tag [permit | deny] [sequence-number] Defines the conditions for policy routingRouter(config-route-map)#

match {conditions} Defines the conditions to matchRouter(config-route-map)#

set {actions} Defines the action to be taken on a match 1999, Cisco Systems, Inc.

www.cisco.com

BSCN13-61

The graphic is a review of the route-map configuration commands from chapter 10. The specific match and set commands for policy-based routing are discussed in the following pages.

13-56 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Policy Routing match CommandsRouter(config-route-map)#

match ip address {access-list-number | name} [...access-list-number | name] Matches IP addresses for policy routingRouter(config-route-map)#

match length min max Matches layer 3 length of packet for policy routing

1999, Cisco Systems, Inc.

www.cisco.com

BSCN13-62

IP standard or extended access lists can be used to establish policy-based routing match criteria using the match ip address command. A standard IP access list can be used to specify the match criteria for source address of a packet; extended access lists can be used to specify the match criteria based on source and destination address, application, protocol type, TOS, and precedence. match ip address Command access-list-number | name Description Number or name of a standard or extended access list to be used to test incoming packets. If multiple access-lists are specified, matching any one will result in a match.

The match length command can be used to establish criteria based on the packet length, between specified minimum and maximum values. For example, a network administrator could use the match length as the criterion that distinguishes between interactive and file transfer traffic, since file transfer traffic usually has larger packet sizes. match length Command min max Description Minimum layer 3 length of the packet, inclusive, allowed for a match. Maximum layer 3 length of the packet, inclusive, allowed for a match.

Copyright 1999, Cisco Systems, Inc.

Optimizing Routing Update Operation 13-57

Policy Routing set CommandsRouter(config-route-map)#

set ip next-hop ip-address [...ip-address] Defines next hop to output packets toRouter(config-route-map)#

set interface type number [...type number] Defines interface to output packets to

1999, Cisco Systems, Inc.

www.cisco.com

BSCN13-63

If the match statements are satisfied, one of the following set statements can be used to specify the criteria for forwarding packets through the router; they are evaluated in the order listed here. Once a destination address or interface has been chosen, other set commands for changing the destination address or interface are ignored. 1. The set ip next-hop command provides a list of specified IP addresses used to specify the adjacent next hop router in the path toward the destination to which the packets should be forwarded. The first IP address associated with a currently up connected interface will be used to route the packets. set ip next-hop Command ip-address Description IP address of the next hop to which packets are output. It must be the address of an adjacent router.

2. The set interface command provides a list of interfaces through which the packets can be routed. If more than one interface is specified, then the first interface that is found to be up will be used for forwarding the packets. set interface Command type number Description Interface type and number, to which packets are output.

If there is no explicit route for the destination address of the packet in the routing Note table, the set interface command is not followed.

13-58 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Policy Routing set Commands (contd)Router(config-route-map)#

set ip default next-hop ip-address [...ip-address] Defines next hop to output packets that have no explicit route to the destination

Router(config-route-map)#

set default interface type number [...type number] Defines interface to output packets that have no explicit route to the destination

1999, Cisco Systems, Inc.

www.cisco.com

BSCN13-64

3. The set ip default next-hop command provides a list of default next hop IP addresses. The packet is routed to the next hop specified by this set clause only if there is no explicit route for the destination address in the packet in the routing table. The first next hop specified that appears to be adjacent to the router is used. The optional specified IP addresses are tried in turn. set ip default next-hop Command Description ip-address IP address of the next hop to which packets are output. It must be the address of an adjacent router

4. The set default interface command provides a list of default interfaces. If there is no explicit route available to the destination address of the packet being considered for policy routing, then it will be routed to the first up interface in the list of specified default interfaces. set default interface Command Description type number Interface type and number, to which packets are output.

5. The set ip tos command is used to set the IP TOS value in the IP packets. 6. The set ip precedence command is used to set the IP precedence in the IP packets. The set commands can be used in conjunction with each other.

Copyright 1999, Cisco Systems, Inc.

Optimizing Routing Update Operation 13-59

Configuring Policy-Based RoutingRouter(config-if)#

ip policy route-map map-tag

Specify a route-map to use for policy routing on an interfaceRouter(config-if)#

ip route-cache policy

Enable fast switched policy routing

1999, Cisco Systems, Inc.

www.cisco.com

BSCN13-65

To identify a route-map to use for policy routing on an interface, use the ip policy route-map interface configuration command. ip policy route-map Command Description map-tag Name of the route-map to use for policy routing. Must match a map-tag specified by a route-map command.

Policy-based routing is specified on the interface that receives the packets, not on Note the interface from which the packets are sent.

IP policy routing can now be fast-switched. Prior to this feature, policy routing could only be process switched, which meant that on most platforms, the switching rate was approximately 1,000 to 10,000 packets per second. This was not fast enough for many applications. Users who need policy routing to occur at faster speeds can now implement policy routing without slowing down the router. Policy routing must be configured before you configure fast-switched policy routing. Fast switching of policy routing is disabled by default. To have policy routing be fast-switched, use the ip route-cache policy command in interface configuration mode. Fast-switched policy routing supports all of the match commands and most of the set commands, except for the following restrictions:s s

The set ip default command is not supported. The set interface command is supported only over point-to-point links, unless a route-cache entry exists using the same interface specified in the set interface command in the route-map. Also, at the process level, the routing table isCopyright 1999, Cisco Systems, Inc.

13-60 Building Scalable Cisco Networks

consulted to determine if the interface is on a reasonable path to the destination. During fast switching, the software does not make this check. Instead, if the packet matches, the software blindly forwards the packet to the specified interface.

Copyright 1999, Cisco Systems, Inc.

Optimizing Routing Update Operation 13-61

Policy-Based Routing Example192.168.1.0 192.168.2.0 C S0:10.1.1.100 S1:172.17.1.2 B S0:172.16.1.1 S1:172.17.1.1

S3:10.1.1.1

A

S2:172.16.1.2

Router A has a policy that packets from 192.168.2.1 go to Router Cs interface S1 1999, Cisco Systems, Inc.

www.cisco.com

BSCN13-66

In the graphic Router A has a policy that packets from 192.168.2.1 should go out to Router Cs interface serial 1. All other packets should be routed according to their destination.

13-62 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Policy-Based Routing Example (contd)RouterA(config)# interface Serial2 RouterA(config-if)# ip address 172.16.1.2 255.255.255.0 RouterA(config-if)# ip policy route-map test RouterA(config)#route-map test permit 10 RouterA(config-route-map)#match ip address 1 RouterA(config-route-map)#set ip next-hop 172.17.1.2 RouterA(config-route-map)#exit RouterA(config)#access-list 1 permit 192.168.2.1 0.0.0.0

1999, Cisco Systems, Inc.

www.cisco.com

BSCN13-67

Router As serial 2 interface, where packets from 192.168.2.1 go into Router A, is configured to do policy routing with the ip policy route-map command. The route-map test is used for this policy routing. It tests the IP addresses in packets against access-list 1 to determine which packets will be policy routed. Access-list 1 specifies that packets with a source address of 192.168.2.1 will be policy routed. Packets that match access-list 1 will be sent to the next-hop address 172.17.1.2, which is Router Cs serial 1 interface. All other packets will be forwarded normally, according to their destination. (Recall that access-lists have an implicit deny any at the end, so no other packets will be permitted by accesslist 1).

Copyright 1999, Cisco Systems, Inc.

Optimizing Routing Update Operation 13-63

Verifying Policy-Based RoutingThis section discusses commands used to verify policy-based routing.

Verifying Policy-Based RoutingRouter#

show ip policy

Display route-maps configured on interfacesRouter#

show route-map [map-name]

Display a route-map

1999, Cisco Systems, Inc.

www.cisco.com

BSCN13-69

To display the route-maps used for policy routing on the routers interfaces, use the show ip policy EXEC command. To display configured route-maps, use the show route-map EXEC command. show route-map Command map-name Description Optional name of a specific route-map.

