alcatel-lucent scalable ip networks student guide v2.0_downloadable

8/13/2019 Alcatel-Lucent Scalable IP Networks Student Guide v2.0_downloadable

http://slidepdf.com/reader/full/alcatel-lucent-scalable-ip-networks-student-guide-v20downloadable 1/440

Alcatel-Lucent Scalable IP Networks

Module 0 — Introduction to Scalable IP Networks

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e



Module 0 - 3Scalable IP Networks v2.00

Alcatel-Lucent Scalable IP Networks v2.0 Module 0 | 3 A ll ri gh ts re se rv ed © 2 00 8 A lc at el -L uc en t

SRC Program - Courses and Exams

Common Courses and ExamsAcross Certification Tracks

SRA SpecificCourse and Exam

Lab Exam

RECERTIFICATION Certification is valid for three years. You must complete additional exams to keep your certification active.

Recommended Courses

1 Alcatel-Lucent Scalable IP Networks

2 Alcatel-Lucent Interior Routing Protocols and High Availability

3 Alcatel-Lucent Border Gateway Protocol

4 Alcatel-Lucent Multiprotocol Label Switching

5 Alcatel-Lucent Services Architecture

6 Alcatel-Lucent Virtual Private LAN Services

7 Alcatel-Lucent Virtual Private Routed Networks

8 Alcatel-Lucent Quality of Service

9 Alcatel-Lucent Multicast Protocols

10 Alcatel-Lucent Triple Play Services

11 Alcatel-Lucent Advanced Troubleshooting

Pra ct i c a l L a b E x a m s

Alcatel-Lucent Network Routing Specialist II Lab Exam

Alcatel-Lucent Service Routing Architect Lab Exam

The break out of the components for each Alcatel-Lucent SRC Certification is outlined above.

Based on their experience and expertise, students may choose which courses to follow. Courses havesuggested prerequisites. However, a certification can be awarded only to those who pass the written and labexams required for their chosen certification. All exams identified per certification are mandatory. For moreinformation, please see the course outlines and exam overviews at www.alcatel-lucent.com/src

SRC courses range from 3 to 5 days in length. Each course offers extensive lab activities which range from 30to 80% of the course time.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





SRC Program Exam Profile

100, 101, 102, 103,104, 105, 106, 107,

108, 109, 110,NRSII4A0

ASRA4A0Alcatel-Lucent Service RoutingArchitect Lab Exam

100, 101, 103, 104NRSII4A0Alcatel-Lucent Network RoutingSpecialist II Lab Exam

NA4A0-110Alcatel-Lucent AdvancedTroubleshooting

NA4A0-109Alcatel-Lucent Triple Play Services

NA4A0-108Alcatel-Lucent Multicast Protocols

NA4A0-107Alcatel-Lucent Quality of Service

NA4A0-106Alcatel-Lucent Virtual Private RoutedNetworks

NA4A0-105Alcatel-Lucent Virtual Private LANServices

NA4A0-104Alcatel-Lucent Services Architecture

NA4A0-103Alcatel-Lucent Multiprotocol LabelSwitching

NA4A0-102Alcatel-Lucent Border Gateway Protocol

NA4A0-101Alcatel-Lucent Interior RoutingProtocols and High Availability

NA4A0-100Alcatel-Lucent Scalable IP Networks

Exam Pre-requisites(4A0-XXX)

ExamNumberExam Name Written Exams

Delivered by PrometricGlobal provider of testing services5000+ test sites worldwide

Register at:www.prometric.com/alcatel-lucent

Lab ExamsWritten at Alcatel-Lucent sitesNRS II Certification• Half-day lab examSRA Certification• Full-day lab exam

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Credit for Other IP Certifications

Cisco or Juniper certified?

You can receive exemptions fromsome of the SRC exams if you holdany one of the Cisco or Junipercertifications identified

Certifications must be valid toreceive exemptions

Submit your request forexemptions at:http://www.alcatel-lucent.com/srcexemptions

4A0-100Juniper Networks CertifiedInternet Professional(JNCIP-E)

SRC Exam ExemptionJuniper CertificationsE- Series

4A0-100/4A0-101/4A0-102Juniper Networks CertifiedInternet Expert (JNCIE-M)

4A0-100Juniper Networks CertifiedInternet Professional(JNCIP-M)

SRC Exam ExemptionJuniper CertificationsM- Series

4A0-100/4A0-101/4A0-102

Cisco Certified InternetworkExpert (CCIE) – Routing andSwitching and ServiceProvider

4A0-100Cisco Certified InternetworkProfessional (CCIP)

SRC Exam ExemptionCisco Certifications

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Alcatel-Lucent SRC Program – Global Reach

Delivered from nine Alcatel-Lucent locationsglobally:

APACShanghai, China

Sydney, AustraliaMelbourne, Australia

EuropeAntwerp, BelgiumNewport, UKParis, France

North AmericaPlano, USAOttawa, CanadaMexico City, Mexico

Class schedules posted @ www.alcatel-lucent.com/src

Registration online @ www.alcatel-lucent.com/srcreg

Customer on-site classes also available

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Module Overview

Course timeline

Course objectives

Course prerequisitesCourse introduction


This course is part of the Alcatel-Lucent Service Routing Certification (SRC) Program. For more informationon the SRC program, see www.alcatel-lucent.com/src

To locate additional information relating to the topics presented in this manual, refer to the following:

Technical Practices for the specific product

Internet Standards documentation such as protocol standards bodies, RFCs, and IETF drafts

Technical support pages of the Alcatel website located at: http://www.alcatel-lucent.com/support

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Alcatel-Lucent Scalable IP Networks — Timeline

Day 1

Module 0 — Introduction

Module 1 — The Evolution of the InternetModule 2 — Alcatel-Lucent 7750 SR Platforms

Day 2

Module 3 — Introduction to Layer 2

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Alcatel-Lucent Scalable IP Networks — Timeline

Day 3

Module 4 — Layer 3 and IP Services

Module 5 — IP Routing Protocol Basics

Day 4

Module 6 —Transport Layer Protocols

Module 7 — Tunneling and Services

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e




Alcatel-Lucent Scalable IP Networks v2.0 Module 0 | 1 0 A ll ri gh ts re se rv ed © 2 00 8 A lc at el -L uc en t

Alcatel-Lucent Scalable IP Networks — Objectives

After the successful completion of this course, you should befamiliar with:

OSI protocol suite

Key functions of the Ethernet protocol

Key functions of an IP network

IP address classes, IP subnet masking, and IP supernetting

Configuration of IP addresses and subnet masks on routerinterfaces

Static and dynamic routing

IGP and EGP and the differences between the routingprotocols

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Alcatel-Lucent Scalable IP Networks — Objectives (continued)

After the successful completion of this course, you shouldunderstand:

The basic operation and configuration of OSPF

The basic operation of BGPv4

TCP and UDP as transport protocols

The purpose and benefits of MPLS

How MPLS tunnels are used to support VPN services

The various services offered on the 7750 SR including VPWS,VPLS, and VPRN services

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Alcatel-Lucent Scalable IP Networks —Goal

Provide the participants with the basic knowledge of IPnetworking, its application, and its implementation in an Alcatel-Lucent environment.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Prerequisites and Follow-On Courses

Suggested prerequisites

There is no prerequisite for this course, however, familiarity withbinary arithmetic is an asset

Suggested follow-on courses

Based on the material covered in this course, it is recommendedthat, after the successful completion of this course that you enrolin the Alcatel-Lucent Interior Routing Protocols & High Availabilitycourse

Certification exam

To ensure full comprehension of the material covered in thiscourse, it is recommended that the student register for and takethe Alcatel-Lucent Scalable IP Networks exam following completionof this course

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Alcatel-Lucent Scalable IP Networks — Overview

IP technology has experienced phenomenal growth overthe last decade. This technology has become a part of everyfacet of our lives. This 4-day course introduces the Layer 2 andLayer 3 technologies that are used in the networking world.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Graphical Symbols and Icons

DASA Type IP Data

10.1.1.1

Generic router

Table

Packet (showing detail)

Network Cloud

System or loopbackInterface

Data plane(dotted blue)

Control plane(dashed red)

Physical link(solid black)

Provider Edge

Customer site 1

Switch

Customer site 2Server

Workstation

Flow or lookupUser

1

These typical graphical symbols and icons are used throughout this course.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Administration

RegistrationFacility information

RestroomsCommunications(Set cell phones and pagers to silent mode.)MaterialsScheduleIntroductions

Name and companyExperienceExpectations

Questions

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e



www.alcatel-lucent.com

3HE-02767-AAAA-WBZZA Edition 02

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Module 1 – The Evolution of the Internet

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e




Alcatel-Lucent Scalable IP Networks v2.00 Module 1 | 2 A ll r ig ht s r es er ved © 20 08 Alca te l- Lu cent

Module Overview

How the Internet Began

Components of the Internet

How the Internet Works – TCP/IP Layering

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e




The Evolution of the Internet

Section 1 – How the Internet Began

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





How the Internet Began

The Development of the Internet

ARPANET

TCP/IP

Traffic on the Internet todayA l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





The Development of the Internet

Before the Internet

Early computing devices consisted of large systems for dataprocessing

Proprietary networking architectures and protocols were used

Network infrastructure was extended with similar components

General interest in cross-platform connectivity was non-existent

Interworking between research organizations

Driven by Advanced Research Projects Agency (ARPA) Departmentof Defense (DoD)

Need of users in different organizations to share information

Reliability required for typical network component failure

Advanced Research Projects Agency Network (ARPANET)

Before the Internet

In the early days of commercial computing, the late 1960s, most companies purchased one largecomputer system for all of their data processing needs. These systems used proprietary networkingarchitectures and protocols, consisting primarily of plugging dumb terminals or line printers into anintelligent communications controller. Each of these devices used proprietary networking protocols tocommunicate with the central host.

These computer systems used proprietary design, products, protocols, and services to interconnect.

Companies expanded their existing networks by purchasing more of the same type of equipment.

Cross-platform connectivity did not exist and was not expected.

Interworking between organizations

Interworking between vendors first occurred when the US Military realized that different sites aroundthe country could not connect with each other because they all ran proprietary systems and protocols.

Without cross-platform support, effective communication or resource sharing between sites was notpossible. This could become critical in the event of a national disaster, or more commonly, equipmentfailure where the inability to transfer resources or to backup information could leave that informationunprotected.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Significance of ARPANET

Initial ARPANET consisted of:

Interface message processors(IMP)

Host computers connected toIMP via serial line

Host-to-host protocol calledNetwork Control Protocol (NCP)

Another network calledALOHANET funded by ARPA

Other packet switchednetworks developed in Europe

In 1972, INWG decided toconnect all of these networks

Cross-organizational communications

The project to enable cross-organizational communications was initiated by ARPA of the DoD. Thepriority for this project was vendor-independent networking. As a result, the world’s first packetswitched network, ARPANET, was conceived.

ARPANET was initially deployed between four sites (Stanford University, University of California atSanta Barbara, University of California at Los Angeles, and University of Utah). It was designed withreliability in mind and consisted of redundant packet switches, links, and a dynamic routing protocol.

In 1969, ARPA funded an experimental packet radio network at the University of Hawaii. This network,ALOHANET was directed by Professor Norman Abramson, and connected sites that were spreadthroughout the Hawaiian islands to a central time-sharing computer on the University of Hawaii campus.

ALOHANET users could connect to the ARPANET. However, this access through the terminal interfaceprocessor (TIP) meant that, from the ARPANET perspective, ALOHANET was just a terminal connection.

Dr. Robert Kahn, one of the BBN IMP researchers who was instrumental in developing the IMP-to-hostprotocol, architecting the ARPANET, and improving its reliability, organized an event to demonstrateARPANET. During this event, a new working group called the International Network Working Group(INWG), was organized. One of the tasks that INWG undertook was to connect ARPANET and ALOHANETto some of the new packet switching European networks to create a Giant Global network. Kahn begana lengthy series of discussions with Vint Cerf, the INWG chairman, to find a solution.

Their model was an internetworking of the ARPANET with a packet radio network and a satellitenetwork (SATNET)—each of which used different protocols and different interfaces, and were optimizedfor each particular network's needs.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





The Challenge of ARPANET

Challenges

ARPANET was designed for a very high degree of reliability,

and NCP depended upon this level of reliabilityAddressing

Each network had its own maximum packet sizes

Solution

Kahn developed a new host-to-host protocol with globaladdressing

In 1973, TCP was developed as a protocol to connect thesenetworks

Challenges

Packet radio and satellite links could not guarantee the same kind of reliability that was designed intoARPANET.

NCP only supported local addressing to the next hop node. It did not provide the addressing plan thatwas required for a global network such as the Internet.

Each network supported its own maximum packet size. When a packet traveled from one network to

the next it may have needed to be broken into a number of smaller packets to traverse the nextnetwork.

Solution

The development of a new host-to-host protocol that supported global addressing, the ability to recoverlost packets, perform fragmentation and reassembly, calculate end-to-end checksums, and providehost-to-host flow control.

The first version of this new protocol was presented by Kahn and Cerf at a meeting of the INWG atSussex University in the United Kingdom in September 1973. It was called the Transmission ControlProtocol (TCP).

In 1978, TCP evolved to become TCP/IP.

TCP/IP

The introduction and wide-scale deployment of TCP/IP represented a major shift in computer networking.Prior to TCP/IP, most network topologies required hardware-based network nodes to send traffic to a centralhost for processing with the central host delivering the data to the destination node on behalf of the sender.With the introduction of TCP/IP, each network device was treated as a fully functional, self-aware networkendpoint, capable of communicating with any other device directly without using a central host.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





The Birth of the Internet

From military to research-based networkTCP/IP grew in popularity after it was offered with the UNIX OS

ARPANET was replaced by NSFNETIn 1990, commercial agencies and other general purposecompanies required networking, giving rise to Internetservice providers (ISPs)

From research to commercial-based networkNFSNET was replaced by commercial ISPs in the mid-1990sProtocols associated with the Internet and TCP/IP weredeveloped through the RFC processINWG evolved into IETF as the standards organization forInternet-related protocols

In 1980, the U.S. military adopted TCP/IP as a networking standard. A "flag day" transition from NCP toTCP/IP that took place on January 1, 1983, marks the beginning of the Internet and the beginning ofthe end for the ARPANET.

By 1985, the ARPANET was heavily utilized and burdened with congestion. In response, the NationalScience Foundation initiated phase 1 for the development of the National Science Foundation network(NSFNET).

The NSFNET used a hierarchical network architecture from its inception in 1986 and was moredistributed than the ARPANET. The bottom tier consisted of University campuses and researchinstitutions. These were connected to the middle tier (the regional networks). The regional networkswere then connected into the main backbone network (the highest tier), consisting of links between sixnationally funded supercomputers.

As late as the early 1990s, the NSFNET was still reserved for research and education applications, andgovernment agency backbones were reserved for mission-oriented purposes. These networks and otheremerging networks were feeling new pressures as different agencies needed to interconnect with oneanother.

There was increasing commercial and general interest in obtaining network access and interconnectivitywhich gave rise to an entire industry of network service providers, also known as internet serviceproviders. Networks outside the U.S. developed with international connections between them. As thevarious new and existing entities pursued their goals, the complexity of connections and infrastructuregrew.

(….continued on slide 9)

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





The Birth of the Internet

From military to research-based networkTCP/IP grew in popularity after it was offered with the UNIX OS

ARPANET was replaced by NSFNETIn 1990, commercial agencies and other general purposecompanies required networking, giving rise to Internetservice providers (ISPs)

From research to commercial-based networkNFSNET was replaced by commercial ISPs in the mid-1990sProtocols associated with the Internet and TCP/IP weredeveloped through the RFC processINWG evolved into IETF as the standards organization forInternet-related protocols

(….continued from slide 8)

The INWG managed the development of Internet and TCP/IP related protocols. From its very beginning,anyone was allowed to participate in the process merely by generating ideas for protocols to use onthese emerging networks. These original documents were known then, as they are today, as RequestsFor Comments (RFCs). While today's RFCs are more formal and build on a rich and storied tradition ofprevious RFCs, they are still the major driving force for innovation of new protocols and features.

The INWG evolved over the years into the IETF which is now the standards body for IP and relatedprotocols. The IETF does not and has never had an official charter. It still operates as an openorganization where anyone representing research or commercial interests can contribute and improvethe existing internet protocols. IETF working groups enable individual contributors to meet, present,and review their work with every one else through the RFC process.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e




Alcatel-Lucent Scalable IP Networks v2.00 Module 1 | 1 0 A ll r ig ht s r es er ved © 2 0 08 Alca te l- Lu cent

Traffic on the Internet Today

Credit: Donna Cox and Robert Patterson, courtesy of the National Center for Supercomputing Applications (NCSA) and the Board of Trustees of the University of Illinois

NSFNET traffic in theearly 90s

The modern Internet today

The modern Internet evolved from the NSF-based Internet where, instead of research and governmentinstitutions providing a common backbone, any commercial enterprise or industry participates in generating orpropagating traffic that is generated by other enterprises. The common goal is to provide access to theInternet hosts, and provide an abundance of information housed by various organizations.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Components of the Internet

The Internet Defined

Roles and Functions

Service Provider TiersConnections

Modern ISP Services

ISP with POPs

IP Addressing

TCP/IP

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





The Internet Defined

Simple Definition

The Internet is built with computers that are connected by wires. Eachwire serves as a way to exchange information between the twocomputers that are connected.

Practical Definition

The Internet consists of many distributed network architectures thatare operated by many commercial organizations (ISPs) connected viamajor network exchange points as well as direct networkinterconnections [Internet Routing Architectures, 2nd Edition, SamHalibi], all using the IP.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Service Provider Tiers

Tier 1 service providers serve primarily as transit providersFor example – AT &T, Global Crossing, Level 3

Tier 2 service providers provide transit for some networksand receive transit service from Tier 1 service providers toconnect to other parts of the Internet

For example - Bell Canada, Sprint

Tier 3 service providers can provide reselling services forvarious Tier 2 services to their customers

IXPs enable Tier 1, 2, and 3 service providers to exchangeInternet data

Tier 1 Service Providers

In this context of Tier 1, service provider and network are interchangeable.

By definition, a Tier 1 network does not purchase information transit from any other network to reachany other portion of the Internet.

Therefore, in order to be a Tier 1 network, a network must peer with every other Tier 1 network.

A new network cannot become a Tier 1 network without the explicit approval of every other Tier 1network, because any network's refusal to peer with it prevents the new network from being considereda Tier 1 network.


Tier 2 service providers purchase transit services from one or more Tier 1 service providers.


Tier 3 service providers are smaller than Tier 2 services providers and require a Tier 2 or Tier 1 serviceprovider for transiting to parts of the Internet.

Internet Exchange Points

IXPs enable information exchange at local points, which avoids needing to traverse or backhaul trafficthrough major points in order to reach the Internet.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Enterprise-to-enterprise Connections

Enterprises can connect between their regional offices through the Tier 2 and Tier 1 ISPs. For example, anenterprise in one region can connect to a local Tier 2 ISP, or one office can connect to a Tier 2 ISP in anotherregion.

Using the same Internet backbone as shown in the previous slide, enterprise companies in two differentlocations that are connected to two different local ISPs can communicate with each other. Enterprise servicescan include, for example, video conferencing, electronic whiteboard presentations.

Often, ISP A is connected to both residential (home) subscribers and enterprise organizations.One major difference between enterprise and residential subcribers is their resource requirements. The needsof an enterprise are typically more resource intensive than those of a residential home subscriber. Therefore,local ISPs typically reserve more bandwidth for their enterprise customers depending upon their service levelagreements.

Another major difference between the enterprises and residential subscribers is the addressing plan.Enterprises can have their own publically allocated addressing space whereas residential subscribers typicallyborrow addressing from their local ISP.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Modern ISP Services

ISP Services

Residential and enterprise

Service Level Agreements

Contractual obligation to ensure traffic guarantees

Demarcation Points

Provides a clear separation between the customer networkand the service provider network

Separation of the service provider and customerresponsibilities

ISP Services

Traditionally ISPs provided dial-up Internet access using phone lines (28.8 to 56 kb/s). This wasupgraded to high-speed Internet access which provided 2 to 3 or 5 to 7 Mb/s. Along with Internetaccess, modern ISPs can also be content providers or can peer with several content providers to providetheir users with a variety of services, mainly voice, video, and data applications. To compete with thetraditional cable and satellite providers and Telecom providers, modern ISPs bundle the major services(voice, data, and video) into what is referred to as a triple play package. In contrast, some of the cableproviders and satellite providers now offer Internet services to compete with the Telecom providersand other ISPs.

Cost reduction is one major motivation for bundling services that were traditionally offered asindividual services. Another motivation is to offer customized services with varying price points. Forexample, an ISP may offer end users three packages - a basic service, a premium service, and an eliteservice. The package with higher service utilization costs more than the package that offers a basicservice. The basic package may offer a 10 Mb/s combined voice, Internet, and basic video services; thepremium package may offer 20 Mb/s voice service and Internet and basic video services; and the elitepackage may offer 40 Mb/s voice, very high speed Internet, and high definition video services.

(…continued on slide 19)

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Modern ISP Services

ISP Services

Residential and enterprise


Contractual obligation to ensure traffic guarantees

Demarcation Points

Clear separation between the customer network and serviceprovider network

Separation of the service provider and customerresponsibilities

(…continued from slide 18)


A service level agreement is a contractual agreement between an ISP and its customers that definestraffic flow guarantees and may include penalties when traffic is not delivered in compliance with theservice level agreement.

In addition to residential customer traffic needs, ISPs typically provide the business traffic needs forenterprises. A medium to large enterprise that requires the ISP’s geographical presence to connect toits offices or to other enterprise organizations will have traffic requirements for bandwidth and timelydelivery that are well beyond that of the home user. The enterprise may require additional servicesfrom an ISP such as web hosting, and services for intersite connectivity. Typically, the traffic thattravels through the ISP’s network is critical to the daily operations of the enterprise. The delivery ofthis type of traffic is usually guaranteed by the ISP with a service level agreement.

Demarcation Points

Demarcation points provide separation between the service provider and the customer. Thedemarcation point is the point where the service provider's responsibility ends and the customer'sresponsibility begins.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





ISP with POPs and IXPs

With an IXP at the city level, traffic between various ISPs and content providers can be handled within thesame city. For example, in the slide, ISP A POP and ISP B POP in Ottawa can communicate with each otherlocally through Ottawa’s IXP.

If a content provider is connected to the IXP in a local city, the traffic between the ISP POPs and the contentprovider is localized. Without the local IXP, the traffic between ISPs may need to be carried to another citywith an IXP before the traffic arrives at the destination ISP in the original city. For example, if there is nolocal IXP in Ottawa, traffic from ISP A in Ottawa may travel to Toronto before returning to communicate withISP B in Ottawa.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





IP Addressing

Some of the IPaddress allocationsmanaged by RIR(Regional InternetRegistry )

ARIN96/8 to 99/8,204/8 to 209/8

APNIC114/8to 126/8

AfriNIC41/8,196/8

RIPENCC77/8 to 95/8

LACNIC186/8, 187/8,189/8, 190/8

For the Internet to operate, the components need a common method of communication and commonaddressing of all of the physical components. Internet protocol (IP) provides this common method ofcommunication and common addressing.

Every device that connects to the Internet, or that communicates with another computer on the Internet has aunique IP address.

An example of an IP address is 138.120.105.45. These addresses are distributed and controlled by the Internet

Assigned Numbers Authority (IANA).

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





TCP/IP

A network protocol is a standardized method ofcommunicating between computers; for example: TCP

TCP is a layered protocol with distinct functionsA layer in a protocol stack receives services from the lowerlayers and provides services to the upper layers

The advantages of standard layering are:

Simplifies complex procedures into a structure that is easierto understand

Modularizes protocol functionality and hides changes in thelower layers from the upper layers

Layering of information can be compared with the regular postal service where there are several distinctfunctions:

Creating the letter

Placing the letter in an envelope, and writing the sender’s and recipient’s address

Choosing the type of delivery for the letter (same day service, same week and so on)

Placing the appropriate stamp on the letter to pay for the service

Physically sending the letter via carriers; for example, by truck or airplane

After the sender writes the letter, all of the functions listed above are relevant to transporting the letter tothe appropriate destination. At the destination, the letter is received by the recipient, and depending uponthe transport service, an acknowledgement may be sent to the sender confirming the receipt of the letter.The letter can then be removed from the envelope and its contents read.

The layering of information on the Internet occurs in a similar fashion. The objective of this data transfer is tointer-network with different computer systems. The applications need to send data to and receive data fromother applications on different hosts/systems. In doing so, the application composes the data and requests alayering stack to transport the information.

Each layer of the protocol stack adds the pertinent information for that layer to the existing data.

As the data is sent from the sender to the receiver, the data passes through several other systems. Thesesystems only check the information that is relevant to the layers in which they have an interest. The systemsuse this information to assist in transmitting the data to the appropriate destination.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e




The Evolution of the Internet

Section 3 - How the Internet Works – TCP/IP Layering

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





TCP/IP Layers - Overview

The network protocol suite defines the protocols and technologies that support the interconnection of adiverse array of hardware and systems to support the operation of a wide range of applications over thenetwork. Anyone who has used an Internet application, such as a web browser or e-mail can appreciate thecomplexity of the systems that are required to support these applications.

The layering of protocols simplifies this complex problem by dividing the protocol into a number of simplerfunctions. Each layer performs a specific function that contributes to the overall functioning of the network.

The TCP/IP suite, also known as the Internet protocol suite, contains four layers of technology.The application services layer provides all of the services that are available to users of the Internet.

The two intermediate layers (transport and Internet protocol) provide a common set of services thatare available to all of the Internet applications and operate on the Internet hardware infrastructure.

The network interfaces layer includes all of the hardware that comprises the physical infrastructure ofthe Internet.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





TCP/IP Layers - Characteristics

User interface to the networkUser applications

E-mail, Telnet, FTP, WWW

Application interface to IP LayerReliable/unreliable transfers

Unique network addressing scheme toidentify hostsRouting protocols for path determinationEnd-to-end forwarding of datagrams

Physical transfer of dataATM, Ethernet, frame relay

The application services layer is where the user interfaces with the network. This layer applies only tonetwork applications, such as e-mail, Telnet, FTP, and WWW. Without network connectivity, theseapplications would be useless. Applications such as word processors and database programs are not considerednetwork applications because they do not require network connectivity.

The transport layer is the application’s interface to the network. The transport protocol provides amechanism for an application to communicate with another application that resides on another device in thenetwork. In the TCP/IP suite, there are two transport protocols: TCP and user datagram protocol (UDP). TCP isa connection-oriented protocol that provides an ordered and reliable transfer of data over the network. UDP isa connectionless protocol that supports the transfer of a single datagram across the network with no deliveryguarantee. UDP is simpler than TCP and operates with less overhead than TCP. Most Internet applications, suchas HTTP (web-browsing), e-mail, Telnet, and file transfer protocol (FTP), use TCP for data transfer because itprovides a reliable transfer service. Some applications, such as domain name system (DNS) and simple networkmanagement protocol (SNMP), use UDP because they only require a simple datagram transfer. Otherapplications, such as reliable transfer protocol (RTP), use UDP to avoid the overhead of TCP and because thereis no benefit in the retransmission of lost packets for the applications that use RTP.

The Internet protocol layer provides a common addressing plan for all of the hosts on the Internet as well as asimple, unreliable datagram transfer service between these hosts. IP is the common glue that defines theInternet. IP also defines the way a datagram (or packet) is routed to its final destination. In an IP network,packet forwarding across the network is handled by routers. IP routers examine the destination address of adatagram and determine which router is the next hop that will provide the best route to the destination(known as hop-by-hop routing). Routers communicate with each other using dynamic routing protocols toexchange information about the networks to which they are connected. The protocols allow routers to makeforwarding decisions for the datagrams that they receive.

The network interface layer comprises the hardware that supports the physical interconnection of all of thenetwork devices. The technologies of the network interface layer are often defined as multiple layers. Thecommon trait of all technologies of this layer is that they can forward IP datagrams. There are many differenttechnologies that operate at this layer, some of which are very complex. Some of the protocols commonly usedat this layer include ATM, frame relay, point-to-point protocol (PPP), and Ethernet. However, many otherprotocols are used; some of the protocols are open standards and some are proprietary. The diversity of thenetwork interfaces layer demonstrates one of the benefits of protocol layering. As new transmissiontechnologies are developed, it is not necessary to change the upper layers in order to incorporate thesetechnologies in the network. The only requirement is that the new technology be able to support theforwarding of IP datagrams.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Encapsulation

Encapsulation is the inclusion of one data format in anotherdata format in order to hide the former data format

In the context of TCP/IP, encapsulation is the mechanism bywhich the TCP/IP stack adds layered information to theapplication-generated data

TCP/IP includes four types of encapsulationApplication encapsulationTransport encapsulationIP encapsulationData link encapsulation

The application generates the data, which is handed to the transport layer. The transport layer (TCP or UDPlayer) adds its overhead to the data, thereby hiding the original data. The data now is part of the transportlayer and identified by the transport header. Similarly, once the transport data is received by the lower IPlayer, the IP layer adds its overhead. At this point, the packet is referred to as an IP packet, thereby hidingthe transport layer overhead and the application data. Finally, the IP layer needs the data link layer toperform the physical transmission of the IP packet. The data link layer adds its own overhead to the IP packetand then transmits the data to the next hop in the network.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Application Encapsulation

When a network application needs to communicate with another application across the network, theapplication must first prepare its data in the specific format defined by the protocol to be used by thereceiving application. A specific protocol is used so that the receiving application will know how to interpretthe received data.

For an e-mail message, there are two parts: the message header and the body. The message header containsthe sender’s and receiver’s addresses, as well as other information such as the urgency of the message and thenature of the message body. The format of the header and the nature of the addresses is defined by theapplication protocol. An e-mail message protocol is Simple Message Transfer Protocol (SMTP).

In addition to defining the format of the message, the protocol also specifies how the applications areexpected to interact with each other, including the exchange of commands and the expected responses.

The application uses the services of the transport layer to transfer the application’s data.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Transport Encapsulation

The transport layer provides a service to transfer data between applications across a network. Two transportprotocols are used on the Internet: TCP and UDP. To exchange e-mail across the Internet, an e-mailapplication uses SMTP. SMTP uses TCP to accomplish the transfer. TCP provides a reliable transfer service toensure that all of the data is properly transferred. UDP provides a simple, unreliable datagram deliveryservice, which is similar to IP.

TCP treats all application data as a simple byte stream, including both the message header and the messagebody. TCP accepts the application’s data and breaks the data into segments for transmission across thenetwork as required. To accomplish this reliable transfer, TCP packages the application data with a TCPheader. On the receiving end of the connection, TCP removes the TCP header and reconstructs the applicationdata stream exactly as the data was received from the application on the sender’s side of the network.

The TCP and UDP headers carry source and destination addresses that identify the sending and recipientapplications because a single host system may support multiple applications. These addresses are known asport numbers. The TCP units of data are known as segments; UDP data is called a datagram.

To transmit its segments of data across the network, TCP uses the services of the IP layer.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





IP Encapsulation

The IP layer provides a common addressing scheme across the network as well as a simple, unreliabledatagram forwarding service between nodes in the network.

Data from the transport layer is packaged in IP datagrams for transfer over the network. Each datagram travelsindependently across the network. The intermediate routers forward the datagram on a hop-by-hop basisbased on the destination address.

Each datagram contains source and destination addresses that identify the end nodes in the network. Every

node in an IP network is expected to have a unique IP address.IP uses the services of the underlying network interfaces to perform the physical transfer of data.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Data Link Encapsulation

The data link layer is the term for the network interfaces that are used by IP to physically transmit the dataacross the network. The units of data transmitted at the data link layer are usually known as frames. IPdatagrams must always be encapsulated in some type of data link frame for transmission.

A typical data link frame contains a header, usually with an address. The frame may also contain a trailer witha checksum to verify the integrity of the transmitted data. There are many types of technologies used asnetwork interfaces by IP. Each type of technology has its own specific format and rules of operation. Thecommon characteristic is that all of these technologies can carry IP datagrams.

Most protocols at this layer also use some form of addressing. The address is specific to the data link protocoland identifies the endpoints of the data exchange. For example, the slide shows the address of an Ethernetframe. Some point-to-point protocols such as PPP may not use addresses when there is only one possibledestination for the data.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





End-to-end Frame Transfer

This slide shows how data is transferred from a source PC to a destination server across the Internet.

An application running on the source PC generates the data to be transmitted to the server. The applicationdoes not need to be concerned with the details of the transmission and only passes the data to the TCP layerof the TCP/IP protocol stack included in the PC operating system.

The TCP layer encapsulates the application data within a TCP header and passes the data to the IP layer. TCPis also not concerned about the details of the transmission and relies on the IP layer to handle the end-to-endrouting of the data across the network. However, TCP does make sure that the data is transmitted reliably

across the network.The IP layer encapsulates the data within an IP header and makes a decision about where the data should betransmitted to reach the destination server. Since IP uses hop-by-hop routing, it is only concerned with findingthe next hop towards the destination. In an IP network, the hops are between IP routers and from the sourcePC, the next hop is usually the default gateway. The source PC transmits the data to the default gatewaywhich then decides which router is the next hop towards the destination and then transmits the data to thatrouter. The IP datagram travels from router to router across the Internet, until it reaches the destinationserver.

However, the IP layer does not physically handle the transmission of the data. The transmission of databetween routers is performed by the network interface or by the data link layer. IP passes its data (includingthe IP header) to the data link layer, which then encapsulates it in a data link frame for transmission to thenext router. The data link from the source PC may be an Ethernet network; therefore, the IP datagram travelsto the next router in an Ethernet frame. The physical connection between that router and the next router maybe an ATM network; therefore, the IP datagram will travel in an ATM frame to the next IP router. If the nexthop is a different data link technology from the technology of the previous hop, the IP datagram will travel inthe appropriate frame used by that technology. This continues hop by hop until the IP packet reaches thedestination server.

Because IP provides end-to-end forwarding across the network, the IP datagram is created at the source PC,including the IP header, the TCP header, and the application header. The IP datagram then travels intactacross the IP network, although it is encapsulated in a different data link frame at each hop (each IP router).When the IP datagram reaches the destination system, the data is extracted by the TCP/IP protocol stack onthat system and the data is provided to the application.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





OSI Model Overview

The open systems interconnection (OSI) reference model represents an alternative method to TCP/IP fororganizing how networks communicate with each other so that all hardware and software vendors have anagreed-upon framework to develop networking technologies. With this model, the International Organizationfor Standardization (ISO) intended to:

Simplify complex procedures by separating them into simpler, discrete layers

Allow network equipment from different vendors to interoperate

Support a modular plug-and-play functionalityProvide an alternative method to TCP/IP to organize

The OSI model is represented by the seven layers, as shown in the slide. These layers may be grouped into twomain areas: upper and lower layers.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Development of the OSI Model

Early 1970s — Canepa and Bachman at Honeywell InformationSystems worked to develop a mechanism to distribute databases

March 1978 – 7-layer model created by Bachman and Canepa wasthe only model submitted to the ISO

Late 1970s — Specific standards developed by ISO and CCITT

1983 — The ISO and CCITT documents merged into the BasicReference Model for Open Systems Interconnection

1984 — The merged document was published by both ISO andCCITT, with CCITT being renamed ITU-T (ISO 7498 and ITU-T X.200)

Early 1990s - Some OSI protocols (for example, X.500 and CLNS)competed with TCP/IP, but growth of the Internet caused IP to beadopted.

The OSI reference model was developed at the end of the 1970s, but the development of actual protocols tosupport the reference model was slow. By the early 1990s, a number of OSI protocols (for example, TP0-4,CLNS, CONS, X.400, and X.500) had been specified and commercial implementations were attempted.However, the success of TCP/IP and the weaknesses of the OSI led to the adoption of TCP/IP forinternetworking.

The OSI was designed as an open standard to replace the strictly proprietary networking technologies thatwere in use in the 1970s (IBM’s SNA was dominant, but many others were also in use). However, TCP/IPapplications and implementations grew much more rapidly than the OSI, and by 2000, OSI was essentiallyreplaced by TCP/IP.

The OSI reference model is widely used to describe the layering of network protocols, and much networkingterminology derives from the OSI protocol suite. A few remnants of OSI are still in use; for example, LDAP,which is a derivation and simplification of X.500, and IS-IS, which was designed as an OSI routing protocol andwas adapted to TCP/IP networks.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Module Summary

After the successful completion of this module, you should beable to:

Describe the evolution of the InternetDescribe the components of the Internet

Describe how the Internet worksA l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Learning Assessment – The Evolution of the Internet

Outline the events that led to the development of theInternet

Describe the significance of ARPANETList the problems with having different protocols

Describe the solution to the problem of different protocols

Describe how the Internet evolved from a military-basednetwork to a research-based network

Describe how the Internet evolved from a research-basednetwork to a commercial-based network

Describe the importance of the IETF

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Learning Assessment - How the Internet Works

List and describe the characteristics of the TCP/IP layers

Describe how the TCP/IP layers work together

Describe the OSI ModelDiscuss the development of the OSI Model

Discuss the similarities between the TCI/IP and OSI models ofprotocol A

l c a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e



Alcatel-Lucent Scalable IP Networks v2.00 Module 1 | 4 2 A ll r ig ht s re se rv ed © 2 00 8 Alca te l- Lu cent



A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e




Module 2 —7550 SR and 7450 ESS Components and CLI

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e




Alcatel-Lucent Scalable IP Networks v2.00 Module 2 | 2 A ll ri gh ts re se rv ed © 2 0 08 A lcat el -Lucen t

Module Overview

7750 SR and 7450 ESS Products

7750 SR Components

Boot ProcessCLI Commands

Basic Router ConfigurationA l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e



7750 SR and 7450 ESS Components and CLI

Section 1 — 7750 SR and 7450 ESS Products

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





7750 SR Family

Three chassis options – 1, 7, and 12 slots

Carrier-class reliability combined with highdensity in a small footprint

System capacities scalable from 20 Gb/s to200 Gb/s

Modular design for the SR-7 andSR-12– removable IOM, SF/CPM, and MDAs

Common operating system

Slot

MDA

SR-12

1

2

1 2 3 4 5 A B 6 7 8 9 10 SR-7MDA

Slot 1

2

3

4

5

A

B

1 2

MDA

A1

SR-1 1 2

The 7750 SR-12 is the largest 7750 SR and has 12 front-access card slots. Two card slots are dedicated forredundant common equipment. Each slot holds one Switch Fabric/Control Processor Module (SF/CPM). Onlyone SF/CPM is required for operation. A second SF/CPM provides complete redundancy of the fabric and thecontrol processors. There are two switch fabric options: 200 Gb/s and 400 Gb/s full-duplex throughput.When two 7750 SR SF/CPMs are installed, the traffic load is shared across the switch fabrics.Two 200 Gb/s/400 Gb/s fabrics provide 400 Gb/s/800Gb/s of non-redundant full-duplex throughout or200 Gb/s/400 Gb/s of fully redundant, full-duplex throughput. The remaining 10 slots are used forInput/Output Module (IOM) base boards. The backplane supports 40 Gb/s full-duplex throughput to eachIOM slot.The 7750 SR-7 chassis is a fully redundant system and has seven front-access slots. Two card slots arededicated for redundant common equipment, each of which holds one SF/CPM. The remaining five slots areused for IOM base boards.The 7750 SR-1 has the management, switch fabric and one IOM base board integrated into the chassis. The7750 SR-1 has an integrated switching system with 20 Gb/s full-duplex throughput and can accommodatetwo Media Dependent Adapters (MDAs) for physical interfaces. The 7750 SR-1 is a small form factor switchfor installations that need the many 7750 SR service capabilities but with less interface and protocol scalingrequirements.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





7450 ESS Family

Integrated switch fabric/control, IOM, andpower

20 Gb/s full-duplexsystem capacity

Two 10 Gb/s MDAs

Over-subscription of some MDAs available

Power redundancy

7 slots (5 IOM, 2 SF/CPM)100 Gb/s full-duplex system capacity200 Gb/s switch fabric/controlFabric/control redundancyFive 20 Gb/s IOMsTen 10 Gb/s MDAsOver-subscription of some MDAs availablePower redundancy

MDA

Slot 1

2

3

4

5

A

B

1 2ESS-7ESS-1

The 7450 ESS-1 has the management, switch fabric and one IOM base board integrated into the chassis. The7450 ESS-1 has an integrated switching system with 20 Gb/s full-duplex throughput and can accommodatetwo MDAs for physical interfaces.The 7450 ESS-7 chassis is a fully redundant system and has seven front-access slots. Two card slots arededicated for redundant common equipment, each of which holds one SF/CPM. The remaining five slots areused for IOM base boards. The total switching capacity for the 7450 ESS-7 of 100 Gb/s is limited by the IOMcapacity despite the switching fabric supporting up to 200 Gb/s.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





7450 ESS Family (continued)

6 slots (4 IOM, 2 SF/CPM)

80 Gb/s full-duplex system capacity

80 Gb/s switch fabric/control

Fabric/control redundancy

Four 10 or 20 Gb/s IOMs


Power redundancy

12 slots (10 IOM, 2 SF/CPM)

400 Gb/s full-duplex system capacity

400 Gb/s switch fabric/control

Fabric/control redundancy

Ten 20 or 40 Gb/s IOMs


Power redundancy

ESS-6 ESS-12

The 7450 ESS-6 is a fully redundant system with a lower switching capacity than the 7450 ESS-7 making itavailable at a lower cost. Functionally it supports all of the features of the 7450 ESS-7.The 7450 ESS-12 is the largest 7450 ESS and has 12 front-access card slots. Two card slots are dedicated forredundant common equipment. Each slot holds one SF/CPM. Only one SF/CPM is required for operation. Asecond SF/CPM provides complete redundancy of the fabric and the control processors. There are twoswitch fabric options: 200 Gb/s and 400 Gb/s full-duplex throughput.When two 7450 ESS SF/CPMs are installed, the traffic load is shared across the switch fabrics. Two200 Gb/s/400 Gb/s fabrics provide 400 Gb/s/800 Gb/s of non-redundant full-duplex throughput or200 Gb/s/400 Gb/s of fully redundant, full-duplex throughput. The remaining 10 slots are used for IOM baseboards. The backplane supports 40 Gb/s full-duplex throughput to each IOM slot.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





7450 ESS Features

Supports industry-standard routing protocolsOSPF, IS-IS, RIPIPV6

Supports MPLS and LDP with service capabilitiesVLLVPLS

Carrier grade with high availabilityNSR, NSF, GR Helper

Designed for Ethernet aggregation in metro

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e




Alcatel-Lucent Scalable IP Networks v2.00 Module 2 | 1 0 A ll r ig ht s re se rv ed © 2 0 08 A lcat el -Lucen t

Comparison Between 7450 ESS and 7750 SR

MDA

Redundancy

Pwr/Control

Platforms

Purpose

Type

Ethernet, ATM, POS, andDS3/OC3 are channelizedEthernet and POS

SR-7 and SR-12ESS-6, ESS-7, and ESS-12

SR-1, SR-7, and SR-12ESS-1, ESS-6, ESS-7, and ESS-12

Supports Ethernet, ATM, framerelay, and VPRN services

Primarily designed to supportEthernet aggregation services

7750 SR 7450 ESS

The 7750 SR and 7450 ESS share the same robust service management, troubleshooting, and billingfeatures.The 7450 ESS is based on the same technology foundation as the 7750 SR, but there are some keydifferences between the two products, as summarized in the slide.The MDAs, IOMs, and fabric modules are not interchangeable between the two products. They havedifferent chassis, modules, MDAs, part numbers and list prices; and distinct roadmaps.

The 7450 ESS has a separate software load from the 7750 SR. The 7450 ESS capabilities are focused onenabling the delivery of metro Ethernet services only. The 7450 ESS does not support Layer 3 services suchas MPLS/BGP VPNs. The 7450 ESS does not contain key functionality and scalability attributes that arerequired in an edge router, for example BGP-4.The 7450 ESS does not have an upgrade path to the 7750 SR or to a PE router.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e




Alcatel-Lucent Scalable IP Networks v2.00 Module 2 | 11 A ll r ig ht s re se rv ed © 2 0 08 A lcat el -Lucen t

7450 ESS and 7750 SR Control Plane vs Data Plane

Data plane operation

The data plane operation occurs after the control plane has built the forwarding information and stored thedata in the IOM.

1. Data from the remote network/customer site ingresses through the MDAs, where the data isformatted (internal format).

2. The data is then processed in the I/O module where the decision to switch occurs (Layer 2/Layer 3

forwarding information lookup)3. The data packets are sent to the switch fabric.4. The switch fabric then forwards the data to the appropriate IOM.5. The IOM sends the data to the appropriate MDA.

Control plane operation

Control messages ingress the 7750 SR and 7450 ESS in a way that is similar to the data packets, except thatthe control messages are processed further by the control plane.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





7750 SR Components

7750 SR SF/CPM Cards

7750 SR IOMs, MDAs, and SFPs

Ingressing the RouterEgressing the Router

Compact FlashA l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





7750 SR SF/CPM Cards

Redundant SF/CPMssupported on

SR-7 and SR-12

The SF/CPM module is an integrated module that functions as a switching fabric and as a system controller.Like the IOMs, the SF/CPM is built using common functionality blocks. The switching planes containswitching elements that are composed of fast ASICs, and the system controller contains two flexible fast-path complexes. The ASICs are responsible for the system’s control plane processing and for running thevarious routing and signaling protocols. The system controller also manages the shared input/outputresources, which includes management Ethernet ports, serial ports, status LEDs, compact flash socketscapable of accepting compact flash or disk modules, system clocks, temperature monitors, fan controls,

and so on.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





7750 SR IOMs, MDAs, and SFPs

SFP optics

IOMs and MDAs arehot-swappable

2 MDAs per IOM

10 IOMs per SR-12

5 IOMs per SR-7

IOMs

IOMs are hot-swappable modules that connect to standard physical interfaces. IOMs contain two 10 Gb/straffic-processing programmable fast path complexes. Each complex supports a pluggable MDA that allows acommon programmable fast path to support all of the possible interface types. Each IOM also contains aCPU section to manage the forwarding hardware in each flexible fast path.The term hot-swappable refers to the ability to remove and replace an IOM from a live system without theneed to shut down.

MDAs

MDAs provide one or more physical interfaces, such as Ethernet, ATM, or SONET/SDH. MDAs pass incomingframes to the IOM for processing, and transmit outgoing frames to the appropriate physical interface in thecorrect format.

SFP interfaces

SFPs transceivers are small optical modules that are available in a variety of formats.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Ingressing the Router

Data that enters the router (ingressing) goes through the MDA. The MDA converts the received physicalformat of the data into an internal format and provides minimal buffering.The data is then sent to the flexible fast path complex (one for each MDA) where the following occurs:

Quality of service is applied to classify and treat packets differently including buffering.Access control lists are applied in real time to discard packets that are not needed.Forwarding destination is determined, (that is, the destination IOM/MDA/port).

If the data received is a user data packet, the data is forwarded to the switch fabric.If the data received is a protocol control data, the control data is forwarded to the control plane.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Compact Flash

Each control/switch processor on a 7750 SR or 7450 ESS canhave 3 compact flashes, CF1:, CF2:, CF3:

Flash size can be 256 Mb, 512 Mb, 1 Gb and 2 Gb

By default, the system startup checks for the boot.ldr file inCF3

CF3 can store the runtime image, that is, the runningconfiguration

Requires a shutdown of the compact flash before you removethe compact flash

Compact flash 1 and 2 can be used to store debug andaccounting logs

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e



7x50 SR/ESS Components and CLI

Section 3 — Boot Process

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Boot Process Overview

Basic Boot Components

Software Release Media

System InitializationBoot Options File

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Basic Boot Components

Uses a BOF to configure the system

BOF is stored in the compact flash CF3

Other components required for startupBoot loaderBOF configuration fileTiMOS-m.n.Y.Z software image fileDefault config file

Basic operating system

The 7750 SR and 7450 ESS use a Boot Option File (BOF) to configure the system. Each new system is shippedwith a Compact Flash (CF) card that contains the files required to start the system. The system files thatare required to initialize the system are stored on CF3.The CF3 card contains the following directories and files located from the root directory:boot.ldr - This file contains the system bootstrap image.

bof.cfg - This file is user configurable and contains information such as:Management port IP addressLocation of the image files (that is, primary, secondary, and tertiary)Location of the configuration files (that is, primary, secondary, and tertiary)

TiMOS-m.n.Y.Z - This directory is named according to the major and minor software release, type ofrelease and version. For example, if the software release is Version 1.2 of a released software version, thedirectory name would be: TiMOS 1.2.R.0.On a 7750 SR-7 or SR-12, this directory contains two files, cpm.tim and iom.tim, for the SF/CPM and IOMcards respectively. Because the SR-1 has an integrated fabric/control and I/O, there is only one file,both.tim.config.cfg - This default configuration file is very basic and provides just enough information to make thesystem operational. You can create other configuration files and point the system to them using the bof.cfgfile.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Software Release Media

The image file is the software that is used to run on the 7750 SR and the 7450 ESS. This software isdeveloped by the development team and is tagged with a release number. The software contains all of thefeatures that are required to configure and run protocols on the 7750 SR and the 7450 ESS.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





System Initialization

The configuration file includes the chassis, IOM, MDA, port, system, routing, and service configurations.Persistence

You can configure the BOF to turn persistence On or Off (default is Off). Persistence is required when theeither the 7750 SR or the 7450 ESS is managed by the 5620 SAM. When persistence is on, the 7750 SR or the7450 ESS creates an index file with the same file prefix name as the current configuration file. The indexfile contains variable index information (that is, interface indexes, LSP IDs, path IDs, and so on). The indexfile is built dynamically by the 7750 SR or the 7450 ESS operating system and does not contain theconfiguration information that is entered by the users. The index file is saved whenever the systemconfiguration file is saved.The index file ensures that the 5620 SAM has the same index data as the 7750 SR or the 7450 ESS node aftera system reboot. If a 7750 SR or the 7450 ESS reboots and the indexes stored on the 5620 SAM do not matchthe node indexes, a complete resynchronization between the node and the 5620 SAM occurs automatically.This can be a very time consuming and processor-intensive operation.If a node reboots with persistence turned on, it must locate the persistence index file and successfullyprocess it before processing the system configuration file.If the index file cannot be processed, the system performs an SNMP shutdown (Get and Set functionality isdisabled), however, traps continue to be generated. The system generates traps, log messages, and consolemessages to advise the user about the problem. The system does not require a shutdown of the SNMP to

reactivate full SNMP functionality.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Boot Options File

For the 7750 SR and the 7450 ESS

Stores parameters that specify the location of the imagefilename that the router will try to boot from and theconfiguration file that the router uses to configure theapplications and interfaces

The most basic BOF configuration should contain thefollowing:

Primary addressPrimary image locationPrimary configuration location

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e



7750 SR and 7450 ESS Components and CLI

Section 4 — CLI Commands

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





CLI Commands Overview

CLI Overview

CLI File System

CLI PromptsCommand Completion

CLI Context

CLI Tree Structure

CLI Navigation

CLI Commands

Finding Help

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





CLI Overview

The 7750 SR Command Line Interface (CLI) is a command-driveninterface that is accessible through the console, Telnet, and SSH

The CLI is used to configure and manage 7750 SR

The CLI command structure is a hierarchical inverted tree

The highest level is root

Navigation down the hierarchy tree is performed by typing thenames of submenus

Global commands can be used anywhere in the hierarchy

See the 775 0 SR OS Syst em Gui de for detailedinformation about the CLI commands and navigation.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





CLI File System

DOS-based

Used to store software images,configuration files, and eventlogsFile commands can be used tocreate, copy, move, deletefiles and directories

Rootf ile a ttrib

cdcopydeleted irmdmoverdscptypeversion

NOTE: All of the commands are case-sensitive.

delete Deletes the specified file. The optional wildcard (*) can be used to delete multiple files thatshare a common partial prefix and/or partial suffix.

move Moves a local file, system file, or a directory. If the target exists, the command fails and anerror message displays.

scp Copies a file from the local files system to a remote host on the network. The command usesSSH for the data transfer, and uses the same authentication and provides the same security asSSH.

type Displays the contents of a text fileversion Displays the version of a 7750 SR OS cpm.tim or iom.tim file

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





CLI Prompt Examples

To configure OSPF

To create a router interface

Host name SR1 Context separator

At the end of the prompt, there is either a pound symbol (#) or a dollar symbol ($).A # symbol indicates that the context is an existing context.A $ symbol indicates that the context is newly created.

SR1>config>router>ospf#

SR1>config# router interface TorontoSR1>config>router>if$ address 131.131.131.1/30

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Command Completion

Command completion can be performed by one of the following:

Abbreviation, if the keystrokes entered are uniqueSR1>config>router>os [ENTER]

SR1>config>router>ospf#

Tab key or space key to automatically complete the commandSR1>config>router>os [TAB]

SR1>config>router>ospf

SR1>config>router>os [SPACEBAR]

SR1>config>router>ospf

If a match is not unique, the CLI displays possible matchesSR1>config# ro [TAB]

router router-ipv6

SR1>config# router

The system maintains a history of previously entered commands. The history command displays the last 30commands that were entered.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





CLI Navigation

When you enter a CLI command, you move from one command level toanother command level

When you start a CLI session, you start in the root context

Navigate to another level by entering the name of successively lowercontexts. For example, enter the configure or show commands at the rootlevel to navigate to the config or show context, respectively

Other navigation methods include:

Move down the hierarchy by entering the level;for example, config

Move up one level in the hierarchy by entering back at the commandprompt

Move several levels down in the hierarchy by entering multiple contextsseparated by spaces; for example: #config router ospf

To move up in the hierarchy, enter the command node name; sometimes a parameter must be provided.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Console Control Commands

<Ctrl-c> Terminates the pending command

<Ctrl-z> Terminates the pending command line and returns to the root context. This is a specialkeyboard sequence that is the same as pressing the Enter key and entering exit all toreturn the user to the root context

back Navigates the user to the parent context

echo Echoes the text that is typed; primarily to display messages within an exec file

exec Executes the contents of a text file as if they were CLI commands entered at theconsole

exit Returns the user to the previous higher context

exit all Moves the user to the root context

help Displays a brief description of the help system

? Lists all commands in the current context

history Displays a list of the most recently entered commands, which is similar to history inUNIX shell environments

info Displays the running configuration for a configuration context

Console control commands are used to navigate in a CLI session and to display information about a consolesession. Many of these commands, such as back, exit, info, and tree, are global commands which meansthat the commands can be executed at any level of the CLI hierarchy.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





CLI Configuration Maintenance Commands

The shutdown command can be used to disable protocolsand interfaces

The no form of any command may have one of the followingresults:

The removal of the object from the configuration (that is, noospf)Reset to default settings (that is, config>ospf>area>interface>nohello-interval)

The shutdown command does not change, reset, or remove any configuration settings or statistics.Many objects must be shut down before they can be deleted. A shutdown is saved in theconfiguration file. All ports are shut down, by default, when the system is first powered on.To restore the settings after a no command, you must reconfigure the router and reboot from aconfiguration file that has the correct configuration, or perform an exec command on aconfiguration file that contains the correct settings. You can use an exec command to process aconfiguration file and restore the configuration that is stored in the file.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





CLI Environment Commands

alias Allows the substitution of a command line by an alias

create Allows the create parameter check

more Configures whether CLI output should be displayed onescreen at a time, waiting for user input to continue

reduced-prompt Configures the number of higher-level CLI context levelsto display in the CLI prompt

terminal Configures the number of lines to display for the currentCLI session. The default is 24 lines

time-display Specifies whether time should be displayed in local orUTC format

CLI environment commands are used to customize session preferences for a CLI session.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Finding Help

Help Displays a brief description of the help system

? Lists all commands in the current context

s t r ing ? Lists all commands available in the current context that start with string

command ? Displays the command’s syntax and associated keywords

command keyword ? Lists the associated arguments for keyword in command

string <Tab>

string <Space> Completes a partial command name (auto-completion) or lists availablecommands that match string

Help Edit Displays help about editing (editing keystrokes)Lists the available editing keystrokes

Help Globals Displays help about global commandsLists the available global commands

The tree and tree detail system commands are help commands that are useful when you search for acommand in a lower-level context.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Basic Router Configuration Overview

Physical Access

Provisioning Cards, MDAs, and Ports

Initial System SetupBasic System Management Configuration

BOF Parameters

Show Card

Show MDA

Logs

Configuring Logs

Displaying Configuration Information

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Physical Access

In-band customer-facingaccess ports and networkports are located in MDAs

OOB-CPM ManagementEthernet Port

CPM Console Port

SF/CPM (Switch Fabric/Control Processor Module) card common to the 7750 SR-7 and SR-12

The 7750 SR can be accessed in three ways:In-band ports — Access ports and network ports on MDAsConsole port — A DB-9 serial port, which is enabled by default. The default settings are:

Baud Rate: 115 200Data Bits: 8Parity: NoneStop Bits: 1Flow Control: None

CPM Ethernet port — A 10/100 Ethernet management port

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Provisioning Cards, MDAs, and Ports

Slot

MDA

7750 SR-12

1

2

1 2 3 4 5 A B 6 7 8 9 10

7750 SR-7MDA

Slot 1

2

34

5

A

B

1 2

MDA

A1

7750 SR-1 1 2

The 7750 SR allows you to provision slots, IOMs, MDAs, and ports before or after they are physicallyinstalled.You can also optionally specify the line cards that can be installed in a slot and the MDAs that can beinstalled in an IOM. A line card or MDA will not initialize unless the installed type matches the allowedtype.Provision the 7750 SR hardware in the following sequence:

1. Choose a chassis slot and provision the IOM type for the slot.2. Choose an MDA slot and specify the MDA type for the slot.3. Choose a port and configure the port.

IOMs, MDAs, and ports must be enabled with a no shutdown command.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Initial System Setup

The following steps are typically used to configure a system fromstartup:

Log in to the 7750 SR or 7450 ESS using console input

Configure the system name and change the admin user passwordConfigure the CPM Ethernet management IP addressConfigure additional BOF parametersConfigure IOM cardsConfigure MDA cardsView alarmsConfigure the system addressConfigure logs if requiredView the entire running configuration

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Basic System Management Configuration

Some basic configuration on the 7750 SR is usually required before you place the router in service:System nameAdmin passwordCPM Ethernet management port IP addressIOMs, MDAs, and ports

System Name - Any ASCII printable string up to 32 characters. The system name is configured in the config

CLI context. If the name contains spaces, the name must be enclosed in quotation marks to delimit thestart and end of the name. The system name becomes part of the CLI prompt.Passwords - The default login and password is admin. This password should be changed before your routeris placed in service.The system automatically creates at least one admin user (the default) and must retain at least one adminuser unless you are using an external protocol, such as RADIUS or TACACS+, to provide authentication.You can configure the following password parameters:Aging — The maximum number of days (1 to 500) that a password remains valid before the user mustchange the password. The default is no aging enforced.Attempts — The number of unsuccessful login attempts that are allowed in a specified time period. If theconfigured threshold is exceeded, the user is locked out for a specified time. In the following example, auser is locked out for 10 minutes if 4 unsuccessful login attempts occur in a 10-minute period.

Count: 4Time (minutes): 10Lockout (minutes): 10

Authentication Order — You can configure the sequence in which password authentication is attempted forthe RADIUS, TACACS +, and local methods.Complexity — You can specify whether passwords must contain uppercase and lowercase characters,special characters, and numerical values.Minimum Length — You can specify the minimum number of characters (1 to 8) required for a password.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





BOF Parameters

BootOption

File

BootOption

File

7750 SR uses the BOF to perform the following tasks:

1) Set up the CPM Ethernet port (speed, duplex, auto)2) Create an IP address for the CPM Ethernet port3) Create a static route for the CPM Ethernet port4) Configure the console port speed5) Configure the DNS domain name6) Configure the primary, secondary, tertiary configuration

source7) Configure the primary, secondary, tertiary image source8) Configure the persistence requirements

Always be sure to savethe BOF!

The slide contains the parameters that you can configure in the BOF. The configuration of the BOF isperformed in the BOF CLI context.

Sample BOF commands are:

SR-1# bof Change or create a BOFSR-1>bof# address 10.10.10.2/24 primary Change or create a CPM port IP address from the

console)SR-1>bof# speed 100 Configure the CPM Ethernet port speed to 100 Mb/sSR-1>bof# primary-image cf3:/TIMOS.1.0.R0 Configure the primary image directorySR-1>bof# primary-config cf3:/test.cfg Configure the primary configuration file to test.cfgSR-1>bof# save Save the BOF

Show commands

SR-1>show bof Display the in-memory BOF that was last used

NOTE: Changes made to the bof.cfg file are not kept unless they are explicitly saved using the "bof save"command.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Show Card

A: sr 1a# show card 1

==========================================================================Car d 1==========================================================================Sl ot Pr ovi si oned Equi pped Admi n Oper at i onal

Card- t ype Card- t ype Stat e Stat e- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -1 i om- 20g- b i om- 20g- b up up==========================================================================

A: sr 1a# show card 1

==========================================================================Car d 1==========================================================================Sl ot Pr ovi si oned Equi pped Admi n Oper at i onal

Card- t ype Card- t ype Stat e Stat e- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -1 i om- 20g- b i om- 20g- b up up==========================================================================

This slide shows the output of a show card command. The output indicates that the card slot is configuredto support all IOMs. The columns list the card that the slot is configured to accept and the card that isinstalled in the slot. The two entries must match. Also, the administrative and operational states shouldboth be up.

IOM configuration example:

SR1# configure card 1SR1>config>card# card-type iom-20gSR1>config>card# no shutdown

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Show MDA

A: sr 1a# show mda

==========================================================================MDA Summar y==========================================================================Sl ot Mda Pr ovi si oned Equi pped Admi nOper ati onal

Mda- t ype Mda-t ype St at e St at e- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -1 1 m5- 1gb- sf p- b m5- 1gb- sf p- b up up

2 m16- oc3- sf p m16- oc3- sf p up up==========================================================================

A: sr 1a# show mda

==========================================================================MDA Summar y==========================================================================Sl ot Mda Pr ovi si oned Equi pped Admi nOper ati onal

Mda- t ype Mda-t ype St at e St at e- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -1 1 m5- 1gb- sf p- b m5- 1gb- sf p- b up up

2 m16- oc3- sf p m16- oc3- sf p up up==========================================================================

This slide shows the output of a show mda command. The output lists the card slot that is referenced, inthis case card 1, and the MDAs that are supported by the IOM in card slot 1. In this case, all MDAs aresupported.The next column lists the IOM slot that is configured to accept the MDA, the MDA that is installed in the IOMMDA slot, and the status of the MDA.

MDA configuration example:SR1>config>card# mda 1SR1>config>card>mda# mda-type m60-10/100eth-txSR1>config>card>mda# no shutdown

Port configuration example:SR1# configure port 1/1/1SR1>config>port# no shutdown

Note — The port default is shutdown

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Logs

Record events, alarms, and faults that result from actions performed onthe 7750 SR and the 7450 ESSCan be used to record debug messages for troubleshooting

Log sourcesMain - most normal logs not specifically directed to any other event stream

Security - any attempt to breach system security such as failed login attempts

Debug - events generated when debug tracing is on

Change - any events that change the configuration or operation of the node

Log destinationsConsole, session

Memory, file

SYSLOG server

SNMP trap group

Logs

The 7450 ESS and 7750 SR keep very extensive logs of events, alarms, traps, and debug/trace messages. Thelogs are used to monitor events and troubleshoot faults in the 7450 ESS or the 7750 SR. You can configurethe type of logging information that is captured and where to send the captured logging information.Log sources

Applications and processes in the 7450 ESS or the 7750 SR generate event logs. The logs are divided into

four streams – main, security, debug trace, and change. Forwarded events are placed into an event log.Each event log has a log identification (log-id) number and can contain events from more than one eventstream.Log destinations

You can configure the destination for the contents of a log-id. A log-id can be directed to one of thefollowing destinations:

Console – the physical 9-pin console port of the 7450 ESS or the 7750 SRSession – a console or Telnet session. Sessions are temporary log destinations that are valid only forthe duration of the session.Memory – a circular buffer where the oldest entry is overwritten when the buffer is fullFile – event logs and accounting policy information can be directed to a file

Syslog – event log information can be sent to a syslog serverSNMP trap group – event log information can be sent to an SNMP trap group. All events and traps aretime-stamped and numbered per destination. Traps are numbered sequentially per destination andstored in memory. If the network management system (NMS) is offline, the system may not receivesome trap notifications. When the NMS is back online, the system will automatically recognizewhether some trap notifications were missed because the last sequence number will not match thesequence number in the 7450 ESS or the 7750 SR. The NMS will then update its records with themissing traps. If the in-memory notification log is full and some records are overwritten, the NMSwill resynchronize with the 7450 ESS or the 7750 SR.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Configuring Logs

This slide shows the capture of events and the subsequent logging of the events.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





CLI for Configuring Logs

A:PE1>config# log filter

- filter <filter-id>

- no filter <filter-id>

<filter-id> : [1..1001]

[no] default-action - Specify the default action for the event filter

[no] description - Description string for the event filter

[no] entry + Configure an event filter entry

A:PE1>config# log filter 14

A:PE1>config>log>filter$ description “critical filter"

A:PE1>config>log>filter$ default-action forward

A:PE1>config>log>filter$ entry 1

A:PE1>config>log>filter>entry$ action forward

A:PE1>config>log>filter>entry# match severity eq critical

A:PE1>config>log>filter>entry# exit all

A:PE1>config# log filter

- filter <filter-id>

- no filter <filter-id>

<filter-id> : [1..1001]

[no] default-action - Specify the default action for the event filter

[no] description - Description string for the event filter

[no] entry + Configure an event filter entry

A:PE1>config# log filter 14

A:PE1>config>log>filter$ description “critical filter"

A:PE1>config>log>filter$ default-action forward

A:PE1>config>log>filter$ entry 1

A:PE1>config>log>filter>entry$ action forward

A:PE1>config>log>filter>entry# match severity eq critical

A:PE1>config>log>filter>entry# exit all

Steps to configure a log

1. Configure a log ID with a number from 1 to 98.2. Identify the source.3. Specify an optional filter to filter events if required.4. Identify the destination.5. Examine the logs to view the events.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





CLI for Configuring Logs (continued)

A:PE1>config>log# log-id 14

A:PE1>config>log>log-id# from main

A:PE1>config>log>log-id# to session

A:PE1>config>log>log-id# filter 14

A:PE1>config>log>log-id# info detail

----------------------------------------------

no description

filter 14

time-format utc

from main

to session

no shutdown

----------------------------------------------

A:PE1>config>log>log-id#

A:PE1>config>log# log-id 14

A:PE1>config>log>log-id# from main

A:PE1>config>log>log-id# to session

A:PE1>config>log>log-id# filter 14

A:PE1>config>log>log-id# info detail

----------------------------------------------

no description

filter 14

time-format utc

from main

to session

no shutdown

----------------------------------------------

A:PE1>config>log>log-id#

General log commands:

show log applicationsshow log event-controlshow log file-idshow log filter-idshow log log-collectorshow log log-idshow log snmp-trap-groupshow log syslog

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Default Alarm Logs

There are two default and one special use log.Log 99 – All severity levels of alarmsLog 100 – Only critical errors

Log 98 (special use) – Created by SAM managed nodesTo view the logs, use the following commands:

show log log-id 99show log log-id 100

More granular information in the two log files can be displayed byusing:

show log log-id 99 subject 1/1/1 – port specificshow log log-id 99 application chassis – chassis-related alarmsAdditional commands exist for displaying alarm information

Only store about 500 of the latest entries. If more entries are required,specific alarm logs need to be created

Showing Layer 1 and Layer 2 alarms

The 7750 SR and the 7450 ESS have two default memory logs (log-id 99 and log-id 100) that contain all ofthe events from the main application. All severity levels of alarms are recorded in log-id 99; log-id 100 onlycontains serious errors.There are several ways to view the alarms of a specific subject, such as alarms related to a particular port.One method is to create a log that only monitors the specific subject.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Displaying Configuration Information

The info command provides an informational displayduring configuration without the need to use the showconfig command

A: Trai ni ng1>conf i g>r out er # i nt er f ace Tor ont oA: Trai ni ng1>conf i g>r out er >i f # info

----------------------------------------------

addr ess 131. 131. 131. 1/ 30

port 1/ 1/ 1

----------------------------------------------

You can view more details by using the detailed versionof the info command: info detail

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Admin display-config

A:acie_sr1a# admin display-config# TiMOS-B-4.0.R9 both/hops ALCATEL SR 7750 Copyright (c) 2000-2007 Alcatel-Lucent.# All rights reserved. All use subject to applicable license agreements.# Built on Tue Dec 19 15:56:05 PST 2006 by builder in /rel4.0/b1/R9/panos/main

# Generated FRI DEC 22 16:00:41 2006 UTC

exit allconfigure#--------------------------------------------------echo "System Configuration"#--------------------------------------------------

system name "acie_sr1a"snmp

shutdownexitlogin-control

Press any key to continue (Q o quit)

A:acie_sr1a# admin display-config# TiMOS-B-4.0.R9 both/hops ALCATEL SR 7750 Copyright (c) 2000-2007 Alcatel-Lucent.# All rights reserved. All use subject to applicable license agreements.# Built on Tue Dec 19 15:56:05 PST 2006 by builder in /rel4.0/b1/R9/panos/main

# Generated FRI DEC 22 16:00:41 2006 UTC

exit allconfigure#--------------------------------------------------echo "System Configuration"#--------------------------------------------------

system name "acie_sr1a"snmp

shutdownexitlogin-control

Press any key to continue (Q o quit)

This slide shows a partial output of the admin display-config command. The first portion of the outputdisplays the current version of the operating system that is running on the router. The router then outputsthe entire configuration of the router, down to the port level. This command can display a large number ofpages on a fully configured router.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Module Summary

After successful completion of this module, you should be ableto:

Describe the 7750 SR and 7450 ESS

Describe the 7750 SR Components

Understand the boot process

Use the CLI commands

Configure a basic router using the CLI

Configure alarm logs

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Learning Assessment

What information does the BOF contain?

What steps are typically performed to configure a systemfrom startup?

List the steps required to configure the BOF.

What is the CLI context in which interfaces are configured?

What command can be used to view the status of the MDAs?

List the possible log sources.

How many default logs are there, and what information dothey provide?

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e




Module 3 – Data Link Overview


A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Module Overview

Layer 2 OSI and Ethernet Defined

Ethernet

Ethernet Addressing and OperationEthernet Physical Cabling

Ethernet Devices and Switching

Ethernet Redundancy

Virtual LAN

SONET/SDH and Packet over SONET/SDH

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e




Data Link Overview

Section 1 — Layer 2 OSI and Ethernet Defined

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Layer 2 OSI and Ethernet Overview

Layer 2 Overview

Scope of Data Link Layer

Point-to-Point Data LinksPoint-to-Point Protocol

Circuit-Switched Data Links

ATM Protocol

Time Division Multiplexing

Data Link Types – Broadcast/Shared Access

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Layer 2 Overview

Why do we need Layer 2?Required for higher-layer data transfer between directly/indirectlyconnected components of a network based on the characteristics of the

physical mediumCharacteristics of Layer 2

Scope of Data Link layer is the local network

Data Link headers are stripped and added as frames move from onenetwork to another point-to-point, circuit-based, or shared network

Addressing/Identification

MTU

Error Checking

Examples of Layer 2 ProtocolsEthernet, ATM, Frame Relay, X.25, TDM

The application packages the data into a Transport Layer segment that is to be transmitted to the remotestation. The Network Layer (OSI) or Internet Protocol Layer constructs a packet with an IP address thatuniquely identifies the source and destination network device in the internetwork. The packet may then haveto be transmitted over several different networks (same/different physical media) before it reaches itsdestination. In any one particular network, the Data Link Layer is responsible for encapsulating the packetinto a frame for Layer 2 forwarding. The frame is stamped with a Data Link header, which contains Data Linksource and destination addresses. When Ethernet is used, these Data Link addresses are called media accesscontrol (MAC) addresses.

After adding the Data Link addresses to the frame, the Data Link Layer passes the frame to the physical layerfor transmission over the physical medium. The receiving network device must be able to recognize that theframe is destined for itself and verify that the packet is intact. Because the entire packet is transmitted overthe physical medium, noise and other signal disturbances could corrupt or change the packet, rendering itmeaningless to the higher-layer application.

Layer 2/Data Link networks can be classified broadly into point-to-point networks, circuit-based networks, andshared networks. Point-to-point network protocols do not usually require a source and destination addressessince they are established between two networking devices only.

The Layer 2 framing usually consists of:

a circuit identifier in the case of circuit-based networks

an address that directs the packet to the required destination, usually on shared media

a fixed-length maximum size, maximum transmission unit (MTU) established between the source andreceiving component; data from higher-layers is broken into fixed-length frames (covered later)

an error check that is inserted by the source component and verified by the receiving component tomaintain data integrity

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Point-to-Point Data Links

Dedicated physical connection between two devices

Leased Lines between CPE equipments (local and remote)

Layer 2 protocol that can provide authentication and error checking

For example: SLIP, PPP

Point-to-point data link

In earlier times of the Internet, point-to-point data links allowed hosts to communicate with each otherthrough the telephone network. Older protocols such as SLIP (serial line IP) provided a simple mechanism forframing higher-layer applications for transmission along serial lines. SLIP, in accordance with RFC 1055, sentthe datagram across the serial line as a series of bytes, and it used special characters to mark when a series ofbytes should be grouped together as a datagram. SLIP was simple enough but could not control thecharacteristics of the connection.

Today, the protocol of choice is PPP, which provides advantages such as link control to negotiate the linkcharacteristics, network control to transfer multiple Layer 3 protocols, and provides authentication used byremote computers to dial into their Internet service.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Point-to-Point Protocol Frame

Data

Flag0x7EFrame Check SequencePacking

Padding

ProtocolSecond byte

ProtocolFirst byteControl0x03Address0xFFFlag0x7E

PPP is a point-to-point data link layer protocol that was initially designed to transport IP packets.

Flag : The first flag field indicates the start of a PPP frame. It always has the value “01111110” binary (0x7E hexadecimal,or 126 decimal). The last flag field indicates the end of a PPP frame. It always has the value “01111110” binary (0x7Ehexadecimal, or 126 decimal).

Address : In HDLC, the address of the destination of the frame. However, in PPP we have a direct link between twodevices, so this field has no meaning. Therefore, it is always set to “11111111” (0xFF hexadecimal, or 255 decimal), whichis equivalent to a broadcast (it means “all stations”).

Control : This field is used in HDLC for various control purposes, but in PPP it is set to “00000011” (0003 hexadecimal, or 3

decimal).Data : Zero or more bytes of payload that contains either data or control information, depending on the frame type. Forregular PPP data frames, the network-layer datagram is encapsulated here. For control frames, the control informationfields are placed here instead.

Padding : In some cases, additional dummy bytes may be added to pad out the size of the PPP frame. (for example, FCS2 orFCS4)

Frame Check Sequence (FCS): A checksum computed over the frame to provide basic protection against errors intransmission. This checksum is a CRC code similar to the one used for other layer two protocol error protection schemes,such as the one used in Ethernet. FCS can be either 16 bits or 32 bits (default is 16 bits). The FCS is calculated over theAddress, Control, Protocol, Data, and Padding fields.

Protocol : Identifies the protocol of the datagram encapsulated in the Data field of the frame. See below for moreinformation about the Protocol field.

Value (in hex) Protocol Name Reference0001 Padding Protocol0003 ROHC small-CID [RFC3095]0005 ROHC large-CID [RFC3095]0007 to 001f reserved (transparency inefficient)0021 Internet Protocol version 40023 OSI Network Layer0025 Xerox NS IDP0027 DECnet Phase IV0029 Appletalk002b Novell IPX

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Point-to-Point Protocol Operation

Physical – Can operate across any physical media

Link Control Protocol (LCP) – to build data link connections

Network Control Protocol (NCP) - to allow multiple networkprotocols to be used over point-to-point links

Supports authentication, compression, error detection,multi-link as part of the LCP protocol A

l c a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Circuit-Switched Data Links

Many logical connections transferred over one physical connection

Virtual circuits based

For example: ATM, Frame Relay

Circuit-switched protocols allow the transfer of user information as a unique set of packets identified byvirtual circuits.

In the slide, the switch on the left accepts traffic from each host PC into a virtual circuit and switches toanother virtual circuit when going to the router. The virtual circuit number is the same between the host PCand the switch, and between the switch and the router. Traffic from each PC is uniquely identified by a virtualcircuit at every hop.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e




Alcatel-Lucent Scalable IP Networks v2.00 Module 3 | 11 A ll r ig ht s r es er ved © 2 0 08 Alca te l- Lu cent

Asynchronous Transfer Mode Protocol

0 7Bits

CLPPTVCI

HEC

VCIVPI

VCI

VPIGFC

Application packets are broken into 53-byte fixed-sized cells including a 5-byte header also referred toas an ATM packet

ATM circuit is identified by a VPI/VCI value

Enhanced QoS support with 5 service classes

Ideal for multiple services on the same line

The ATM header consists of the following fields:

GFC—4 bits of generic flow control that are used to provide local functions, such as identifying multiplestations that share one ATM interface. The GFC field is typically not used and is set to a default value.