13-64 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Verifying Policy-Based Routing (contd)Router#

debug ip policy

Enable display of IP policy routing eventsRouter#

trace

Extended trace allows specification of source addressRouter#

ping

Extended ping allows specification of source address 1999, Cisco Systems, Inc.

www.cisco.com

BSCN13-70

Use the debug ip policy EXEC command to display IP policy routing packet activity. This command helps you determine what policy routing is doing. It displays information about whether a packet matches the criteria, and if so, the resulting routing information for the packet.Because the debug ip policy command generates a significant amount of output, Note use it only when traffic on the IP network is low, so other activity on the system is not adversely affected.

To discover the routes the packets follow when traveling to their destination from the router, use the trace privileged EXEC command. To change the default parameters and invoke an extended trace test, enter the command without a destination argument. You will be stepped through a dialog to select the desired parameters. To check host reachability and network connectivity, use the ping (IP packet internet groper function) privileged EXEC command. You can use the extended command mode of the ping command to specify the supported header options, by entering the command without any arguments.

Copyright 1999, Cisco Systems, Inc.

Optimizing Routing Update Operation 13-65

Verifying Policy-Based Routing ExamplesRouterA#show ip policy Interface Route map Serial2 test RouterA#show route-map route-map test, permit, sequence 10 Match clauses: ip address (access-lists): 1 Set clauses: ip next-hop 172.17.1.2 Policy routing matches: 3 packets, 168 bytes

1999, Cisco Systems, Inc.

www.cisco.com

BSCN13-71

Note

The output shown in the graphic is from Router A in the last example.

The graphic provides examples of two show commands. The show ip policy command indicates that the route-map called test is used for policy routing on the routers interface serial 2. The show route-map command indicates that three packets have matched sequence 10 of the test route-map.

13-66 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Verifying Policy-Based Routing ExamplesRouterA#debug ip policy Policy routing debugging is on RouterA#show logging ... 11:50:51: IP: s=172.16.1.1 (Serial2), d=192.168.1.1 (Serial3), len 100, policy rejected -- normal forwarding ... 11:51:25: IP: s=192.168.2.1 (Serial2), d=192.168.1.1, len 100, policy match 11:51:25: IP: route map test, item 10, permit 11:51:25: IP: s=192.168.2.1 (Serial2), d=192.168.1.1 (Serial1), len 100, policyrouted 11:51:25: IP: Serial2 to Serial1 172.17.1.2

1999, Cisco Systems, Inc.

www.cisco.com

BSCN13-72

Note

The output shown in the graphic is from Router A in the last example.

The graphic provides an example of the output of the debug ip policy command. The show logging command shows the logging buffer including the output of the debug command. The output indicates that a packet from 172.16.1.1 destined for 192.168.1.1 was received on interface serial 2 and that it was rejected by the policy on that interface. The packet is routed normally (i.e. by destination). Another packet, from 192.168.2.1 destined for 192.168.1.1, was later received on the same interface serial 2. This packet matched the policy on that interface and was therefore policy routed and sent out interface serial 1 to 172.17.1.2.

Copyright 1999, Cisco Systems, Inc.

Optimizing Routing Update Operation 13-67

Case Study: RedistributionRecall that throughout this course we have been using a case study of JKL Corporation to discuss various aspects of scalable routing. The case studies are used to review key concepts, to discuss critical issues surrounding network operation, and to provide a focus for the lab exercises.

Case Study - RedistributionJKLs Acquisition AIGRP Domain, Metric = Composite 1 Private Class A Supports Regional Campus Topology

As new acquisitionRIP Domain, Metric = Hops 1 Class C Supports Unix W/S, Servers

1

2

3T-3

To JKL

Fast Ethernet Ethernet Serial 1999, Cisco Systems, Inc.

Private Address Space Network 10.0.0.0

OSPF Domain, Metric = Cost 1 Class C Supports Acquisition Policy

www.cisco.com

BSCN13-74

In this case study, we will look at how JKLs Acquisition A will implement its routing protocols. Recall that Acquisition A is running a mixture of protocols, IGRP, RIP and OSPF. It has two class C public addresses and uses a class A private address. As shown in the graphic, each of the three protocol domains is connected to the other two. The following topics are some considerations to discuss with the class during the case study:s

Routing domains, including scaling issues:s

Within each of the protocol domains (RIP, IGRP, OSPF) what are the limitations? What implications do these limitations have when redistributing information between the domains?

s

s

Redistribution between different routing protocolss

What issues may arise when configuring redistribution in this network?

s

Sub-optimal routes in routing tabless

Which routing protocol will be selected as the most believable?Copyright 1999, Cisco Systems, Inc.

13-68 Building Scalable Cisco Networks

s s

Is there a potential for routing loops in this network?

Exchange of route informations s

Will any of the interfaces have to be configured as passive interfaces? When would it be more appropriate to use a distribute-list filter on an interface versus for a process? Is there anywhere in the network where policy-based routing would be appropriate?

s

s

Synchronization/metric issuess

How do each of the protocols in use ensure that the routers running them are synchronized? When a router in the RIP domain learns of a network within the OSPF domain, what meaning does the metric have?

s

s

Ease of configurations

How difficult would it be to configure each of the individual routing domains? How much more complicated is it to implement redistribution between the routing domains? Are there any alternatives? How easy would they be to implement?

s

s

Copyright 1999, Cisco Systems, Inc.

Optimizing Routing Update Operation 13-69

Summary

SummaryAfter completing this chapter, you should be able to perform the following tasks: Select and configure the different ways to control route update traffic Configure route redistribution in a network that does not have redundant paths between dissimilar routing processes Configure route redistribution in a network that has redundant paths between dissimilar routing processes 1999, Cisco Systems, Inc.

www.cisco.com

BSCN13-76

13-70 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Summary (contd) Resolve path selection problems that result in a redistributed network Verify route redistribution Configure policy-based routing using route-maps Given a set of network requirements, configure redistribution between different routing domains and verify proper operation (within described guidelines) of your routers Given a set of network requirements, configure policy-based routing within your pod and verify proper operation (within described guidelines) of your routers 1999, Cisco Systems, Inc.

www.cisco.com

BSCN13-77

Copyright 1999, Cisco Systems, Inc.

Optimizing Routing Update Operation 13-71

Review QuestionsAnswer the following questions.

Review Questions1. What is redistribution? 2. What is the default administrative distance for IGRP? For RIP? For OSPF? 3. When configuring a default metric for redistributed routes, the metric should be set to a value ________ than the largest metric within the AS. 4. What command is used for policy-based routing to establish criteria based on the packet length? 1999, Cisco Systems, Inc.

www.cisco.com

BSCN13-78

13-72 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Review Questions (contd)5. What command is used to configure filtering of the routing update traffic from an interface? What command mode is this command entered in? 6. What does the following command do? distance 150 0.0.0.0 255.255.255.255 3 7. What are the benefits of policy-based routing? 8. Policy-based routing is applied to ________ packets? 1999, Cisco Systems, Inc.

www.cisco.com

BSCN13-79

Copyright 1999, Cisco Systems, Inc.

Optimizing Routing Update Operation 13-73

14

Implementing Scalability Features in Your Internetwork

OverviewThis chapter is a review of the contents in the course, and culminates with a large summary lab that allows the students to configure many of the features discussed. This chapter includes the following topics:Note to reviewers: The Chapter 14 listed in the design document has been deleted and this chapter now becomes Note chapter 14. Compared to the design document, some topics have been renamed and reordered, to improve the flow of this chapter.s s s s s s s s

Objective Routing Principles Extending IP Addressing Space Connecting to ISPs Controlling Overhead Traffic Route Redistribution Written Exercise: Using Scalable Strategies Case Study: Summary (Optional)

.

s s

Summary Review Questions

14-2 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

ObjectiveThis section lists the chapters objective.

ObjectiveUpon completion of this chapter, you will be able to perform the following task: Given a set of network requirements, configure many of the features discussed in class and verify proper operation (within described guidelines) of your routers

1999, Cisco Systems, Inc.

www.cisco.com

BSCN14-2

Upon completion of this chapter, you will be able to perform the following task:s

Given a set of network requirements, configure many of the features discussed in class and verify proper operation (within described guidelines) of your routers

Copyright 1999, Cisco Systems, Inc.