VPI—8 bits of virtual path identifier that is used, in conjunction with the VCI, to identify the nextdestination of a cell as it passes through a series of switch routers on its way to its final destination.

VCI—16 bits of virtual channel identifier that is used, in conjunction with the VPI, to identify the nextdestination of a cell as it passes through a series of switch routers on its way to its final destination.

PT—3 bits of payload type. The first bit indicates whether the cell contains user data or control data. Ifthe cell contains user data, the second bit indicates congestion, and the third bit indicates whether thecell is the last in a series of cells that represent one AAL5 frame.

CLP—1 bit of cell loss priority that indicates whether the cell should be preferentially discarded if itencounters congestion as it moves through the network

HEC—8 bits of header error control that are a checksum calculated only on the header.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





CRC-32LICPIUUPADPDU payload

4 Bytes2110-47Variable length

PDU - Variable length user information field (broken into 48-byte segments)

PAD - Padding used to cell-align the trailer between 0 and 47 bytes long.

UU - CPCS user-to-user indication to transfer one byte of user information

CPI - Common part indication

LI - Length indicator

ATM Adaptation Layer 5 Data Links

Generally used to transport non-real time connectionless data

Encapsulation used for transporting IP packets and inter-workingwith Frame Relay or Ethernet packets

AAL5 is the simple and efficient AAL which is the one used most fordata traffic; it has no per-cell length nor per-cell CRC fields

ATM packets are further encapsulated by ATM adaptation layers (AAL), which are responsible for thesegmentation and reassembly (SAR) of ATM cells of higher-layer data received at the other end. The purpose ofthis is to adapt the class of service from higher-layers onto connectionless ATM cells. The AAL classification isrelated to the service and application required for transport. Usually the following adaptation layers aremapped to the following classes of service:

AAL1 – Constant Bit rate service

AAL2 – Variable Bit rate service

AAL3/4 – Connection-oriented data usually

AAL5 – Connectionless data service usually (for example, IP)

Constant Bit Rate (CBR) service : AAL1 encapsulation supports a connection-oriented service where minimaldata loss is required. Examples of this service include 64 kb/s voice, fixed-rate uncompressed video, andleased lines for private data networks.

Variable Bit Rate (VBR) service : AAL2 encapsulation supports a connection-oriented service in which the bitrate is variable but requires a bounded delay for delivery. Examples of this service include compressedpacketized voice or video. The requirement on bounded delay for delivery is necessary for the receiver toreconstruct the original uncompressed voice or video.

Connection-oriented data service : For connection-oriented file transfer and data network applications wherea connection is set up before data is transferred, this type of service has variable bit rate and does not require

bounded delay for delivery. Two AAL protocols were defined to support this service class and have beenmerged into one type called AAL3/4.

Connectionless data service : Examples of this service include datagram traffic and data network applicationswhere no connection is set up before data is transferred. Connectionless data service is used to transportIP/Ethernet/Frame Relay applications.

Higher-level Service Delivery Units (SDUs) may be several bytes in length. However, as the ATM payload is only48 bytes, the SDU must be segmented into multiple cells as it enters the ATM network, then reassembled whenit exits the ATM network. This function of the ATM adaptation layer is known as SAR. The adaptation layercomprises two sublayers, one of which is the SAR sublayer, the other being the convergence sublayer (CS),which performs service-dependent functions.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Time Division Multiplexing

Synchronous channel based

Each station gets a fixed-length slot

Unused slots are idle – transmitted without data

For example: T1, SONET

Each host PC sends information to the switch. The switch then transmits a frame to the router at a constantdata rate (for example, 1.5 Mb/s). This frame now divided into many fixed time slots (24), each slot contains64 kbits. Each host can occupy one or more time slots per frame.

Each host PC is assigned a fixed data rate. If the host uses one time slot, then its transmission is 64 kbits inthat slot. Because the pipe rate is 1.5 Mb/s, the host will have to supply their next 64 kbits in the next frame.

In this slide, each host PC transmits its characteristic frame (grey, yellow, purple). The frames that are

transmitted from the switch contain several timeslots. Within each of these frames three of the timeslots areused by the respective host PCs.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





E1

2.048 Mb/s Framing Rate

32 subchannels (DS0) each 8 bits sampled at 8000

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Data Link Types – Broadcast/Shared Access

Physical media is shared between many devices

Each device can transmit independently

Each station has a unique address

For example: Wire and Wireless Ethernet

Broadcast networks typically use shared media to communicate to all the devices that are attached to thatshared media. For data to be reliably delivered from the source to the destination, each of the devices on theshared media is identified by a particular address. The frame that is sourced from the sending device is sent toall the devices sharing the media (broadcasting). All devices will receive the frame but only the device whoseaddress appears in the frame as the destination address will interpret the data. The rest of the devices willignore the data.

To transmit data reliably, the sending device on the shared media must compose the frame, obtain control ofthe media, and transmit the information. Because the media is shared, it is possible for multiple stations totransmit their information simultaneously, resulting in a collision. This collision causes data corruption.Depending on the protocol used, an algorithm needs to be followed to ensure a minimum number of collisionsand also to ensure proper recovery from collisions. An example of a shared media protocol that is verycommonly used today is Ethernet.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Ethernet Overview

Ethernet

Ethernet History

Ethernet Frame TypesGeneral Ethernet Frame Format

Ethernet II Frame Capture

Ethernet and the OSI ModelA l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Ethernet

Broadcast technology using shared media

A passive, wait-and-listen network architecture

Interfaces on the common network media are identified byL2 addresses called MAC addresses

Encapsulates higher-layer traffic in a frame with source anddestination interface addresses to identify the devices on themedia

Can send a data frame to all devices (broadcasting) attachedto the media

Devices connected to each other using shared media arecommonly referred to as a Local Area Network (LAN)

Computers must contend for transmission time on the network media. In fact, Ethernet is commonly describedas a contention-based architecture.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Ethernet History

Ethernet is a LAN architecture developed by the XeroxCorporation in cooperation with DEC and Intel in 1976

Ethernet supports data transfer rates of 10 Mb/sEthernet specification served as the basis for the IEEE 802.3standard, which specifies the physical and lower softwarelayers

Ethernet started using the CSMA/CD access method (half-duplex) to handle simultaneous demands

Ethernet is one of the most widely implemented LANstandards

Ethernet was originally designed by the Xerox Corporation, but the company was unsuccessful at launching thetechnology commercially. Later Xerox joined with Digital Equipment Corporation to commercially standardizea suite of network products that would use the Ethernet technology. Intel Corporation later joined the group,known as DEC-Intel-Xerox (DIX). DIX developed and published the standard that was used for the 10 Mb/sversion of Ethernet. Originally, the only medium capable of handling these speeds was a multidrop thickcoaxial cable.

Carrier Sense, Multiple Access, Collision Detection (CSMA/CD) is used to arbitrate the access devices using theshared media. This is covered in detail later.

The IEEE had started project 802, which was to provide the industry with a framework for standardizing of LANtechnology. Because the technology was so diverse, the IEEE formed working groups in support of the differentLAN technologies. The 802.3 working group was tasked with standardizing LANs based on the Ethernettechnology.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





802.3IEEE format defined for EthernetIntended to be used with IEEE 802.2

SFDPreamble DA SA Length LLC header and P a y l o a d (46 to 1500 bytes) FCS

Ethernet IILength replaced by type to identify upper layer protocolsUsed for IP transport - most commonly used frame today

Ethernet Frame Types

SFDPreamble DA SA Type P a y l o a d (46 to 1500 bytes) FCS

Ethernet supports two frame types, but they have been standardized so that all types can be transmitted on acommon Ethernet network. The 16-bit field that follows the source address (SA) indicates whether the frame isEthernet II or 802.3. If the value is 1536 or less, the frame is treated as 802.3. If the value is greater than1536, the frame is treated as Ethernet II.

Ethernet II was originally developed by Digital, Intel, and Xerox in 1980 and is commonly known as the DIXstandard. It was adopted by the IEEE and went through formal standardization to form the 802.3/802.2 frametypes. The Ethernet II frame is usually used for transmission of IP datagrams.

Ethernet 802.3 was developed by the IEEE from the original Ethernet standard in 1983. IEEE Ethernet definestwo layers; the lower MAC layer in 802.3 and an upper LLC (logical link control) layer in 802.2. These aresublayers of the OSI data link layer (Layer 2). The two layers were defined separately to provide additional linkcontrol features and so that common LLC frames could be used for different media types, such as Ethernet,Token Ring and FDDI. This allows bridging at Layer 2 between the different media types.

There are three different 802.3 formats that were used for older protocols such as Novel Netware’s IPX andApple Computer’s Appletalk protocols and OSI protocols. Today, these formats are rarely used. The Alcatel-Lucent 7750 SR uses the 802.3 for the transmission of IS-IS routing updates; however, it uses Ethernet II forother traffic such as IP and MPLS.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





General Ethernet Frame Format

Fixed sequence to alert the receiver (8 bytes)(0x55555555555555D5), start frame delimiter

Destination MAC address (6 bytes)

Source MAC address (6 bytes)

Frame length or type information (2 bytes)

Payload: Internet layer

Frame check sequence(4 bytes)

SFDPreamble DA SA Length/type P a y l o a d (46 to 1500 bytes) FCS

The frame consists of a set of bits organized into several fields. These fields include address fields, a variable-size data field that carries from 46 to 1500 bytes of data, and an error checking field that checks the integrityof the bits in the frame to make sure that the frame has arrived intact. The original Ethernet standardsdefined the minimum frame size as 64 bytes and the maximum as 1518 bytes. These numbers include all bytesfrom the destination MAC address field to the frame check sequence field. The preamble and the start framedelimiter fields are not included when quoting the size of a frame. The IEEE 802.3ac standard released in 1998extended the maximum allowable frame size to 1522 bytes to allow for a VLAN tag to be inserted into theEthernet frame format. Gigabit Ethernet and 10 gigabit Ethernet ports may support jumbo frames, which canbe 9000 bytes.

Preamble : A stream of bits that allows the transmitter and receiver to synchronize their communication. Thepreamble is a 56-bit long pattern of alternating ones and zeroes. The preamble is immediately followed by theStart Frame Delimiter.

Start Frame Delimiter (SFD) : Always 10101011 and is used to indicate the beginning of the frame information.

Destination MAC (DA) : The MAC address of the machine receiving data.

Source MAC (SA) : The MAC address of the machine transmitting data.

Length/Type : The payload length or type field, (also known as Ethertype). If the Ethernet frame is in the802.3 format, this field is interpreted as length. If the Ethernet frame is in the Ethernet II or original DIXformat, the field is interpreted as type, or Ethertype. The numeric value in this field determines whether theframe is an 802.3 frame or Ethernet II frame. If the value is less than 1536, it is an 802.3 frame. If the value is1536 or greater it is an Ethernet II frame.

(. . . continued on slide 22)

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





General Ethernet Frame Format

Fixed sequence to alert the receiver (8 bytes)(0x55555555555555D5), start frame delimiter

Destination MAC address (6 bytes)

Source MAC address (6 bytes)

Frame length or type information (2 bytes)

Payload: Internet layer

Frame check sequence(4 bytes)

SFDPreamble DA SA Length/type P a y l o a d (46 to 1500 bytes) FCS

(. . . continued from slide 21)

Data/Padding (also known as Payload) : Where the IP header and data are placed if you are running IP overEthernet. This field contains IPX information if you are running IPX/SPX (Novell). Contained within the payloadsection of an IEEE 802.2 frame are four specific fields:

DSAP - Destination Service Access Point

SSAP - Source Service Access Point

CTRL - Control bits for Ethernet communication

NLI - Network Layer Interface

An Ethernet frame must be a minimum of 64 bytes long. Therefore, if the data field is less than 46 bytes inlength, padding is included to bring the frame length to 64 bytes.

Frame Check Sequence (FCS) : A part of the frame that verifies that the information each frame contains isnot damaged during transmission. If a frame is damaged during transmission, the FCS on the frame will notmatch with the recipient's calculated FCS. The FCS is calculated by the sender based on the entire contents ofthe frame. The recipient calculates an expected FCS value on the frame that it receives. Any frames that donot match the calculated FCS are discarded.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Ethernet II Frame Capture

0000 00 11 43 45 61 23 00 e0 52 d4 a5 00 08 00 45 00 ..CEa#..R.... .E.0010 01 21 0e ab 00 00 40 06 ea a8 8a 78 35 fe 8a 78 [email protected] 35 95 00 17 09 55 98 09 6c 96 8e 7b 67 a7 50 18 5....U..l..{g.P.0030 40 00 bc 0e 00 00 ff fb 03 0d 0a 64 65 76 69 63 @..........devic0040 65 3a 20 20 73 54 57 33 32 66 62 69 38 32 0d 0a e: sTW32fbi82..0050 0d 0a 41 6c 63 61 74 65 6c 20 4e 65 74 77 6f 72 ..Alcatel Networ0060 6b 73 20 43 61 6e 61 64 61 2c 20 36 30 30 20 4d ks Canada, 600 M 0070 61 72 63 68 20 52 6f 61 64 2c 20 4b 61 6e 61 74 arch Road, Kanat0080 61 2c 20 4f 6e 74 61 72 69 6f 0d 0a 55 6e 61 75 a, Ontario..Unau0090 74 68 6f 72 69 7a 65 64 20 61 63 63 65 73 73 20 thorized access00a0 70 72 6f 68 69 62 69 74 65 64 2e 20 20 41 63 63 prohibited. Acc00b0 65 73 73 20 74 6f 20 74 68 69 73 20 64 65 76 69 ess to this dev

Destination addres s Source addres s Ether type L3/IP information TCP information

This slide shows an actual sniffer trace of an Ethernet packet. Details of this trace are as follows:

Frame 234 (303 bytes on wire, 303 bytes captured)Ethernet II, Src: FoundryN_d4:a5:00 (00:e0:52:d4:a5:00), Dst: Dell_45:61:23 (00:11:43:45:61:23)

Destination: Dell_45:61:23 (00:11:43:45:61:23)Source: FoundryN_d4:a5:00 (00:e0:52:d4:a5:00)Type: IP (0x0800)

Internet Protocol, Src : 138.120.53.254 (138.120.53.254), Dst: 138.120.53.149 (138.120.53.149)

Version: 4Header length: 20 bytesDifferentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)Total Length: 289Identification: 0x0eab (3755)Flags: 0x00Fragment offset: 0Time to live: 64Protocol: TCP (0x06)Header checksum: 0xeaa8 [correct]Source: 138.120.53.254 (138.120.53.254)Destination: 138.120.53.149 (138.120.53.149)

Transmission Control Protocol , Src Port: 23 (23), Dst Port: 2389 (2389), Seq: 4, Ack: 1, Len: 249Source port: 23 (23)

Destination port: 2389 (2389)Sequence number: 4 (relative sequence number)Next sequence number: 253 (relative sequence number)Acknowledgement number: 1 (relative ack number)Header length: 20 bytesFlags: 0x0018 (PSH, ACK)Window size: 16384Checksum: 0xbc0e [correct]

Telnet

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





LLC – Interface to the L3protocol

MAC – L2 addressing, datatransfer, sync, error control,and data flow

Ethernet and the OSI Model

Ethernet resides at the Data Link layer. This layer can be subdivided further into two sublayers:

LLC – logical link control 802.2

MAC – media access control

The LLC interfaces between the network interface layer and the higher L3 protocol and may provide additionalfunctions such as flow control. LLC is only used with 802.3 Ethernet. It is not used with Ethernet II.

The MAC layer is responsible for determining the physical source and destination addresses for a particularframe and for the reliable transfer of data, synchronization of data transmission, error control, and flow ofdata.

At the physical layer, to observe the physical link condition, Ethernet uses the link integrity test, in whichEthernet transceivers continually monitor the data path for activity. The physical layer standards also definethe format of the electrical or optical signaling that is used to represent the binary ones and zeroes on thetransmission media.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e




Data Link Overview

Section 3 – Ethernet Addressing and Operation

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Ethernet Addressing and Operation Overview

MAC Address Format

Unicast Addressing

Broadcast AddressingMulticast Addressing

Ethernet Transmission

Half-Duplex Operation (CSMA/CD)

Full-duplex Operation

Auto-negotiation

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





MAC Address Format

OUI is the number assigned by the IEEE to vendors such as Alcatel-Lucent

OUI examples: Alcatel-Lucent Canada 00-80-21 and 00-D0-F6,Alcatel-Lucent USA 00-17-CC, Alcatel-Lucent Italia 00-20-60

OUI engine: http://standards.ieee.org/regauth/oui/index.shtml

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Unicast Addressing

Unique source and destination MAC addresses

Frame is meant for one particular destination or host

Ethernet II, Src: 138.120.100.2 (00:e0:b1:88:0d:c0), Dst: Dell_c5:79:87(00:14:22:c5:79:87)

Type: IP (0x0800)Trailer: 000000000000

Internet Protocol, Src: 138.120.252.84 (138.120.252.84), Dst: 138.120.132.135(138.120.132.135)

Transmission Control Protocol, Src Port: 8080 (8080), Dst Port: 2730 (2730), Seq: 0, Ack: 3811441139, Len: 0

00:e0:b1:88:0d:c0 00:14:22:c5:79:87

Output

In this slide, an Ethernet frame is composed by the source with the following source and destination addresses:

Src : 00:e0:b1:88:0d:c0

Dest : Dell_c5:79:87 (00:14:22:c5:79:87)

The frame is sent to a hub that connects all devices on a 4-node LAN. The hub being a simple replicator, sendsthe frame out on all its ports except the port where the frame was received (the port attached to the source).Although all devices receive the frame, only the device whose MAC address matches the destination device

accepts the frame.The output sample shows the use of an Ethernet frame destined for a unicast address.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Broadcast Addressing

Unique source MAC address only, destination address is broadcast(ff-ff-ff-ff-ff-ff)Frame is meant for all devices on the LAN in a broadcast domain

Frame 1 (42 bytes on wire, 42 bytes captured)Ethernet II, Src: 192.168.0.101 (00:13:ce:2b:6b:28), Dst: Broadcast

(ff:ff:ff:ff:ff:ff)Destination: Broadcast (ff:ff:ff:ff:ff:ff)Source: 192.168.0.101 (00:13:ce:2b:6b:28)Type: ARP (0x0806)

Address Resolution Protocol (request)

Output

00:13:ce:2b:6b:28


Src : 00:13:ce:2b:6b:28

Dest : ff:ff:ff:ff:ff:ff

The frame is sent to a hub that connects all devices on a 4-node LAN. The hub being a simple replicator, sendsthe frame out on all its ports except the port where the frame was received (the port attached to the source).All devices recognize that the destination address (ff-ff-ff-ff-ff-ff) is a special address and process the frame.

The output sample shows the use of an Ethernet frame destined for a broadcast address.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Multicast Addressing

Unique source MAC address only, destination address is multicast group(01-00-5e-01-01-01)Frame is meant for only devices who are members of that group

Ethernet II, Src: 192.168.0.101 (00:13:ce:2b:6b:28), Dst: 01:00:5e:01:01:01 (01:00:5e:01:01:01)Destination: 01:00:5e:01:01:01 (01:00:5e:01:01:01)Source: 192.168.0.101 (00:13:ce:2b:6b:28)Type: IP (0x0800)

Internet Protocol, Src: 192.168.0.101 (192.168.0.101), Dst: 239.1.1.1 (239.1.1.1)Internet Control Message Protocol

00:13:ce:2b:6b:28 01:00:5e:01:01:01 01:00:5e:01:01:01

Output


Src : 00:13:ce:2b:6b:28

Dest : 01-00-5e-01-01-01

The frame is sent to a hub that connects all devices on a 4-node LAN. The hub being a simple replicator, sendsthe frame out on all its ports except the port where the frame was received (the port attached to the source).All devices that are members of the particular group (239.1.1.1) process that message.

The output sample shows the use of an Ethernet frame destined for a multicast address.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Ethernet Transmission

Half-duplex transmissionData sent in one direction at a time

Results in collisions

Uses CSMA/CD to resolve collisions

Hubs are the most common half-duplex devices

Full-duplex transmissionData sent in both directions at thesame time

Requires point-to-point connections

No collisions

An approach to higher networkefficiency

Switches are the most common full-duplex devices

Half-duplex transmission is the traditional means of transporting Ethernet frames. Because data istransmitted in one direction at a time over a shared medium, such as a hub, collisions are possible. TheCSMA/CD algorithm is used to handle collisions. A hub uses shared media and supports half-duplex only.10Base-T, which works on half-duplex, is efficient 30 to 40% of the time because of collisions, and as such theeffective throughput is only 3 to 4 Mb/s.

Full-duplex transmission has data forwarding in both directions simultaneously. Full-duplex implementationsrequire a point-to-point connection between the sender and the receiver port. Therefore, a switch with 8ports would have each of the 8 ports connected to the rest of the ports through a dedicated set of wires. Thisensures that there is no shared medium and collision is not possible. Because data can be transmitted bi-directionally, the effective rate of a 10-Mb/s full-duplex transmission is 20 Mb/s (that is, 10 Mb/s each way).Therefore, full-duplex transmissions are more efficient than half-duplex. Switches and routers usually supportfull-duplex transmissions.

When devices such as switches and hubs are interconnected, care must be taken to ensure that the propertransmission parameters are set on the ports. For switch-to-hub connections, the switch port must be set tohalf-duplex because the hub only supports half-duplex. For switch-to-switch, switch-to-host, or switch-to-router connections, full-duplex can be used.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Half-Duplex Operation (CSMA/CD)

All hosts constantly listen to the line

Host A transmits

Hosts B, C, and D listen to Host A and do not transmit

All hosts receive Host A’s message

Hub

Host A Host B Host C Host D

The CSMA/CD access rules are summarized by the protocol acronym.

Carrier sense (CS) — Each Ethernet LAN-attached host continuously listens for traffic on the medium todetermine when gaps between frame transmissions occur.

Multiple access (MA) — LAN-attached hosts can begin transmitting any time that they detect that the networkis quiet, meaning that no traffic is travelling across the wire.

Collision detect (CD) — If two or more LAN-attached hosts in the same CSMA/CD network or collision domainbegin transmitting at approximately the same time, the bit streams from the transmitting hosts will interfere(collide) with each other, and both transmissions will be unreadable. If that happens, each transmitting hostmust be capable of detecting that a collision has occurred before it has finished sending its respective frame.Each host must stop transmitting as soon as it has detected the collision and must wait a random length oftime as determined by a back-off algorithm before attempting to retransmit the frame. In this event, eachtransmitting host transmits a 32-bit jam signal alerting all LAN-attached hosts of a collision before running theback-off algorithm.

The CSMA/CD reduces the chance of collisions but does not prevent them. Both hosts A and B could decide totransmit at once because no other hosts are transmitting a message on the line (idle line).

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Half-Duplex Operation (CSMA/CD) (continued)

All hosts constantly listen to the line

Host A and Host B transmit simultaneously

Messages collide

Both hosts back off for a random time interval

Hub

Host A Host B Host C Host D

When host A and host B transmit frames at the same time, they both detect collisions and corruption of thedata.

Both host A and host B generate a jam signal, which is received by other hosts so that they discard the datathat was just corrupted by the collision.

A random back-off timer is then started on the transmitting hosts. Depending on whose timer expires first,either host A or host B transmits if they detect no other transmission on the line.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Full-duplex Operation

Point-to-point only

Attached to a dedicated switched port

Requires full-duplex support on both ends

Collision-free

Full-duplex operation is an optional MAC layer capability that allows simultaneous two-way transmission overpoint-to-point links.

Full-duplex transmission involves no media contention, no collisions, and no need to schedule retransmissions.There are exactly two hosts connected on a full-duplex point-to-point link.

The link bandwidth is effectively doubled because each link can now support full-rate, simultaneous, two-waytransmission.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e




Data Link Overview

Section 4 – Ethernet Physical Cabling

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Ethernet Standards

Four data rates are currently defined for operation over opticalfiber and twisted-pair cables:

10 Mb/s — 10Base-T Ethernet: twisted pair only100 Mb/s — 100Base-T or Fast Ethernet

1000 Mb/s — 1000Base-T or Gigabit Ethernet

10 000 Mb/s — 10 Gigabit Ethernet A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





10Base-T Ethernet

Originally IEEE 802.3i

Current standard is 802.3x

Transmission rate with 802.3i is 10 Mb/s half-duplex; with802.3x is 10 Mb/s full-duplex

Frame format was based on Ethernet II, also called DIX

Most networks currently use the 802.3x frame format A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





100Base-T Ethernet

IEEE standard is 802.3u

Full-/half-duplex modes, 100 Mb/s data rate

Cabling options100Base-TX — 2 pairs of twisted-pair cable100Base-T4 — 4 pairs of twisted-pair cable100Base-FX — Optical cable A

l c a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





10 Gigabit Ethernet

IEEE standard is 802.3ae

Full-duplex only, with 10 Gb/s data rate

Minimizes the user's learning curve by maintaining the samemanagement tools and architecture

Physical media used is optical onlyA l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Ethernet Devices

Hubs/Repeaters

Signal amplification andreplication

Layer 1 devices that receiveEthernet frames and replicateacross all other ports including thereceiving port

Do not inspect Layer 2 frameheaders

Half-duplex operation

SwitchesLayer 2 devices that inspectEthernet frame headers

Switches receive Ethernetframes based on destinationMAC address

Full-duplex operation

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Switching

200 00 A2 00 00 02

100 00 A2 00 00 01

InterfaceNode MAC Address

Switch Forwarding Table

Ethernet switches use the source MAC address to dynamically learn which MAC addresses are associated withan interface. The switch records this address information into a forwarding table known as the MACforwarding database (FDB).

When the switch receives an Ethernet frame, it records the source MAC address and the interface on which itarrived. It looks at the destination MAC address of the frame, compares it to the entries in its MAC FDB, andtransmits the frame out of the interface for that MAC address.

If no entry is found in the MAC FDB for the destination, the switch floods the frame out of all its interfacesexcept the interface on which the frame arrived.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





What are the MAC FDBs for Switches A and C after every PC hascommunicated with each other?

MAC Address Exercise

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Broadcast/Multicast Across Switches

Broadcast and Multicast frames are treated similarly

The switch examines the destination MAC address; if it is broadcastor multicast, the switch floods the frame out of all the remainingports

Advanced switches can build a special multicast table based on thedestination group address and therefore only flood multicastframes to the required destinations A

l c a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Ethernet Network Domains

A collision domain is a group of Ethernet or Fast Ethernet devices in a CSMA/CD LAN that are connected byrepeaters and that compete for access in the network. Only one device in the collision domain may transmit atany one time, and the other devices in the domain listen to the network to avoid data collisions. A collisiondomain is sometimes referred to as an Ethernet segment.

A broadcast domain is a restricted area in which information can be transmitted to all devices in the domain.More specifically, Ethernet LANs are broadcast domains. Any device attached to the LAN can transmit framesto any other device because the medium is a shared transmission system. Frames are normally addressed to aspecific destination device in the network. While all devices detect the frame transmission in the network,only the device to which the frame is addressed actually accepts it. A special broadcast address consisting ofall 1s is used to send frames to all devices in the network.

In an IP network, broadcast domains are separated by an IP router. Two devices on separate broadcastdomains cannot send Ethernet frames directly to each other. Instead they must send the frame to the routerwhich then forwards the IP datagram to the destination in a new Ethernet frame on the appropriate broadcastdomain.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e




Data Link Overview

Section 6 – Ethernet Redundancy

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Ethernet Redundancy Overview

Ethernet Redundancy

LAG

Redundant TopologyBroadcast Storms

Database Instability

STP

Bridge Protocol Data Units

RSTP Port States and Roles

Port Role Assignment

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Ethernet Redundancy

Two types of redundancy

Link redundancy on full-duplex connections

Using multiple links between two devices via LAGLogical bundling to provide failover for one or more links

Redundant topologyMultiple paths to reach the same destinationProvides protection for path failures where ports/devices fail

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Link Redundancy - LAG

Based on IEEE 802.3ad standard

Benefits

increased performance by providing incremental bandwidthbetween two devices . Support for up to 200 LAGs (R5.0) with 8links per LAG, 64 LAGs on SR-1 )increased resiliency by providing automatic, point-to-pointredundancy between two devices if one or more links in the LAGshould fail

Statically configured or formed dynamically with LACP

Failover time less than one second

Alcatel-Lucent enhanced featuresDynamic costLAG port threshold

A Link Aggregation Group (LAG) increases the bandwidth available between two nodes by grouping up to eightports into one logical link. The aggregation of multiple physical links allows for load sharing and offersseamless redundancy. If one of the links fails, traffic is redistributed over the remaining links. Up to eight linkscan be supported in one LAG, and up to 64 LAGs can be configured on a 7x50 SR/ESS.

Link Aggregation Control Protocol (LACP) is defined in IEEE802.3ad (Aggregation of Multiple Link Segments).LACP provides a standardized method for implementing link aggregation between different manufacturers.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





conf i g> l ag 1conf i g>l ag# descri pt i on “ LAG from PE1 to PE2 ”conf i g>l ag# port 2/ 1/ 1 2/ 2/ 1 3/ 1/ 1 4/ 1/ 1conf i g>l ag# port - t hr eshol d 2 act i on downconf i g>l ag# dynami c- costconf i g>l ag# no shutdown

conf i g> l ag 1conf i g>l ag# descri pt i on “ LAG from PE1 to PE2 ”conf i g>l ag# port 2/ 1/ 1 2/ 2/ 1 3/ 1/ 1 4/ 1/ 1conf i g>l ag# port - t hreshol d 2 act i on downconf i g>l ag# dynami c- costconf i g>l ag# no shutdown

Exampleconfiguration

LAG Configuration

LAG configurations should include at least two ports

A maximum of eight ports can be included in a LAG

All ports in the LAG must share the same characteristics (speed, duplex,hold-timer, and so on)

Port characteristics are inherited from the primary port

Auto-negotiation must not be configured for 10/100 ports that are part ofa LAG. Ports in a LAG must be configured as full-duplex. Configure ports as”no autonegotiate” (For 10GE ports, the xgig setting must be set to thesame value)

LAG Port Threshold Parameter

This parameter determines the behaviour of a LAG when the number of available links falls below theconfigured threshold value. Two actions can be specified:

Option 1 :conf i gur e l ag <l ag- i d> port - t hr eshol d <t hr eshol d val ue> act i on downIf the number of available links is less than or equal to the threshold value, the LAG is declared

operationally down until the number of available links is greater than the threshold value.Option 2 :conf i gur e l ag <l ag- i d> port - t hr eshol d <t hr eshol d val ue> act i on dynamic-costWhen the number of available links falls below the threshold value, dynamic costing is used todetermine the advertised LAG cost.

Note : The costing of a LAG only affects the IGP costing (OSPF only)

Dynamic Cost Parameter

Dynamic cost can be enabled with the general command conf i g>l ag <l ag- i d> dynamic-cost .

This parameter enables or disables the dynamic IGP costing of a LAG when the number of active links isgreater than the port-threshold value. When dynamic cost is enabled with this command and the number ofactive links is greater than the port-threshold value (0-7), the path cost is dynamically calculated wheneverthere is change in the number of active links regardless of the specified port-threshold action. Note that if theport-threshold action is to declare the LAG “down”, then if the number of active links falls below the port-threshold value the LAG is declared down, even if dynamic cost is enabled. Conversely, if the port-thresholdis met and the action is set to dynamic cost, then the link cost is dynamically recalculated even if the generaldynamic cost parameter is not configured.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





LAG Architecture – Dynamic Cost

c onf i g> l a g 1conf i g>l ag# dynamic-costconfi g>l ag# port 2/ 1/ 1 2/ 2/ 1 3/ 1/ 1 3/ 2/ 1conf i g>l ag# por t - t h resho ld 2 act i on downc onf i g> l a g 2confi g>l ag# port 4/ 1/ 1 4/ 2/ 1 5/ 1/ 1confi g>l ag# port - t hreshol d 2 act i on dynamic-cost

c onf i g> l ag 1conf i g>l ag# dynamic-costconfi g>l ag# port 2/ 1/ 1 2/ 2/1 3/ 1/ 1 3/ 2/ 1conf i g>l ag# por t - t h resho ld 2 act i on downc onf i g> l ag 2confi g>l ag# port 4/ 1/ 1 4/ 2/1 5/ 1/ 1confi g>l ag# port - t hreshol d 2 act i on dynamic-cost

If each link in LAG 1 and LAG 2 has acost of 100, then the cost of logicallink LAG 1 is 100/4 = 25 and LAG 2 is

100/3 = 33

In this slide, each physical link is configured with a cost of 100. Thus the cost of the logical link LAG 1 is100/4 = 25 and LAG 2 is 100/3 = 33.

The LAG groups LAG 1 and LAG 2 are configured as follows:

LAG 1 has the dynamic-cost parameter configured. If one link in LAG 1 fails, there are three activelinks and the port threshold is two so the port-threshold action is not executed. However, because thedynamic-cost parameter is enabled on the LAG, the cost of LAG 1 is dynamically computed to be 100/3

= 33. If another link in LAG 1 fails, the number of active links matches the port threshold and the port-threshold action is executed, therefore LAG 1 is declared operationally down.

LAG 2 does not have the dynamic-cost parameter configured. If one link in LAG 2 fails, there are threeactive links and the port threshold is two, so the port-threshold action is not executed. Because thedynamic-cost parameter is not enabled on the LAG, the cost of LAG 2 remains as 100/4 = 25. If anotherlink in LAG 2 fails, the number of active links matches the port threshold and the port-threshold actionis executed, therefore the cost of LAG 2 is dynamically calculated as 100/2 = 50.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Redundant Topology

Redundancy

Advantages

Protection when an entire switch fails, rather than just linkprotectionLoad balancing across switches rather than just across links ofthe same switch

DisadvantagesMay cause broadcast storms if not designed correctlyMay cause FDB table instability

Frame looping problems

Layer 2 has no mechanism to stop looping as Layer 3 has withTTL

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Broadcast Storms

Networks that are designed with redundancy and no Spanning Tree Protocol (STP) are vulnerable to broadcaststorms because as the switch receives multiple copies of a frame, it further replicates each frame andtransmits them out one or more ports on the switch.

Because of the Layer 2 loop, the transmitted frames are received back and replicated again. This results in anexponential increase in Layer 2 traffic in the looped network.

Because there is no time to live (TTL) in Layer 2, this frame is copied and transmitted repeatedly until the

switch gets overwhelmed with activity and possibly resets or locks up.Consider the case where no traffic has been transmitted on the above network. Therefore, both Switch 1 andSwitch 2 have an empty MAC FDB:

Host A sends a frame with destination MAC address of Host B. One copy of the frame is received byHost B and processed.

The original frame is also received by Switch 1. Switch 1 records the source MAC of Host A to be onSegment 1. Because Switch 1 does not know where Host B is, it replicates the frame and sends it outthe port connected to Segment 2.

The original frame is also received by Switch 2. Switch 2 records the source MAC of Host A to be onSegment 1. Because Switch 2 does not know where Host B is, it replicates the frame and sends it outthe port connected to Segment 2.

Switch 2 receives the replicated frame from Switch 1 via Segment 2. Switch 2 removes the existingentry for Host A in the MAC FDB and records that Host A belongs to the port attached to Segment 2.Switch 2 then replicates the frame and transmits it out the port attached to Segment 1.

The process is continues indefinitely causing a broadcast storm and MAC FDB instability.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Database Instability

MAC Address FDBHost A Port 0

MAC Address FDBHost A Port 0Host A Port 1

Redundant networks without STP can also cause database instability.

In this slide, Switch 1 and Switch 2 will map the MAC address of Host A to Port 0. Later, when the copy of theframe arrives at Port 1 of Switch 2, Switch 2 must remove its original entry for Host A and replace it with thenew entry for Host A, mapping it to Port 1. This activity causes an unstable database as Switch 2 tries to keepup with the perceived location of Host A.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





STP

Standardized by IEEE in 1990 as 802.1d, for Ethernet linkmanagement

RSTP introduced as 802.1w in 1998 to speed convergenceRSTP incorporated in latest STP in IEEE 802.1d-2004

Designed to prevent loops and therefore allow pathredundancy to be designed into Ethernet bridge/switch-based networks

STP uses a root/branch/leaf model, which determines onepath to each leaf spanning the entire L2 network

STP will selectively block ports to remove L2 loopsEnd hosts (for example, PCs) are oblivious to STP and insteadsee one LAN segment

Spanning Tree Protocol (STP) was invented in 1985 by Radia Perlman and was first published as a standard byIEEE as 802.1d. Revisions to STP were published in 1998 and 2004. Rapid Spanning Tree Protocol (RSTP) wasintroduced in 1998 as IEEE 802.1w. In 2004, the IEEE incorporated RSTP in the Spanning Tree Protocol andobsoleted the previous version. This version was published as IEEE 802.1d-2004.

STP is intended to prevent loops in an Ethernet network. It does this by selectively blocking ports to achieve aloop-free topology. The first version of STP was slow at converging. Enhancements were introduced with RSTPto speed convergence and convergence time was improved again with IEEE 802.1d-2004.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





STP Topology

Main purpose of the STP is building loop-free active topologies

Our ring topology will be converted into a spanning tree activetopology with the root on top

Spanning Tree topology can be thought of as a tree that includes the following components :

a root (a root bridge/switch)

branches (LANS and designated bridges/switches)

leaves (end nodes)

There are no disconnected parts that are considered part of the tree. That is, the tree encompasses all of itsleaves. There are no loops in the tree. If you trace a path from one leaf to any other leaf, there is only onepossible path. STP organizes and connects switches into a loop-free topology while leaving no segmentsisolated.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e




Data Link Overview

Section 7 – Virtual LAN

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Virtual LAN Overview

The Development of VLANs

Switches and VLANs

How do VLANs Work?VLANs Over Multiple Switches

VLAN Trunking

VLAN Tagging

VLAN Stacking

VLAN Tags and VLAN Stacking

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





The Development of VLANs

There are two main reasons for the development of VLANs:

the amount of broadcast traffic

increased security

Broadcast traffic increases in direct proportion to the number of stations in the LAN. The goal of the virtualLAN (VLAN) is the isolation of groups of users so that one group is not interrupted by the broadcast traffic ofanother.

VLANs also have the benefit of added security by separating the network into distinct logical networks. Trafficin one VLAN is separated from another VLAN as if they were physically separate networks. If traffic is to passfrom one VLAN to another, it must be routed.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Switches and VLANs

A VLAN permits a group of ports to share a commonbroadcast domain regardless of physical location

A VLAN can reside on one switch or on many switchesEach VLAN is identified by a VLAN ID

Devices in different VLANs can only communicate with eachother if the frame is first sent to a Layer 3 device such as arouter

On the 7750 SR and 7450 ESS there is no default VLAN for all ports to join. Other types of switches may have adefault VLAN for ports that are not assigned to a particular VLAN.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Host 1 sends out a broadcast. Which hosts will receive the broadcast?

VLAN Exercise

B r o a d c a s t

In this slide, Host 1 sends out a broadcast. Because Host 4 is the only other member of the VLAN, it is the onlyhost to receive the broadcast.

The FDB entries behave much the same way in the VLAN model as they do in the switch model. They areupdated based on the source address. In this slide, the source address of the broadcast frame is only learnedby VLAN 101. VLAN 102 will not know the source address of Host 1 after Host 1 transmits its broadcast packet.Therefore, in a VLAN environment, a separate FDB is kept for each VLAN. In this case, this means that VLAN101 will never learn about Host 3 or Host 2 unless it is manually configured or interconnected at Layer 3.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





VLANs Over Multiple Switches

The sharing of VLANs between switches is achieved by the insertion of a header with a 12-bit VID, which allowsfor 4094 possible VLAN destinations for each Ethernet frame.

A VID must be assigned for each VLAN. Assigning the same VID to VLANs on different connected switches canextend the VLAN (broadcast domain) across a network.

The 802.1q standard works by inserting a 32-bit VLAN header into the Ethernet frame of all network traffic ofthe VLAN. The VID uses 12 bits of the 32-bit VLAN header. The switch then uses the VID to determine which

FDB it will use to find the destination. After a frame reaches the destination switch port, the VLAN header isremoved.

This slide indicates which ports belong to which VLAN. The traffic ingressing a port in one VLAN will only beallowed to egress a port on the same switch belonging to the same VLAN.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





VLAN Trunking

VLAN trunking provides efficient interswitch forwarding of VLAN frames. In the previous slide, each VLANrequired a separate interswitch connection to forward frames from one switch to another.

VLAN trunking allows one Ethernet port to carry frames from multiple VLANs. This allows the use of one high-bandwidth port, such as a gigabit Ethernet port, to carry the VLAN traffic between switches instead ofmultiple fast Ethernet ports.

VLANs are separated within the trunk based on their VLAN IDs (Q tags). The FDB at the destination switch

designates the destination VLAN for the traffic on the VLAN trunk.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





VLAN Tagging

Tag control information

2 bytes 2 bytes

CFI(Canonical format: bitordering can be different)

User_priority VID

3 bits 1 bit 12 bits

Payload Ether-type

802.1q Ethernet Frame

SFDPreamble DA SA EtherType P a y l o a d (46 to 1500 bytes) FCSVLAN

tagEtherType

Range = 0x600-0xffff, default = 0x8100For multi-vendor interoperability

The VLAN header can be broken down into two parts — the VLAN tag type and the tag control information.

The VLAN tag type is a fixed value that is an indicator of a VLAN tag. The VLAN tag is a fix length of 2 bytes,which is followed by the original EtherType describing the payload.

The tag control information has three parts:

Priority value (User priority) — A 3-bit value that specifies a frame’s priority.

CFI — One bit. A setting of 0 means that the MAC address information is in its simplest form. Currentlyno other value is supported.

VID— A 12-bit value that identifies the VLAN that the frame belongs to. If the VID is 0, the tag headercontains only priority information.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





VLAN Stacking

A restriction of Ethernet VLANs is the limited number of VIDs. With 12 bits used to define the VID, there areonly 4096 possibilities. Because VLAN 0 and 4095 are reserved, the PE is really only capable of supporting 4094VLANs — not a significant number if it is compared with the expanding rates of networks.

One of the solutions to this restriction is VLAN stacking, also known as Q-in-Q. VLAN stacking allows the serviceprovider to use Layer 2 protocols to connect customer sites.

In this slide, three customers are connected through a common switch using VLAN stacking.

At the PE, the administrator has assigned a VLAN to represent the customer on that port. When the customertraffic arrives at the PE device, the PE switch inserts another VLAN tag in the frame. It is this second orstacked VLAN tag that takes the customer traffic through the provider network. At the egress port of the PEequipment, the second or stack VLAN tag is removed and the traffic forwarded out the port.

This allows Customers 1, 2, and 3 to use the same VLAN tags in their network. In theory, the service providercan support 4094 customers, with each customer supporting 4094 VLANs within their network.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e




Data Link Overview

Section 8 – SONET/SDH and Packet over SONET/SDH

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





SONET/SDH Overview

SONET and SDH are TDM technologies designed for voice traffic

SONET is used in North America, SDH in the rest of the world

SONET aggregates older synchronous carriers such as DS1 and DS3SDH aggregates European carriers such as E1 and E3

Basic SDH frame is the STM-1, which operates at 155.52 Mb/s and isequivalent to the SONET STS-3

Basic SONET frame is the STS-1, which operates at 51.84 Mb/s andis designed to carry a DS1 (T1) frame. STS-1 is exactly one third ofan STM-1 frame

SONET/SHD is the underlying technology for ATM transmission

Synchronous optical network/Synchronous Digital Hierarchy (SONET/SDH) is a high-bandwidth WAN transporttechnology developed by Bell Communications Research and later standardized by ANSI and ITU. SONET/SDH issynchronous in nature and specifies framing and multiplexing at the physical layer of the OSI model.SONET/SDH was originally designed to transport voice but has been adapted to transport data by using Layer 2framing technologies such as PPP/HDLC and ATM.

SONET/SDH technology is typically not implemented by small or medium-sized businesses, because of its highcost. It is more commonly used by large global companies, long-distance companies linking metropolitan areasand countries, or ISPs that need to guarantee fast, reliable access to the Internet. SONET/SDH is particularlysuited to audio, video, and imaging data transmission. As you can imagine, because of its reliance on fiber-optic cable and its redundancy requirements, SONET/SDH technology is expensive to implement.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





SONET/SDH Overview (continued)

Basic SONET frame is known as STS-1 at 51.84 Mb/s

Each STS-1 can carry one DS3 frame

STM-1 frame is the equivalent of the STS-3 frame and designed forEuropean carriers

Higher levels achieved by combining exact multiples of STS-1 andSTM-1

64192129 0249953STM-64STS-192

161832 2562488STM-16STS-48

4128064622STM-4STS-12

132016155.52STM-1STS-3

--167251.84--STS-1

E4sDS3sDS0sBit rate(Mb/s)

SDHframe

SONETframe

The basic SONET signal is known as synchronous transport signal (STS-1) and has a bit rate of 51.84 Mb/s. Thisincludes a payload of 50.112 Mb/s and an overhead of 1.728 Mb/s. The STS-1 frame is 810 bytes and istransmitted in 125 ms, hence the bit rate of 51.84 Mb/s.

Each STS-1 can carry one DS3 or 28 DS1 frames. For higher data rates, STS-1 signal is incremented at fixedlevels to STS-3, STS-48, and STS-192. Multiplexing can occur in one or multiple stages. For example, an STS-12can be formed by 4 STS-3s, or 12 STS-1s, or 3 STS-3s and 3 STS-1s. Each STS-1 payload in a SONET frame isassigned a fixed position and can be extracted without having to fully demultiplex the entire frame. This is avery big advantage of SONET compared to DS3.

The STM frames (STM-1, and so on) used by SDH are effectively a multiple of STS-3 frames. The overhead isidentical, although the terminology and overhead usage varies somewhat between the standards. STM-1 isdesigned to carry an E4 frame. A number of different standards have been defined for the multiplexing oflower data rates within STS-1 or STM-1 frames.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Most commonly deployed onrings with ADM

Other layouts are mesh, point-to-point

Many sites connect to the ADMusing various signaling formats

Support automatic protectionswitching on bidirectional ringsunder 50 ms

SONET/SDH Deployment

The ring topology is, by far, the most common in current service provider networks. It is common because it isthe most resilient. Rings are based on two or four fibers.

Transmission is in one direction on one half of the fibers and in the opposite direction on the other half. Halfthe bandwidth can be reserved for protection. Quick recovery from a fiber cut anywhere on the ring can beaccomplished by switching to the signal being transmitted in the opposite direction. Ring topologies have beenso successful at providing reliable transport that even long-haul carriers often use multiple, very largecircumference rings in their nationwide networks.

Add/drop multiplexers (ADM) are used at nodes on the ring for traffic origination or termination. It is notunusual for rings to be connected to other rings—in that case, cross-connects provide the interconnectionfunction.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Packet over SONET/SDH (POS)

Packet over SONET/SDH uses PPP encapsulated data to provideframing for application packets

Specified in RFC 2615

IP traffic is usually carried via POS

Supports SONET/SDH level alarm processing, performancemonitoring, synchronization, and protection switching

IP

PPP frame

SONET/SDH frame

Datagram

Protocol encapsulation and error control

Byte delineation

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e




Data Link Overview

Section 9 – Module Summary

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Learning Assessments

List the necessities of having Layer 2

Define and differentiate between the various Layer 2protocols

Describe Ethernet

Distinguish between the Ethernet Frame types

List the types of addressing formats supported by Ethernet

Describe Half Duplex operation and CSMA/CD

Identify the common Ethernet Standards

Describe the operation of an Ethernet Switch and how itdiffers from a Hub

Describe the building of the forwarding MAC database on anEthernet Switch

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Learning Assessments

Differentiate between a collision domain and a broadcastdomain

Describe the operation of LAGSList the problems encountered in an Ethernet Loop Topology

Describe the operation of STP and RSTP

List the advantages of using VLANS in an Ethernet network

Describe VLAN Tags and the types of Tags supported

Describe the operation of SONET/SDH

List the bit rates supported by the common SONET frames

Describe the POS (Packet over SONET) mechanism

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e






A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e




Module 4 — Layer 3 and IP Services

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e



Layer 3 and IP Services

Section 1 - Layer 3 and IP Services Overview

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e




Alcatel-Lucent Scalable IP Networks v2.00 Module 4 | 4 A ll r ig ht s re se rv ed © 2 0 08 Al ca te l- Lu ce nt

Network Layer/Layer 3 OSI

Why do we need Layer 3?Provides unique addressing for many devices to intercommunicate

Finds a path for the end-to-end delivery of application dataCharacteristics

Logical addressingQuality of service options for different application packetsRouting protocols

DevicesRouters

Layer 3 protocolsIP, IPX, CLNS, AppleTalk

The network layer, or Layer 3, is considered to be the lowest layer in the TCP and OSI protocol stacksthat handles the end-to-end delivery of application data. The main function of the network layer is tomove data from the source to its destination or set of destinations regardless of where the destinationexists. The network layer performs this function by using a unique address and a standard set ofprotocols to help forward the data. Although a number of Layer 3 protocols are still in use, InternetProtocol (IP) is used almost exclusively today.

From the source, the data must pass through various physical mediums across several Layer 2 domains

over routers before the data reaches its destination or destinations. The routers inspect the IP headerbefore forwarding data to the appropriate interfaces.

The IP address is a logical address that differs from a Layer 2 address, such as a MAC address, that ispermanently programmed into the firmware. The IP address uniquely identifies the device on theInternet. Address distribution is controlled by the IANA, a global authority. The IANA ensures that everyInternet address is unique. To ensure that the data is sent from a source to its correct destination,every device on the Internet must have a unique IP address.

Routing protocols are required to forward the data. Routers use the routing protocols to buildforwarding tables. When an IP packet is received, the router checks the forwarding table to identify thephysical interface destination for the data. Typically, several routers are involved in an end-to-end datatransfer.

The most widely used L3 protocol is IP, which provides services that are roughly equivalent to the OSInetwork layer. IP provides a datagram (connectionless) transport service across the network. Thisservice is referred to as unreliable, because the network does not guarantee delivery or notify the endhost system about packets that are lost because of errors or network congestion. IP datagrams may beup to 65 535 bytes (octets) in length.

IP does not provide a mechanism for flow control. This is handled by the transport layer.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Layer 3 Connects Multiple Layer 2 Networks

Higher layer required to connect many Layer 2 networks

Every device connected to the Internet requires a unique Layer 3address

In this slide, IP is required because the physical networks that are connected to the user PCs aredifferent in each location. The IP layer is required to direct the data from the source PC to thedestination PC. The routers (as will be seen later) are responsible for directing the data based oninformation in the IP header. The TDM, ATM, POS, and Ethernet-based switches transmit the IPdatagrams between the routers. The routers inspect the IP header and transmit the IP datagram to thenext-hop router.

IP provides a consistent service interface for the higher layer protocol to communicate across the

different physical networks. The data from every Internet application is transmitted across the networkin an IP datagram regardless of the type of data or the nature of the application. The IP networkprovides a universal addressing plan and simple forwarding service for every application using thenetwork.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Layer 3 Routing in the Network

Which path will data take from the source to the destination?

In this slide, the IP address of the source data is 138.120.54.98/24 and the IP address of the destinationis 160.16.20.1/24. Because the destination is not on the same Layer 2 network as the source, the datawill travel to the router that is attached directly to the Layer 2 switch using Layer 2 forwarding. Therouter (R1) must then decide which router, R2 or R3, is the best next hop to reach the destination. R1then transmits the data to the next router using the Layer 2 technology that connects them (POS in thisexample).

For R1 to decide which direction is the best path to the destination, the router must have the

appropriate information about the network. This information is exchanged using routing protocols thatrun on all the routers involved. In this slide, routers R1 to R4 use the same routing protocol.

Every router on the network builds a routing table using the routing protocols and the information thatthey receive from the other routers. When data arrives at the router, it uses the routing table todetermine the next hop to the destination. The routing table contains a list of network destinationswith the next-hop address to be used to reach them.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Internet Protocol Overview

Most commonly used Layer 3 protocol

Connectionless protocol

Provides support for framing and packet prioritization

Maximum packet length is 65 535 bytes

Version 4 is current version

The Internet Protocol (RFC 791) provides services that are roughly equivalent to the OSI network layer.IP provides a datagram (connectionless) transport service across the network. This service is sometimesreferred to as unreliable because the network does not guarantee delivery or notify the end host systemabout packets lost due to errors or network congestion.

IP datagrams contain a message or one fragment of a message, which may be up to 65 535 bytes(octets).

IP does not provide a mechanism for flow control. This is handled by the transport layer.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e




Alcatel-Lucent Scalable IP Networks v2.00 Module 4 | 1 0 A ll r ig ht s re se rv ed © 2 0 08 A lc at el -L uc en t

IPv4 Packet Header

Version — IP version is currently 4

IHL — IP header length. The number of 32-bit words that form the header. The value is usually five.

TOS — Type of Service is also known as the Differentiated Services Code Point (DSCP). The TOS byte canbe used to specify Quality of Service parameters for the packet, but this is often not respected by thenetwork.

Total Length — The combined length of the header and the data, in bytes

Identification — Together with the source address, this 16-bit number uniquely identifies the packet.The number is used during the reassembly of fragmented datagrams.

Flags — Three bits used for the fragmentation of packets. The first bit is unused. The second indicatesDF, or don't fragment, meaning that the packet must be discarded instead of fragmented. The thirdindicates MF, or more fragments, indicating that this is not the last fragment

Fragment Offset — A value that indicates which fragment of the original packet this corresponds to.This is used during the reassembly of fragmented datagrams.

Time To Live — Number of hops or links that the packet may be routed over, decremented by eachrouter (used to prevent accidental routing loops)

Protocol — Identifier that indicates the type of transport packet being carried (for example, 1 = ICMP,2= IGMP, 6 = TCP, 17 = UDP)

Header Checksum —1s complement checksum that is inserted by the sender and updated whenever thepacket header is modified by a router. Used to detect errors introduced into the IP header. Packets withan invalid header checksum are discarded by all nodes in an IP network.

Source IP Address — IP address of the original sender of the packet

Destination IP Address — IP address of the final destination of the packet

Options — Not often used. However when the options are used, the IP header length is greater than five32-bit words to indicate the size of the options field.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e




Alcatel-Lucent Scalable IP Networks v2.00 Module 4 | 11 A ll r ig ht s re se rv ed © 2 0 08 A lc at el -L uc en t

IPv4 Address

The unique L3 identifier of computers, routers, and other devicesin an IP network

The 32-bit address is expressed in dotted-decimal format, witheach octet separated by a period

IP address example: 192.168.2.100

Binary equivalent: 11000000101010000000001001100100

Dotted-decimal notation divides the 32-bit IP address into four octets of 8 bits each. These octetsspecify the value of each field as a decimal number. The range of each octet is from 0 to 255.

As stated earlier, the L3 address is unique to the device and, as such, is used to recognize the device onthe Internet. This is analogous to the postal service. For you to receive mail that is meant for you andyour family, you need a unique address. In Canada, the address is a combination of a postal code for aregion, a street name, and a house number. For example, 123 Walden Drive, K2K 2S6 is a unique addressin Canada. Similarly, every device that needs access to the Internet needs a unique L3 address.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





IP Address Components

The first part of an IP address, which is known as the network number or network prefix, identifies thenetwork that a host resides in.

The second part of an IP address, which is known as the host number, identifies a host in the network.This creates a two-level hierarchy, as shown in this slide above.

All hosts in a network share the same network number or prefix. However, the host numbers must beunique to each host. Conversely, hosts with different network prefixes may share the same hostnumber.

The size of the network/host portions vary, as described in the following slides.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





IP Address Classes

To provide some form of flexibility to support the implementation of various network sizes, the IPaddress space was originally divided into classes: Class A, Class B, and Class C. When the IP address wasdeveloped, the concept of classes could not have envisioned the enormous growth of the Internet.Therefore, many of the addressing problems can be traced back to this early classification of the IPaddress space.

This division of addresses is referred to as classful addressing because the address space is split intopredefined sizes. As shown in this slide, each class defines the boundary between the network and host

at a different octet within the 32-bit address.Class A (1 to 126) — A Class A network has an 8-bit network prefix and the highest-order bit isalways set to 0. This allows up to 126 networks to be defined because, 2 of the networks arereserved. The 0.0.0.0 network is reserved for default routes. The 127.0.0.0 network is reservedfor loopback functions.

Class B (128 to 191) — A Class B network has a 16-bit network prefix and the two highest-orderbits are always set to binary 10. Up to 16 384 networks can be defined.

Class C (192 to 223) — A Class C network has a 24-bit network prefix and the three highest-orderbits are always set to binary 110. Up to 2 097 152 networks can be defined.

Class D (224 to 239) — Class D is used for multicast addresses in applications such as OSPF.

Class E (240 to 255) — Class E is reserved.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Unique IP Addressing

Each node that uses the TCP/IP suite has a unique 32-bit logical IPaddress

A router’s function is to join different IP networks. In this slide, each router is connected to two orthree networks through two or three interfaces. Each interface is identified by a unique IP address. Theinterfaces in the same network belong to the same network prefix or network class.

There are five networks in this slide:

Class C networks - 192.168.0.0 and 192.10.0.0

Class B networks - 172.5.0.0 and 172.16.0.0

Class A network - 10.0.0.0

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





IP Global Address Assignments

Global addressing is provided by the IANA

Major organizations of the world have specific addressassignmentsAddress assignments are available in RFC 1466 at:http://www.iana.org/assignments/ipv4-address-space

One of the Alcatel-Lucent IP address assignments is138.120.0.0

The addresses assigned by the IANA are also referred to aspublic addresses

In addition, the IANA reserves some addresses (referred to asprivate addresses) to be used in private networks

Under the current IP addressing scheme (known as IPv4 and eventually to be replaced by IPv6), theaddress space is divided into two types: public address space and private address space. Understandingthe difference is important and useful for a network administrator, especially if your organization isconnected to the Internet. All of the IP addresses (public address space) that are routable by using theInternet are managed by one of three RIRs. Each RIR is responsible for a geographic region.Note: This should not be confused with the InterNIC (http://www.internic.net) and its designatedregistrars, such as Network Solutions, Inc. These organizations handle domain name registration, notaddress registration.The IANA distributes IP addresses to the RIRs.Address space must be requested from IANA, which grants or denies. Alternatively, you can request theaddress space from your ISP. The ISP then allocates the space from its allotted address space or makesthe request on your behalf.This system of requests manages address space and provides a central authority to prevent address-space collisions. When you use a public address, you can send to and receive from all non-broken partsof the Internet. This means that all routers on the Internet can route your IP address to you. Therefore,not all address space is portable.If you own your address space, you can authorize an ISP to route the address space for you. However,there is a chance that when you change providers or locations, it will no longer be possible to route yourIP address to the new location. It is important, therefore, to check before you travel and need to useyour address space.

The IANA has reserved the following three blocks of the IP address space for private Internets (localnetworks):

10.0.0.0 to 10.255.255.255172.16.0.0 to 172.31.255.255192.168.0.0 to 192.168.255.255IP addresses from 169.254.0.0 to 169.254.255.255 are reserved for automatic private IPaddressing. These IP addresses should not be used on the Internet.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





IP Address Hierarchy

Early IP address allocation gave no consideration to hierarchy

Routing tables started growing exponentially as Internetusage increasedHierarchical allocation introduced in the early 1990s, byregion and by service provider

BGPv4 supports address summarization

IPv6 addressing provides vastly improved addressinghierarchy

Important for network and routing scalability

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





IP Global Address Assignments

Address allocation is delegated by IANA to Regional InternetRegistries (RIRs)

ARIN for North America— 96.0.0.0/6— 204.0.0.0/6, 208.0.0.0/7

RIPE NCC for Europe and Middle East— 77.0.0.0/8 through 95.0.0.0/8

APNIC for Asia and Pacific region— 114.0.0.0/8 through 126.0.0.0/8

RIRs allocate address space to service providers

Every attempt possible is made to maintain hierarchy inaddress allocation

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





IPv4 Addressing Types - Unicast Address

A unicast address identifies a single specific device on an IPnetwork

Example: 139.120.200.25

Unicast addresses are the addresses that are used for most data exchanges on the Internet.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





IPv4 Addressing Types - Broadcast Address

Refers to all IP devices in the broadcast domain

A packet sent to all hosts in a broadcast domain (such as Ethernet)is referred to as a broadcast packet. A broadcast IP addresscontains the network number and all 1s for the host address

Example: A packet sent to the IP broadcast address 138.120.255.255 isdelivered to all hosts in the 138.120.0.0 network

A broadcast address is an address that is used to send traffic to all of the hosts in a specific broadcastdomain. Routers with interfaces in the broadcast domain receive the broadcast but do not propagate it.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





IP Subnet Basics Overview

Subnetting

Subnet Masking

Calculating Host Addresses

Extended Network Prefix

Subnet Address Plan

Subnetworks and Routers

Configuring Routers

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Subnetting

Introduces an additional level of hierarchy in addressing

Without subnetting, there are only the network and host portions

With subnetting, there are the network, subnetwork, and hostportions

Host space is now more efficiently used. For example, with onenetwork address, 6 or more subnetworks can be created

There are three main problems with classful addressing.

Lack of Internal Address Flexibility — Big organizations are assigned large, monolithic blocks ofaddresses that do not match the structure of their underlying internal networks.

Inefficient Use of Address Space — The existence of only three block sizes (Classes A, B, and C)leads to waste of limited IP address space.

Proliferation of Router Table Entries — As the Internet grows, more and more entries are

required for routers to handle the routing of IP datagrams, which causes performance problemsfor routers. Attempting to reduce inefficient address space allocation leads to even more routertable entries.

Subnetting resolves the problems associated with classful addressing by adding a layer of hierarchy tothe addressing structure. Instead of being a simple two-level hierarchy that defines the network prefixand host number, the subnet introduces a third level that defines a subnet number.

The third level provides network administrators with the flexibility to manage their current networkaddress in a way that best suits their needs by assigning a distinct subnet number for each of theirinternal networks.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Subnet Mask Defined

Q. How do you identify the subnet portion of a network?

A. Use a subnet mask

A subnet mask is a 32-bit number that accompanies an IP address

The mask indicates the network and the subnet

Boolean logic is performed to differentiate the subnet host

In a subnet, the first and last IP addresses are reserved

The first address identifies the subnetwork

The last address is reserved as a broadcast address for the subnetwork

The subnet mask was created so that it has a one (1) bit for each corresponding bit of the IP addressthat is part of its network ID or subnet ID, and a zero (0) bit for each bit of the IP address thatcorresponds to the host ID. Therefore, the mask informs TCP/IP devices as to which bits in the IPaddress belong to the network ID and subnet ID, and which bits in the IP address are part of the host ID.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Subnet Mask and IP Address

IP Address Example: 192.168.2.132 (Class C or /24 )

What is the network and what is the subnet?

Assuming a subnet mask of 255.255.255.128 (32-bit value). What isthe subnet for this address?

Rewrite the IP address and subnet mask as binary, and applyBoolean logic:

IP address 11000000.10101000.00000010.10000100LOGICAL AND

Subnet mask 11111111.11111111.11111111.10000000equals

Subnetwork 11000000.10101000.00000010.10000000192.168.2.128

Network Class C 192.168.2.0Subnetwork 192.168.2.128Host range 192.168.2.129 to 192.168.2.254

The subnet mask of 255.255.255.128 has been chosen and is applied to the IP address of 192.168.2.132,which is a Class C address. This subnet mask splits the Class C network of 192.168.2.0 into twosubnetworks. Each subnetwork has 126 hosts.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Subnet Mask and IP Address (continued)

IP Address Example: 192.168.2.132 with mask 255.255.255.128 appliedWhat are the network and host ranges?

192.168.2.132

11000000.10101000.00000010.10000100 &255.255.255.128

11111111.11111111.11111111.10000000

192.168.2.128192.168.2.128 (Network)

192.168.2.129 (1 st Host)

192.168.2.130 (2 nd Host)

………….

192.168.2.254 (Last Host)

192.168.2.255 (Broadcast)

11000000.10101000.00000010.1 0000000

25 bits Host bits

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Subnet Example

For a network 192.168.1.0 and subnet mask /27, what are the possiblesubnets and hosts?

What is the difference between 192.168.1.0/24 and 192.168.1.0/27?

Subnet 0 192.168.1.0/27 11000000.10101000.00000001. 000 00000

Subnet 1 192.168.1.32/27 11000000.10101000.00000001. 001 00000

Subnet 2 192.168.1.64/27 11000000.10101000.00000001. 010 00000

Subnet 3 192.168.1.96/27 11000000.10101000.00000001. 011 00000

Subnet 4 192.168.1.128/27 11000000.10101000.00000001. 100 00000

Subnet 5 192.168.1.160/27 11000000.10101000.00000001. 101 00000

Subnet 6 192.168.1.192/27 11000000.10101000.00000001. 110 00000

Subnet 7 192.168.1.224/27 11000000.10101000.00000001. 111 00000

27 bits

The subnet address 192.168.1.0/27 defines the subnet where all the addresses start with the same 27bits. This means that there are 5 bits remaining to define the host addresses for the subnet. These 5 bitscan range from 00000 to 11111 or from 0 to 31. Therefore, the subnet address 192.168.1.0/27 definesthe range of addresses from 192.168.1.0 to 192.168.1.31. The address with all 0s in the host portion isthe subnet address (192.168.1.0). The address with all 1s in the host portion is the broadcast address forthe subnet (192.168.1.31).

The subnet address 192.168.1.0/24 defines the subnet where all the addresses start with the same 24

bits. This means that there are 8 bits remaining to define the host addresses for the subnet. These 8 bitscan range from 00000000 to 11111111 or from 0 to 255. Therefore the subnet address 192.168.1.0/24defines the range of addresses from 192.168.1.0 to 192.168.1.255. The address with all 0s in the hostportion is the subnet address (192.168.1.0). The address with all 1s in the host portion is the broadcastaddress for the subnet (192.168.1.255).

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Subnet Address Plan

1. How many subnets arerequired now?

2. How many subnets willbe required in thefuture?

3. How many hosts are inthe largest subnet?

4. How many hosts will bein the subnet in thefuture?

An addressing plan requires careful planning and consideration for future requirements. The networkadministrator cannot just look at the existing infrastructure in the assignment of addresses but musttake into account the future growth of hosts of all the subnets, and the future growth in the number ofsubnets that will be required.

To create a subnet address plan, the administrator must perform the following steps:

1. Define the number of subnets that are required.In this slide, there is a requirement for nine subnets; 8 or 2^3 subnets would not meet therequirement.

2. To meet the requirement for nine subnets, plan for 16 or 2^4 subnets. This now leaves room forfuture expansion.

3. Ensure that there is enough host space available to meet the requirements of the largest subnet.If the largest subnet requires 35 hosts, a 2^6- or 64-host space must be used. This size also leavesroom for expansion.

4. After the design is completed, ensure that the organization’s allocated IP address space issufficient to meet current and future needs.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Subnet Address Plan - Example

1. Subnet 2, the largest subnet,requires 20 host addresses

2. Network IP address is192.168.1.0/24

The administrator must identify the bits required to provide the six required subnets. Because theaddress is a binary address, the boundaries for the subnets are based on the power of 2.

In this slide, the administrator requires 3 bits of the existing host address to provide the necessarysubnets: 2^3 = 8 available subnets. This gives the subnets an extended prefix of 27 bits. The 4-octetsubnet mask appears as 255.255.255.224. This leaves 5 bits of the last octet for host addresses.

The calculation for usable or assignable host addresses is 2^n – 2, or in this case 2^5 – 2.

Two host addresses must be subtracted from the total because the host address 00000 (all 0s) isreserved for the network address and the host address of 11111 (all 1s) is reserved for the broadcastaddress of the subnet.

The base address is 192.168.1.0/24. With the subnet extended prefix defined, the administrator has thefollowing subnets, with each subnet supporting 30 hosts:

192.168.1.0/27

192.168.1.32/27

192.168.1.64/27

192.168.1.96/27

192.168.1.128/27

192.168.1.160/27

192.168.1.192/27

192.168.1.224/27

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Subnetworks and Routers

How are IP networks associated with routers ?

Routers separate broadcast domains

Every physical and logical interface on the router can belong to anetwork

An IP address in the broadcast domain is assigned to an interface

One interface per sub-network only

(192.168.10.0/30)

192.168.10.1

(172.16.32.0/20)

172.16.32.1

1.1.1.1(1.1.1.1/32)

(1/1/1 ) (1/2/1 )

Loopback

A router interface is a logical entity that is created in order to assign local networks in the router. Therouter interface is commonly referred to as a Layer 3 interface or L3 interface. The interface is alwaysassigned an IP address. The IP address is applied along with the subnet mask.

Although the interface is a logical entity, the interface can be associated with a physical port. This istypically done to physically connect the router to another router, switch, hub, or host. The other devicethat is attached to the router must also be configured with an IP address in the same network as the IPaddress that is assigned to the router interface.

An interface that is not associated with a physical port can be associated with a loopback interface andis logical. The physical and loopback interfaces are considered internal to the router and representnetworks within the router.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





General Router Interface Configuration

To configure a network interface, use the following command

Address must be a host address on the subnet

Context: conf i g>r out er

Syntax: i nt erf ace i p- i nt - nameaddress i p- addr{/mask- l ength | mask} [ broadcast {al l ones | host - ones}]port [ port - i d | ccag- group]

Example: confi g>r out er> i nt erf ace “to- ALA- 2”conf i g>r out er>i f # address 10. 10. 24. 4/24confi g>r out er>i f # port 8/1/1conf i g>r out er>i f # descri pti on “t o port 6/ 1/1 on ALA- 2”

Context: conf i g>r out er

Syntax: i nt erf ace i p- i nt - nameaddress i p-addr{/mask-l ength | mask} [ broadcast {al l ones | host- ones}]port [ port - i d | ccag- group]

Example: conf i g>rout er> i nt erf ace “to-ALA- 2”conf i g>r out er>i f # address 10. 10. 24. 4/24conf i g>rout er>i f # port 8/1/1conf i g>r out er>i f # descri pt i on “t o por t 6/ 1/1 on ALA- 2”

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Adding Interfaces to Routers

A: ASI N# conf i gure r outer i nterf ace systemA: ASI N>conf i g>r out er>i f # address 10. 10. 10. 10/ 32A: ASI N>conf i g>r out er>i f # backA: ASI N>conf i g>router# i nterf ace t oRout erBA: ASI N>conf i g>r out er>i f $ addr ess 192. 168. 10. 18/ 31A: ASI N>conf i g>r out er>i f $ por t 1/ 1/ 1A: ASI N>conf i g>r out er>i f $ backA: ASI N>conf i g>router# i nterf ace t oLANA: ASI N>conf i g>r out er>i f $ address 172. 17. 10. 1/ 24A: ASI N>conf i g>r out er>i f $ por t 1/ 1/ 2A: ASI N>conf i g>r out er>i f $ backA: ASI N>conf i g>router# i nterf ace l oopback1A: ASI N>conf i g>r out er>i f # address 172. 25. 0. 1/ 24A: ASI N>conf i g>r out er>i f # l oopbackA: ASI N>conf i g>router>i f # exi t

A: ASI N# conf i gure router i nt erf ace systemA: ASI N>conf i g>r out er>i f # address 10. 10. 10. 10/ 32A: ASI N>conf i g>r out er>i f # backA: ASIN>conf i g>r out er# i nterf ace t oRout erBA: ASI N>conf i g>r out er>i f $ addr ess 192. 168. 10. 18/ 31A: ASI N>conf i g>r out er>i f $ por t 1/ 1/ 1A: ASI N>conf i g>r out er>i f $ backA: ASIN>conf i g>r out er# i nterf ace t oLANA: ASI N>conf i g>r out er>i f $ address 172. 17. 10. 1/ 24A: ASI N>conf i g>r out er>i f $ por t 1/ 1/ 2A: ASI N>conf i g>r out er>i f $ backA: ASIN>conf i g>r out er# i nterf ace l oopback1A: ASI N>conf i g>r out er>i f # address 172. 25. 0. 1/ 24A: ASI N>conf i g>r out er>i f # l oopbackA: ASIN>conf i g>r out er>i f # exi t

Router A has two physical interfaces: one is connected to the LAN and one is connected to router B.

Router A also has two logical interfaces the system address and the loopback address, both of which areinternal to Router A.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Verifying Added Interfaces

A: ASI N# show rout er i nt erf ace

===============================================================================I nterf ace Tabl e (Rout er: Base)===============================================================================I nt er f a ce- Name Adm Opr ( v 4/ v 6) Mode Por t / SapI d

I P-Address PfxStat e- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -l oopback1 Up Up/ - - Net wor k l oopback

172.25.0. 1/24 n/ asyst em Up Up/ - - Net wor k syst em

10. 10. 10. 10/ 32 n/ at oLAN Up Up/ - - Net wor k 1/ 1/ 2

172.17.10.1/ 24 n/ at oRout er B Up Up/ - - Net wor k 1/ 1/ 1

192. 168. 10. 18/ 31 n/ a- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -I nterf aces : 4===============================================================================

A: ASI N# show r outer i nt erf ace

===============================================================================I nterf ace Tabl e (Rout er: Base)===============================================================================I nt er f a ce- Name Adm Opr ( v 4/ v 6) Mode Por t / SapI d

I P-Address PfxSt ate- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -l oopback1 Up Up/ - - Net wor k l oopbac k

172.25.0. 1/ 24 n/ asyst em Up Up/ - - Net wor k syst em

10. 10. 10. 10/32 n/at oLAN Up Up/ - - Net wor k 1/ 1/ 2

172.17.10.1/ 24 n/ at oRout er B Up Up/ - - Net wor k 1/ 1/ 1

192. 168. 10. 18/ 31 n/ a- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -I nterf aces : 4===============================================================================

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Special Subnet Masks

/31 subnet mask (RFC 3021)No broadcast or network address; only two host addresses

Ideal for point-to-point linksFor example: 192.168.10.18/31, 192.168.10.19/31

/32 subnet maskNo broadcast or network address; only one host address thatrepresents the networkLoopback addresses and system addressFor example: 192.168.10.20/32

/31 subnet mask

Using the example of 192.168.10.18/31 in the classical sense decodes to a subnet mask of255.255.255.254 with a network address of 192.168.10.18 and a broadcast address of192.168.10.19.

Because no addresses are reserved for host spaces, the devices need to be able to handle theaddresses as two host addresses.

/32 subnet mask

There is only one address which is reserved for loopback addresses and the system address.

The system address is a special loopback address that serves as a router ID for routing protocolssuch as OSPF and BGP.

Loopback addresses are internal logical addresses that are not associated with physicalinterfaces.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Loopback and System Address

Loopback address

“virtual” address on the router – does not correspond to anyspecific interfaceMay have any prefix value (/32, /24, /18, etc.)

System address

Special loopback address on the Alcatel-Lucent 7750 SR

Used as an address to the reach the router itself

As a loopback address, system address is not associated withany specific interface

“system” interface is defined by default, but does not havean address assigned to it

Always has a /32 prefix value

The system address is a special loopback address that serves as a router ID for routing protocols such asOSPF and BGP. It is also acts as an address for the router itself. The system address can be reachedthrough any active interface on the router.

Loopback addresses are internal logical addresses that are not associated with physical interfaces. Notethat only the ‘system’ address is a /32 address and that the loopback addresses can be associated withany subnet mask range.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





IP Subnet Applications Overview

Application of IP Subnets

Limited number of hosts

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Application of IP Subnets

For a network of 192.168.10.0/24, generate subnetworks to address eachnetwork

In this scenario, there are fivenetworks (3 broadcast networks and 2point-to-point link networks).Therefore, subnets can be generatedwith a /27 mask as listed in the table 192.168.10.224/27192.168.10.96/27

192.168.10.192/27192.168.10.64/27

192.168.10.160/27192.168.10.32/27

192.168.10.128/27192.168.10.0/27

In this slide, all of the networks have a /27 network mask. This means there are 30 hosts and 2addresses reserved for the network and broadcast networks. Five of these networks can be assigned toeach of the router interfaces. However, the connection between the routers and the connectionbetween the router and the Internet only require two host addresses for their respective interfaces.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Limited Number of Hosts

The following subnetworks have been assigned randomly:

192.168.10.0/27

192.168.10.64/27192.168.10.32/27

192.168.10.96/27

192.168.10.128/27

Each subnet supports 30 hostsThe point-to-point link between the routers requires only two hostaddressesThe broadcast networks attached to the switch may require 60 hosts eachbut are limited to 30 hosts

How is the problem of limited hosts resolved?

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Supporting VLSM

Using subnet masks of different lengths introduces a new set of challenges.

For example, how do the different subnets and their various extended prefixes get advertisedthroughout the network?

This requires the use of more modern routing protocols. The routing protocol used must be able to:

Carry the extended prefixes with each subnet advertised

Make forwarding decisions based on the longest match

Perform summarization to support route aggregationModern routing protocols such as OSPF, IS-IS, and RIPv2 carry the subnet mask in the routing update andtherefore, support VLSM.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





VLSM - Example 1

In this example, the serviceprovider is allocated an IP

address of 172.16.0.0/16The organization requires fivesubnets; each subnet needs atleast 2000 hosts

In a typical Class B network, there is only one network with 65 534 hosts. This network is represented bythe last 16 bits. We need five networks. To obtain the required networks, we can use some of thedefault Class B host bits. Three options are available:

Option 1: Use 2 bits out of 16 for 2^2 = 4 networks and 2^14 = 16 384 hosts.