Implementing Scalability Features in Your Internetwork 14-3

Routing PrinciplesThis section reviews the principles of routing.

What is Routing?Routing is the process of forwarding an item from one location to another Routers forward traffic to a logical destination in a computer network Routers perform two major functions: RoutingLearning the logical topology of the network

SwitchingForwarding packets from an inbound interface to an outbound interface 1999, Cisco Systems, Inc.

www.cisco.com

BSCN14-4

Routing is a relay system by which items are forwarded from one location to another, from a logical source to a logical destination. Each device in the network has a logical address so it can be reached individually or in some cases as part of a larger group of devices. For a router to act as an effective relay device, it must be able to understand the logical topology of the network and to communicate with its neighboring devices. The router understands several different logical addressing schemes and regularly exchanges topology information with other devices in the network. The mechanism of learning and maintaining awareness of the network topology is considered to be the routing function. The actual movement of transient traffic through the router is a separate function and is considered to be the switching function. Routing devices must perform both a routing and a switching function to be an effective relay device.

14-4 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Classful RoutingClassful routing protocols are a consequence of the distance vector method of route calculation RIPv1 IGRP

Subnet masks are not carried within the routine, periodic routing updates Summary routes are automatically created at major network boundaries 1999, Cisco Systems, Inc.

www.cisco.com

BSCN14-5

Classful routing is a consequence of the fact that subnet masks are not advertised in the periodic, routine, routing advertisements generated by distance vector routing protocols. In a classful environment, the receiving device must know the mask associated with any advertised subnets. There are two ways this information can be gained:s s

The receiving device shares the same mask as the advertising device. If the mask does not match, the receiving device must use the default routing mask.

Classful routing protocols, such as RIPv1 and IGRP, exchange routes to all subnetworks within the same network. This is possible because all of the subnetworks in the major network must have the same routing mask. When routes are exchanged with foreign networks (networks whose network portion does not match ours), subnetwork information from this network cannot be included because the mask of the network will not be known. As a result, the subnetwork information from this network must be summarized to a classful boundary using a default routing mask prior to inclusion in the routing update. The creation of a classful summary route at major network boundaries is handled automatically by classful routing protocols. Summarization at other points within the major network address is not allowed by classful routing protocols.

Copyright 1999, Cisco Systems, Inc.

Implementing Scalability Features in Your Internetwork 14-5

Classless RoutingClassless routing protocols include the routing mask with the route advertisement Open Shortest Path First (OSPF) Enhanced IGRP RIPv2 IS-IS BGP

Routing updates triggered by topology changes Summary routes manually controlled at any point within the network 1999, Cisco Systems, Inc.

www.cisco.com

BSCN14-6

Classless routing protocols can be considered as second generation protocols because they are designed to deal with some of the limitations of the earlier classful protocols. One of the most serious limitations in a classful network environment is that the subnet mask is not exchanged during the routing update process. This original approach required the same mask be used on all subnetworks. The classless approach advertises the mask for each route and therefore a more precise lookup can be performed in the routing table. Once the initial topology learning phase is complete, updates about network routes are triggered by changes in topology. The event-driven approach reduces the periodic bandwidth consumption associated with full table updates. Classless routing protocols also address another limitation of the classful approach: the need to summarize to a classful network with a default routing mask at major network boundaries. In the classless environment, the summarization process is manually controlled and can be invoked at any point within the network. Since subnet routes are propagated throughout the routing domain, summarization is required to keep the size of the routing tables at a manageable size.

14-6 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Extending IP Addressing SpaceThis section reviews some of the features available to extend the IP addressing space.

IP Addressing Solutions Subnet Masking, RFC 1812 Address Allocation for Private Internets, RFC 1918 Network Address Translation, RFC 1631 Hierarchical Addressing Variable-Length Subnet Masks, RFC 1812 Route Summarization, RFC 1518 Classless Inter-Domain Routing, RFCs 1518, 1519 1999, Cisco Systems, Inc.

www.cisco.com

BSCN14-8

Since the 1980s, solutions have been developed to slow the depletion of IP addresses and to reduce the number of Internet route table entries by enabling more hierarchical layers in an IP address. These solutions include:s

Subnet MaskingRFCs 950 (1985), 1812 (1995)Developed to add another level of hierarchy to an IP address. This additional level allows for extending the number of network addresses derived from a single IP address. Address Allocation for Private InternetsRFC 1918 (1996)Developed for organizations that do not need much access to the Internet. The only reason to have a NIC-assigned IP address is to interconnect to the Internet. Any and all companies can use the privately assigned IP addresses within their organization, rather than using a NIC-assigned IP address unnecessarily. Network Address Translation (NAT)RFC 1631 (1994)Developed for those companies that use private addressing or use non-NIC-assigned IP addresses. This strategy enables an organization to access the Internet with a NIC-assigned address, without having to reassign the private or illegal addresses that are already in place. Hierarchical Addressing Applying a structure to addressing such that multiple addresses share the same leftmost bits. Variable-Length Subnet Masks (VLSMs)RFC 1812 (1995)Developed to allow multiple levels of subnetworked IP addresses within a single network. This strategy can only be used when it is supported by the routing protocol in use, such as OSPF and EIGRP.Implementing Scalability Features in Your Internetwork 14-7

s

s

s

s

Copyright 1999, Cisco Systems, Inc.

s

Route SummarizationRFC 1518 (1993)A way of having a single IP address represent a collection of IP addresses when you employ a hierarchical addressing plan. Classless Inter-Domain Routing (CIDR)RFCs 1518, 1519 (1993), 2050 (1996)Developed for ISPs. This strategy suggests that the remaining IP addresses be allocated to ISPs in contiguous blocks, with geography being a consideration.

s

14-8 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

What Is a Variable-Length Subnet Mask?172.16.14.32/27A

17 2.

16 .1

4. 1

172.16.14.64/27

172.1B

6.14. 1

0 36/30

32 /3

2. 17

. .1 16

2 0/

4

172.16.14.96/27

C

0/3 .14.14 172.16

0

HQ 17

2.1

6.2 .

172.16.0.0/16

0/2 4

Subnet 172.16.14.0/24 is divided into smaller subnets: Subnet with one mask at first (/27) Further subnet one of these subnets not used elsewhere (/30) 1999, Cisco Systems, Inc.

www.cisco.com

BSCN14-9

VLSMs provide the ability to include more than one subnet mask within a network, and the ability to subnet an already subnetted network address. The benefits of VLSMs include:s

Even more efficient use of IP addressesWithout the use of VLSMs, companies are locked into implementing a single subnet mask within an entire class A, B or C network number. For example, consider the 172.16.0.0/16 network address divided into subnets using /24 masking, and one of the subnetworks in this range, 172.16.14.0/24, further divided into smaller subnets with the /27 masking, as shown in the graphic. These smaller subnets range from 172.16.14.0/27 to 172.16.14.224/27. In the graphic, one of these smaller subnets, 172.16.14.128, is further divided with the /30 prefix, creating subnets with only two hosts, to be used on the WAN links.

s

Greater capability to use route summarizationVLSMs allow for more hierarchical levels within your addressing plan, and thus allow for better route summarization within routing tables. For example, in the graphic, subnet 172.16.14.0/24 summarizes all of the addresses that are further subnets of 172.16.14.0, including those from subnet 172.16.14.0/27 and from 172.16.14.128/30.

Copyright 1999, Cisco Systems, Inc.

Implementing Scalability Features in Your Internetwork 14-9

What Is Route Summarization?172.16.25.0/24 I can route to the 172.16.0.0/16 network. 172.16.26.0/24

A172.16.27.0/24

B Routing Table 172.16.0.0/16

Routing Table 172.16.25.0/24 172.16.26.0/24 172.16.27.0/24

Routing protocols can summarize addresses of several networks into one address 1999, Cisco Systems, Inc.

www.cisco.com

BSCN14-10

In large internetworks hundreds or even thousands of network addresses can exist. In these environments, it is often not desirable for routers to maintain all these routes in their routing table. Route summarization, also called route aggregation or supernetting, can reduce the number of routes that a router must maintain because it is a method of representing a series of network numbers in a single summary address. For example, as the graphic shows, the router can either send three routing update entries, or summarize the addresses into a single network number.Note The router in the graphic is saying that it can route to the network 172.16.0.0/16, including all subnets of that network. However, if there were other subnets of 172.16.0.0 elsewhere in the network (for example, if 172.16.0.0 was discontiguous), summarizing in this way may not be valid.