Option 2: Use 3 bits out of 16 for 2^3 = 8 networks and 2^13 = 8192 hosts.

Option 3: Use 4 bits out of 16 for 2^4 = 16 networks and 2^12 = 4096 hosts.

Option 2 or 3 can be used but, because only five networks are required, option 2 is the best choice.However, if the network is expected to grow with no more than 4000 hosts in any subnet, option 3 maybe a better option because the network has been designed for 16 subnets.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





VLSM - Example 2

The service provider has the IP address 172.16.0.0/16 and a subnet172.16.64.0/19, which must be further subnetted into 6 subnets thatsupport different numbers of hosts

In this slide, subnet 172.16.64.0/19 has been isolated and will be further subdivided to support the sixsubnets that are located in the local campus. The total number of hosts that are supported in the /19network is 8190. This can be further subdivided into more subnetworks, each with a smaller number ofhosts.

If the requirement is to have six unequal subnets, one option is as follows:

172.16.64.0/20 2^12 – 2 = 4094

172.16.80.0/21 2^11 – 2 = 2046172.16.88.0/22 2^10 – 2 = 1022

172.16.92.0/23 2^9 – 2 = 510

172.16.94.0/24 2^8 – 2 = 254

172.16.95.0/24 2^8 – 2 = 254

Note that the sum of all valid hosts is 8180. This is because by dividing further, two addresses arereserved for the subnetwork number and broadcast number. The use of VLSM allows flexibility in thedesign of networks. Not all subnetworks or networks require the same number of hosts.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





IP Subnets using VLSM - Exercise 1

The base network address is 138.120.0.0/16

Divide the address space into the subnets as shown in the figure

In this slide, the administrator is tasked with taking the base network address and subnetting it tosupport three subnets: Subnet 1, Subnet 2, Subnet 3.

Then, the subnet 2 address must be further subdivided to support four subnets: Subnet 2a, Subnet 2b,Subnet 2c, Subnet 2d. The administrator must then define the first, last, and broadcast addresses forthe second sub-subnet.

Subnet 1 network address ______________________

Subnet 2 network address ______________________Subnet 3 network address ______________________

Subnet 2a network address ______________________

Subnet 2b network address ______________________

Subnet 2c network address ______________________

Subnet 2d network address ______________________

Subnet 2b

First host address ___________________

Last host address ___________________

Broadcast address __________________

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Route Aggregation Overview

Classless interdomain routing

Route aggregation

Use cases

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Classless Interdomain Routing

With the rapid expansion of the Internet, IPv4 addresses were quickly becoming depleted and the sizesof routing tables were expanding exponentially. The response to these problems was the developmentand adaptation of Classless Interdomain Routing (CIDR).

CIDR eliminated the concept of address classes and replaced it with the concept of network prefixes.Rather than the first 3 bits defining the network mask, the network prefix now defines the networkmask. This prefix mask is a method of defining the leftmost contiguous bits in the network portion ofthe routing table entry.

By eliminating the concept of address classes, CIDR provided a more efficient allocation of the IPaddress space. In addition, CIDR supports the concept of route aggregation, which allows a single routeentry to represent multiple networks.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Routing Table10.15.24.0/2410.15.25.0/2410.15.26.0/2410.15.27.0/2410.15.28.0/2410.15.29.0/2410.15.30.0/2410.15.31.0/24

1 0. 15.2 4.0/24 0 000 101 0 . 000 011 11 . 00 011 000 . 00 000 00 0

1 0. 15.2 5.0/24 0 000 101 0 . 000 011 11 . 00 011 001 . 00 000 00 0

1 0. 15.2 6.0/24 0 000 101 0 . 000 011 11 . 00 011 010 . 00 000 00 0

1 0. 15.2 7.0/24 0 000 101 0 . 000 011 11 . 00 011 011 . 00 000 00 01 0. 15.2 8.0/24 0 000 101 0 . 000 011 11 . 00 011 100 . 00 000 00 0

1 0. 15.2 9.0/24 0 000 101 0 . 000 011 11 . 00 011 101 . 00 000 00 01 0. 15.3 0.0/24 0 000 101 0 . 000 011 11 . 00 011 110 . 00 000 00 0

1 0. 15.3 1.0/24 0 000 101 0 . 000 011 11 . 00 011 111 . 00 000 00 0

NetworkLine (/24)

CommonLine (/21)

All possible combinationsare contained within thenetwork line and thecommon line

Common bit pattern

Route Aggregation

Routing Table10.15.24.0/21

As was discussed with VLSM in section 4 of this module, address planning is extremely important whensubnets are first deployed. The subnets should be deployed so that they support the concept ofsummarization and so that, when summarization is applied, all subnets can be represented by as fewentries as possible in the routing table.

In this slide, Router A supports eight subnets with a /24 prefix. Rather than advertising all eightsubnets, the administrator decided to implement route summarization. To see what network address oraddresses will be advertised from Router A to Router B, the administrator decided to calculate what the

new network prefix or prefixes should be.To implement route summarization:

Define the octet that will be manipulated by the summarization. In this case, it is the thirdoctet.

Identify the original network prefix (/24).

Look to the left of the prefix line and identify the area where all of the addresses have the samebit pattern. Draw a line down that portion.

Look between these two lines and ensure that all possible bit patterns are contained betweenthe two lines. If this is the case, you can then summarize those bit patterns into (in this slide) a/21 mask.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Route Aggregation - Exercise

For the information on thisslide, what summarizedroute or routes will beadvertised to Router 2 fromRouter 1?

In this slide, the administrator is going to be using route summarization on Router 1.

What route or routes will be advertised to Router 2?

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





CIDR and VLSM

When you first look at CIDR and VLSM, they seem to both provide the same function and they are verysimilar. The difference between the two is how they appear to the Internet.

For both CIDR and VLSM:

The routing protocol must carry network-prefix information with each advertised route.

All routers must support the longest-match forwarding algorithm.

Addresses must be allocated to support route aggregation.

The difference is how the manipulation of the address space appears to the Internet.VLSM address manipulation is performed on the address that is assigned to an organization and isinvisible to the Internet.

CIDR manipulates addresses, and these manipulations are advertised to the Internet.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Use Case 1 - An Enterprise Leases Addressing from ISP

In this slide, an Enterprise in its main location leases its IP addressing from an ISP.

The ISP grants the enterprise ownership to its 100.1.1.0/23 block of addresses and the Enterprisedivides its address block into many ‘/27’ subnetwork blocks.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Use Case 2 - An Enterprise with Many Locations Connected through an ISP

In this slide, the same Enterprise customer exists in three locations that are connected through thesame ISP. The ISP provides all the three locations with Internet access. The ISP dedicates the100.1.0.0/20 block to this enterprise. The ISP then divides the block into /24 blocks, with each /24addressing used by each of the enterprise locations. If only /24 blocks are used, the enterprise can onlyadd 16 (2^4 subnet bits) locations.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Use Case 3 - An Enterprise Dual-homed to Two ISPs

In this slide, the enterprise customer is dual-homed with ISP 1 and ISP 2. The customer needs ISP 1mainly for Internet access.

The Toronto office uses an IP address block of 101.1.0.0/24 to communicate with ISP 2 and uses100.1.0.2/24 to communicate with ISP 1.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





LAB 2.1-2.2 IP Addressing

See the Alcatel-Lucent IP Scalable Networks Lab Guide

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e




Section 6 - IPv4 Forwarding Process

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





IPv4 Forwarding Process

Involves moving IP packets from one interface to anotherinterface

Requires a forwarding table

Forwarding and routing are often used interchangeably, however, there are differences between thetwo terms.

Forwarding refers to the process of moving transit packets from one interface to another interface. Theforwarding process includes accessing the forwarding table, making the forwarding decision, andsending the packet out of an interface.

For a typical router to forward packet, the router must be able to build routing tables by using routingprotocols. The 7750 SR creates a routing table in the CPM card and then loads the routing table into aforwarding table on each IOM card.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





IP Forwarding Table

A:P1# show router fib 1

===============================================================================FIB Display

===============================================================================Prefix Protocol

NextHop-------------------------------------------------------------------------------10.10.10.1/32 LOCAL

10.10.10.1 (system)10.10.10.2/32 OSPF

10.12.0.2 (toP2)10.10.10.3/32 OSPF

10.13.0.2 (toP3)10.12.0.0/24 LOCAL

10.12.0.0 (toP2)10.13.0.0/24 LOCAL

10.13.0.0 (toP3)10.23.0.0/24 OSPF

10.13.0.2 (toP3)10.34.0.0/24 OSPF

10.13.0.2 (toP3)192.168.1.0/24 LOCAL

192.168.1.0 (toPE1)-------------------------------------------------------------------------------Total Entries : 8-------------------------------------------------------------------------------

A:P1# show router fib 1

===============================================================================FIB Display===============================================================================Prefix Protocol

NextHop-------------------------------------------------------------------------------10.10.10.1/32 LOCAL

10.10.10.1 (system)10.10.10.2/32 OSPF

10.12.0.2 (toP2)10.10.10.3/32 OSPF

10.13.0.2 (toP3)10.12.0.0/24 LOCAL

10.12.0.0 (toP2)10.13.0.0/24 LOCAL

10.13.0.0 (toP3)10.23.0.0/24 OSPF

10.13.0.2 (toP3)10.34.0.0/24 OSPF

10.13.0.2 (toP3)192.168.1.0/24 LOCAL

192.168.1.0 (toPE1)-------------------------------------------------------------------------------Total Entries : 8-------------------------------------------------------------------------------

This slide shows the output of the forwarding table on line card 1 of the 7750 SR-7. When a packetenters the router by way of the line card, the packet destination IP address is compared with thecontents in the forwarding table. If there is a match (longest match) with a prefix in the forwardingtable, the packet is switched to the interface shown above as the next hop.

For example, if the incoming packet has a destination IP address of 10.12.0.12, the destination IPaddress matches the prefix 10.12.0.0/24 because 24 bits are compared. The packet will be switched tothe toP2 interface and sent out from the toP2 interface.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Packet Forwarding in Detail

Packet forwarding includes the following key actions:

1. Data link layer frame validation : basic frame length and FCS verification, as well as the framesanity checksWhen a router receives a frame from a LAN, the first step is to read the destination MAC address toensure that the router is the intended recipient of the frame. The next step, assuming that therouter is the intended recipient of the frame, is to check the FCS to see whether there are anyerrors related to the frame. If there are errors, the router discards the frame at this point.

2. Network-layer protocol demultiplexing : determination of the upper protocol that needs to receiveencapsulated dataThis step is performed after the L2 information is removed so that the payload, is handed to thecorrect upper layer.

3. IP packet validation : basic IP header verificationA check is performed to determine whether this is an IP packet. The version and ToS fields areexamined and removed. The TTL field should be greater than 1; if the TTL = 1, the packet isdiscarded because this packets TTL is finished.

4. Forwarding decision : forwarding table lookupCheck the forwarding table. If there is a match between the destination IP address in the packet andone of the prefixes (every entry is checked), the egress interface is chosen.

5. Data link frame construction : packet encapsulationThe IP packet is now encapsulated in the L2 frame that corresponds to the egress interface. If theinterface is Ethernet, new source and destination MAC addresses are added including the type field,and a new FCS is generated. The packet is sent to the physical layer for transport.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e




Section 7 - IP in Home and Small Businesses

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





IP in Home and Small Business - Overview

Use of IP in Home and Small Businesses

Default Gateway

Home Network Evolution

Address Translation

Address Assignment

DHCPA l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Use of IP for Home and Business

Protocol of choice for routing over the Internet

Used extensively in service provider and carrier corenetworksCommonly used in the enterprise space

Gaining popularity in the home network

Has evolved from only Internet access to providing variousservices to the home and business/enterprise

Used to deliver phone, television, and other multimediaservices

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Default Gateway

Access to the Internet or any general network router

H:\>ipconfig

Windows IP ConfigurationEthernet adapter Local Area Connection:

Connection-specific DNS Suffix . : bell.caIP Address. . . . . . . . . . . . : 70.120.132.235Subnet Mask . . . . . . . . . . . : 255.255.248.0Default Gateway . . . . . . . . . : 70.120.128.1

H:\>ipconfig


Connection- specific DNS Suffix . : bell.caIP Address. . . . . . . . . . . . : 70.120.132.235Subnet Mask . . . . . . . . . . . : 255.255.248.0Default Gateway . . . . . . . . . : 70.120.128.1

H:\>ipconfig


Connection-specific DNS Suffix . : bell.caIP Address. . . . . . . . . . . . : 70.120.132.236Subnet Mask . . . . . . . . . . . : 255.255.248.0Default Gateway . . . . . . . . . : 70.120.128.1

H:\>ipconfig


Connection- specific DNS Suffix . : bell.caIP Address. . . . . . . . . . . . : 70.120.132.236Subnet Mask . . . . . . . . . . . : 255.255.248.0Default Gateway . . . . . . . . . : 70.120.128.1

This slide shows a very simple home network.

There are two home PCs that are connected to an L2 switch. The switch is then connected to a router,which is located in the service provider boundary. The demarcation point is the router interfacetowards the L2 hub. The L2 hub is owned by the home user.

In order to communicate to the Internet, each of the PCs need a unique routable IP address. For trafficfrom the PCs to the general Internet, a designated router address is provided, which is the defaultgateway. The IP address is the address of the interface on the ISP router that faces the home network.

Since the home PCs are on the same network, they can communicate with each other without accessingthe Internet.

For the home PC to access the eBay site, the IP packet composed will contain the source address of thePC, and the destination address of eBay (76.67.217.148). The PC does not know where the server foreBay exists and the packet is directed to the default gateway, which knows where to forward thepacket.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Home Network Evolution

Home networks today use IProuting in the home environment

Require a home-based routerand Address Translation

Modern home networks, such as the one shown in this slide, support multiple services. These servicescan be delivered on a one technology by a one provider or by multiple service providers. Home networkshave evolved from a PC that is connected to a modem or a switch to multiple PCs, home televisions,digital phones all connected via one L2 technology to a home router that is managed at the home andnot the service provider. The router on one side connects to the home network and on the other sideconnects to the service provider access devices. In this case, the demarcation point is the modem.

All the services (in this single provider multiple services scenario) are sent to the modem via DSL or

cable.Every device in the home in the scenario requires an IP address in order to connect to the Internet.There are several disadvantages:

It is not financially viable to have a unique public IP routed address. Also, this is not scalable.

For the traffic to be received by each device, the ISP needs to monitor every home device for asingle access point. The ISP is typically not interested in maintaining multiple IP addresses forthe average home user.

The best scalable solution for now is a home-managed router, which assigns private IP addresses to eachof the home devices and has a public IP address that represents the home to the ISP. This is possible byusing Network Address Translation or Port Address Translation.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Network Address Translation

One-to-one addresstranslationDoes not monitortransport layer portnumbers

NAT TablePublic pool: 192.1.1.1 — 192.1.1.254 /24

Internal <> External10.1.1.1 <> 192.1.1.210.1.1.2 <> 192.1.1.310.1.1.3 <> 192.1.1.4

NAT TablePublic pool: 192.1.1.1 — 192.1.1.254 /24

Internal <> External10.1.1.1 <> 192.1.1.210.1.1.2 <> 192.1.1.310.1.1.3 <> 192.1.1.4

NAT is defined in RFCs 2663 and 3022.

It is important to note that the 7750 SR does not currently support Network address translation (NAT) orPort address translation (PAT). This feature is generally found in enterprise routers, and the 7750 SR isnot an enterprise router. The 7750 SR is not generally placed at that level of a network. There arecurrently no plans for the 7750 SR to support NAT or PAT.

However, NAT and PAT generally appear in the network infrastructure, and, therefore, network expertsshould have a generic understanding of their purpose.

NAT and PAT were created to alleviate the stresses of IP address allocation. Working closely with theprivate IP address ranges, NAT and PAT allow for private IP addresses to be translated into public IPaddresses. This translation can be in one of two forms.

The first form of translation is “one-to-one” translation, also known as NAT. One private IP address istranslated to one public IP address. In this form, the transport-layer port numbers are not monitored ormodified. This allows all applications to function normally without any change to the upper layers. Thedisadvantage of this form of translation is that there must be a pool of available IP addresses to supportall the private IP-addressed clients. If all of the IP addresses in the pool are in use and there is a newNAT requirement, it will fail because there is no available IP address in the pool of public IP addresses.

In this example of NAT, the range of public IP addresses is from 192.1.1.2 to 192.1.1.254. Each client

that sends traffic through the router is mapped to one IP address in the pool. If 253 clients are activelysending traffic through the router and if the 254th client tries to send traffic out the router, the requestwill time out because there are no available public IP addresses to use for NAT. Although this limits thenumber of clients that can simultaneously use this NAT router, it does not limit the types ofapplications that each client can use.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Port Address Translation

Many-to-one addresstranslation

Monitors transport layerport numbers

PAT TablePublic pool: 192.1.1.5/32 (Int. 1/1/1)

Internal <> External10.1.1.1:1101 <> 192.1.1.5:220310.1.1.2:1212 <> 192.1.1.5:220410.1.1.3:1212 <> 192.1.1.5:2205

PAT TablePublic pool: 192.1.1.5/32 (Int. 1/1/1)

Internal <> External10.1.1.1:1101 <> 192.1.1.5:220310.1.1.2:1212 <> 192.1.1.5:220410.1.1.3:1212 <> 192.1.1.5:2205

The second form of translation is “many-to-one”, also known as Port address translation (PAT). Onepublic IP address supports multiple private IP addresses simultaneously. To accomplish this, the routermust not only map the IP address of the client device, but the router must also map the port number inuse by the client. As translation occurs, the IP address is changed to one public IP address. To keeptrack of the multiple streams of traffic from client devices, the port numbers are mapped to uniqueport numbers in the database. This port change is transparent to the client. Most modern applicationsdo not have a problem with the change of port. However, some applications (mostly legacy applications)

require specific source and destination port numbers. If the router modifies the source port to a portthat differs from the port that the application expects or requires, the application may not functioncorrectly.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Addressing in a Routed Home Network

The router interface that faces the ISP, which is sometimes referred to as the WAN side, has a public IPaddress of 70.120.122.11/24.

The router interfaces that face the home network are based on the 192.168.10.0/24 subnet and eachdevice, including the router interface, has an IP address from the 192.168.10.0/24 subnet.

The default gateway that is programmed into every IP device for Internet access is the router interfaceaddress that faces the home network, which, in this case, is 192.168.10.254/24.

When any device attempts a TCP/UDP connection to the Internet, the home router handles the addresstranslation by using a port address translation table.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Accessing the Internet

How does the home router/gateway/PC receive a public routed IPaddress from the Service Provider ?

Every home router and PC that needs to connect to the Internet requires a public IP address. These IPaddresses must be requested from the IANA and its regional subsidiaries.

A home user does not request an IP address from the IANA, instead the user requests an IP address froma service provider. The service provider is assigned IP address blocks depending on their size andbusiness requirements. A home address is assigned one IP address or multiple IP addresses depending ontheir service plan.

The home router can also have a static IP address assigned by the service provider.

However in most cases the IP addresses are distributed via a Dynamic means. In the former case the IPaddress is reserved for the particular home and programmed by the home user. In the latter case aprotocol is used by the home router and an IP address is assigned by the service provider depending onthe protocol parameters. The protocol is known as Dynamic Host control Protocol (DHCP).

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





DHCP

DISCOVER

OFFER

REQUEST

ACK

MAC address of homerouter

IP address offered byISP

Formal IP addressrequest

Final confirmation of IPaddress

DHCPDISCOVER— The DHCP client initiates the process by broadcasting a datagram that is destined forUDP port 68 (used by BOOTP and DHCP servers). This first datagram is known as a DHCP discovermessage, which is a request to any DHCP server that receives the datagram for configurationinformation. The DHCP discover datagram contains many fields, but the most field important containsthe MAC address of the DHCP client.

DHCPOFFER— A DHCP server, which is configured to lease addresses for the network that the clientcomputer resides on, constructs a response datagram known as a DHCP offer and sends the datagram via

broadcast to the computer that sent the DHCP discover. This broadcast is sent to UDP port 67 andcontains the MAC address of the DHCP client. The DHCP offer also contains the MAC and IP addresses ofthe DHCP server, and the values for the IP address and subnet mask that are offered to the DHCP client.At this point, the DHCP client can receive several DHCP offers, assuming there are multiple DHCPservers with the capability to offer the DHCP client an IP address. In most cases, the DHCP clientaccepts the first DHCP offer that arrives.

DHCPREQUEST— The client selects an offer, and constructs and broadcasts a DHCP request datagram.The DHCP request datagram contains the IP address of the server that sent the offer and the physicaladdress of the DHCP client. The DHCP request performs two basic tasks. First of all, the request informsthe selected DHCP server that the client requests the server to assign an IP address (and otherconfiguration settings) to the DHCP client. Secondly, the request notifies the other DHCP servers withoutstanding offers that their offers were not accepted.

DHCPACK— When the DHCP server, from which the offer was selected, receives the DHCP requestdatagram, the server constructs the final datagram of the lease process. This datagram is known as aDHCP ACK (short for acknowledgement). The DHCP ACK includes an IP address and subnet mask for theDHCP client. Optionally, the DHCP client is often also configured with IP addresses for the defaultgateway, several DNSs, and possibly one or two WINS. In addition to IP addresses, the DHCP client canreceive other configuration information such as a NetBIOS node type, which can change the order ofNetBIOS name resolution.

(…continued on slide 74)

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





DHCP

DISCOVER

OFFER

REQUEST

ACK

MAC address of homerouter

IP address offered byISP

Formal IP addressrequest

Final confirmation of IPaddress

(….continued from slide 73)

The DHCP servers maintain a list of assigned IP addresses and the term of each lease. Before the leaseexpiration, the client that requested an IP address via DHCP requests an IP address again. The servercan choose to assign a different IP address or the IP address that was previously assigned.

For a home gateway router that does address translation, the home router performs the role of a client

to the service provider. The home router also performs the role of a DHCP server to the home devices.IP-enabled devices at home request IP addresses from the home router, which assigns IP addresses inthe private range.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e




Section 8 - Other Protocols that Support IP Operation

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





ICMP Message Type 8 and Type 0 (Echo Request and Reply)

Host device sends an echo request to the destination device

Destination device sends an echo reply

Echo request and echo reply messages are very frequently used. A host or router sends an ICMP echorequest message to a specified destination. Any device that receives an echo request generates an echoreply and returns the reply to the original sender. The request contains an optional data area, and thereply contains a copy of the data sent in the request. The echo request and reply can, therefore, beused to test whether a destination is reachable. The echo request and reply are sent via IP datagrams.

Assumptions:

The IP software on the source computer must route the datagram.

The intermediate routers between the source and destination must be operating and must routethe datagram correctly.

The destination device must be running, and both the ICMP and IP software must be working.

All routers along the path must have the correct routes.

Ping is the most common way to send an ICMP echo request. The command usually sends a series ofecho request messages and captures the corresponding echo replies. Ping then calculates the data lossstatistics.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





ICMP Message Type 3 (Destination Unreachable)

Normal IP packet flow from Host A to Host B

Destination link is broken

ICMP destination unreachable message is sent to source

Destination link is repaired

The destination unreachable message is used to inform the sending host that the destination addresscannot be reached. For example, if the destination device connects to an Ethernet network, thenetwork hardware does not provide ACKs. Therefore, a router can continue to send packets to adestination even after the destination is powered down without receiving an indication that thedestination is down.

The destination unreachable message contains a code field that provides additional information as towhy the packet was not delivered. For example:

If a router does not have a route to the destination network, the router will return destinationunreachable, code 0 (network unreachable).

If the router connected to the destination network does not receive a reply to its ARP request forthe destination address, the router will send a destination unreachable code 1 (hostunreachable).

If the packet must transit a network where the MTU is less than the IP datagram size and the DFflag (Don’t Fragment) is set in the IP header, the router drops the packet and returns adestination unreachable code 4 (fragmentation required and DF flag set).

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





ARP Overview

Resolves a host/gateway MAC address for a given IP address

Required in a broadcast Ethernet LAN

See RFC 826 and RFC 1122

The Address Resolution Protocol (ARP) is defined in RFC 826. However, RFC 826 contained someambiguities which were clarified in RFC 1122 (Host Network Requirements). Therefore, ARPimplementations need to incorporate both RFC 826 and RFC 1122 in order to work reliably andconsistently with other implementations.

RFC 826 introduced the concept of an ARP as a useful way for devices to locate the Ethernet hardwareaddress of another IP host on the same LAN. All LAN media and many WAN media now use ARP to locatethe hardware addresses of other IP devices on the LAN.

When a device needs to send an IP packet to another device on the LAN, the IP stack software firstchecks whether it knows the hardware address that is associated with the destination IP address. If so,the sender transmits the data to the destination system, using the protocols and addressing appropriatefor the network medium used by the two devices. However, if the destination system's hardware addressis not known, the IP stack software must locate the address before any data can be sent. At this point,IP uses ARP to locate the hardware address of the destination system.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Using ARP with a Router

Host 1 needs to ping Host 7 in a remote network?

1

23

4

5 6

7

7

8

8

In the previous slide, we discussed the use of the ARP in the same subnet. What happens if the distanthost is not in the same subnet, as shown in this slide?

Host 1 needs to send traffic to Host 7, which is in a remote broadcast domain. Host 1 needs to knowwhether Host 7 can be reached. Host 1 tries to ping Host 7. However, in the absence of an ARP entry for172.16.20.2, Host 1 needs to send an ARP request. Because 172.16.20.2 is not in the local broadcastdomain, Host 1 sends an ARP request (1) for its default gateway which is the router interface, asshown in this slide.

Host 1 and Host 3 are programmed with a default gateway address in case they need to connect to hoststhat are outside their local domain. Note that for a local host to contact a remote host, the local hostsends an ARP request to the default gateway.

The router receives the broadcast on its interface in the 192.168.10.0 domain and sends an ARPresponse (2) with its MAC address. Host 1 can now form the IP packet to send to Host 7.

The router uses its forwarding table and forwards the packet out of the second interface. However, therouter does not have an ARP entry for the host 172.16.20.2. Therefore, the router uses its L3 interfaceand MAC address to send the ARP request (3) in this broadcast domain . When Host 7 receives thebroadcast, it responds with a unicast ARP response (4) to the router.

The ARP only works within the scope of a broadcast domain. Therefore, the response is not forwardedby a router. The router, similar to the hosts, maintains an ARP cache listing (5, 6) all of the entries inits broadcast domain.

Host 1 can now send an IP packet (Echo Request) (7) and obtain an Echo Response (8) from Host 7.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





ARP Request Packet

Frame 31 (60 bytes on wire, 60 bytes captured)

Ethernet II, Src: 00:04:80:9f:78:00, Dst: ff:ff:ff:ff:ff:ff

Destination: ff:ff:ff:ff:ff:ffSource: 00:04:80:9f:78:00

Type: ARP (0x0806)

Trailer: 000000000000000000000000000000000000


Hardware type: Ethernet (0x0001)

Protocol type: IP (0x0800)

Hardware size: 6

Protocol size: 4

Opcode: request (0x0001)

Sender MAC address: 00:04:80:9f:78:00

Sender IP address: 138.120.53.253

Target MAC address: 00:00:00_00:00:00

Target IP address: 138.120.53.149


Ethernet II, Src: 00:04:80:9f:78:00, Dst: ff:ff:ff:ff:ff:ff

Destination: ff:ff:ff:ff:ff:ffSource: 00:04:80:9f:78:00

Type: ARP (0x0806)

Trailer: 000000000000000000000000000000000000




Hardware size: 6

Protocol size: 4

Opcode: request (0x0001)

Sender MAC address: 00:04:80:9f:78:00


Target MAC address: 00:00:00_00:00:00


In this slide, a host with IP address 138.120.53.253 is attempting to resolve the MAC address for a hostwith IP address 138.120.53.149. The destination MAC address of the Ethernet II frame is sent to thebroadcast address ff:ff:ff:ff:ff:ff. All devices in the same broadcast domain will receive this frame.Only the host with IP address 138.120.53.149 will reply. The Type for ARP is 0x0806 and indicates whichprotocol is transported in the Ethernet II frame.

ARP Packet

Hardware type - Each L2 protocol is assigned a number that is used in this field; for example,Ethernet is 1.

Protocol type - Each protocol is assigned a number that is used in this field; for example, IP is0x0800.

Hardware size – Size, in bytes, for hardware addressing. Ethernet addresses are 6 bytes.

Protocol size – Size, in bytes, for logical addressing. IPv4 addresses are 4 bytes.

Opcode - Operation that the sender is performing. A value of 1 is for an ARP request and a valueof 2 is for an ARP reply.

Sender MAC address - MAC address of the sender

Sender IP address – The protocol address of sender

Target MAC address - Hardware MAC address of the intended receiver. The MAC address will beall 0’s for a request.

Target IP address - Protocol address of the intended receiver

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





ARP Reply Packet


Ethernet II, Src: 00:11:43:45:61:23, Dst: 00:04:80:9f:78:00

Destination: 00:04:80:9f:78:00Source: 00:11:43:45:61:23

Type: ARP (0x0806)

Address Resolution Protocol (reply)



Hardware size: 6

Protocol size: 4

Opcode: reply (0x0002)

Sender MAC address: 00:11:43:45:61:23


Target MAC address: 00:04:80:9f:78:00



Ethernet II, Src: 00:11:43:45:61:23, Dst: 00:04:80:9f:78:00

Destination: 00:04:80:9f:78:00Source: 00:11:43:45:61:23

Type: ARP (0x0806)

Address Resolution Protocol (reply)



Hardware size: 6

Protocol size: 4

Opcode: reply (0x0002)

Sender MAC address: 00:11:43:45:61:23


Target MAC address: 00:04:80:9f:78:00


In this slide, the packet is the ARP reply in response to the ARP request on the previous slide. TheEthernet frame is a unicast frame and is sent only to the MAC address of the ARP request sender. All ofthe fields in the ARP reply packet have the same meaning as the fields in the ARP request packet. Themain differences in the APR reply packet are: the Opcode (2 is for a request) and the pack contains MACaddresses for the sender and the target. Note that the sender and target addresses have beenswapped.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





IP Filters Overview

IP Filters

Filter Operation

IP Filter Configuration

Components

Configuring an IP Filter

Applying an Filter on an Interface

Show Filter IP Command

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





IP Filters

Filter policies (also known as ACLs) are implemented on the7750 SR

Applied to interfacesCan be applied on inbound traffic, outbound traffic, or both

Default is that a filter is not applied to interfaces

Same filter can be used on multiple interfaces

Filters, also known as access control lists (ACL), are templates that are applied to services or networkports to control network traffic into (ingress) or out of (egress) a SAP or network port based on IP andMAC match criteria. Filters are applied to examine packets that are entering or leaving a SAP or networkinterface. Filters can be used on several interfaces. The same filter can be applied to ingress traffic,egress traffic, or both. Ingress filters affect only inbound traffic that is sent to the routing complex, andegress filters affect only outbound traffic that is sent from the routing complex.

Configuring a service or network port with a filter is optional. If a service or network port is not

configured with filter policies, all traffic is allowed on the ingress and egress interfaces. By default, nofilters are associated with services or interfaces; the filters must be explicitly created and associatedwith the service or interface. When you create a filter, default values are provided although you mustspecify a unique filter ID for each new filter policy, each new filter entry, and the associated actions.The filter entries specify the filter match criteria. Only one ingress filter policy and one egress filterpolicy can be applied to a SAP or network interface. You can modify filter policies and entries.

Network filter policies control the forwarding and dropping of packets based on IP match criteria. TheIP match criteria are not applied to non-IP packets. Therefore, the default action in the filter policyapplies to the non-IP packets.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Filter Operation

(…continued from slide 89)

Match criteria to drop or forward IP traffic include:

Source IP address and mask — The values can be entered as search criteria. Address ranges areconfigured by specifying network prefix values. The prefix mask length is expressed as an integer(range 0 to 32).

Destination IP address and mask — The values can be entered as search criteria. Address ranges

are configured by specifying network prefix values. The prefix length is expressed as an integer(range 0 to 32).

Protocol — The protocol (for example, TCP, UDP) allows the filter to search for the specifiedprotocol.

Source port/range — The source port number or range allows the filter to search for thematching TCP or UDP port and range values.

Destination port/range —The destination port number or range allows the filter to search for thematching TCP or UDP values.

DSCP marking — A DSCP marking allows the filter to search for the specified DSCP.

ICMP code — An ICMP code allows the filter to search for the matching ICMP code in the ICMPheader.

ICMP type — An ICMP type allows the filter to search for the matching ICMP type in the ICMPheader.

Fragmentation — When fragmentation matching is enabled, a match occurs when packets are setto the more fragment bit set or the fragment offset field of the IP header is set to a non-zerovalue.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





IP Filter Configuration

Filter implementation considerations:

Creating a filter policy is optional.

A filter must be explicitly associated with a service for the packets to be matched.

Each filter policy must consist of at least one filter entry. Each entry represents a collection offilter match criteria. When packets enter the ingress or egress ports, packets are compared tothe criteria that are specified in the entry or entries.

When you configure a large (complex) filter, it may take a few seconds to load the filter policyconfiguration and for configuration to be implemented.

The action keyword must be entered for the entry to be active. A filter entry without the actionkeyword is considered incomplete and is inactive.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Components

Major components of a filter policy

Filter IDDescriptionEntryScopeDefault action

Entry IDDescriptionActionPacket-matching criteria

Filter ID

Filter ID (mandatory) — The value that identifies the filter

Description (optional) — A brief overview of the filter features

Scope (mandatory) — A filter policy must be defined with an exclusive scope for one-time use, ora template scope, which enables the policy to use with multiple SAPs and interfaces.

Default action (mandatory) — The action to be applied to packets when no action is specified in

the IP or MAC filter entries, or when the packets do not match the specified criteriaEntry ID (one or more) represents a collection of filter match criteria. Packet matching starts thecomparison process with the criteria specified in the lowest entry ID. Entries identify attributes thatdefine matching conditions and actions. All of the criteria in the entry must match the specified actionto be performed. Each entry consists of the following components:

Entry ID (mandatory) — The value determines the order of the entry IDs in a specific filter ID, inwhich the matching criteria specified in the collection are compared. Packets are compared toentry IDs in ascending order.

• Description (optional) — A brief overview of the entry ID criteria.

• Action (mandatory) — An action parameter must be specified for the entry to be active. Afilter entry without a specified action parameter is inactive.

• Packet-matching criteria — You can enter and choose criteria to create a specific templatethrough which packets are compared, and forwarded or dropped, depending on thespecified action.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Configuring a Descriptor for an IP Filter

To create a context for an IP filter policy, use the followingcommand

Context: conf i g>f i l t e r

Syntax: [ no ] ip-filter filter-id [ create ]

Example: conf i g>f i l t e r# ip-filter 12 create

Context: conf i g>f i l t e r

Syntax: [ no ] ip-filter filter-id [ create ]

Example: conf i g>f i l t e r# ip-filter 12 create

ip-filter

Syntax [no] ip-filter filter-id [create]

Context config>filter

Description

This command creates a configuration context for an IP filter policy. An IP filter policy specifies aforward or drop action for packets, based on the specified match criteria. An IP filter policy (also called

an ACL), is a template that can be applied to multiple services or multiple network ports when thescope of the policy is template. Changes to the existing policy, using the subcommands, are appliedimmediately to all services to which this policy applies. Therefore, when many changes to an IP filterpolicy are required, we recommend that you copy the policy to a work area. You can modify the work-in-progress policy and then replace the original filter policy with the revised policy. Use the config filtercopy command to maintain policies.

The no form of the command is used to delete the IP filter policy. A filter policy cannot be deleted untilthe policy is removed from all SAPs or network ports to which the policy is applied.

Parameters

filter-id — IP filter policy ID number

Values — 1 to 65 535

createThe create keyword is required when the configuration context is first created. After the context iscreated, you can navigate to the context without using the create keyword.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Creating a Description for an IP Filter

To name an IP filter, use the following command

Context: c onf i g>f i l t er >i p- f i l t e r

Syntax: description string

Example: c onf i g>f i l t er >i p- f i l t e r # description test-filter-list

Context: c onf i g>f i l t e r >i p- f i l t e r

Syntax: description string

Example: c onf i g>f i l t e r >i p- f i l t e r # description test-filter-list

description

Syntax [no] description string

Context

config>filter>ip-filter ip-filter-id

config>filter>ip-filter ip-filter-id>entry entry-id

config>filter>log log-id

config>filter>mac-filter mac-filter-id

config>filter>mac-filter mac-filter-id>entry entry-id

config>filter>redirect-policy

config>filter>redirect-policy>destination

Description

This command creates a text description that is stored in the configuration file for a configurationcontext. The description command associates a text string with a configuration context to identify thecontext in the configuration file. The no form of the command removes the description string from thecontext.

Default — No description is associated with the configuration context.

Parametersstring — The description character string is up to 80 printable, 7-bit ASCII characters andexcluding double quotation marks. If the string contains spaces, use double quotation marks todelimit the start and end of the string.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Configuring the Default Action

To define the default action when none of the entries

matches, use the following command


Syntax: default-action { drop | forward }

Example: c onf i g>f i l t er >i p- f i l t e r # default-action drop


Syntax: default-action {drop | forward }

Example: c onf i g>f i l t e r >i p- f i l t e r # default-action drop

default-action

Syntax default-action {drop | forward}

Context



Description

This command specifies the action to be performed when the packets do not match the specifiedcriteria in all of the entries of the IP filter. When multiple default-action commands are entered, thelast command overwrites the previous command.

Default drop

Parameters

drop — All packets will be dropped unless there is a specific filter entry that causes the packetto be forwarded.

forward — All packets will be forwarded unless there is a specific filter entry that causes thepacket to be dropped.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Defining an Entry in an IP Filter

To create an entry ID, use the following command


Syntax: [no] entry entry-id [ create ]

Example: c onf i g>f i l t er >i p- f i l t e r # entry 12 create


Syntax: [no] entry entry-id [ create ]

Example: c onf i g>f i l t e r >i p- f i l t e r # entry 12 create

entry

Syntax [no] entry entry-id [create]

Context



Description

This command allows you to create or modify an IP or MAC filter entry. Multiple entries can be createdusing unique entry ID numbers in the filter. The Alcatel-Lucent 7750 SR implementation exits the filterat the first match and perofrms the action according to the accompanying action command. For thisreason, entries must be sequenced correctly from most explicit to least explicit. An entry may not haveany match criteria (in which case, everything matches) but must have at least the action keyword forthe entry to be considered complete. Entries without the action keyword are rendered inactive. The noform of the command removes the specified entry from the IP or MAC filter.