14-10 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

What is CIDR?192.168.8.0/24A

19 2.1 68

.8.

192.168.9.0/24. . .

0/2 4192.168.8.0/21HQ

B . . . H

192.1 68.9.0

/24

192.168.15.0/24

6 2.1 19

/24 5 .0 8.1

Networks 192.168.8.0/24 through 192.168.15.0/24 are summarized by HQ in one advertisement 192.168.8.0/21 1999, Cisco Systems, Inc.

www.cisco.com

BSCN14-11

CIDR is a mechanism developed to help alleviate the problem of exhaustion of IP addresses and growth of routing tables. The idea behind CIDR is that blocks of multiple Class C addresses can be combined, or aggregated, to create a larger (that is, more hosts allowed) classless set of IP addresses. Blocks of Class C network numbers are allocated to each network service provider. Organizations using the network service provider for Internet connectivity are allocated subsets of the service provider's address space as required. These multiple Class C addresses can then be summarized in routing tables, resulting in fewer route advertisements CIDR is described further in RFCs 1518 and 1519. RFC 2050, the Internet Registry IP Allocation Guidelines, specifies guidelines for the allocation of IP addresses. The graphic shows an example of CIDR and route summarization. The class C network addresses 192.168.8.0/24 through 192.168.15.0/24 are being used and are being advertised to the HQ router. When the HQ router advertises the networks available, instead of separately advertising the eight class C networks, it can summarize these into one route. By advertising 192.168.8.0/21, the HQ router is saying: I can get to all destination addresses that have the first 21 bits the same as the first 21 bits of the address 192.168.8.0.

Copyright 1999, Cisco Systems, Inc.

Implementing Scalability Features in Your Internetwork 14-11

Connecting to ISPsThis section reviews autonomous systems and BGP as they relate to connecting to Internet Service Providers.

Autonomous SystemsIGPs: RIP, IGRP, OSPF, EIGRP EGPs: BGP

Autonomous System 100

Autonomous System 200

An autonomous system (AS) is a collection of networks under a a single technical administration IGPs operate within an autonomous system EGPs connect different autonomous systems 1999, Cisco Systems, Inc.

www.cisco.com

BSCN14-13

One way to categorize routing protocols is by whether they are interior or exterior:s

Interior gateway protocols (IGPs)Routing protocols used to exchange routing information within an autonomous system. RIP, IGRP, OSPF and EIGRP are examples of IGPs. Exterior gateway protocols (EGPs)used to connect between autonomous systems. Border Gateway Protocol (BGP) is an example of an EGP.

s

BGP version 4, BGP-4, is the latest version of BGP and is defined in RFC 1771. As noted in this RFC, the classic definition of an autonomous system is a set of routers under a single technical administration, using an interior gateway protocol and common metrics to route packets within the AS, and using an exterior gateway protocol to route packets to other ASs. Nowadays, ASs may use more than one IGP, with potentially several sets of metrics. The important characteristic of an AS from the BGP point of view is that the AS appears to other ASs to have a single coherent interior routing plan and presents a consistent picture of what destinations are reachable through it. All parts of the AS must be connected to each other.

14-12 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

BGP CharacteristicsBGP is a distance-vector protocol with enhancements: Reliable updates - BGP runs on top of TCP (port 179) Incremental, triggered updates only Periodic keepalives to verify TCP connectivity Rich metrics (called path vectors or attributes) Designed to scale to huge internetworks

1999, Cisco Systems, Inc.

www.cisco.com

BSCN14-14

BGP is a distance vector protocol, but is has many differences to the likes of RIP. BGP uses TCP as its transport protocol, which provides connection-oriented reliable delivery. In this way, BGP assumes that its communication is reliable and therefore it doesnt have to implement any retransmission or error recovery mechanisms. BGP uses TCP port 179. Two routers speaking BGP form a TCP connection with one another and exchange messages to open and confirm the connection parameters. These two routers are called peer routers or neighbors. Once the connection is made, full routing tables are exchanged. However since the connection is reliable, BGP routers need only send changes (incremental updates) after that. Periodic routing updates are also not required on a reliable link, so triggered updates are used. BGP sends keepalive messages, similar to the hello messages sent by OSPF and EIGRP. BGP routers exchange network reachability information, called path vectors, made up of path attributes, including a list of the full path (of BGP AS numbers) that a route should take in order to reach a destination network. This path information is used in constructing a graph of ASs that is loop free and where routing policies can be applied in order to enforce some restrictions on the routing behavior. The path is loop free because a router running BGP will not accept a routing update that already includes its AS number in the path list, since this would mean that the update has already passed through its AS, and accepting it again would result in a routing loop.

Copyright 1999, Cisco Systems, Inc.

Implementing Scalability Features in Your Internetwork 14-13

BGP Route Selection Decision ProcessConsider only (synchronized) routes with no AS loops and a valid next-hop, then :Prefer highest weight (local to router) Prefer highest local preference (global within AS) Prefer route originated by the local router Prefer shortest AS path Prefer lowest origin code (IGP < EGP < incomplete) Prefer lowest MED (from other AS) Prefer EBGP path over IBGP path Prefer the path through the closest IGP neighbor Prefer the path with the lowest neighbor BGP router id 1999, Cisco Systems, Inc.

www.cisco.com

BSCN14-15

After BGP receives updates about different destinations from different autonomous systems, the protocol decides which path to choose in order to reach a specific destination. BGP will choose only a single path to reach a specific destination. The decision process is based on BGP path attributes. When faced with multiple routes to the same destination, BGP chooses the best route for routing traffic toward the destination. The following process summarizes how BGP on a Cisco router chooses the best route. 1. If the path is internal, synchronization is on and route is not synchronized, do not consider it. 2. If the Next-Hop address of a route is not reachable do not consider it. 3. Prefer the route with the highest Weight. (Recall that the weight is Cisco proprietary and is local to the router only). 4. If multiple routes have the same Weight, prefer the route with the highest Local Preference. (Recall that the local preference is used within an AS). 5. If multiple routes have the same Local Preference, prefer the route that was originated by the local router. 6. If multiple routes have the same Local Preference, or if no route was originated by the local router, prefer the route with the shortest AS path. 7. If the AS path length is the same, prefer the lowest origin code (IGP enable

Step 7

Load the configuration in NVRAM to active memory: Router# copy startup-config running-config (or Router# config memory on older versions of the IOS). Remember that this is a merge, so all interfaces will be shutdown at this point because they were shutdown when the router loaded without a configuration.

B-2 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Step 8

Enable all interfaces that should be enabled: hostname#config term hostname(config)#interface x/y hostname(config-if)#no shutdown

Step 9

Restore the original configuration register value: hostname#config term hostname(config)#config-register 0xvalue (for example hostname(config)#config-register 0x2102)

Step 10 Recover/record lost passwords hostname#show startup-config (or hostname#show config on older versions of the IOS).

Or, change passwords (you must use this method if passwords are encrypted): hostname#config term hostname(config)#enable secret newpassword hostname(config)#enable password newpassword hostname(config)#line con 0 hostname(config-line)#login hostname(config-line)#password newpassword

Step 11 Save your new configuration hostname# copy running-config startup-config (or hostname#write memory on older versions of the IOS).

Copyright 1999, Cisco Systems, Inc.

Router Password Recovery B-3

C

Answers

OverviewThis chapter contains the Answers to Exercises, Review Questions and Lab Exercises.

.