Default — None

Parameters

entry-id — A unique identifier for the match criterion and the corresponding action. Werecommend that you specify multiple entries for entry IDs in staggered increments. This allows

users to add an entry to a policy without renumbering existing entries.Values — 1 to 65 535

create — This keyword is required when the configuration context is first created. After the context iscreated, you can navigate to the context without using the create keyword.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Configuring Match Criteria

To define a matching criterion, use the following command

Context: conf i g>f i l t e r>i p- f i l t e r>ent r y

Syntax: [no] match [ protocol protocol-id ]

Example: conf i g>f i l ter>i p- f i l ter>ent ry# match src-ip 10.1.1.1/32

conf i g>f i l ter>i p- f i l ter>ent ry# match protocol tcp

conf i g>f i l ter>i p- f i l ter>ent ry# match src-port gt 1023


Syntax: [no] match [ protocol protocol-id ]

Example: conf i g>f i l ter>i p- f i l t er>entr y# match src-ip 10.1.1.1/32

conf i g>f i l ter>i p- f i l t er>entr y# match protocol tcp

conf i g>f i l ter>i p- f i l t er>entr y# match src-port gt 1023

When multiple criteria are specified in an entry, allmust be met (AND condition)

match

Syntax [no] match [protocol protocol-id]

Context config>filter>ip-filter ip-filter-id>entry entry-id

Description

This command provides the context to enter match criteria for the filter entry. When the match criteriaare met, the action associated with the match criteria is performed. If more than one match criterion in

a match statement is configured using the AND function, all criteria must be met before the action thatis associated with the match is performed. A match context may consist of multiple match criteria, butmultiple match statements cannot be entered for an entry. The no form of the command removes thematch criteria for the entry ID.

Parameters

protocol — The protocol keyword configures an IP to be used as an IP filter match criterion. Theprotocol type, such as TCP or UDP, is identified by its protocol number.

protocol-id — The decimal value that represents the IP to be used as an IP filter match criterion.Protocol numbers include ICMP (1), TCP (6), and UDP (17). The no form of the command removesthe protocol from the match criterion.

Values — 1 to 255 (expressed in decimal, hexadecimal, or binary notation). Keywords are: none, crtp,crudp, egp, eigrp, encap, ether-ip, gre, icmp, idrp, igmp, igp, ip, ipv6, ipv6-frag, ipv6-icmp, ipv6-no-nxt, ipv6-opts, ipv6-route, isis, iso-ip, l2tp, ospf-igp, pnni, ptp, rdp, rsvp, stp, tcp, udp, and vrrp.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Configuring the Action to be Performed

To define the action to be performed, use the followingcommand


Syntax: [no] action [ drop | { forward [ next-hop

{ ip-address | indirect ip-address | interface ip-int-name |redirect-policy policy-name }]}]

Example: conf i g>f i l ter>i p- f i l t er>ent ry# action drop


Syntax: [no] action [ drop | { forward [ next-hop

{ ip-address | indirect ip-address | interface ip-int-name |redirect-policy policy-name }]}]

Example: conf i g>f i l t er>i p- f i l ter>entr y# action drop

action

Syntax [no] action [drop | {forward [next-hop {ip-address | indirect ip-address | interface ip-int-name |redirect-policy policy-name}]}]

Context config>filter>ip-filter ip-filter-id>entry entry-id

Description

This command allows you to create or modify the drop or forward action that is associated with the

match criteria. The action keyword must be entered for the entry to be active.Default — No action is specified, therefore, the entry is inactive.

Parameters

[drop | forward] — If neither drop nor forward is specified, the filter action is No-Op, and thefilter entry is inactive.

drop — Packets that match the entry criteria will be dropped

forward — Packets that match the entry criteria will be forwarded

Default No-Op — Filter entry is inactive.

Values

next-hop ip-addr — IP address of the direct next hop to which to forward matching packets, in

dotted-decimal notationinterface ip-int-name — Name of the egress IP interface from which matching packets will beforwarded. This parameter is only valid for unnumbered point-to-point interfaces.

redirect policy-name — Redirect policy configured in the config>filter>redirect-policy context

indirect ip-addr — IP address of the indirect next hop to which to forward matching packets, indotted-decimal notation. The direct next-hop IP address and egress IP interface are determinedby a routing table lookup.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Applying a Filter on an Interface

To apply a filter on the egress or ingress of an interface, usethe following command

Context: conf i g>r out er>i f >i ngr essconf i g>r out er>i f >egr ess

Syntax: [no] filter ip ip-filter-name

Example 1: conf i g>r out er>i f >i ngr ess> filter ip 1

Example 2: conf i g>r out er>i f >egr ess> filter ip 2

Context: conf i g>r out er>i f >i ngr essconf i g>r out er>i f >egr ess

Syntax: [no] filter ip ip-filter-name

Example 1: conf i g>r out er>i f >i ngress> filter ip 1

Example 2: conf i g>r out er>i f >egr ess> filter ip 2

egress | ingress

Context config>router>interface ip-int-name [egress | ingress]

filter

Syntax [no] filter ip ip-filter-name

Context

config>router>interface ip-int-name>ingress

config>router>interface ip-int-name>egress

Description

This command allows access to the context to configure egress and ingress network filter policies forthe IP interface. If an egress or ingress filter is not defined, filtering is not performed in thecorresponding direction on the interface.

This command also associates an IP filter policy with an IP interface. Filter policies control packetforwarding and dropping based on IP match criteria. The ip-filter-name must be configured before thefilter command is performed. If the filter ID does not exist, an error is generated. Only one filter ID canbe specified. The no form of the command removes the filter policy association with the IP interface.

Default — No filter is specified.

Parameters

ip-filter-name — The filter name acts as the ID of the IP filter policy, expressed as a decimalinteger. The allowed value is an integer, from 1 to 65 535, that corresponds to a previouslycreated IP filter policy. The filter policy must already exist in the created IP filters.

Values — 1 to 65 535

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





IP Filter Configuration Example

ALC- A# configure filter

ALC- A>conf i g>f i l t er# ip-filter 1 create

ALC- A>conf i g>f i l t er>i p- f i l t er$ description new-filter

ALC- A>conf i g>f i l t er>i p- f i l t er$ default-action drop

ALC- A>conf i g>f i l t er>i p- f i l t er$ entry 1 create

ALC- A>conf i g>f i l t er >i p- f i l t er>ent ry$ match src-ip 1.2.3.0/24

ALC- A>conf i g>f i l t er >i p- f i l t er>ent ry$ match protocol tcp

ALC- A>conf i g>f i l t er>i p-f i l t er>ent r y>match$ src-port range 666 999

ALC- A>conf i g>f i l t er>i p-f i l t er>ent r y>match$ exit

ALC- A>conf i g>f i l t er >i p- f i l t er>ent ry# action forward

ALC- A>conf i g>f i l t er >i p- f i l t er>ent ry# ^z

ALC- A# configure router interface to-ALC-B

ALC- A>conf i g>r out er>i f # ingress

ALC- A>conf i g>r out er>i f >i ngr ess# filter ip 1

ALC- A>conf i g>r out er>i f >i ngr ess#

ALC- A# configure filter

ALC- A>conf i g>f i l t er# ip-filter 1 create

ALC- A>conf i g>f i l ter>i p- f i l ter$ description new-filterALC- A>conf i g>f i l ter>i p- f i l ter$ default-action drop

ALC- A>conf i g>f i l ter>i p- f i l ter$ entry 1 create

ALC- A>conf i g>f i l t er>i p- f i l t er>ent ry$ match src-ip 1.2.3.0/24

ALC- A>conf i g>f i l t er>i p- f i l t er>ent ry$ match protocol tcp

ALC- A>conf i g>f i l t er>i p- f i l t er>ent r y>match$ src-port range 666 999

ALC- A>conf i g>f i l t er>i p- f i l t er>ent r y>match$ exit

ALC- A>conf i g>f i l t er>i p- f i l t er>ent ry# action forward

ALC- A>conf i g>f i l t er>i p- f i l t er>ent ry# ^z

ALC- A# configure router interface to-ALC-B

ALC- A>conf i g>r out er>i f # ingress

ALC- A>conf i g>r out er>i f >i ngr ess# filter ip 1

ALC- A>conf i g>r out er>i f >i ngr ess#

In this slide, IP filter 1 was created. In the filter, the default action is to drop IP packets that do notmeet the explicit match settings.

In the match settings, the filter checks for all traffic sourced from IP subnet 1.2.3.0 that uses TCP atthe transport layer and uses application ports 666 to 999. If these criteria are met, the packet isforwarded.

After the filter is created, the filter must be associated with the ingress or egress of an interface. In thisslide, the filter is applied to the ingress.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





IP Filter Configuration Example - Denying a Subnet

RTR- B# configure filter

RTR- B>conf i g>f i l t er# ip-filter 1 createRTR- B>conf i g>f i l ter>i p- f i l ter$ default-action forward

RTR- B>conf i g>f i l ter>i p- f i l ter$ entry 1 createRTR- B>conf i g>f i l t er>i p-f i l t er>ent ry$ match src-ip 1.2.3.0/24

RTR- B>conf i g>f i l t er>i p-f i l t er>ent ry# action drop

RTR- B# configure router interface toRTR-CRTR- B>conf i g>r outer >i f # ingress

RTR- B>conf i g>r outer >i f >i ngress# f il ter ip 1

RTR- B# configure filterRTR- B>conf i g>f i l t er# ip-filter 1 create

RTR- B>conf i g>f i l ter>i p- f i l ter$ default-action forward RTR- B>conf i g>f i l ter>i p- f i l ter$ entry 1 create

RTR- B>conf i g>f i l t er>i p-f i l t er>ent ry$ match src-ip 1.2.3.0/24RTR- B>conf i g>f i l t er>i p-f i l t er>ent ry# action drop

RTR- B# configure router interface toRTR-C

RTR- B>conf i g>r outer >i f # ingressRTR- B>conf i g>r outer >i f >i ngr ess# f il ter ip 1

In this slide, RTR-B is configured to stop traffic from network 1.2.3.0/24 from entering the router oninterface toRTR-C. This filter blocks all traffic received from that network from passing through to anyother network in the topology.

All other traffic received on the toRTR-C interface is allowed to enter, which is the default action.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





IP Filter Configuration Example - Allowing a Client


RTR- B>conf i g>f i l t er# ip-filter 1 create

RTR-B>conf i g>f i l ter>i p- f i l ter$ default-action drop

RTR-B>conf i g>f i l ter>i p- f i l ter$ entry 1 create

RTR- B>conf i g>f i l t er>i p- f i l t er>ent ry$ match src-ip 1.2.3.4/32

RTR- B>conf i g>f i l t er>i p- f i l t er>ent ry# action forward

RTR- B# configure router interface toRTR-A

RTR- B>conf i g>r outer >i f # egressRTR- B>conf i g>r outer >i f >egress # f il ter ip 1


RTR- B>conf i g>f i l ter>i p- f i l ter$ default-action drop

RTR- B>conf i g>f i l ter>i p- f i l ter$ entry 1 create

RTR- B>conf i g>f i l t er>i p-f i l t er>ent ry$ match src-ip 1.2.3.4/32

RTR- B>conf i g>f i l t er>i p-f i l t er>ent ry# action forward

RTR- B# configure router interface toRTR-A

RTR- B>conf i g>r outer >i f # egress

RTR- B>conf i g>r outer >i f >egress# f il ter ip 1

In this slide, the filter has been modified to allow only traffic from host 1.2.3.4 to reach RTR-A, byapplying the filter on the egress direction of RTR-B’s interface toRTR-A. All other traffic received fromRTR-C will be dropped if the traffic trying to access RTR-A. However, traffic from RTR-C to OtherNetworks will be accepted.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





IP Configuration Example - Allowing Access to a Server


RTR- B>conf i g>f i l t er# ip-filter 1 createRTR- B>conf i g>f i l ter>i p- f i l ter$ default-action drop

RTR- B>conf i g>f i l ter>i p- f i l ter$ entry 1 createRTR- B>conf i g>f i l t er>i p-f i l t er>ent ry$ match dst-ip 172.2.3.4/32

RTR- B>conf i g>f i l t er>i p-f i l t er>ent ry# action forward

RTR- B# configure router interface to-Other-NetworksRTR- B>conf i g>r outer >i f # ingress

RTR- B>conf i g>r outer >i f >i ngress# f il ter ip 1


RTR- B>conf i g>f i l ter>i p- f i l ter$ default-action dropRTR- B>conf i g>f i l ter>i p- f i l ter$ entry 1 create

RTR- B>conf i g>f i l t er>i p-f i l t er>ent ry$ match dst-ip 172.2.3.4/32RTR- B>conf i g>f i l t er>i p-f i l t er>ent ry# action forward

RTR- B# configure router interface to-Other-Networks

RTR- B>conf i g>r outer >i f # ingressRTR- B>conf i g>r outer >i f >i ngr ess# f il ter ip 1

In this slide, traffic from Other Networks can only be sent to server 172.2.3.4. Traffic from OtherNetworks to any other address is dropped.

However, traffic from subnet 172.2.5.0/24 behind RTR-A can reach any client/server on subnet172.2.3.0/24 behind RTR-C.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Show Filter IP Command

To examine an IP filter, use the following command

Context: show>f i l t er

Syntax: ip {i p -filter-id [ entry entry-id ] [ association | counters ] }

Example: show filter ip 1

Context: show>f i l t er

Syntax: ip {i p -filter-id [ entry entry-id ] [ association | counters ] }

Example: show filter ip 1

ip

Syntax ip {mac-filter-id [entry entry-id] [association | counters]}

Context show>filter

Description

This command displays IP filter information.

Parameters

ip-filter-id — Detailed information about the specified filter ID and its filter entries

• Values — 1 to 65 535

entry entry-id — Information about the specified filter entry ID of the specified filter ID only

• Values — 1 to 9999

association — Appends information about where the filter policy ID is applied to the detailedfilter policy ID output

counters — Counter information for the specified filter ID

Output No Parameters Specified — When no parameters are specified, a brief list of IP filters isproduced. The following slide provides an example and describes the output for the command.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Show Filter IP Example

ALA-1# show filter ip 1

===============================================================================

IP Filter

===============================================================================

Filter Id : 1 Applied : YesScope : Template Def. Action : Drop

Entries : 1

Description : new-filter

-------------------------------------------------------------------------------

Filter Match Criteria : IP

-------------------------------------------------------------------------------

Entry : 1

Log Id : n/a

Src. IP : 1.2.3.0/24 Src. Port : 666..999

Dest. IP : 0.0.0.0/0 Dest. Port : None

Protocol : 6 Dscp : Undefined

ICMP Type : Undefined ICMP Code : Undefined

Fragment : Off Option-present : Off

Sampling : Off Int. Sampling : On

IP-Option : 0/0 Multiple Option : Off

TCP-syn : Off TCP-ack : Off

Match action : Forwarded

Ing. Matches : 0 Egr. Matches : 0

===============================================================================

ALA-1# show filter ip 1

===============================================================================

IP Filter

===============================================================================

Filter Id : 1 Applied : Yes

Scope : Template Def. Action : Drop

Entries : 1

Description : new-filter

-------------------------------------------------------------------------------

Filter Match Criteria : IP

-------------------------------------------------------------------------------

Entry : 1

Log Id : n/a

Src. IP : 1.2.3.0/24 Src. Port : 666..999

Dest. IP : 0.0.0.0/0 Dest. Port : None

Protocol : 6 Dscp : Undefined

ICMP Type : Undefined ICMP Code : Undefined

Fragment : Off Option-pres ent : Off

Sampling : Off Int. Sampling : On

IP-Option : 0/0 Multiple Option : Off

TCP-syn : Off TCP-ack : Off

Match action : Forwarded

Ing. Matches : 0 Egr. Matches : 0

===============================================================================

In this slide, IP filter 1 was created. In the filter, the default action is to drop IP packets that do notmeet the explicit match settings.

In the match settings, the filter checks all traffic sourced from IP subnet 1.2.3.0 that uses TCP at thetransport layer and uses application ports 666 to 999. If these criteria are met, the packet is forwarded.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Learning Assessment

Describe Layer 3 and IP servicesDescribe the basics of IP addressing including its components,

classes, how they are managed and allocated, and the purpose andtypes of addressesState the purpose, components, and operation of the IP subnetaddressDevelop an IP address plan using IP subnetting and addressingsummarizationRecognize and define the fields in the IP headerDescribe other protocols that support IP operationDescribe the IP address forwarding processDescribe the 7750 SR IP filter operation, components,configuration, and application

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e






A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e




Module 5 — IP Routing Protocol Basics

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Module Overview

Concepts and Purpose of IP Routing

Static Routes

Dynamic Routing Protocol Concepts

OSPF Routing Protocol

Introduction to Border Gateway ProtocolA l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e



IP Routing Protocol Basics

Section 1 — Concepts and Purpose of IP Routing

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Concepts and Purpose of IP Routing Overview

IP Routing Concepts

Routing Protocols

The Routing Table

Building the Routing Table and its Components

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





IP Routing Concepts

What is IP routing?

Determines a path to send packets from a source to a

destination along a set of routersEach router forwards the packet from one interface toanother interface

What is a routing protocol?

• Provides the mechanism to maintain routing tables forrouters

• Allows routers to share route information used to build andmaintain routing tables

IP routing

IP routing is the set of tasks involved in sending a packet from the source to the destination across anIP network. The packet enters the IP network via a router and is sent to another router in thenetwork and so on until the packet reaches the destination. The routers in the network use theirrouting tables to determine how to forward the packet.

Routing tablesThe routing tables are built manually by the network administrator or by protocols that run on everyrouter.

The routing table maintains a list of IP networks and the physical interfaces on the router to reachthese networks. Using the routing table, an IP packet is routed to its destination.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





IP Routing Example

IP-C

-

-

NH HopsTypeNetwork

0Direct3.3.3.0/24

Remote

Direct

22.2.2.0/24

01.1.1.0/24

IP-B

-

-

NH HopsTypeNetwork

0Direct3.3.3.0/24

Remote

Direct

21.1.1.0/24

02.2.2.0/24

Assuming that the routing tables exist on the routers in this slide, the basic flow of a packet of datathrough a network can be described as follows:

Device A (1.1.1.2) needs to send data to server D (2.2.2.2). Because device A is not located onthe same segment as device D, device A must use the default gateway (1.1.1.1) for thesegment. Device A uses ARP for the 1.1.1.1 address to learn the MAC address of the gateway.The router responds with the MAC B address. Device A can now encapsulate the data, asshown in the top block diagram of this slide. Note that the source and destination IP addressesidentify the overall source and destination devices; the frame source and destinationaddresses identify the path across one Ethernet segment.

When the frame arrives at router B, the router removes the L2 header and trailer, examinesthe IP header, checks the routing table for an entry that matches the destination IP address inthe IP packet, and determines that the data needs to be sent to router C. To send the data,router B encapsulates the data in a POS/PPP frame and forwards the data.

Router C removes the IP datagram from the PPP frame and checks its routing table. Becausethe destination IP network is directly connected to its Ethernet port, router C checks its ARPcache to find the destination MAC address. When the destination L2 MAC address isdetermined, router C creates the frame of data and forwards the data to server D.

Note that the IP addressing did not change throughout the movement of the data. However, the L2framing changed over each segment that the packet traversed. The IP address identifies a devicewithin the entire network topology; the L2 address identifies a device on that segment only.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





7750 SR Sample Routing Table

A: PE1# show rout er r oute- table

===============================================================================Rout e Tabl e ( Rout er: Base)===============================================================================

Dest Pref i x Type Prot o Age Pref Next Hop[ I nter f ace Name] Metr i c- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -10. 1. 2. 0/ 24 Local Local 03d23h08m 0

t o-p2r1 010. 1. 3. 0/ 24 Local Local 03d23h08m 0

t o-p3r1 010.1.4.0/24 Local Local 04d00h34m 0

to-p4r1 010.2.3.0/24 Remote OSPF 00h41m00s 10

10.1.2.21 200010. 2. 4. 0/ 24 Remot e OSPF 00h41m00s 10

10. 1. 2. 21 200010. 3. 4. 0/ 24 Remot e OSPF 04d00h16m 10

10. 1. 3. 31 200010. 10. 10. 11/ 32 Local Local 06d18h33m 0

system 010. 10. 10. 21/ 32 Remot e OSPF 00h41m04s 10

10. 1. 2. 21 1000- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -No. of Rout es: 8===============================================================================

A: PE1# show router route- t abl e

===============================================================================Rout e Tabl e ( Rout er: Base)===============================================================================Dest Pref i x Type Prot o Age Pref

Next Hop[ I nter f ace Name] Metr i c- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -10. 1. 2. 0/ 24 Local Local 03d23h08m 0

t o-p2r1 010. 1. 3. 0/ 24 Local Local 03d23h08m 0

t o-p3r1 010.1.4.0/24 Local Local 04d00h34m 0

to-p4r1 010.2.3.0/24 Remote OSPF 00h41m00s 10

10.1.2.21 200010. 2. 4. 0/ 24 Remot e OSPF 00h41m00s 10

10. 1. 2. 21 200010. 3. 4. 0/ 24 Remot e OSPF 04d00h16m 10

10. 1. 3. 31 200010. 10. 10. 11/ 32 Local Local 06d18h33m 0


10. 1. 2. 21 1000- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -No. of Rout es: 8===============================================================================

This slide displays the output from a 7750 SR routing table.

Major components of the routing table

Dest Prefix - The network that has been advertised to this router. The terms prefix and network areused interchangeably.

Type – The type of interface. Indicates whether the destination prefix belongs to a locally attachednetwork or to a remote network.

Protocol - If the destination network is not directly attached to the router, the routing protocol thatwas used to advertise the destination prefix to this router is displayed. The protocols can be, forexample, RIP, OSPF, BGP, and static.

Age - How long this entry has been in the routing table.

Preference - A unit of measurement that indicates the preference of one routing protocol overanother routing protocol.

Next Hop - The IP address of the neighbor that advertised the destination prefix to the router.

Metric - The numerical value used by a routing protocol to calculate the best route to a destination.Depending on the routing protocol, the metric is usually a hop count or a cost that is assigned to anetwork link.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Building the Routing Table and its Components

How many networks is router 1 connected to?

All routing protocols serve the same purpose: to find paths through a network and store the paths ina routing table. The paths are also called routes, or more specifically, IP routes. The routes areadvertised to neighbors.

Each router in a network needs to populate its routing table so that it can forward IP data packets.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Routing Protocol Basics – Building the RIB on R1

1. R1 records all of the directly connected networks including itssystem address, which is an internal loopback address

2. R2 advertises its direct networks to R1

3. R3 advertises its direct networks to R1

This slide describes a routing protocol operation that is based on a distance vector protocol. Distancevector protocols will be discussed in detail later.

When routers 2 and 3 are turned up, they both send information about their local networks to theirneighbors. In this case, R1 receives routing updates from both R2 and R3 about their directlyconnected networks.

A routing update is a type of network advertisement made by one router to another router. This ispart of the routing protocol that runs between the routers in order to exchange the updates. Atypical routing update consists of the following components:

a network address with a network mask (also known together as a network prefix)

a metric associated with the prefix

the IP address of the next hop to reach this network prefix

R1 uses this information, including its locally discovered networks, and builds a routing informationbase (RIB). The RIB is protocol dependent.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e




Alcatel-Lucent Scalable IP Networks v2.00 Module 5 | 11 A ll r ig ht s re se rv ed © 2 0 08 A lc at el -L uc en t

Information sent from R2 to R1

Existing RIB on R1


Routing Protocol Basics – Continuing to Build the RIB

0toR310.10.3.0/30

0toR210.10.1.0/30

0system192.168.10.10/32

0to Net A172.16.1.0/24

MetricNext HopDest. Prefix

010.10.1.2192.168.20.30/32

010.10.1.210.10.2.0/30

MetricNext-HopDest. Prefix

010.10.3.2192.168.30.30/32

010.10.3.210.10.2.0/30

010.10.3.2172.16.2.0


Each routing update typically consists of a network, an associated mask, a metric, and the next hopto reach the destination.

In this slide, router 1 builds a RIB, which collects and maintains all of the information from itsneighbors. If routers 2 and 3 advertise new network information, the routers send an advertisementto router 1. Router 1 then updates the information in the RIB if necessary.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Routing Protocol Basics – Routing Metrics

Continuing to build the router information base on R1

4. R2 sends its learned information to R15. R3 sends its learned information to R16. R1 recalculates all of the learned information to build the final routing

table that will be used for IP forwarding

When updates are received from their directly attached neighbors, routers 2 and 3 build theirrespective RIBs and then propagate the information to other neighbors.

The updates include the learned destination prefix, the network mask, the metric, and the next-hopIP address or interface.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e







Existing RIB on R1

Routing Protocol Basics – Continuing to Build the RIB

110.10.3.2172.16.2.0/24

110.10.3.2192.168.30.30/32

110.10.1.2192.168.20.20/32

110.10.3.210.10.2.0/30

110.10.1.210.10.2.0/30

0toR310.10.3.0/30

0toR210.10.1.0/30

0system192.168.10.10/32

0to Net A172.16.1.0/24

MetricNext-HopDest. Prefix 210.10.1.2172.16.2.0/24

210.10.1.2192.168.30.30/32

210.10.1.210.10.3.0/30

210.10.1.2192.168.10.10/32

210.10.1.2172.16.1.0/24


210.10.3.2192.168.20.20/32

210.10.3.210.10.1.0/30

210.10.3.2192.168.10.10/32

210.10.3.2172.16.1.0/24


A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Routing Protocol Basics – Generating the Routing Table

310.10.3.2192.168.20.20/32310.10.3.210.10.1.0/30310.10.3.2192.168.10.10/32310.10.3.2172.16.1.0/24310.10.1.2192.168.30.30/32310.10.1.2172.16.2.0/24310.10.1.210.10.3.0/30310.10.1.2192.168.10.10/32310.10.1.2172.16.1.0/24

110.10.3.2172.16.2.0/24

110.10.3.2192.168.30.30/32110.10.1.2192.168.20.20/32

110.10.3.210.10.2.0/30110.10.1.210.10.2.0/30010.10.3.210.10.3.0/30010.10.1.210.10.1.0/300system192.168.10.10/32

0to Net A172.16.1.0/24MetricNext-HopDest. Prefix

Existing RIB on R1

210.10.3.2192.168.30.30/32210.10.1.2192.168.20.20/32210.10.3.2172.16.2.0/24210.10.1.210.10.2.0/300toR310.10.3.0/300toR210.10.1.0/300system192.168.10.10/320to Net A172.16.1.0/24

MetricNext-HopDest. PrefixRouting table on R1 (Best routes)

In this slide, router 1 takes the information from the RIB and generates a routing table.

Using an algorithm, router 1 will calculate the best path to a particular network. The parameter thatis used in the algorithm to differentiate between two advertisements about the same network fromtwo different neighbors is referred to as the metric or cost. In this example, the metric is the hopcount or the number of hops that the destination network is from the source R1.

For example, routers 2 and 3 advertise the destination network 172.16.2.0/24 to router 1. R2advertises 172.16.2.0/24 with a metric of 2. R3 previously advertised 172.16.2.0/24 with a metric of0 because this network was directly attached to R3. Any local networks on a particular router areconsidered to be the lowest metric or 0. When R1 receives the update from R2 and R3, R1 installsboth the updates in its RIB and adds the value 1 to the metric advertised by both R2 and R3. In thiscase, the 172.16.2.0/24 update from R2 will be installed in the R1 RIB with a metric of 3 (2 + 1); theupdate from R3 will be installed with a metric of 1 ( 0 +1). Because R1 receives the update about172.16.2.0/24 from R2 and R3, a metric of 1 will be added to their individual advertised metrics.

The routing table on R1 is built from the existing RIB on R1. The best routes, depending on thealgorithm used, are sent to the routing table and this will be used to forward the IP packets. Thebest routes in our example are the routes with the least cost or hop count to the particulardestination.

Note also for advertisements about a prefix that contains equal metrics, the route selectionalgorithm must use a differentiator to install one route in the routing table. In this slide, network10.10.2.0/30 is the network that is directly attached to routers 2 and 3. Therefore, when it isadvertised to R1 from R2 and R3, the advertisement contains the same metric. R1 updates its RIBwith both the updates. However, R1 chooses to install only the update from R2. This is dependententirely on the routing protocol who can use different criteria to install the update.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Routing Protocol Basics – Control Plane vs Data Plane

Routing updates sent as part of the routing protocol operationcomprise the control plane

Data that is forwarded using the routing table comprises the dataplane

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Routing Protocol Basics - Preference

A router may run more than one routing protocol.

In this slide, the R1-R2 and R2-R3 interfaces are running OSPF, and the R1-R5 and R5-R3 interfacesare running RIP.

Network B can be advertised on both the interfaces of R3, each running a different protocol.Therefore, this network is advertised to R1 by both RIP and OSPF. R1 has to decide which entry toinstall in its routing table. In order to choose between the two updates, R1 uses an additionalparameter known as preference. The preference parameter indicates the router’s preference of oneprotocol over another protocol. By default, on the 7750 SR, routes learned from OSPF are preferredover routes learned from RIP. Therefore, the route learned from OSPF is installed in the routing tableon R1.

Note that protocol with a lower preference value is preferred.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Routing Protocol Basics - Routing Table Management

Each routing protocol populates its routes in its RIB

Each protocol independently chooses the best routes based on thelowest metric

The best routes from each protocol are sent to the RTM process

When a routing protocol learns routes from its neighbors, the protocol populates its RIBs with theroutes. Each protocol stores the routes it has learned from its neighbors in its RIB.

For each destination in the RIB, the routing protocol chooses the best route based on the lowestmetric. The best routes are sent to the routing table manager (RTM).

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Routing Protocol Basics – Route Selection Using Preference

The RTM may receive a best route from multiple protocols

Selection is based on lowest preference value

The RTM sends its best route to the FIB

This route is the active route and is used for forwarding

Because metrics from different protocols are not comparable, the RTM uses the preference to choosefrom all of the best routes that it receives. The lower the protocol’s preference, the more likely thatthe best or active route will be selected from that protocol.

Different protocols should not be configured with the same preference.

The best routes from the RTM are placed in the forwarding information base (FIB), also commonlyreferred to as the routing table.

The FIB is distributed to the various line cards on the 7750 SR and is used to forward incoming IPpackets.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Routing Protocol Basics - Default Preference Table

Yes100RIP

Yes170BGP

Yes165IS-IS Level 2 external

Yes160IS-IS Level 1 external

Yes150OSPF external

Yes18IS-IS Level 2 internal

Yes15IS-IS Level 1 internal

Yes10OSPF internal

Yes5Static

No0Direct attached

ConfigurablePreferenceRoute type

This slide lists the default preference values that are assigned to each routing protocol on the 7750SR.

All of the preference values, with the exception of the preference for directly attached networks,are configurable.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e




Section 2 — Static Routes

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Static Routes

Configured by an administrator and not dynamically learnedusing routing protocols

Entries do not change dynamically if the topology changesPreferred over any other dynamic protocol

Static routes are manually configured. They describe the remote destination network and the next-hop that a packet must be forwarded to in order to reach the destination. The destination can beone network or a range of networks.

Note that for two routers to forward data to each other bidirectionally, a static route needs to beconfigured on both routers. For example, in this slide, there would be a static route on router 1(10.10.1.2) to forward packet data. There would also need to be a static route configured on router2 so that it knows how to packet forward data to router 1.

By default, a static route is created with a preference of 5 and a metric of 1. However, theseparameters can be changed to accommodate a different configuration. If the preference and metricparameters are left at the default values, a static route is always preferred over a route learnedfrom a dynamic routing protocol. By adjusting the preference value, the user can define a secondaryroute that will be used if the dynamic protocol fails to provide a route. Or, a second static route canbe configured as a backup to the primary static route by assigning a higher metric to the secondaryroute.

Static routing saves bandwidth and processing because there are no advertisements or updates.However, any changes to the routes must be made manually, so there is no real-time response if adestination becomes unreachable. Static routing also allows you to override any decision by a routingprotocol.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Static Route - Example

Static Route Config on R1

config router static-route192.168.1.0/24 next-hop 10.10.1.2

Static Route Config on R5

config router static-route172.16.0.0/24 next-hop 20.10.1.2

In this example, the corporate headquarters network is connected to two remote sites. Thecorporate site provides the remote sites with resources and Internet access. Because the corporatenetwork is connected through one link to each of the sites, the corporate site will only send trafficon this link to each of its remote sites. A remote network like this, with only one connection to thebackbone network, is often referred to as a stub network.

By configuring a static route on R1, traffic destined for network 192.168.1.0/24 will exit out of theinterface on R1 to CR1. A static route configured on R5 will send traffic to CR2. If R2 wants to reacheither remote site, it must also be configured with a static route in the correct direction. In orderfor traffic to flow in both directions, the remote networks must also be configured with static routesto reach the corporate network.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Default Routes

Static Default Route in CR1

config router static-route 0.0.0.0/0 next-hop 10.10.1.1

A static default route in the routing table is a wildcard entry that fits any destination. The route isused when the destination address of a packet does not match any other entry in the routing table. Adefault route is often used on a stub network when there is only one path to reach the other remotenetworks. The default route is a static route with a network address and mask of 0.0.0.0.

In this slide, for the Remote site 1 to access the resources of the corporate headquarters network, itdoes not need to list every entry in its routing table for every resource that it needs to send trafficto. Therefore it uses the default route to match any possible route. The default route is the longestmatch in the routing table when nothing else matches.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Static Route Configuration

To configure static routes in the routing table, use thefollowing command

Context: conf i g>r out er>

Syntax: [ no ] static-route { ip-prefix / mask | ip-prefix netmask } [ preference preference ][ metric metric ] [ tag tag ] [ enable | disable ] [ next-hop ip-address | ip-int-

name ]

[ no ] static-route {i p-prefix / mask | ip-prefix netmask } [ preference preference ][ metric metric ] [ tag tag ] [ enable | disable ] indirect ip-address

[ no ] static-route {i p-prefix / mask | ip-prefix netmask } [ preference preference ][ metric metric ] [ tag tag ] [ enable | disable ] black-hole

Example: conf i g>router> static-route 10.1.1.0/24 next-hop 10.2.2.2

Example: config>router> static-route 0.0.0.0/0 next-hop 10.3.3.3

Example conf i g>r out er> static-route 10.1.1.0/24 next-hop 10.2.1.2 preference 10

Example conf i g>r out er> static-route 10.1.1.0/24 next-hop 10.2.1.2 preference 10 metric100

Context: conf i g>router>

Syntax: [ no ] static-route { ip-prefix / mask | ip-prefix netmask } [ preference preference ][ metric metric ] [ tag tag ] [ enable | disable ] [ next-hop ip-address | ip-int-name ]

[ no ] static-route {i p-prefix / mask | ip-prefix netmask } [ preference preference ][ metric metric ] [ tag tag ] [ enable | disable ] indirect ip-address

[ no ] static-route {i p-prefix / mask | ip-prefix netmask } [ preference preference ][ metric metric ] [ tag tag ] [ enable | disable ] black-hole

Example: conf i g>router> static-route 10.1.1.0/24 next-hop 10.2.2.2

Example: config>router> static-route 0.0.0.0/0 next-hop 10.3.3.3

Example conf i g>router> static-route 10.1.1.0/24 next-hop 10.2.1.2 preference 10

Example conf i g>router> static-route 10.1.1.0/24 next-hop 10.2.1.2 preference 10 metric100

Syntax

[no ] static-route {ip-prefix / mask | ip-prefix netmask } [preference preference ] [ metricmetric ] [ tag tag ] [ enable | disable ] [ next-hop ip-address | ip-int-name ][no ] static-route {i p-prefix /mask | ip-prefix netmask } [preference preference ] [ metricmetric ] [ tag tag ] [ enable | disable ] indirect ip-address[no ] static-route {i p-prefix / mask | ip-prefix netmask } [preference preference ] [ metric

metric ] [ tag tag ] [ enable | disable ] black-hole

Context config>router

Description

This command creates static route entries for both the network and access routes. When a staticroute is configured, one of the parameters must be configured: next-hop , indirect , or black-hole .

Parameters

ip-prefix — The destination address of the static route, in dotted-decimal notation

mask — The mask associated with the network address

preference preference — The preference of this static route compared to other routes

metric metric — The cost metric for the static route, expressed as a decimal integer

next-hop [ip-addr | ip-int-name ] — Specifies the directly connected next-hop IP address

black-hole — Specifies that the route is a black-hole route

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e




Section 3 — Dynamic Routing Protocol Concepts

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Dynamic Routing Protocol Concepts Overview

Distance Vector Overview

Topology Change

Link State Overview

Exchange of Link State Information

Link State Protocol

Distance Vector vs Link StateA l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Distance Vector Overview

Routers send periodic updates to physically adjacent neighborsUpdates contain distance (how far) and vectors (direction) for networksRouters do not have a view of the entire network topology; routers onlyhave a view of a distance and a vectorExamples: RIPv1 and RIPv2

If using a distance vector routing algorithm (Bellman-Ford) a router passes a copy of its routing tableperiodically to all its neighbors. These regular updates between routers communicate topologychanges.

Each router receives a routing table from its direct neighbor.

In this slide, RTR-B receives a routing update from RTR-A.

RTR-B uses the information received from RTR-A to recalculate its routing table.

RTR-B then sends its routing table to RTR-D.This same step-by-step process occurs in all directions between direct-neighbor routers.

IMPORTANT — With distance vector, a routing table is not transmitted beyond the immediateneighbor. For example, RTR-D does not receive a routing update directly from RTR-A.

The distance vector algorithm allows network metrics to accumulate. Each router maintains a routingtable with the next hop for all of the listed destinations.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Distance Vector Overview – Topology Change

This slide shows the distance vector step-by-step process for updating all routers in a network whena topology change occurs.

Each router sends its entire routing table to each of its adjacent neighbors. This tableincludes reachable addresses, a value that represents the distance metric, and the IP addressof the first router on the path to each network that the router knows about.

As each router receives an update from its neighbor, the router calculates a new routing tableand transmits the table to each of its neighbors at the next timed interval.