C-2 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Chapter 2 ExercisesAnswers To Written Exercise: Overview of Scalable InternetworksNetwork Problem Connectivity restrictions Key Requirement Accessible but secure Cisco IOS Feature(s)s

Dedicated and switched access technologies BGP support Scalable protocols Dial backup Access lists Scalable protocols Scalable protocols Access lists Compression over WANs Generic Traffic Shaping Access lists (not an end-all solution) Authentication protocols Dial backup Switched access technologies Route summarization Incremental updates Bridging mechanisms

s

Single paths available to all networks

Reliable and available

s s

Too much broadcast traffic

Efficient

s s

Convergence problems with metric limitations Competition for bandwidth

Reliable and available Efficient

s s s s

Illegal access to services on the internetwork

Accessible but secure

s

s

Single WAN links available to each remote site Expensive tariffs on WAN links that do not get much use Very large routing tables

Responsive Efficient

s s

Efficient

s s

Integrate networks using legacy protocols

Adaptable

s

Copyright 1999, Cisco Systems, Inc.

Answers C-3

Chapter 3 ExercisesWritten Exercise: Comparing Distance Vector Routing ProtocolsObjective: Describe the operating characteristics of different distance vector routing protocols. 1. Complete the following table by indicating which protocol(s) demonstrate the characteristic shown in the right-hand column. Indicate your choice(s) in the left-hand column by entering one or more of the following distance vector routing protocols: RIPv1, RIPv2, IGRP, EIGRP Protocol RIPv1, RIPv2 RIPv1, IGRP IGRP RIPv1, RIPv2, IGRP, EIGRP IGRP, EIGRP RIPv1, RIPv2 IGRP, EIGRP RIPv2, EIGRP RIPv1 Characteristic Has a hop count limitation of 15 hops Uses broadcast packets to propagate routing updates Has an administrative distance of 100 Supports split horizon to avoid routing loops Uses a composite metric to determine best path Employs a count to infinity concept to avoid routing loops Can select preferred path based upon bandwidth consideration Supports variable length subnet masks (VLSM) Is supported by all vendors of routing equipment

2. Which of the following statements are true for all distance vector routing protocols? Indicate your selection by placing a T in the blank area in front of each statement. _______ Routing updates contain all routes in the routing table

___T___

Load balancing of equal metric paths in enabled by default

___T___

Automatic route summarization occurs at major network boundaries

_______

Length of the subnet mask is carried in the routing update

_______

Consistency of subnet mask is a network design requirement

C-4 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Written Exercise: Comparing Link State Routing ProtocolsObjective: Describe the operating characteristics of link-state routing protocols 1. Complete the following table by indicating which protocol(s) demonstrate the characteristic shown in the right-hand column. Indicate your choice(s) in the left-hand column by entering one or more of the following distance vector routing protocols: OSPF, IS-IS, EIGRP Protocol OSPF, IS-IS, EIGRP None IS-IS OSPF OSPF, IS-IS OSPF. IS-IS, EIGRP OSPF, EIGRP OSPF, IS-IS, EIGRP OSPF Characteristic Maintains additional tables to assist in rapid convergence Uses broadcast packets to propagate topology updates Has an administrative distance of 115 Supports flooding of updates to avoid routing loops Requires a hierarchical design to operate correctly Allows manual route summarization at any location Can select preferred path based upon bandwidth consideration Supports variable length subnet masks (VLSM) Is supported by all vendors of routing equipment

2. Which of the following statements are true for all link-state routing protocols? Indicate your selection by placing a T in the blank area in front of each statement. ___T___ Routing updates contain only the affected routes in the routing table

___T___

Load balancing of equal metric paths in enabled by default

_______

Automatic route summarization occurs at major network boundaries

___T___

Length of the subnet mask is carried in the routing update

_______

Consistency of subnet mask is a network design requirement

Copyright 1999, Cisco Systems, Inc.

Answers C-5

Chapter 4 ExercisesAnswers To Written Exercise: Calculating VLSMs For 5 LANs with 25 users each, 3 subnet bits and 5 host bits will be needed, yielding a maximum of 8 subnets with 30 hosts each. A prefix of /27 will therefore be used. The available subnets are: 192.168.49.0/27 192.168.49.32/27 192.168.49.64/27 192.168.49.96/27 192.168.49.128/27 192.168.49.160/27 192.168.49.192/27 192.168.49.224/27

For the WAN addresses, one of the above subnets that is not used on the LANs would be further subnetted. A prefix of /30 would be used to allow for 2 host addresses on each WAN. This would leave 3 bits for additional subnetting, giving 8 subnets for the WANs. For example, if we further subnetted 192.168.49.160/27, the available subnets for the WANs are: 192.168.49.160/30 192.168.49.164/30 192.168.49.168/30 192.168.49.172/30 192.168.49.176/30 192.168.49.180/30 192.168.49.184/30 192.168.49.188/30

C-6 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Answers To Written Exercises: Using Route SummarizationExercise 1Router C Route Table Entries 172.16.1.192/28 Routes That Can Be Advertised to Router D from Router C

172.16.1.192/27 Summarizes: 172.16.1.192/28, 172.16.1.208/28

172.16.1.208/28 172.16.1.64/28 172.16.1.64/26 Summarizes: 172.16.1.64/28, 172.16.1.80/28, 172.16.1.96/28, 172.16.1.112/28 172.16.1.80/28 172.16.1.96/28 172.16.1.112/28

Exercise 2:Router H Route Table Entries 172.16.1.48/28 172.16.1.128/28 Routes That Can Be Advertised to Router D from Router H 172.16.1.48/28 172.16.1.128/26 Summarizes: 172.16.1.128/28, 172.16.1.144/28, 172.16.1.160/28, 172.16.1.176/28 172.16.1.144/28 172.16.1.160/28 172.16.1.176/28

Answers to Review Questions1. What are some of the advantages of using a hierarchical IP addressing model? Reduced number of routing table entries Efficient allocation of addresses

2. Given an address with a prefix of /20, how many additional subnets are gained when subnetting with a prefix of /28? 28 = 256 additional subnets are gained

3. When selecting a route, the longest prefix match is used.

Copyright 1999, Cisco Systems, Inc.

Answers C-7

Chapter 5 ExercisesAnswer to Written Exercises: Comparing Routing ProtocolsFirst Written Exercise1 2 3 4 5 Destination address Identify neighbors Discover routes Select routes Maintain routing information

Second Written Exercise1 2 3 4 5 6 7 8 DV (Note: OSPF sends out updates every 30 minutes.) LS DV DV LS LS DV LS

C-8 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Chapter 6 ExercisesAnswer to Written Exercise: OSPF OperationTask: Answer the following questions. 1 List three reasons why OSPF operates better than RIP in a large internetwork. Refer to the list of reasons in the What Is OSPF? section. 2 What does a router do when it receives an LSU? When each router receives the LSU, it does the following: If the entry already exists and the received LSU has the same information, it resets the aging timer on the LSA entry and sends an LSAck to the DR. (Recall that the DR is the central point of contact during the flooding process.) If the entry already exists but the LSU includes new information, it sends a LSR to request all the information about the entry. If the entry already exists but the LSU includes older information, it sends an LSU with its information. 3 Identify when the exchange protocol and the flooding protocol are used, and describe how each operates. The exchange process is used to get neighboring routers into a Full state. To be initiated, two routers must agree on a master-slave relationship. The process enables them to synchronize their link-state databases using DDPs. Once in a Full state the exchange process does not get done again unless the Full state is changed to a different state. The flooding process is used anytime there is a change in a link-state, such as the link goes down or a new link is added to the network. In this process, all link-state changes are sent in LSU packets to the DR/BDR of the area. The DR is then responsible for forwarding the LSUs to all other routers in the network. 4 Write a brief description of the following: Internal routerA router that resides within an area and routes traffic. LSUA link-state update packet. This packet includes update information about link-state advertisements. DDPA database description packet. This packet is used during the exchange protocol and includes summary information about link-state entries. Hello packetUsed during the hello process, includes information that enables routers to establish themselves as neighbors.

Copyright 1999, Cisco Systems, Inc.

Answers C-9

5

Match the term with the statement most closely describing it. Write the letter of the description next to the term. ___D ___B ___A ___C area Full state DR A) The router responsible for route synchronization. B) Indicates routers can route information. C) Indicates routers can discover link state information.

Exchange state D) A collection of routers and networks.

6

Name the two RFC-compliant modes for OSPF over Non-broadcast Multiaccess network:. Non-broadcast Point-to-Multipoint Name the two additional Cisco modes for OSPF over NBMA: Broadcast Point-to-point

C-10 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Chapter 7 ExercisesAnswers To Written Exercise: OSPF Operation across Multiple AreasDefine hierarchical routing and explain what internetwork problems it solves. OSPFs ability to separate a large internetwork into multiple areas is also referred to as hierarchical routing. Hierarchical routing enables you to separate your large internetwork (autonomous system) into smaller internetworks that are called areas. The advantages include smaller routing tables, reduced frequency of SPF calculations, and reduced LSU overhead.

2

An internal router will receive type-5 LSAs if it is what type of area? If it is an area that is NOT configured for stubby or totally stubby.

3

What area types are connected to the backbone area? All area types are connected to the backbone.

4

The backbone must be configured as what area? The backbone area must always be area 0.

5

Write a brief description of the following:

Copyright 1999, Cisco Systems, Inc.

Answers C-11

LSA Type 1

Name Router link entry (record) (O-OSPF)

Description Generated by each router for each area it belongs to. It describes the states of the routers link to the area. These are only flooded within a particular area. The link status and cost are two of the descriptors provided. Generated by DRs in multiaccess networks. They describe the set of routers attached to a particular network. Flooded within the area that contains the network only. Originated by ABRs. Describes the links between the ABR and the internal routers of a local area. These entries are flooded throughout the backbone area to the other ABRs. Type-3 describes routes to networks within the local area that are sent to the backbone area. Type-4 describes routes from the ABR to the ASBR. These link entries are not flooded through totally stubby areas. Originated by the ASBR. Describes routes to destinations external to the autonomous system. Flooded throughout an OSPF autonomous system except for stub and totally stubby areas.

2

Network link entry (O-OSPF)

3 or 4

Summary link entry (IA-OSPF interarea)

5

Autonomous system external link entry (E1-OSPF external type-1) (E2-OSPF external type-2)

6

Describe the path a packet must take in order to get from one area to another. The packet must go through the interarea, through the ABR, through the backbone area, through the next ABR, and then through the internal routers to its final destination.

7

When is a default route injected into an area? When the area is configured for stub or totally stubby.

C-12 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Chapter 8 ExercisesAnswers To Written Exercise: EIGRP Overview1 2 3 4 5 6 7 8 9 D E G B A H A C F

10 A

Copyright 1999, Cisco Systems, Inc.

Answers C-13

Chapter 9 ExercisesAnswers To Written Exercise: BGP Terminology and Operation1. What protocol does BGP us as its transport protocol? What port number does BGP use? BGP uses TCP as its transport protocol; port 179 has been assigned to BGP.

2. Any two routers that have formed a BGP connection are called BGP peers or BGP neighbors. 3. Write a brief description of the following: Internal BGP When BGP is running between routers within one AS it is termed internal BGP (IBGP).

External BGP When BGP is running between routers in different ASs it is termed external BGP (EBGP).

Well-known attributes A well-known attribute is one that all BGP implementations must recognize. Well-known attributes are propagated to BGP neighbors.

Transitive attributes A transitive attribute that is not implemented in a router can be passed to other BGP routers untouched

BGP synchronization The BGP synchronization rule states that a BGP router should not advertise a route to an external neighbor unless that route is local or is learnt from the IGP.

4. For an external update advertised by IBGP, where does the value for the nexthop attribute of an update come from? For an external update advertised by IBGP, the value of the next-hop attribute is carried from the EBGP update.

5. Describe the complication that an NBMA network can cause for the next-hop attribute of an update. When running BGP over a multi-access network, a BGP router will use the appropriate address as the next-hop address, to avoid inserting additional hops into the network. The address used is the router on the multi-access network that advertised the network. On ethernet that router will be accessible to all other routers on the ethernet. On NBMA media all routers on the network may not be accessible to each other, so the nexthop address used may be unreachable.

C-14 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

6. Complete the table to answer the following questions about these BGP attributes: Which order are the attributes preferred in (1, 2 or 3)? For the attribute, is the highest or lowest value preferred? Which other routers if any is the attribute sent to? Attribute Order Preferred in 2 3 1 Highest or Lowest value preferred? highest lowest highest Sent to which other routers? Sent to internal BGP neighbors only Sent to external BGP neighbors only Not sent to any BGP neighbors; local to router only

Local Preference MED Weight

7. How is the BGP Router ID chosen? The BGP Identifier is an IP address assigned to that router and is determined on startup. The BGP router ID is chosen the same way that the OSPF router ID is chosen it is highest active IP address on the router, unless a loopback interface with an IP address exists, in which case it is the highest such loopback IP address.

Answers to Review Questions1. Describe the BGP synchronization rule. What command disables synchronization? BGP synchronization rule: Do not advertise a route to an external neighbor until a matching route has been learnt from an IGP. Use the no synchronization command to disable synchronization.

2. What are the four BGP message types? Open Keepalive Update Notification

3. How does BGP-4 support CIDR? BGP-4 support for CIDR includes: The BGP UPDATE message includes both the prefix and the prefix length; previous versions only included the prefix, the length was assumed from the address class. Addresses can be aggregated when advertised by a BGP router.

Copyright 1999, Cisco Systems, Inc.

Answers C-15

The AS-path attribute can include AS-SEQUENCEs, which are ordered lists, and AS-SETs, which are unordered sets. An ASSEQUENCE is an ordered mathematical set of the ASs that have been traversed. The AS_SET is an unordered set of other ASs, not included in the AS-SEQUENCE, that any of the non-aggregated routes would transverse. The combination of the ASs listed in the both components should be considered to ensure that the route is loop-free.

4. What command is used to activate a BGP session with another router? The neighbor remote-as command is used to activate a BGP session with another router.

5. What command is used to display information about the BGP connections to neighbors? The show ip bgp neighbor command is used to display information about the BGP connections to neighbors.

C-16 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Chapter 10 ExercisesAnswers To Written Exercise: BGP Route Reflectors and Policy Control1. Describe the BGP split horizon rule. The BGP split horizon rule specifies that routes learned via IBGP are never propagated to other IBGP peers.

2. What effect do route reflectors have on the BGP split horizon rule? Route reflectors modify the BGP split horizon rule by allowing the router configured as the route reflector to propagate routes learned by IBGP to other IBGP peers.

3. Write a brief description of the following: Route reflector: A router that is configured to be the router that is allowed to advertise (or reflect) routes that it learnt via IBGP to other IBGP peers.

Route reflector client: A route reflector will have a partial IBGP peering with other routers, which are called clients.

4. Routers configured as route reflectors do not have to be fully meshed with IBGP, true or false? False 5. When a route reflector receives an update from a client, it sends it to all non-client peers and to all client peers.

6. What is the command used to configure a router as a BGP route reflector? The neighbor route-reflector-client command is used to configure the router as a BGP route reflector and configure the specified neighbor as its client.

7. When an extended access-list is used in a distribute-list, what is the meaning of the parameters of the access-list? The syntax of the IP extended access-list is the same as usual, with a source address and wildcard, and a destination address and wildcard. However, the meanings of these parameters are different. The source parameters are used to indicate the address of the network whose updates are to be permitted or denied. The destination parameters are used to indicate the subnet mask of that network. The wildcard parameters indicate, for the network and subnet mask, which bits are relevant. Network/subnet mask bits corresponding to wildcard bits set to 1 are ignored during comparisons, and network/subnet mask bits corresponding to wildcard bits set to 0 are used in comparisons.

8. Describe the advantages of using prefix lists rather than access lists for BGP route filtering. Copyright 1999, Cisco Systems, Inc.

The advantages of using prefix lists include:Answers C-17

A significant performance improvement over access-lists in loading and route lookup of large lists. Support for incremental modifications. Compared to the normal access-list where one no command will erase the whole access-list, a prefix-list can be modified incrementally. More user-friendly command-line interface. The command-line interface for using extended access lists to filter BGP updates is difficult to understand and use. Greater flexibility.

9. In a prefix list, what is the sequence number used for? The sequence number of the prefix-list statement is used to determine the order in which the statements are processed when filtering

10. What command is used to clear the hit count of the prefix list entries? The clear ip prefix-list name [network/len] command resets the hit count shown on prefix-list entries.