In a very large network with many routers, it can take a long time for all the routers in thenetwork to know about a topology change. Therefore, distance vector protocols have a highconvergence time which is very undesirable.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Link State Overview

Routers send triggered updates to physically adjacent neighbors

Updates/LSP contain router names and link cost metrics

Each router has a view of the entire topology

Examples: OSPF, IS-IS

Adjacency DatabaseRTR-B — on 1/1/2RTR-C — on 1/1/1

Link State DatabaseRTR-A to RTR-C, cost=1000RTR-A to RTR-B, cost=1000RTR-C to RTR-B, cost=1000

RTR-B to 2.2.2.0/24, cost=1000… …

Routing Table2.2.2.0/24 — via 1/1/2

Link state routing protocols maintain a complete database of topology information. While distancevector protocols have nonspecific information about distant networks, link state routing protocolsmaintain full knowledge of distant routers and how they interconnect, that is, the latter have a viewof the entire internetwork topology. OSPF and IS-IS are examples of link state routing protocols.Link State Packets (LSPs) are used to transmit the information that is required to build thetopological database, which is used by the Shortest Path First (SPF) algorithm to build an SPF tree,and finally, a routing table of paths to each network destination. When a link-state topologychanges, all of the routers must become aware of the change so they can update their routing tableaccordingly. This involves the propagation of common routing information to all routers in thenetwork. To achieve information convergence, each router performs the following:

Keeps track of it neighborsBuilds an LSP that lists neighbor router names and link metrics (cost). This includes newneighbors, changed metrics, and links to neighbors that are down.Sends out the LSP so that all routers receive the LSPUpon receiving an LSP, records the LSP in its database so that it has the most up-to-datetopology informationUsing accumulated LSP data, builds a complete network topology, and independentlyexecutes the SPF algorithm to calculate routes to every networkEach time there is a change to the link-state database, the router recalculates the best pathsand updates the routing table

Link state protocols keep three databases in the router:The adjacency database, sometimes called the neighbor database, keeps track of all of theother routers that are directly attached. The adjacency database is maintained with periodichello messages.The link state database (LSDB) stores the most recent LSPs sent by all the routers in thenetwork. The database is used to create the SPF tree that ultimately creates the routingtable.The routing table, sometimes called the forwarding database, is used by the router tooptimally forward IP packets to the destination network.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Exchange of Link State Information

Link-state routers use the following process to discover the networktopology:

Each router creates an LSP with link-state information about all itsdirectly connected networks

Routers exchange LSPs with their directly connected neighbors

The link-state information is flooded to all routers in the network

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Link State Protocol - Topological Database

Each router builds a topological database that consists of all the LSPsfrom the other routers in the network

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Link State Protocol - Topology Changes

Link-state updates are driven by topology changes

When a router recognizes a topology change (that is, link down, neighbor down, new link, or newneighbor), the router must notify its neighbors. To do this, each link-state router performs thefollowing:

The router that recognizes the change sends new link-state information about the change.

When a router receives new link-state information, the router must populate the information

in its topological database and send the information to its neighbors.The SPF algorithm must be run against the new topological database to update the routingtable with the new information.

Each time that there is a topology change that causes an update to the topological database, the SPFalgorithm must be run.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Distance Vector vs Link State

Passes link-state routing updatesto other routers

Passes copies of the routing tableto neighbor routers

Event-triggered updates:faster convergence

Frequent, periodic updates:slow convergence

Calculates the shortest path toother routers

Adds distance vectors from routerto router

Gets a common view of the entirenetwork topology

Views the network topology fromthe neighbor’s perspective

Link stateDistance vector

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e




Section 4 —OSPF Routing Protocol

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





OSPF Routing Protocol Overview

OSPF

OSPF Router ID

OSPF Point-to-Point Neighbor Adjacency

OSPF Link State Flooding

Sequence Numbers

OSPF Single Area Point-to-Point ConfigurationA l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





OSPF

Link-state protocol with fast convergence and inherent loopprevention mechanisms

ScalableHierarchical using “areas”

Uses the Shortest Path First (SPF) algorithm for routing decisions

Default cost metric takes into account the physical bandwidth of the port or can be set manually

Classless protocol

Authentication support

Support for VLSM and address aggregation

OSPF Version 2 is a widely deployed, well known protocol for IPv4,OSPF Version 3 is standardized and supports IPv6

OSPF is a link-state routing protocol. As such, it uses the SPF algorithm to find the shortest path toevery destination in the network. Link-state routing protocols are inherently loop free and have afast convergence time. Link-state routing protocols have limited scalability, so OSPF supportshierarchy with the concept of areas. This greatly increases the scalability of OSPF.

The subnet mask is carried in OSPF link-state updates, so variable length and noncontiguous subnetsare supported. Route aggregation is also supported to enable more efficient address management.OSPF supports authentication for security.

The OSPF cost metric is based on the physical bandwidth of the port. This allows OSPF to make itspath decisions based on the path that has the most bandwidth rather than the least number of hops.

The traffic engineering extensions to OSPF allow the protocol to track and advertise the availablebandwidth, administration groups, maximum number of hops, and so on. This feature is used by MPLSto create traffic tunnels and is covered in the Alcatel-Lucent MPLS course.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





OSPF Router ID

OSPF requires a unique method of identifying each router in thenetwork

OSPF must be able to associate router interfaces with a specificrouter, just as a person may say R1 has two links, one link is in the10.10.2.0 network and the other link is in the 10.10.1.0 network

The router ID that is used for OSPF can be configured explicitly using the following command:conf i gur e r out er r out er - i d <i p- addr ess> . This router ID is also used for other routingprotocols such as BGP.

To use a separate router ID for different protocols, you can override this high-level router ID with anOSPF-specific router ID using the following command: conf i gur e rout er ospf r out er - i d<i p- addr ess> .

If a router ID is not configured but a system interface is configured with an IP address, the system IPaddress is used as the OSPF router ID. To configure a system interface, use the following command:conf i gur e r out er i nt er f ace syst em addr ess <i p- addr ess>/ 32 .

If neither a router ID nor a system interface address is configured, the last four octets of the chassisMAC address are used as the OSPF router ID. The chassis MAC address can be viewed using thefollowing command: show chass i s .

The OSPF router ID selection is not pre-emptive. If the OSPF router ID is reconfigured, the changewill not take effect until the OSPF routing process is restarted.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Configuring an OSPF Point-to-Point Neighbor Adjacency

OSPF is a dynamic routing protocol that is based on routers exchanging link-state information witheach other.

Two OSPF routers must create an OSPF neighbor adjacency before they can exchange routinginformation.

On point-to-point OSPF networks, neighboring routers become fully adjacent with each other. Forexample, in this slide, R1 becomes fully adjacent with both R1 and R3.

In this slide, all neighbor adjacencies in the point-to-point network are indicated with the arrows.Routers can be connected on a shared broadcast segment, such as Ethernet, rather then a point-to-point segment. On a broadcast segment, additional steps are performed to reduce the amount ofOSPF control traffic that flows between routers on the segment. This involves electing designatedrouters (DRs) and backup designated routers (BDRs). However, these concepts are beyond the scopeof this course and are covered in the Alcatel-Lucent Interior Routing Protocols course. This coursediscusses only the point-to-point scenario.

Note that the default OSPF interface type is broadcast for Ethernet interfaces and must be explicitlyconfigured as point-to-point. The configuration will be presented later in this section.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





OSPF Neighbor Adjacency – Hello Packet

The main components of the OSPF Hello Packet are shown below

Parameters that are denoted with an asterisk must be set the same on both routers to form anadjacency or to keep an adjacency alive.

Hello packets are sent between routers to form an adjacency and to proceed to 2-way state. Hellopackets are also used as a keep-alive when the adjacency is formed.

On point-to-point links, OSPF traffic is always sent to reserved multicast address 224.0.0.5.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





OSPF Neighbor Adjacency – Exchanging Routing Information

After the routers discover each other, they are ready to start exchanging routing information

Higher Router Id is decided as the Master MTU Check is performed

At this point, each router has a summary of the routing information of their neighboring router. Therouters are now ready to request specific routing information from their neighbor

OSPF State = Exchange start DBD - RID 1.1.1.1

DBD RID = 2.2.2.2

OSPF State = Exchange DBD RID 1.1.1.1 summary of networks

DBD RID 1.1.1.1 summary of networks

In the exchange start state, both routers send database description (DBD) packets to establish amaster-slave relationship. The highest router ID becomes the master.

MTU checking is also performed in the exchange start state. The OSPF MTU from both neighborsmust match to proceed beyond the exchange start state. The OSPF MTU can be configured explicitlyon the OSPF interface. If the MTU is not configured, the physical port MTU becomes the OSPF MTU.Therefore, if an OSPF MTU is not configured, the physical port MTUs must match to create anadjacency. The OSPF MTU determines the maximum size of the OSPF CTL packets, which is typicallythe size of the link state update and link state request packets.In the exchange state, the database description is first sent by the slave router to the master routerto provide a summary of the networks that the slave router knows about. The master router thensends the slave router a summary of the networks that the master router knows about.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





OSPF Neighbor Adjacency – Requesting Specific Routing Information

After the routers have a summary of their neighbors link statedatabase, they can request specific information as needed

OSPF State = Loading LSREQ – Send specific information on these networks

LSUPDATE – Receipt of the information as you requested

OSPF State = Full – at this point, both routers have identical routing information

LSREQ – Send specific information on these networks

LSUPDATE – Receipt of the information you requested

LSACK – Acknowledge

In loading state, routers use a specific OSPF packet type, called a link state advertisement (LSA), todescribe their routing information.

In loading state, both routers go through a Request, Reply, Acknowledge sequence until each routerhas a full view of their neighbor’s routing information. At this point, both routers have an identicallink state database and are considered fully adjacent. Once the link state database is fully up todate, the routers run the SPF algorithm to calculate the best path to each destination in the networkand use this information to build their routing table.

In a single area point-to-point network, only the router LSAs (Type 1 LSAs) will be used. In morecomplex topologies, there are other types of LSAs exchanged.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





OSPF Link State Flooding - Keeping Routing Information Up to Date

R8 LSDBR2 Router LSA

Adv router = 2.2.2.2Networks:

10.10.2.0/3010.10.3.0/30

2.2.2.2/32

R2 Floods its RouterLSA every 30 min

R2 LSDBR2 Router LSA

Adv router = 2.2.2.2Networks:

10.10.2.0/3010.10.3.0/30

2.2.2.2/32

A router LSA is flooded to all routers in the OSPF every time there is a topology change on one of thedirectly connected links of the router. If there are no topology changes, the router will still floodthe router LSA every 30 minutes. Every LSA has a maximum age of 60 minutes. An OSPF router willage all LSAs in its link state database and will purge any LSAs for which it has not received a refreshin the last 60 minutes.

Router LSAs on point-to-point networks are always flooded to multicast IP address 224.0.0.5. This isthe same multicast address that is used for OSPF hello packets while creating and maintaining anOSPF neighbor adjacency.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Sequence Numbers

OSPF uses a sequence number to ensure that LSAs are not transmitted around the OSPF areaindefinitely. The acknowledgement of LSAs is used to guarantee the reliability of LSA transmission toneighboring routers.

The following rules are applied by the OSPF router to process the LSAs that are received from itsneighbors.

If the sequence number is lower than the sequence number in the link state database, theincoming link-state information is considered to be out of date and is discarded. The receivingrouter will update the sending router with an up to date LSA from its own database.

If the sequence number is the same as the number in the database, an acknowledgement issent. The incoming link-state information is then discarded.

If the sequence number is higher than the number in the database, the new link-stateinformation is added to the link state database, an acknowledgement is sent and the link-state information is forwarded to its neighbors.

All OSPF control packets use IP protocol discriminator 89. OSPF does not use TCP or UDP as atransport layer. Instead IP uses the protocol ID 89 to extract all OSPF packets for the OSPF processon the router.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





OSPF Single Area Point-to-Point Configuration

R1 OSPF C onfigurationStep 1 – Create the Router InterfacesR1>config>router# infointerface "system“

address 1.1.1.1/32exitinterface "toR2“

address 10.10.2.1/30 port 1/1/2

exitinterface "toR3“

address 10.10.1.1/30 port 1/1/3

exit

Step 2 – Add the Router Interfaces to OSPF as typePoint-to-PointR1>config>router>ospf# info

area 0.0.0.0

interface "system“

interface-type point-to-point

exit

interface "toR2"


exit

interface "toR3"


exit

The steps for OSPF configuration for R2 and the other routers in the network follow the R1configuration. The only difference is that you need to verify that the IP addresses and port numberson the interfaces are accurate. It is also good practice to verify that the interface names have thecorrect descriptions.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





R1# show r out er ospf nei ghbor

===============================================================================OSPF Nei ghbor s===============================================================================I nt er f ace- Name Rt r I d St at e Pr i Ret xQ TTL- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -t oR3 3.3. 3.3 Ful l 1 0 35t oR2 2.2. 2.2 Ful l 1 0 31- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -No. of Nei ghbors : 2===============================================================================R1#

R1# show router ospf nei ghbor

===============================================================================OSPF Nei ghbor s===============================================================================I nt er f ace- Name Rt r I d St at e Pr i Ret xQ TTL- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -t oR3 3.3. 3.3 Ful l 1 0 35t oR2 2.2. 2.2 Ful l 1 0 31- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -No. of Nei ghbors: 2===============================================================================R1#

Show OSPF Neighbors

This slide shows the OSPF adjacencies created by R1 with its directly-connected neighbors. Theoutput includes the logical router interface that the adjacency was created on and the router ID ofthe neighbors.

The neighbor state is Full when the routers have synchronized their databases and have fully createdtheir adjacency. Other states that may be displayed are: Init, 2Way, Exstart, and Exchange, whichare usually only briefly displayed.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





OSPF Metric Calculation

Default MetricOSPF Reference Bandwidth/Actual Bandwidth of Physical Port

Configured MetricR1>conf i g>r out er >ospf # ar ea 0 i nt er f ace t oR1R1>conf i g>r out er >ospf >ar ea>i f # i nf oi nt er f ace- t ype poi nt - t o- poi nt

met r i c 674

The OSPF metric that is advertised in the R1 LSA for an interface is automatically calculated basedon the OSPF reference bandwidth which, by default, is 100 Gb/s. The metric is calculated by dividingthe reference bandwidth by the actual bandwidth of the link. For example, the metric of a 1 Gb linkis 100 Gb/s / 1 Gb/s = 100. The metric of a 100 Mb link is 100 Gb/s / 100 Mb/s = 1000. Lowerbandwidth links have a higher metric (cost) and are thus less preferred.

Alternatively, the OSPF metric of an interface can be configured in the OSPF interface context.

The default metric of system and loopback interfaces on a router is zero.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





R1# show r out er ospf i nterf ace

==========================================================================

OSPF I nter f aces==========================================================================I f Name Area I d Des i gnated Rt r Bkup Des i g Rt r AdmOper- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -syst em 0. 0. 0. 0 0. 0. 0. 0 0. 0. 0. 0 UpPToPt oR3 0. 0. 0. 0 0. 0. 0. 0 0. 0. 0. 0 UpPToPt oR2 0. 0. 0. 0 0. 0. 0. 0 0. 0. 0. 0 UpPToP- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -No. of OSPF I nt erf aces: 3==========================================================================R1#

R1# show r out er ospf i nt erf ace

==========================================================================

OSPF I nter f aces==========================================================================I f Name Area I d Des i gnated Rt r Bkup Des i g Rt r AdmOper- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -syst em 0. 0. 0. 0 0. 0. 0. 0 0. 0. 0. 0 UpPToPt oR3 0. 0. 0. 0 0. 0. 0. 0 0. 0. 0. 0 UpPToPt oR2 0. 0. 0. 0 0. 0. 0. 0 0. 0. 0. 0 UpPToP- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -No. of OSPF I nt erf aces: 3==========================================================================R1#

Show OSPF Interfaces

This slide shows the interfaces that are running OSPF, including their names and the areas that theybelong to.

Note that the operating status for the interfaces to R2 and R3 is “PToP” because the routers havebeen defined as point-to-point interfaces in the OSPF configuration.

The “Designated Rtr” and “Bkup Desig Rtr” fields are only applicable to OSPF broadcast interfaces,which are not covered in this course. For OSPF point-to-point Interfaces, the Designated Rtr andBkup Desig Rtr values are always “0.0.0.0”.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





R1# show router route- tabl eRout e Tabl e ( Rout er: Base)===============================================================================Dest Pref i x Type Proto Age Pref

Next Hop[ I nterf ace Name] Metr i c- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -1. 1. 1. 1/ 32 L ocal L ocal 23d04h39m 0


10. 10. 2. 2 6743. 3. 3. 3/ 32 Remot e OSPF 01h15m54s 10

10. 10. 1. 2 10004. 4. 4. 4/ 32 Remot e OSPF 00h05m49s 10

10. 10. 2. 2 167410. 10. 1. 0/ 30 Local Local 01h44m29s 0

t oR3 010. 10. 2. 0/ 30 Local Local 01h46m07s 0

t oR2 010. 10. 3. 0/ 30 Remot e OSPF 00h05m49s 10

10. 10. 2. 2 1674- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -No. of Rout es: 7

R1# show router route- tableRout e Tabl e ( Rout er: Base)===============================================================================Dest Prefi x Type Proto Age Pref

Next Hop[ I nter f ace Name] Metr i c- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -1. 1. 1. 1/ 32 L ocal L ocal 23d04h39m 0


10. 10. 2. 2 6743. 3. 3. 3/ 32 Remot e OSPF 01h15m54s 10

10. 10. 1. 2 10004. 4. 4. 4/ 32 Remot e OSPF 00h05m49s 10

10. 10. 2. 2 167410. 10. 1. 0/ 30 Local Local 01h44m29s 0

t oR3 010. 10. 2. 0/ 30 Local Local 01h46m07s 0

t oR2 010. 10. 3. 0/ 30 Remot e OSPF 00h05m49s 10

10. 10. 2. 2 1674- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -No. of Rout es: 7

Show Route Table

This slide shows the forwarding information that is used by the router to forward traffic to itsdestination. Note that local routes always have a metric of 0 and a preference of 0. Therefore, evenif OSPF had learned of paths to these destinations, the paths would not be entered in the forwardingtable because the OSPF preference value is 10.

The information also includes the address or name of the next-hop interface. For a local route, thename of the interface is displayed (for example, toR3 or toR2).

For a remotely learned route, the address of the next hop is displayed (for example, 10.10.2.2). Adata packet whose destination address matches this entry in the route table will be forwarded to thenext hop address.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e




Section 5 — Introduction to Border Gateway Protocol

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Introduction to Border Gateway Protocol Overview

Interior and Exterior Gateway Protocols

Routing End-to-end from Enterprise to Content Provider

BGP

When to Use BGP

Use Cases

Protocol SummaryA l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Interior and Exterior Gateway Protocols

Interior Gateway ProtocolsRun within an organization

Purpose is to provide routing to internal networks

Exterior Gateway ProtocolsRun between organizationsPurpose is to provide routing to the InternetExample: BGPBased on Distance Vector

The IGP is designed to route between networks within an organization. The networks within anorganization are private or public addresses that are typically not advertised to other organizations.

Routing information must also be exchanged between organizations. These routes are public IPaddresses because they are exchanged on the Internet. More control is required over the way thattraffic flows between organizations - it is not always the shortest path that is preferred. BGPv4provides many features to control traffic flows between organizations and is the EGP used on theInternet. BGPv4 is also able to scale to very large networks, which is an important requirement inorder to manage the 200,000+ routes of the Internet.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Routing End-to-end from Enterprise to Content Provider

Information from the content provider must reach the enterpriserouter for data transfer

However, every ISP, including the content provider, runs its choiceof IGP

A common protocol is required for end-to-end routing

In this slide, the enterprise offices need the address information of the content providers. However,the information from the content provider must traverse many ISPs, and each ISP runs their ownchoice of IGP. When the origin of the prefix is the content provider that runs OSPF as their IGP andthe Tier 2 ISP runs IS-IS, the prefix must be relearned in the Tier 2 ISP as an IS-IS prefix and,therefore, the prefix could lose its original attributes. Every other ISP in the path of the prefixtowards the enterprise will need to relearn the prefix in the protocol of its choice.

In this slide, although end-to-end routing can be achieved by the process of redistribution, there areseveral disadvantages, such as the following:

Router redistribution removes the metrics of the original protocol and uses the metrics of thenewer protocol. This could have a negative effect.

Router redistribution needs to be managed carefully with extensive policies.

Distributing the Internet addresses into an IGP is not a scaleable design and most routers arenot designed to handle the large number of Internet prefixes.

Router distribution requires a common protocol to run between all of the routers that areinvolved in the transfer of network prefixes.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





BGP Overview

IGPs run within an autonomoussystem

EGPs run between autonomoussystems

From earlier modules of this course, we know that an autonomous system (AS) is a group of networksand networking equipment under a common administration. An IGP (such as OSPF) is used toexchange routing information within the AS and an EGP (such as BGP) is used to exchange routinginformation between ASs.

BGP is not a discovery protocol and BGP routers are not always directly connected. BGP routers aremanually configured to connect to other BPG routers using TCP/IP. They become BGP peers.

An IGP is required within the AS to route traffic in the AS, including traffic between BGP peers. BGPsessions between routers in different ASs are known as external BGP sessions (EBGP), while sessionsbetween routers in the same AS are internal BGP sessions (IBGP).

BGP is administratively much more complex than an IGP. BGP updates include path information thatis used for routing policy enforcement and loop detection between ASs.

Adding to the complexity of BGP is the fact that topology and routing table sizes become much largerthan in an IGP environment. The increased size of the tables means that factors such as CPU loading,memory utilization, update generation, and route processing have greater implications in BGP.

These items, and others, affect convergence. Convergence may be viewed in two ways. Localconvergence is the time for a router to receive and process all outstanding messages, and achieve astable topology. Network convergence is the time for all routers in the system to achieve a stabletopology. In IGP terms, the system is usually the local AS. In BGP terms, the system is the Internet.

Because the entire Internet is the scope of BGP, the administration is more complex than theadministration of one AS.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





BGP Scope

Enables the exchange of routing information between autonomoussystems

“ An Autonomous System is a set of routers under a single technicaladministration, using an interior gateway protocol and common metrics toroute packets within the AS, and using an exterior gateway protocol to route

packets to other Autonomous systems ”. – RFC 1930

Note : As of March, 2008, the routing table for the Internet backbone consists of approximately245 000 routes.

A key strength of BGP is that it enables the implementation of administrative policies to managetraffic flow between autonomous systems based on virtually any policy.

BGP is scalable to the following characteristics:

Large number of autonomous systemsLarge number of neighbors

Large volume of table entries

High rate of change

BGP has proven scalability. BPG is the protocol of choice for service providers and runs on theirInternet routers. The protocol is the fundamental building block of the Internet and is used by everyservice provider in the world for service-provider interoperability. BGP is the most feature-rich andscalable routing protocol in use today. It supports the current requirements of the Internet and, withextended capabilities such as multiple protocol families and extended AS numbers, is well-positionedfor the future.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





BGP Autonomous Systems

Types of autonomous systems

PublicRange is 0 to 64511Assigned by ARIN or another regional authority

PrivateRange is 64512 to 65535

Public autonomous systems

Are assigned by the IANA or a regional authority

Must be used to connect to other autonomous systems in the Internet

Range is 0 to 64511

Private autonomous systems

Are assigned by ISPs (for some clients), local administrators, and so on

Are not allowed to be advertised to other ISPs or on the Internet

Range is 64512 to 65535

Regional Internet Registries

The IANA is the umbrella organization. Regional Internet Registries (RIRs) are nonprofit corporationsestablished for the purpose of administration and registration of IP address space and AutonomousSystem (AS) numbers. There are five RIRs.

Registry Geographic RegionAfriNIC Africa, portions of the Indian Ocean

APNIC Portions of Asia, portions of Oceania

ARIN Canada, the United States, and many Caribbean and North Atlantic islands

LACNIC Latin America, portions of the Caribbean

RIPE NCC Europe, the Middle East, Central Asia

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





BGP Establishment

Initiate TCP connection

Initiate TCP connection

OPEN BGP Session (AS Num)

OPEN BGP Session (AS Num)

Keep Alive

Keep Alive

TCP Phase

BGP Phase

Session Maintenance

Remove Redundant TCP connection

Although BGP behavior is similar to other TCP/IP applications, BGP is an enhanced distance vectorprotocol, also called a path vector protocol.

The characteristics of BGP are:

Neighbors can be any reachable devices, not just directly connected devices

Unicast exchange of information

Reliability via TCP

Uses well known TCP port 179

Periodic keepalive for session management

Event-driven

Robust metrics

Neighbor relationships in BGP are somewhat different from what is normal in the IGP world.Traditionally, neighbors are always directly connected routers. With BGP, this is not the case.Neighbors may be directly connected, but it is not required because BGP uses unicast TCP/IP forneighbor establishment. Neighbor relationships can be established with any IP-reachable device.

At the application layer, BGP functions similarly to other TCP/IP applications, such as Telnet, FTP,and HTTP. BGP may be viewed as an application because it uses registered port number 179 in theTCP/IP model.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





BGP Sessions

IBGP neighbors are peersin the same autonomoussystem

By default, they do notneed to be directlyconnected

There are two types of BGP neighbor relationships: EBGP and IBGP. Regardless of the type, a BGPsession between two devices is referred to as a neighbor or peer session. A BGP router is alsoreferred to as a BGP speaker.

A session between two devices in different autonomous systems is referred to as an external BGP orEBGP session. Typically devices with an EBGP session are directly connected, and share a commondata link, but it is not mandatory. Because the devices are in different autonomous systems, theadministration of each device is usually handled separately. Therefore, you should ensure that theconfiguration parameters match so that peering will succeed.A session between two devices in the same autonomous system is referred to as an internal BGP orIBGP session. Typically devices with an IBGP session are not directly connected, because they may beacross the country or the world. Because the devices are in the same autonomous system, theadministration of each device is usually handled by the same organization. You need to ensure thatthe configuration parameters match so that peering will succeed.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





BGP Routing

BGP uses multiple metrics to choose the best routes

Requirements are different from IGP

For example, AS 65250 will only use the link between Router A to Cto send all traffic into AS 65250

The criteria that BGP uses for route selection are very different from an IGP. In an IGP environment,the routes are selected based on one metric such as cost, or hop count. However, when you use BGPto route traffic between organizations, the choice may not be solely made based on the shortestpath, but rather financial, security, and geographical reasons.

In this slide, AS 65250 has the following agreement with AS65200: any prefixes that are sent fromAS 65250 will be installed such that the return traffic from AS 65200 will only exit from router A.

Under the same agreement, AS65200 requires traffic from AS 65250 only enter the AS via router B.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





When to Use BGP

Use BGP in the following environments

You are an ISP and need to pass client traffic from one AS to

another ASYou need to multi-home to several ISPs because of companyrequirements

Traffic flow from or to your company must be managed andcontrolled

Do not use BGP in the following environments

You do not need to have more than one connection to the Internet

The company engineers do not understand how BGP works

The hardware and physical links to the ISP cannot handle the loadof BGP traffic

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Use Case 1 - Single-Homed Customer of an ISP

This slide shows a single-homed AS. Both Client 1 and Client 2 are single-homed to their ISP, AS65250.

An IGP routing protocol such as OSPF or IS-IS is used within each client network for traffic that is tobe forwarded within the client network. Traffic that needs to be forwarded out of the network musttransit the service provider autonomous system, AS 65250. In this case, each client is solelydependent on one ISP for Internet connectivity.

Client 1 has multiple connections and may choose a policy to leverage the available redundancy. Theinternal routers receive a default route that is propagated into the IGP from the client’s edgerouters. Internally, the choice of default route is based on the best IGP metric to the edge routers.

In this case, there is no need to run BGP between the clients and the service provider. Configure adefault route on the client edge routers towards the service provider. The default route is injectedinto each client’s internal network for IGP routing. At the service provider’s edge router, a staticroute needs to be configured so that the service provider can selectively forward the appropriatetraffic towards each client.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Use Case 2 – Customer Multi-homed to Different ISPs

This slide shows a multi-homed AS. Client 1 has determined that more flexibility in its routing isrequired. Therefore, a connection to another ISP, AS 65200, is added in addition to its existingconnection to AS 65250.

Client 1 has multiple connections and ISPs. Therefore, Client 1 may choose to run BGP to fully takeadvantage of the available redundancy and implement routing policies to load balance and managetraffic.

In this case, Client 1 would need its own AS number. Furthermore, by default, an AS is a transit AS.Therefore, additional policy is required to ensure that the client is not acting as a transit AS for bothof the ISPs to which it is connected. This scenario shows the danger of using the BGP without anappropriate level of knowledge.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Use Case 3 - Enterprise to ISP Connection (BGP)

In this slide, the enterprise has a large OSPF network with multiple LAN segments. The enterprisealso has multiple connections to two ISPs (AS 47 and AS 395). In this configuration, the enterprise willoften run BGP to manage the connections with their ISPs. BGP policies are used to determine thepath that is used for traffic to leave the enterprise. One ISP may be preferred for some routes, orone ISP may be used as a primary connection to the Internet with the other ISP used as a backup.

Within the enterprise network, internal routing information is exchanged with OSPF. The enterprisenetworks are summarized as 100.200.0.0/20, and advertised to the ISPs and onwards to the Internetwith BGP. In this scenario, the enterprise uses a private AS number and its routes are advertised bythe ISPs using their AS numbers.

The full set of Internet routes is not exported into OSPF. Instead, a default route is advertised by theInternet-connected routers. Some subsection of the BGP routes that are received may be advertisedinto the enterprise in order to influence the route for that traffic egresses the enterprise network.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Use Case 4 - ISP Interconnections (Transit Traffic)

In this slide, an enterprise is connected to its two ISPs (AS 47 and AS 395). Routing information isexchanged between the enterprise and the two ISPs using BGP, as described in the previous slide.Both ISPs are Tier 2 ISPs which means that they purchase transit capacity from one or more Tier 1ISPs. Similar to the enterprise, the Tier 2 ISPs pay the Tier 1 providers to carry their traffic.

The Tier 1 providers carry transit traffic. This is traffic that originated outside of their network andhas a destination outside of their network. A Tier 2 ISP may be connected to more than one Tier 1ISP, or may have transit arrangements with other Tier 2 ISPs. Multiple connections are often used toprovide the ISP with a redundant path to all Internet destinations.An ISP with multiple connections to the Internet usually needs to control the path used for its traffic.The reason may be to ensure the shortest path, but often is related to cost or other considerations.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Protocol Summary

896 (TCP)17 (UDP)IP #

—179520Application port #

—TCPUDPTransport protocol

LargeVery largeSmallTopology size

YesYesYesVLSM/CIDR support

Link-stateAdv. DVDistance vectorMetric type

CostMultipleHopsMetric

Simple & MD5MD5Simple & MD5Authentication

MulticastUnicastBroadcast/MulticastUpdate type

IncrementalIncrementalPeriodicUpdates

OSPFBGPRIPv2Feature

This slide shows the differences and similarities of the routing protocols that are supported on the7750 SR platforms. RIP, OSPF, and IS-IS are the IGPs; BGP is the EGP.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Section 6 — Module Summary

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Module Summary

After successful completion of this module, you shouldunderstand:

The concepts and purpose of IP routingThe purpose and configuration of static routes

The basic concepts of a dynamic routing protocol

The purpose and basic operation of OSPF

The purpose and basic operation of BGP

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Learning Assessment

Describe IP routing and the need for a routing protocol

Differentiate between the static and dynamic routing

protocolsList and discuss the basic elements of a routing table

Distinguish between the control plane and data plane

Describe and differentiate between the Distance Vector andLink state methodologies

Describe the OSPF adjacency establishment process

Describe the usage of sequence numbers in OSPF

Differentiate between an IGP and a EGP

Describe the scope and operation of BGP

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e




Module 6 — Overview of Transport Protocols

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e




Alcatel-Lucent Scalable IP Networks v2.00 Module 6 | 2 All r ights reserved ©2008 Alcatel-Lucent

Module Overview

Transport Layer Protocols

TCP

UDPPort Numbers and Sockets

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e



Overview of Transport Protocols

Section 1 - Transport Layer Protocols

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Transport Layer – Layer 4

Layer 4 of the OSI model

Provides a data transport service to higher protocol layers

Internet applications use a transport layer (TCP or UDP)TCP and UDP are transport protocols for the TCP/IP stack

TCP provides a high level of service to upper protocolsReliable data transfer and packet reorderingEnd-to-end error checking and flow control

UDP provides simple datagram delivery serviceUnreliable service, but less overhead

OSI transport layers are TP0, TP1, TP2, TP3, and TP4

TP4 and TCP are functionally similar

TP0 and UDP are functionally similar

In the TCP/IP stack Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) provide servicessimilar to the OSI transport protocols. Therefore, TCP and UDP are often referred to as transport or Layer 4protocols.

Internet applications such as web browsing and e-mail transfer use the services of the transport protocols.

If the application needs a high level of service, such as reliable data transfer and flow control, theapplication typically uses TCP for data transfer.

If an application needs a simpler service with less overhead, the application may use the UDP.There are very few higher level protocols that do not use TCP or UDP. OSPF uses IP datagrams directly. OSPFdoes not use a transport protocol.

The transport layers that are defined in the OSI provide a wide range of services. TP0 provides the lowest levelof service and TP4 provides the highest level of service.

Both TP4 and TCP are built to provide a reliable, connection-oriented, end-to-end transport service on top ofan unreliable network service. The network service may lose packets, store packets, deliver packets in thewrong order, or even duplicate packets. Both protocols must be able to deal with the most severe problems(for example, a subnetwork stores valid packets and sends them at a later date). TP4 and TCP both haveconnect, transfer, and disconnect phases; their principles of operation during these phases are also quitesimilar.

In an OSI network the session layer uses the OSI transport layer.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Encapsulation of Application Data by TCP

An Internet application such as e-mail, that needs to transfer data across the Internet will use the services ofan Internet transport protocol. E-mail uses TCP, because e-mail needs a reliable data transfer service.

The application data is passed to the TCP services layer. The TCP layer divides the application data intosegments, if necessary. Each TCP segment contains a TCP header. The size of the segments is based on theMTU size of the Layer 2 networks that are expected to be used for the transfer.

The TCP segments are passed to the IP services layer. The IP services layer is responsible for the delivery of IP

datagrams across the network. Each IP datagram contains an IP header and is routed across the network.Because IP is an unreliable service, if TCP determines that some of the IP datagrams were not received, TCPrequests retransmission of the missing TCP segments, which provides a reliable transfer service.

After the TCP segments are received by the receiving system, the TCP services layer supplies the applicationdata to the receiving application exactly as the data was sent by the transmitting application.

On a computer that is connected to the Internet, the TCP and IP services are usually provided as part of theoperating system services.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e




Section 2 – Transmission Control Protocol

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





TCP Overview

TCP Concepts

TCP Header

TCP Connection ManagementEstablishing a TCP Connection – the Three-way Handshake

TCP Reliable Data Transfer

TCP Flow Control

TCP Operation

Congestion Control in TCP

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





TCP Concepts

The primary purpose of TCP is to provide reliable communications between application services. Because thelower levels are unreliable, TCP must guarantee the delivery of the data.

Functionality provided by TCP

Data transfer — From the application-services viewpoint, TCP provides a contiguous stream of data throughthe network. TCP groups the bytes into segments, and passes the segments to the Internet layer fortransmission to the destination.

Reliability — TCP uses sequence numbers, which count each byte transmitted, and TCP waits for anacknowledgment from the far end. If the acknowledgment is not received within a specific interval, the datais retransmitted.

Flow control — Flow control refers to the capability of the receiver to control the rate at which data is sentby the sender. The receiver specifies the "window size" parameter which indicates how many bytes it iscapable of buffering. The sender is not permitted to send more than the amount specified by the window sizeuntil it receives an acknowledgement. If the window size is 0, the sender is not permitted to transmit any datauntil the window size is changed.

Multiplexing — Port numbers are used for multiplexing and demultiplexing.

Logical connections — To support reliability and flow control, TCP must initialize and maintain status

information for each connection. The status information contains sockets numbers, sequence numbers, andwindow size. These components combine to form a logical connection.

Full-duplex — A TCP connection is full duplex - either end may transmit data at any time.

----

REFERENCE: RFC 793 defines details of TCP.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





TCP Header

The TCP header is used for all TCP segments including sessionestablishment, session destruction, and during basic data transfer

Source and Destination ports — Port addresses identify the upper-layer applications that use the connection.Sequence Number — Each byte of data is assigned a sequence number. This 32-bit number ensures that data iscorrectly sequenced. The first byte of data that is sent by a station in a TCP header has its sequence numberin this field (for example, 58000). If this segment contains 700 bytes of data, the next segment sent by thisstation will have sequence number of 58700 (that is, 58000 + 700).Acknowledgment Number — This 32-bit number indicates the next sequence number that the sending deviceexpects from the other station.

HLEN — The header length provides the number of 32-bit words in the header. Sometimes called the DataOffset field.Reserved — The value is always set to 0.Code bits — The following flags indicate the type of header:

URG — Urgent pointerACK — AcknowledgmentPSH — Push function. This function causes the TCP sender to push all unsent data to the receiver ratherthan send segments when the sender sends the data (for example, when the buffer is full)RST — Reset the connectionSYN — Synchronize sequence numbersFIN — End of data

Window — The window indicates the range of acceptable sequence numbers after the last segment that wassuccessfully received. The range of numbers is the allowed number of octets that the sender of the ACK iswilling to accept before an acknowledgment.Checksum — Checksum is used to verify integrity of the TCP segment. Checksum calculation is performed onthe TCP pseudo-header and data. This is the IP source and destination addresses, TCP header and the TCPdata.Urgent pointer — The urgent pointer indicates the end of the urgent data so that interrupted data streams cancontinue. When the URG bit is set, the data is given priority over other data streams.Option — Several options are defined for TCP. The most common is the TCP MSS, which is sometimes calledthe Maximum Window Size or SMSS.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





TCP Connection Management

Before data is transmitted, connection must be establishedusing three-way handshake

MSS and other parameters may be negotiated at sessionestablishment

After session is established, data can be transmitted in bothdirections (full duplex)

All of the data that is sent by the near end and the far end isacknowledged by the receiving end

The connection is closed by each side when they are finishedtransmitting data

Maximum Segment Size (MSS) defines the largest segment that will be sent on the connection. The value is anestimate by the TCP of the size of datagrams that can be accommodated on the connection withoutfragmentation. Usually each side sends the MTU value of their Layer 2 connection in the MSS field. The lowerof the two values is then used by both sides as the MSS.

The problem with determining the MSS from the two endpoints is that there may be a link in the middle of theconnection that has a smaller MTU than either end. In this case, all full size packets will have to befragmented to transverse this link. Fragmentation is an inefficient operation, and should be avoided ifpossible.

TCP may also perform Path MTU Discovery in which TCP attempts to find the MTU that is supported across theconnection and use this MTU as the MSS. However Path MTU Discovery is not always supported.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Establishing a TCP Connection – the Three-way Handshake

1. SYN (seq=A, ack=0)

2. SYN/ACK (seq=B, ack=A+1)

3. ACK (seq=A+1, ack=B+1)

The slide shows how a three-way handshake is established. In a TCP session, data is not transmitted until thethree-way handshake is successfully completed and the session is considered open.

The opening TCP segments include the sequence numbers from both sides.

After a session is established between the two hosts, data can be transferred until the session is interrupted orshut down. Data is sent in TCP segments. The TCP segment is a combination of the data and a TCP header.

There are three steps to establish the TCP session, (therefore, the term three-way handshake). These stepsare:

One endpoint (Host A) sends a TCP segment with the SYN bit set in the header. This indicates that thehost needs to establish a TCP connection. TCP also selects a 32-bit sequence number to use for thesession. This number is included in the TCP header and is known as the Initial Send Sequence (ISS). Theacknowledgement field is 0.