Answers to Review Questions1. What is the command used to configure a router to distribute BGP information as specified in an access-list? The neighbor distribute-list command is used to distribute BGP neighbor information as specified in an access list.

2. What is a route reflector cluster? The combination of the route reflector and its clients is called a cluster.

3. Route maps use match commands to test conditions and set commands to modify routes. 4. What is the command used to specify that the BGP communities attribute should be sent to a neighbor? The neighbor send-community command is used to specify that the BGP communities attribute should be sent to a BGP neighbor.

5. When would peer groups be useful? Peer groups are useful to simplify configurations when many neighbors have the same policy. They are also more efficient since updates are generated only once per peer group rather than once for each neighbor.

6. What is BGP multi-homing? Multi-homing is the term used to describe when an AS is connected to more than one ISP. This is usually done for two reasons: To increase the reliability of the connection to the Internet, so that if one connection fails another will still be available. To increase the performance, so that better paths can be used to certain destinations.

7. What command is used to assign a weight to a neighbor connection?C-18 Building Scalable Cisco Networks Copyright 1999, Cisco Systems, Inc.

The neighbor weight command is used to assign a weight to a neighbor connection.

8. What is the preferred method to use to advertise an aggregated route from an AS into BGP? The preferred method to advertise an aggregated route from an AS into BGP is to use the aggregate-address command. With this command as long as a more specific route exists in the BGP table, then the aggregate gets sent. If the aggregating router looses connection to the networks being aggregated, then they disappear from the BGP table and hence the BGP aggregate does not get sent.

Copyright 1999, Cisco Systems, Inc.

Answers C-19

Chapter 11 ExercisesAnswers To Written Exercise: Managing Traffic and AccessAnswers will vary. Task: In the space below, briefly describe each cause of network congestion.

User services

Large volume of traffic at peak times Multiple large file transfers Client/server model overwhelms server with multiple, continuous requests

Router updates

Periodic advertisements Broadcast traffic affects all devices on the segment Exchanging large tables consumes bandwidth

DNS traffic

Broadcast traffic affects all devices on the segment Name server not always local affects multiple segments Name cache entries short-lived lookup must be repeated

Novell SAP broadcasts

Service advertisements are overhead Periodic announcements even if no changes Broadcast traffic affects all devices on the segment

Objective: List solutions for controlling network congestion. Task: List five ways to control network congestion: 1.____Filter user application traffic___

2. ____Filter unnecessary broadcast-based traffic__

3. ____Lengthen periodic announcement interval_____

4. ____Reduce routing update size__

5.____Eliminate need for dynamic learning___ Note: Answers will vary for these exercises.

C-20 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Chapter 12 ExercisesAnswers To Written Exercise: Configuring IP Access Lists Written Exercise: IP Extended Access ListsObjective: Configure IP extended access lists.

,

y ,

w.cc.cm wisoo w

Create an access list and place it in the proper location to satisfy the following requirements:s

Prevents all hosts on subnet 172.16.1.0/24 except host 172.16.1.3 from accessing the Web server on subnet 172.16.4.0 Prevents the outside world from pinging subnet 172.16.4.0 Allows all other hosts on all other subnets of network 172.16.0.0 (subnet mask 255.255.0.0) to send queries to the DNS server on subnet 172.16.4.0 Prevents only host 172.16.3.3 from accessing subnet 172.16.4.0

s s

s

Write your configuration in the space below. Be sure to include the router name (A or B), interface name (E0, E1, or E2), and access list direction (in or out). access-list 104 ip permit host 172.16.3.3 172.16.4.0 0.0.0.255 access-list 104 tcp permit 172.16.1.3 0.0.0.0 172.16.4.4 0 0.0.0 eq 80 access-list 104 tcp deny 172.16.1.0 0.0.0.255 host 172.16.4.4 eq 80 access-list 104 udp permit 172.16.0.0 0.0.255.255 host 172.16.4.4 eq 53 access-list 104 icmp permit 172.16.0.0 0.0.255.255 172.16.4.0 0.0.0.255

interface e2 ip access-group 104 out

Copyright 1999, Cisco Systems, Inc.

Answers C-21

Written Exercise: Alternative to Access ListsObjective: Configure an alternative to using access lists. Write the configuration statement in the box above that sends all traffic bound for 192.168.2.0 to the null interface. ip route 192.168.2.0 255.255.255.0 null0

C-22 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Chapter 13 ExercisesAnswers To Written Exercise: Redistribution and Controlling Routing Update Traffic1 List three reasons why you may use multiple routing protocols in a network. Some reasons why you may need multiple protocols are as follows: When you are migrating from an older IGP to a new IGP, multiple redistribution boundaries may exist until the new protocol has displaced the old protocol completely. Dual existence of protocols is effectively the same as a long-term coexistence design. When you want to use another protocol but need to keep the old protocol due to the needs of host systems. Different departments might not want to upgrade their routers or they might not implement a sufficiently strict filtering policy. In these cases you can protect yourself by terminating the other routing protocol on one of your routers. If you have a mixed router vendor environment, you can use a Ciscospecific protocol in the Cisco portion of the network and then use a common protocol to communicate with non-Cisco devices.

2

What two parameters are used by routers to select the best path when they learn two or more routes to the same destination from different routing protocols? In order for routers to select the best path when they learn two or more routes to the same destination from different routing protocols, Cisco uses two parameters: Administrative distanceAdministrative distance is used to rate the believability of a routing protocol. Each routing protocol is prioritized in order of most to least believable (reliable) using a value called administrative distance. This criterion is the first a router uses to determine which routing protocol to believe if more than one protocol provides route information for the same destination. A routing metricThe metric is a value representing the path between the local router and the destination network. The metric is usually a hop or cost value, depending on the protocol being used.

3

What are the components of the EIGRP routing metric? The components of the EIGRP routing metric are: bandwidth delay reliability Minimum bandwidth of the route in kilobits per second. Route delay in tens of microseconds. Likelihood of successful packet transmission expressed in a number from 0 to 255, where 255 means the route is 100% reliable.Answers C-23

Copyright 1999, Cisco Systems, Inc.

loading

Effective loading of the route expressed in a number from 1 to 255, where 255 means the route is 100% loaded. Maximum transmission unit (MTU)the maximum packet size along the route in bytes, an integer greater than or equal to 1.

mtu

4

Consider that you have a dialup WAN connection between site A and site B. What can you do to prevent excess routing update traffic from crossing the link, but still have the boundary routers know the networks that are at the remote sites? Use static routes, possibly in combination with passive interfaces.

5

What command is used to cause RIP to source a default route? When running RIP, you can create the default route by using the ip default-network command. If the router has a directly connected interface onto the network specified in the ip default-network command, RIP will generate (or source) a default route to its RIP neighbor routers.

6

If there is no filter associated with an interface, what happens to packets destined for that interface? If a filter is not associated with the interface, the packets are processed normally.

7

What command can be used to discover the path that a packet takes through a network? To discover the routes a packet follows when traveling to its destination from a router, use the trace privileged EXEC command.

8

How can a routing loop result in a network that has redundant paths between two routing processes? Depending on how you employ redistribution, routers can send routing information received from one autonomous system back into that same autonomous system. The feedback is similar to the routing loop problem that occurs in distance vector technologies.

Answers To Review Questions1. What is redistribution? Cisco routers allow internetworks using different routing protocols (referred to as autonomous systems) to exchange routing information through a feature called route redistribution. Redistribution is defined as the ability for boundary routers connecting different autonomous systems to exchange and advertise routing information received from one autonomous system to the other autonomous system.

2. What is the default administrative distance for IGRP? For RIP? For OSPF? C-24 Building Scalable Cisco Networks

The default administrative distance for IGRP is 100. The default administrative distance for RIP is 120. The default administrative distance for OSPF is 110.Copyright 1999, Cisco Systems, Inc.

3. When configuring a default metric for redistributed routes, the metric should be set to a value larger than the largest metric within the AS. 4. What command is used for policy-based routing to establish criteria based on the packet length? The match length command can be used to establish criteria based on the packet length, between specified minimum and maximum values.

5. What command is used to configure filtering of the routing update traffic from an interface? What command mode is this command entered in? To assign an access list to filter outgoing routing updates, use the distribute-list access-list-number | name out interface-name command. This command is entered in Router(config-router)# command mode

6. What does the following command do? distance 150 0.0.0.0 255.255.255.255 3 The distance 150 0.0.0.0 255.255.255.255 3 command is used to change the default administrative distance of routes, from specific source addresses, that are permitted by an access-list. The parameters mean: 150 Defines the administrative distance that specified routes will be assigned.

0.0.0.0 255.255.255.255 Defines the source address of the router supplying the routing information, in this case any router. 3 Defines the access-list to be used to filter incoming routing updates to determine which will have their administrative distance changed.

Routes matching access-list 3, from any router, will be assigned an administrative distance of 150. 7. What are the benefits of policy-based routing? The benefits that can be achieved by implementing policy-based routing in the networks include: Source-Based Transit Provider Selection Quality of Service (QoS) Cost Savings Load Sharing

8. Policy-based routing is applied to incoming packets?

Copyright 1999, Cisco Systems, Inc.

Answers C-25

Chapter 14 ExercisesWritten Exercise: Using Scalable Strategies1. Name the two major functions performed by routers. Routers perform both a routing and a switching function.

2. What are the benefits of VLSMs? The benefits of VLSMs include: Even more efficient use of IP addresses Greater capability to use route summarization

3. If the subnet 172.17.2.32/28 was further subnetted with a /30 prefix, how many more subnets would be created? How many hosts would be available on each of these new subnets? The additional 2 subnet bits would create 22 = 4 more subnets. There would be 22 2 = 2 hosts available on each of these subnets.

4. Define the following terms: IGP Interior gateway protocolA routing protocol used to exchange routing information within an autonomous system. RIP, IGRP, OSPF and EIGRP are examples of IGPs. EGPExterior gateway protocolsA routing protocol used to connect between autonomous systems. Border Gateway Protocol (BGP) is an example of an EGP. Autonomous System (AS): BGP Autonomous System A set of routers under a single technical administration, using an interior gateway protocol and common metrics to route packets within the AS, and using an exterior gateway protocol to route packets to other ASs. Another definition of autonomous system internetworks using different routing protocols.

RedistributionThe ability for boundary routers connecting different autonomous systems to exchange and advertise routing information received from one autonomous system to the other autonomous system.

5. Describe some of the characteristics of BGP. BGP is a distance vector protocol, but is has many differences to the likes of RIP: BGP uses TCP as its transport protocol, which provides connectionoriented reliable delivery. In this way, BGP assumes that its communication is reliable and therefore it doesnt have to implement any retransmission or error recovery mechanisms. BGP uses TCP port 179. Two routers speaking BGP form a TCP connection with one another and exchange messages to open and confirm the connection parameters. These two routers are called peer routers or neighbors.Copyright 1999, Cisco Systems, Inc.

C-26 Building Scalable Cisco Networks

Once the connection is made, full routing tables are exchanged. However since the connection is reliable, BGP routers need only send changes (incremental updates) after that. Periodic routing updates are also not required on a reliable link, so triggered updates are used. BGP sends keepalive messages, similar to the hello messages sent by OSPF and EIGRP. BGP routers exchange network reachability information, called path vectors, made up of path attributes, including a list of the full path (of BGP AS numbers) that a route should take in order to reach a destination network. This path information is used in constructing a graph of ASs that is loop free and where routing policies can be applied in order to enforce some restrictions on the routing behavior. The path is loop free because a router running BGP will not accept a routing update that already includes its AS number in the path list, since this would mean that the update has already passed through its AS, and accepting it again would result in a routing loop.

6. Describe some of the ways in which access-lists can be used. Access lists can be used in many ways, including: To permit or deny packets from crossing specified router interfaces. To permit or deny virtual terminal (vty) access to and from a router. To establish a finer granularity of control when differentiating traffic into priority and custom queues. To identify interesting traffic that serves to trigger dialing in dialon-demand routing (DDR). To filter and alter attributes within a routing update.

7. Policy-based routing is applied to incoming packets on an interface.

Answers to Review Questions1. What distinguishes classful routing protocols from classless routing protocols? Classful routing protocol characteristics: Periodic routing advertisements. Subnet masks are not advertised. Exchange routes to all subnetworks within the same network. The receiving device must know the mask associated with any advertised subnets, therefore all of the subnetworks in the major network must have the same routing mask. The subnetwork information from foreign networks (networks whose network portion does not match ours), must be summarized to a classful boundary using a default routing mask prior to inclusion in the routing update. The creation of a classful summary route at major network boundaries is handled automatically by classful routing protocols. Summarization

Copyright 1999, Cisco Systems, Inc.

Answers C-27

at other points within the major network address is not allowed by classful routing protocols. Classless routing protocol characteristics: Once the initial topology learning phase is complete, updates about network routes are triggered by changes in topology. The event-driven approach reduces the periodic bandwidth consumption associated with full table updates. Advertises the subnet mask for each route. The summarization process is manually controlled and can be invoked at any point within the network. Since subnet routes are propagated throughout the routing domain, summarization is required to keep the size of the routing tables at a manageable size.

2. A router has the networks 192.168.160.0/24 through 192.168.175.0/24 in its routing table. How could it summarize these networks into one route? The addresses in binary are: 192.168.160.0/24 11000000 10101000 10100000 00000000 192.168.161.0/24 11000000 10101000 10100001 00000000 192.168.162.0/24 11000000 10101000 10100010 00000000 192.168.163.0/24 11000000 10101000 10100011 00000000 192.168.164.0/24 11000000 10101000 10100100 00000000 192.168.165.0/24 11000000 10101000 10100101 00000000 192.168.166.0/24 11000000 10101000 10100110 00000000 192.168.167.0/24 11000000 10101000 10100111 00000000 192.168.168.0/24 11000000 10101000 10101000 00000000 192.168.169.0/24 11000000 10101000 10101001 00000000 192.168.170.0/24 11000000 10101000 10101010 00000000 192.168.171.0/24 11000000 10101000 10101011 00000000 192.168.172.0/24 11000000 10101000 10101100 00000000 192.168.173.0/24 11000000 10101000 10101101 00000000 192.168.174.0/24 11000000 10101000 10101110 00000000 192.168.175.0/24 11000000 10101000 10101111 00000000 To determine the summary route, the router determines the number of highest-order number of bits that match in all of the addresses. Referring to the list of IP addresses above, 20 bits match in all of the addresses. Therefore the best summary route is 192.168.160.0/20.

3. In the BGP selection process, which attribute is checked first, AS-path, weight, or local preference? In the BGP selection process the weight is the first attribute checked, of the three listed.

C-28 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Appendix A ExercisesExtending IP Addressing Written Exercise: Calculating Subnet Masks1 You need to design an IP network for your organization. Your organizations IP address is 172.16.0.0. Your assessment indicates that the organization needs at least 130 networks of no more than 100 nodes in each network. As a result, you have decided to use a classful subnetting scheme based on the 172.16.0.0/24 scheme. In the space below write any four IP host addresses that are part of the range of subnetwork numbers. Also, write the subnet address and subnet mask for these addresses. One address is provided as an example.172.16.1.1/24 172.16.1.0 255.255.255.0

172.16.2.9/24 172.16.3.11/24 172.16.4.12/24 172.16.255.2/24

172.16.2.0 255.255.255.0 172.16.3.0 255.255.255.0 172.16.4.0 255.255.255.0 172.16.255.0 255.255.255.0

2

Your network has the address 172.16.168.0/21. Write eight IP host addresses in this network: 172.16.168.1 172.16.168.255 172.16.169.1 172.16.175.253 172.16.168.2 172.16.169.0 172.16.169.2 172.16.175.254

3

Write the four IP addresses in the range described by the 192.168.99.16/30 address: 192.168.99.16 192.168.99.17 192.168.99.18 192.168.99.19

4

Of these four host addresses, which two could you use as hosts addresses in a point-to-point connection? 192.168.99.17 and 192.168.99.18

Copyright 1999, Cisco Systems, Inc.

Answers C-29

C-30 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Recommended

View more >