The other endpoint (Host B) receives the SYN segment and, if an application is ready to accept theconnection, TCP sends a second segment with the SYN and the ACK bits set in the header. TCP on thishost also selects its sequence number for the session and transmits the number as its ISS. TCP also sendsa value in the acknowledgement field of the TCP header. This number is the value of the ISS that wasreceived from the original sender plus 1.

After the first endpoint (Host A) receives the SYN/ACK from the second endpoint (Host B), the firstendpoint (Host A) transmits a TCP segment with only the ACK bit set. The sequence number that is sentis the original ISS plus 1. The acknowledgement number sent is the ISS that was received from thesecond endpoint (Host B) plus 1. The original endpoint (Host A) now considers the connection to beopen and can start transmitting data. After the second endpoint (Host B) receives the ACK segment, thesecond endpoint (Host B) considers the connection to be open and the second endpoint (Host B) canstart to transmit and receive data.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





TCP Reliable Data Transfer

TCP provides a full-duplex, reliable data transfer service

TCP maintains the order of application data across the

networkReliable transfer is accomplished using positiveacknowledgement with retransmission

Sender specifies sequence number of data sentReceiver acknowledges by stating next sequence numberexpectedSender retransmits if a specific sequence number is notacknowledgedReceiver uses sequence numbers to reorder the data stream forthe application

If an application requires reliable transfer of its data across the network, the applications will use TCP toobtain that service. TCP is responsible for ensuring that all data is received and sent to the receivingapplication in the order in which it was sent.

The technique is known as positive acknowledgement with retransmission. Data is often exchanged in bothdirections between the two ends of an application, therefore, TCP provides a full-duplex data exchange. Thismeans that after the connection is established, each endpoint can transmit data. Only one TCP connection isrequired to provide this two-way data exchange.

Each segment that is sent by TCP has an identifying sequence number transmitted in the TCP header. Thissequence number indicates the number of the first byte of data in the overall data stream for this connection.The receiver acknowledges receipt of this data by transmitting an acknowledgement number that indicates thenext byte of data in the stream that the receiver expects to receive. If some of the data is lost, the receiverwill continue to send the same acknowledgement number that indicates the bytes that were receivedsuccessfully. The sender maintains a retransmission timer. If the sender does not receive an acknowledgementfor some bytes of data that were sent, the data will be retransmitted when the retransmission timer expires.

Because the TCP segments are transmitted over an unreliable network service (IP network), the segments mayarrive at the destination in a different order than they were originally sent. The sequence numbers are used bythe receiver to reconstruct the data stream and ensure that the data is provided to the application in thesame order that the data was sent.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





TCP Reliable Data Transfer Example

ACK number 27500

TCP 500 bytes dataSEQ number 27000

ACK number 27500

ACK number 27500

ACK number 29000

LostTCP 500 bytes dataSEQ number 27500



Retransmit TCP 500 bytes dataSEQ number 27500

ReceiverSender

This slide shows reliable data transfer between two hosts.

1. The sender sends a TCP segment with 500 bytes of data on an established connection. The sequencenumber is 27000.

2. The receiver acknowledges the receipt of this data with an acknowledgement number of 27500.

3. The sender sends another segment of 500 bytes with a sequence number of 27500. This segment is lostby the network (unreliable service).

4. The sender sends another segment of 500 bytes with a sequence number of 28000. This segment issuccessfully received by the receiver and is buffered.

5. The receiver sends an acknowledgement number of 27500 because the receiver still has not receivedthe segment that contains the 500 bytes of data in the overall data stream.

6. The sender sends another segment of 500 bytes with a sequence number of 28500. This segment isreceived and buffered. Another acknowledgement of 27500 is sent.

7. The retransmission timer expires for the sender and the missing segment that contains 27500 isretransmitted.

8. The receiver receives the segment 27500 and now has the data up to byte 29000. The receiver sends anacknowledgement of 29000.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





TCP Flow Control

Sending multiple segments without an acknowledgementresults in higher data transfer rates

Receiver must buffer the received data until the applicationrequests it

Flow control allows receiver to control the transmission rate

Receiver uses the window parameter in TCP header toindicate how many bytes can be sent

The window field specifies how many bytes can be sent withoutan acknowledgementIf window value is 0, sender cannot transmit data until thereceiver adjusts window sizeThe window size is always controlled by receiver

If a sender waits to receive acknowledgement for each segment that it sends before sending another segment,the effective throughput of the connection can be greatly limited over the bandwidth that is supported by thetransmission media. This is not significant on a high-speed LAN because the acknowledgements are receivedvery quickly. However, if the network round trip time (RTT) is long, the sender may spend a significant amountof time waiting for acknowledgements.

To increase the overall throughput on TCP connections, TCP allows the sender to send more than one segmentwithout waiting for an acknowledgement. This provides a higher overall throughput. However there is a dangerof overwhelming the receiver with too much data. To avoid overwhelming the receiver, the amount of datathat can be sent to the receiver must be controlled. To accomplish this, the received data is buffered in apreset amount of buffer space until it is requested by the application.

The amount of buffer space is specified in the TCP header window parameter. When the receiver sends anacknowledgement, the receiver’s TCP header sets the value of the window parameter to specify the amount ofbuffer space in bytes that is available. This is the maximum amount of data that the sender can send before itreceives the next acknowledgement.

If the receiver’s buffer becomes full, the receiver sends a window size of 0 and the sender cannot transmit anymore data. When the receiving application requests the data and buffer space is available, the receiver sendsan updated window size and the sender can start to transmit more data.

The window value is always set by the receiver, which provides a flow control mechanism for the receiver.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





ReceiverSender

TCP Flow Control Example

ACK number 27000, window = 5000

1000 bytes dataSEQ number 27000


3000 bytes buffered

ACK number 32000, window = 5000 0 bytes buffered


5000 bytes buffered

Application requests all data from TCP (5000 bytes)





This slide shows how flow control works.

1. The sender received an ACK from a previous transmission that indicates a window size of 5000 bytes.

2. The sender has 3000 bytes to send and transmits them in three 1000-byte segments, one after theother.

3. The receiver buffers the received data and sends an ACK to acknowledge all the received data. Thereceiver sets the window size to 2000.

4. The sender has more data to send. Because the last window size was 2000, the sender cannot sendmore than 2000 bytes. This data is sent in two 1000-byte segments.

5. The receiver buffers the 2000 bytes as they are received. Because the application has not requestedany data, the initial 3000 bytes received are still being buffered.

6. The receiver’s buffer is now full and an ACK with a window value of 0 is sent.

7. Even if the sender has more data to send, the sender must not transmit any more data because thewindow size is currently 0.

8. The application requests data from TCP and the 5000 bytes are taken from the buffer. The buffer isnow empty and an ACK is transmitted to reset the window size to 5000.

9. When the sender receives the new window size, the sender can now transmit more data.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





TCP Operation Example

Initial 3-wayhandshake

Data transfer

Closing session

SYNSeq.no. 122

Ack.no . 0 Wnd 8192 LEN = 0B

ACK Seq.no. 123


Seq.no. 123 Ack.no . 287 Wnd 8192 LEN = 200B


FINSeq.no. 723


ACK Seq.no. 724


SYN+ACK Seq.no. 286


Ack.no . 323 Wnd 8560

Ack.no . 723 Wnd 8160

FIN+ACK Seq.no. 287


Assumptions

Although the data transfer and window parameter negotiation occur as a duplex operation, the slide aboveonly shows a single-sided transfer.

Initial Three-way handshake

1. The session begins with host 10.10.10.1/24, which initiates a SYN that contains the sequence number122, which is the ISS. There are only zeros in the acknowledgment number field because this field notused in the SYN segment. The window size of the sender starts as 8192 octets.

2. The receiving host sends its ISS (286) in the sequence number field and acknowledges the sender'ssequence number by incrementing the number by 1 (123); the receiver expects this value to be thestarting sequence number of the data bytes that the sender will send next. This is called the SYN-ACKsegment. The receiver's window size starts as 8760.

3. When the SYN-ACK is received, the sender issues an ACK that acknowledges the receiver's ISS byincrementing the ISS by 1 and placing the value in the acknowledgment field (287). The sender alsosends the same sequence number that it sent previously (123). These three segments that areexchanged to establish the connection never contain any data.

Data transfer

1. From now on, ACKs are used in every segment sent. The sender starts sending data by specifying thesequence number 123 again because this is the sequence number of the first byte of the data that it issending. Again, the acknowledgment number 287 is sent, which is the expected sequence number ofthe first byte of data that the receiver will send. In this example, the sender initially sends 200 bytes ofdata in one segment.

(…Continued on slide 17)

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





TCP Operation Example

Initial 3-wayhandshake

Data transfer

Closing session

SYNSeq.no. 122


ACK Seq.no. 123




FINSeq.no. 723


ACK Seq.no. 724


SYN+ACK Seq.no. 286


Ack.no . 323 Wnd 8560

Ack.no . 723 Wnd 8160

FIN+ACK Seq.no. 287


(…Continued from slide 16)

Data transfer (continued)

2. The receiver acknowledges the receipt of the data by sending the number 323 in the acknowledgmentnumber field, which acknowledges that the next byte of data to be sent will start with sequencenumber 323. It is assumed that sequence numbers up to and including 323 have been successfullyreceived. Note that not every byte needs to be acknowledged. The receiver subtracts 200 bytes fromits previous window size of 8760 and sends 8560 as its new window size.

3. The sender sends 400 bytes of data, starting at sequence number 323.

Closing session

1. The receiver acknowledges receipt of the data with the number 723 (323 + 400). The receiversubtracts 400 bytes from the previous window size of 8560 and sends the new window size of 8160.

2. The sender transmits the expected sequence number 723 in a FIN because, at this point, theapplication needs to close the session. The receiver sends a FIN-ACK that acknowledges the FIN andincrements the acknowledgment sequence number by 1 to 724, which is the number that the receiverwill expect on the final ACK.

3. The sender transmits the final ACK, which confirms the sequence number 724.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Congestion Control in TCP

IP does not provide a congestion control mechanism

An IP router that experiences congestion drops packets

TCP includes a congestion control mechanismTCP gradually increases transmission rate on a new connectionuntil there is congestion (slow start)When there is congestion, TCP reduces the transmission rate(congestion avoidance)Transmission rate is gradually increased until there is congestionagain

Transmission rate is controlled by the congestion windowwhich is maintained by the sender

Regardless of the congestion window value, the sender neversends more data than allowed by the window size

Congestion control and IP

Although ICMP contains a “source quench” message type that is intended for congestion control, this messagetype is not used for end-to-end congestion control. The normal behavior of an IP router when there iscongestion is to queue packets for a relatively short period. If the queuing space is depleted, additionalpackets are discarded.

Congestion control and TCP

TCP implements a congestion control mechanism to help manage congestion on an end-to-end connection. Avariety of different algorithms are used, but TCP congestion control typically has two phases slow start andcongestion avoidance.

After a TCP connection is established, data is not immediately transmitted to the maximum value that isallowed by the TCP window size. Instead, transmission by the sender is limited by the congestion window. Thisvalue is initially set to one or two segments. Each time a segment is acknowledged, the congestion window isincreased. This is the slow start phase of TCP.

When congestion is detected (either through the receipt of duplicate ACKs or the expiry of a timer thatmeasures the round trip time), TCP enters congestion avoidance. The congestion window is reduced and thengradually increased until congestion is encountered again. This process continues through the life of the TCPconnection.

The maximum transmission rate is ultimately controlled by the TCP window size, because this is the receiver’sflow control mechanism. If the window size is less than the size allowed by the congestion window, thetransmission rate will never exceed the size specified by the TCP window.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





ReceiverSender

TCP Congestion Control Example





Slow start




1000 bytes dataSEQ number 17000 dropped


cnwd = 1



cnwd = 2

cnwd = 4

Congestion avoidancecnwd = 2

1000 bytes dataSEQ number 18000 delayed

This slide shows how TCP congestion control works.

1. During the three-way handshake to establish the connection, the receiving side specified a window sizeof 8000. An MSS of 1000 bytes has also been established for the connection.

2. Because this is the start of the session, the sender is in the slow start phase and therefore, sets itscongestion window (cnwd) value to 1. Therefore, the sender transmits one segment of 1000 bytes eventhough there is more data to send and a window size of 8000 is specified by the receiver.

3. The first segment is acknowledged by the receiver with a window size of 7000 and the segment isbuffered. The sender increases its cnwd value to 2. The sender can now transmit two segments of 1000bytes each.

4. The receiving application has used the previous segment, but the two new segments are buffered andare acknowledged with a window size of 6000.

5. Because the sender received an acknowledgement for two more segments, the sender increases thecnwd value by 2 to 4. The sender then transmits 4 segments of 1000 bytes each.

6. The third segment is dropped due to congestion and the fourth segment is delayed. When the first twosegments are received, an acknowledgement (17000) is sent. Because the previously buffered segmentshave been used and the two new segements are buffered, the window size is 6000.

7. After a delay, because of congestion, the fourth segment is received and acknowledged. Because thethird segment is still missing, the acknowledgement number is still 17000. Because the two previoussegments have been used and the new segment is buffered, the window size is 7000.

8. When the sender receives the second acknowledgement, the sender determines that congestionoccurred and enters the congestion avoidance phase. The cnwd value is reduced by half to 2.Depending on timer values and the implementation, the missing segment may be retransmittedimmediately or later.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e




Section 3 - User Datagram Protocol

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





UDP - Overview

Capabilities

UDP header

User Datagram Protocol

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





UDP Capabilities

UDP provides a connectionless, unreliable datagram deliveryservice

Used when a reliable mechanism is not required or when theoverhead of TCP is not required, for exampleDNS performs simple query/response and does not requirereliable serviceRPC needs simple transport and manages reliability itself UDP is often used for audio and video streamsReal-time nature of the application means that retransmission isnot practicalRTP provides sequencing and timing information

The User Datagram Protocol (UDP) provides a simple, connectionless, unreliable datagram delivery service.The service is similar to the service that is provided by IP, although UDP has port addresses to supportmultiplexing between different applications. UDP is used when an application does not need a reliable transfermechanism or if the application needs to avoid the additional overhead of TCP.

Unreliable refers to the fact that UDP does not provide flow control, acknowledgement, or retransmissioncapabilities such as those provided by TCP. These capabilities slow down communication. Therefore, UDP maybe used for applications where real-time factor is more critical than packet loss; for example for Voice over IP.

Domain Name System (DNS) resolves domain names (such as www.alcatel-lucent.com) to an IP address. This isa simple query and response. As a result, the overhead of establishing a connection is not worthwhile. If thequery or response is dropped, the host sends the query again.

Remote Procedure Call (RPC) supports inter-process communication across a network. Many implementationsof RPC manage the reliability and sequencing of data and use UDP as a simple datagram delivery service toavoid the overhead of TCP.

UDP is also widely used for real-time audio and video streaming. Because these applications often have real-time constraints, retransmitting lost data is not a viable option and the application uses other methods tohandle missing data. Many of these applications use Real Time Protocol (RTP), which includes a mechanism forcarrying sequence and timing information. Timing information is not provided in TCP and this is important formany real-time applications. RTP data is carried in UDP datagrams.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





UDP Header

UDP provides a simple datagram delivery service. There is no additional connection overhead such as theoverhead in TCP. The application data is transmitted in a UDP datagram.

The UDP header is very simple compared to the TCP header. There are no synchronization, sequence, oracknowledgment fields. The header only contains the source and destination application port number, a lengthfield for the length of the data, and a checksum. Therefore, the UDP datagram has very little overhead.

Some protocols that use UDP include: SNMP, DNS, and DHCP.

-----

REFERENCE: Originally defined in RFC768

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





UDP Example

Unlike TCP, UDP offers no delivery guarantees or congestion avoidance. UDP is considered to be a means ofbest-effort transport. UDP provides a transport mechanism for one application to send a datagram to anotherapplication. The responsibility for error recovery or any form of reliability resides with the application itself.

Similar to TCP, UDP uses port numbers to identify the receiving and sending application processes. UDP usesthe port numbers in the multiplexing and demultiplexing operations.

UDP is especially suitable for real-time applications such as VoIP that require low overhead and do not benefit

from retransmission of lost data.The following are some of the well-known UDP port numbers:

Port 67 – Dynamic Host Configuration Protocol (DHCP)

Port 69 – Trivial File Transfer Protocol (TFTP)

Port 123 – Network Timing Protocol (NTP)

Port 520 – Routing Information Protocol (RIP)

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e




Section 4 - Port Numbers and Sockets

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Ports and Sockets

Transport layer (TCP and UDP) port numbers act as transportaddressesPort numbers allow multiple applications to use a transportprotocol simultaneously (multiplexing)Port numbers identify the application that receives incomingdata at the receiverApplication access to transport layer services is through asocketServer applications usually “listen” to a well-known port

80 is a well-known port for HTTP23 is a well-known port for Telnet

Client application connects to the server on the well-knownport

Both TCP and UDP contain a source and destination port number in their headers. These port numbers allowmultiple applications to use the transport simultaneously on the same physical connection. This capability isknown as transport-level multiplexing. If several transport sessions are active for a system on the network, thedata is demultiplexed based on the source address and port number when the data arrives. This allows TCP orUDP to identify the application process that the incoming data is destined to.

Typically, a server application listens to a well-known port. This means that all incoming data destined for theport is given to the application. The client application will then connect to the well-known port in order toestablish communication. Servers are not required to use the well-known port, but the client application mustknow the port to connect to.

For example, the well-known port for HTTP is 80. When the web server is started, the server will typicallylisten to port 80. Client requests will be made to port 80 and the requests will be passed to the web server torespond. In some cases, the web server may be configured to listen to a port other than 80; for example, someweb servers are configured to listen on port 8080. In this case, the client must know to connect to port 8080.If the request is made to port 80, there will be no response since there is no process listening to port 80.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Ports

Ports identify an application service. This allows the transport layer to differentiate between applicationservices. Each process that needs to communicate with another process identifies itself to the transport layerby using one or more port numbers.

A port is a 16-bit number that is used by the host-to-host protocol to identify to which higher-level protocol orapplication service the port must deliver incoming messages. There are two types of port numbers:

Well-known ports — Well-known port numbers belong to standard servers. The port numbers range from

1 to 1023. These port numbers are assigned by the IANA.Ephemeral ports — Client applications do not require well-known port numbers because they initiatecommunications with servers. The host system allocates each client process a port number for as longas the process needs the port number. The port numbers range from 1024 to 65535 and are notcontrolled by the IANA. Because the host dynamically assigns the port number to the client application,the port number may vary each time that the client application is started.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Sockets

Unique application handle into the TCP/IP stack

Used to differentiate application users between network

hostsFormulated by using a transport protocol, IP address, andapplication source and destination port numbers

Created at both ends of the data transfer (that is, the sourceand destination)

Example:Socket address = Protocol, local IP address, and local portnumber (for example, TCP, 138.120.3.1, 15633)Conversation = Protocol, local IP address, local port number,remote IP address, and remote port number (for example, TCP,138.120.3.1, 15633. 137.10.2.2, 23)

Sockets are used to identify the network connection between applications. Although applications on differenthosts can be differentiated using IP addresses and destination addresses, it is impossible to differentiatebetween two sessions on the same hosts for the same application.

Example: There are two Telnet sessions between Host A and Host B. The IP address and destination portnumbers are not enough for Host B to differentiate between the two Telnet sessions. In this case, the sourceport numbers, which are unique for each Host A client session, are required for Host B to differentiatebetween the packets of each of the sessions. The next slide contains a detailed example of Telnet.

In this example of a Telnet request, Host A uses a unique source port number and the well-known port number23 as the destination port for the server application on Host B.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





TCP/IP

Telnetserver

Operatingsystem

Telnetclient 2

Operatingsystem

Telnetclient 1

Operatingsystem

138.120.191.233 138.120.168.100

A1 A2

Transport Example — Telnet

1. Enable Telnet server application2. Enable Telnet client 1 and Telnet client 2 application3. Create socket address for client 1 of TCP,138.120.168.100,23, 138.120.191.233,15633, and for client 2 of TCP,

138.120.168.100,23, 138.120.191.233,156344. Connect client 1 and client 2 to server5. Listen to client requests, incoming request from client 1 and incoming request from client 26. Conversation with client 1: TCP, 138.120.168.100,23,138.120.191.233,15633 and7. Conversation with client 2: TCP, 138.120.168.100,23,138.120.191.233,15634

12 2

6 4 7 4 5 6

PC A wants to Telnet into a server with two applications, A1 and A2.

The IP address of A is 138.120.191.233 and the server address is 138.120.168.100.

Application A1 opens a client session with a socket handle.

Application: Telnet

Source port number: 15633

Destination port number: 23Transport layer: TCP

Socket handle: TCP, 138.120.191.233, 15633

Application A2

Application: Telnet

Source port number: 15322

Destination port: 23

Transport layer: TCP, 138,120.191.233, 15634

The server enables the Telnet server and creates a destination socket.

Application: Telnet serverSource port number: 23

Destination port number: 15633, 15634

Socket handle: TCP, 138.120.168.100, 23

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Section 5 - Module Summary and Learning Assessment

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Learning Assessment

Describe what a send_SYN is used for

Describe whether the send and receive windows on a local

host must matchDescribe the process that works in conjunction with thecongestion-avoidance process in TCP when networkcongestion is detected

Describe how UDP establishes a session

Describe how UDP identifies the application services that it issupporting

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e






A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e




Module 7 — 7750 SR and 7450 ESS Services Overview

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





7750 SR and 7450 ESS Services Overview

Services Building Blocks - Network Components

Provider Edge (PE) Node Components

VPN Service Building Blocks – Tunneling Concepts

MPLS Basics

Service Building Blocks – MPLS Fundamentals

MPLS

VPN Services

VPWS – Ethernet Encapsulation

VPLS

VPRN

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Services Building Blocks - Network Components

Customer edge devices

A customer edge (CE) device resides on the customer premises. The CE device provides access to theservice provider network over a link to one or more provider edge (PE) routers. The end user typicallyowns and operates these devices. The CE devices are unaware of tunneling protocols or VPN servicesthat are provided by the service provider.

Provider edge devicesA provider edge (PE) device has at least one interface that is directly connected to the CE devices. Inaddition, a PE device usually has at least one interface that connects to the service provider coredevices, or provider routers. Because the PE device must be able to connect to different CE devicesover different access media, the PE device is usually able to support many different interface types.The PE device is the customer's gateway to the VPN services offered by the service provider.

Provider routerProvider (P) routers are located in the provider core network. The P router supports the serviceprovider’s bandwidth and switching requirements over a geographically dispersed area. The P routerdoes not connect directly to the customer equipment.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Provider Edge (PE) Node Components

Service Access Point (SAP)The logical entity that serves as the customer access to the service

Service Distribution Points (SDP)The method that a service uses to connect to another router’s service

The transport tunnel encapsulation that this service will be using

MPLS/RSVP-TE, MPLS/LDP, or IP/GRE

SDPs are locally unique, the same SDP ID can be used on another router

SDP is not specific to one service, many services can use the same SDP

The terms customers and subscribers are used synonymously

The customer ID is assigned when the customer account is created

To provision a service, a customer ID must be associated with the service at the time of servicecreation

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





VPN Service Building Blocks – Tunneling Concepts

In order to be able to provide a virtual private network (VPN) service, the service provider mustencapsulate the customer data to traverse the service provider network. Depending on the nature ofthe VPN service, the encapsulation of the Layer 2 and Layer 3 headers may be included. The customerdata must be transported without any changes across the service provider network from one customersite to another customer site.

In order to accomplish this, an additional header is added to the customer data for transport acrossthe service provider network. Instead of routing or switching the data across the service provider’snetwork using the customer’s Layer 2 or Layer 3 headers, the data traverses the network using theheader that is added at the edge of the service provider network. Therefore, the customer data iseffectively tunneled across the service provider network unchanged.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





MPLS Basics – Common Acronyms

MPLS has become the basic building block for the various servicesand VPNs offered on the 7750 SR platforms. Below are some ofthe more common MPLS acronyms that are used when discussingservices:

LER — Label edge routerLSR — Label switch routerLSP — Label switch pathPushSwapPopLabel StackRSVP-TE — Resource reservation protocol with traffic engineeringextensionsT-LDP — Targeted label distribution protocol

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





MPLS Basics

In an MPLS network, routers are categorized as Label Edge Routers (LERs) or Label Switch Routers(LSRs). The LERs are the endpoints of the MPLS tunnels, known as Label Switched Paths (LSPs), and arenormally at the edge of the network. The LSRs are at the core of the network and provide theconnectivity between the LERs.

The MPLS-enabled routers (LERs and LSRs) use a signaling protocol to distribute labels across thenetwork. These labels are used to make the forwarding decision for incoming traffic rather than the IPaddress. This basically turns the Layer 3, routed network into a switched network.

The method for distributing labels through the network depends on the signaling protocol being used,either LDP or RSVP. The next few slides discuss LDP at a high level. RSVP and LDP are covered in moredetail in the MPLS course.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





MPLS Basics (continued)

12010.1.1.0/2410.1.2.0/24

InterfaceLabelNetwork

Before LDP can be enabled on a router, the network must be running a routing protocol. The routingprotocol allows LDP to find the adjacent router and automatically set up a peering session withadjacent LDP-enabled routers. Once a peering session is established, the routers check their routingtables and send out a label associated with networks that they see.

In this slide, an LDP session is established between Router 2 and Router 3. Router 3 checks its routingtable for networks that Router 3 sees behind Router 2 and sends a label to Router 2 to represent thosenetworks. For example, Router 3 sends a label with the value 20 to represent networks 10.1.1.0/24and 10.1.2.0/24.Each time Router 2 receives a packet destined for the 10.1.1.0/24 or 10.1.2.0/24 network, the routerpushes the label (20) onto the packet and puts the packet in the LSP that takes the MPLS frame toRouter 3.

Because Router 3 has sent the label (20), the router knows that any MPLS frame coming in with thelabel (20) is destined for a network that is terminated from it. Router 3 removes the label (20) fromthe frame, does a Layer 3 look up, and routes the packet to its destination.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e






10

IngressLabel

12010.1.1.0/2410.1.2.0/24

InterfaceEgressLabel

Network

The previous slide described the LDP session between Router 2 and Router 3.

In this slide, LDP is enabled on Router 1. Router 1 now sets up a peering session with Router 2. Router2 sends a label to Router 1 to represent the networks that Router 2 sees behind Router 1. In this case,Router 2 sends a label with a value of 10 to Router 1 to represent the 10.1.1.0/24 and 10.1.2.0/24networks.

Note that the label that is sent to Router 1 is not the same label that Router 2 received from Router 3.Labels are only locally significant.

When receiving a packet destined for the 10.1.1.0/24 or 10.1.2.0/24 network, Router 1 pushes a label(10) onto the packet and sends it to Router 2.

At this point Router 2’s function has changed. Now, when it receives an MPLS frame with a label (10) itswaps (switches) out the label (10), replaces it with the label (20), and sends it to Router 3.

Router 3’s function remains the same. Router 3 removes the label (20) and routes the packet to itsdestination.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e






11010.1.1.0/2410.1.2.0/24

InterfaceLabelNetwork

10

IngressLabel

12010.1.1.0/2410.1.2.0/24

InterfaceEgressLabel

Network

Route20

Label

This slide shows the complete LSP setup from Router 1 to Router 3. Router 1’s function is to perform aLayer 3 lookup, and if the packet is destined for one of the networks supported by Router 3, Router 1pushes (encapsulates the packet in an MPLS frame) the appropriate label onto the packet. This is thefunction of an LER.

When Router 2 receives the MPLS frame, it examines the label, swaps the label for the appropriateegress label, and sends the frame out the appropriate interface to its destination. Router 2 nowfunctions as an LSR and is basically a Layer 2 switch function.

When receiving the MPLS frame, Router 3 examines the label and pops (removes the packet from theMPLS frame) the label, performs a Layer 3 lookup, and routes the packet to the appropriate network.

Note that LSPs are unidirectional. For bidirectional communications, an additional LSP must be set upin the opposite direction.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e




Alcatel-Lucent Scalable IP Networks v2.00 Module 7 | 11 A ll r ig ht s r es er ved © 2 0 08 Alca te l- Lu cent

Service Building Blocks – MPLS Fundamentals

The encapsulation by the MPLS label of the Layer 2 header that is received from the CE devicedepends on whether a Layer 2 or Layer 3 VPN service is offered by the carrier. This is discussed later inthis module.In an MPLS network, the first PE router is called the Ingress Label Edge Router (iLER). The iLERencapsulates the customer PDU with an MPLS label.The intermediate routers, which are usually P routers, are called Label Switching Routers (LSRs). LSRsmake switching decisions that are based on the MPLS label. The LSR reads the label in the incomingMPLS frame, makes a switching decision, swaps the label, and then transmits the MPLS frame out the

appropriate port.The last PE router on the LSP is the Egress Label Edge Router (eLER). The eLER is the termination pointof the LSP, or the end of the tunnel. The egress LER removes the MPLS label and forwards thecustomer PDU to the CE device.

Packet walkthroughIn this slide, CE1 sends a data frame towards CE2. On an Ethernet interface, this is a normal IPdatagram that is encapsulated in Ethernet. CE1 is not aware of the MPLS LSP that originates on PE1.The packet that is sent from CE1 to PE1 is unlabeled because the packet does not contain an MPLSlabel.When the packet reaches PE1, an MPLS label is applied to the frame. This label corresponds to the LSPthat ends on PE2. The MPLS label encapsulates the unlabeled packet that was received from CE1. Thelabeled MPLS packet is then sent along the LSP to P2.P2 processes the MPLS packet and checks its MPLS table to perform a label swapping operation. It

reads label value 101, performs a table lookup, switches the packet out of the appropriate interfaceto P3, and applies the label value of 96.P3 performs a similar label swap operation and switches the MPLS packet out from its interface to PE2with the label value 101. Note that, by coincidence, this is the same label value that is used by PE1.However, this is not a problem because labels are locally significant to the router.When PE2 receives the labeled packet, PE2 performs a lookup on the received label value of 101.Because P2 is an edge router that is directly connected to CE2, PE2 strips the MPLS label and thenforwards the unlabeled packet to CE2. As with CE1, CE2 is totally unaware of the LSP through theprovider core. CE2 receives the same PDU as though CE1 and CE2 were directly connected.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Services Building Blocks - MPLS Fundamentals (continued)

Because MPLS tunnels are unidirectional, two LSPs are required for bidirectional communication.Therefore, traffic that is sent between two customer sites may follow different paths over thenetwork.

The LSP is defined by the labels that are used to switch along the path. These labels may beconfigured statically, but are usually signaled dynamically with an MPLS label signaling protocol.

Because MPLS labels are locally significant to the router, two routers on the LSP can use the samelabel for the same or different LSPs.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





MPLS

An MPLS path is defined by the labels used to switch alongthe path

Two protocols are available to dynamically signal labels: LDPand RSVP

LDP always follows the path chosen by the IGPAn MPLS node distributes labels to all its neighborsThe MPLS node selects the next-hop neighbor according to theIGP and uses the label from that next-hop neighbor

RSVP LSPs may follow IGP or may take other pathsPath can be explicitly specifiedPath can be chosen using a traffic engineering-enabled routingprotocol

Additional paths can be created for redundancy

An MPLS path is defined by the labels that are used to switch along the path. The egress router of theLSP signals the label that should be used for the LSP to the next upstream router. The upstream routerwill transmit data; data flows from upstream to downstream. The two protocols that are available todynamically signal labels are: LDP and RSVP.

MPLS and LDP

When LDP is the label signaling protocol, the LSP always follows the path chosen by the InteriorGateway Protocol (IGP). An LSR that has LSPs passing through or ending on the router distributes alabel for each LSP to all its LDP neighbors. An upstream router may receive labels for a specific LSPfrom multiple neighbors and chooses the downstream router to use based on the next hop that isdetermined by the IGP. This means that the next-hop LSR for the LSP is the same as the next-hoprouter that is chosen by the IGP; the label that is used is the one signaled by that neighbor.

MPLS and RSVP

When RSVP is the label signaling protocol, labels are specifically requested by the ingress router forthe LSP. The request travels along the path to the egress LSR, which generates a label for the LSP.This path may follow the IGP, in which case the path will be the same as the one used by LDP. Asecond option is that the path of the LSP may be explicitly specified, partially or completely. A third

option is that a traffic engineering-enabled routing protocol will be used to choose a path that meetssome specific constraints.

The RSVP also allows additional, redundant paths to be created that can be used for fast failover if theoriginal LSP fails. The services that are transported over an LSP are then protected so that a failoverto the backup LSP can be performed much more quickly than when only the IGP is relied on.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





VPN Services

Service routers allow service providers to offer simple, transparentL2 and L3 VPNs to customers over the service providers existingIP/MPLS networksThe 7750 SR offers the following L2 and L3 VPN services:

VPWS— Provides L2 point-to-point service

— Emulates a single leased line or circuit between two locations

— Supports Ethernet, frame relay, and ATM encapsulation

VPLS— Provides L2 multipoint service

— Emulates a simple L2 LAN switch between two or more locations

VPRN— Provides L3 service

— Emulates a simple IP router between two or more sites

Service routers use MPLS to provide a variety of VPN services over their core IP/MPLS network. Theservice provider can offer simple, transparent Layer 2 and Layer 3 VPN services to multiple customersover a single network. Three types of services are supported: VPWS, VPLS and VPRN.

Virtual Private Wire ServiceVirtual Private Wire Service (VPWS) is a simple Layer 2 service that emulates a single leased line or

circuit between two locations. The customer has no knowledge of the service provider network; theservice acts as a simple point-to-point connection between customer sites. The VPWS can emulate anEthernet connection (epipe), a frame relay connection (fpipe), or an ATM connection (apipe). TheLayer 2 frames of customer data are encapsulated in MPLS labels and tunneled across the serviceprovider network.

Virtual Private LAN Service

Virtual Private LAN Service (VPLS) is a Layer 2 multipoint service that can be used to interconnectmore than two customer locations. From the customer’s perspective, VPLS looks as though a simpleLayer 2 LAN switch exists between the different customer locations. The Ethernet frames of customerdata are encapsulated in MPLS labels and tunneled across the service provider network.

Virtual Private Routed Network

Virtual Private Routed Network (VPRN) is a Layer 3 service that makes the service provider networkappear as a simple IP router that connects two or more customer locations. The VPRN allows the CEdevices to exchange route information with the VPRN as if it were an IP router. The IP packetscontaining customer data are encapsulated in MPLS labels and tunneled across the service providernetwork.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





VPWS – Ethernet Encapsulation

A VPWS is a simple point-to-point service, emulating a simple Layer 2 connection between twocustomer locations. The customer frame is not checked and MAC learning is not performed by theVPWS. The customer Layer 2 frames are encapsulated in MPLS labels and switched across the serviceprovider network.

Service access points (SAPs) are defined on the PE devices that face the customer device. The SAPsrepresent the customer access to the service. Multiple SAPs may be defined on the same physical portand may be used for different services.

Service distribution points (SDPs) are defined on the service provider network side and define theconnection of the service to an MPLS transport tunnel. Many services can be bound to one SDP.

The concepts of SDP and SAP are further discussed in the Alcatel-Lucent Services course.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





VPWS – Ethernet Encapsulation (continued)

PE2 strips the MPLS label

PE2 then looks at the service label to determine which service theframe belongs to

PE2 then makes the appropriate forwarding decision for thedestination customer site

The ingress PE receives customer data on a SAP that is associated with a specific service. The SAP maybe a port, a port with a specific VLAN tag in the case of an Ethernet port, or a port with a specificcircuit ID in the case of ATM or frame relay.

The customer data is encapsulated with a service label by the ingress PE. Because many services maybe configured on the PE, the service label identifies the specific service that the data belongs to. Theservice label value is signaled to the ingress PE by the egress PE when the service is initialized.

After the data is encapsulated with the service label, the data must be forwarded over the correct SDPthat is defined by the service. A second, outer label is added to the data. This label identifies the LSPthat will be used to transport the MPLS packet to the far end of the tunnel – the egress PE device. Thedata is label switched along the LSP using this outer label.

The egress PE removes the MPLS-encapsulated data from the SDP. The inner, service label is used toidentify the service that the data belongs to and, after the labels are removed, the data is transmittedon the appropriate SAP for the service. In other words, the service label is used to demultiplex thedata from the SDP to the appropriate service.

CE devices are never aware of SDPs and SAPs. The CE devices transmit to the ingress PE device,possibly using a specific VLAN tag, and then receive an unlabeled packet from the egress PE device.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





VPLS

A VPLS is similar to a VPWS, with SAPs to provide customer access and SDPs to provide the transportconnection across the network to the remote PEs of the service. However, a VPLS is a multipointservice that supports multiple access points (as opposed to a VPLS, which is only point-to-point withtwo access points). A VPLS acts as a logical Layer 2 switch that connects all of the CE devices that areattached to the service.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





VPLS (continued)

Because a VPLS emulates a switched Ethernet service, a MAC address forwarding database (FDB) mustbe maintained for each VPLS. When a unicast frame with an unknown source address arrives on a SAPor an SDP, the VPLS learns the address, in the same way that an Ethernet switch learns a MAC addresson its ports. The VPLS FDB associates MAC addresses with SAPs and SDPs, but is otherwise similar to anEthernet switch.

When an Ethernet frame arrives on a SAP or an SDP, a lookup is performed in the FDB for thedestination address. If there is an entry for the address, the frame is forwarded to the appropriate SAPor SDP. If there is no entry for the address, the frame is flooded to all other SAPs and SDPs, which issimilar to the flooding of an unknown frame on an Ethernet switch.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





VPRN

A VPRN is a class of VPN that allows the connection of multiple sites in a routed domain over a serviceprovider IP/MPLS network. VPRN is a Layer 3 service (as opposed to VPWS and VPLS, which are Layer 2services).

From the customer’s perspective, all of the sites appear to be connected to a private routed networkthat is administered by the service provider for that customer only. Each PE router providing VPRNservices maintains a separate IP forwarding table for each VPRN. Each customer of the service providerhas their own private IP address space and, therefore, may have overlapping IP addresses.

The VPRN service uses VPN Routing and Forwarding Instances (VRFs) within the PE device to maintainforwarding information on a per-customer basis. A VRF is a logical private forwarding (routing) tablethat securely isolates the routing information of one customer from the next customer, and also fromthe routes of the provider core network. Each PE maintains multiple separate VRFs that are based onthe number of distinct VPRN services that the PE supports.

Each CE router becomes a routing peer of the provider PE router that it is directly connected to.Routes are exchanged between the CE and the PE routers. The PE devices in a VPRN service exchangeroutes with each other so that the routes can be transmitted to the remote CE devices of thecustomer.

The transport of customer data is similar to a VPWS or VPLS, except that the Layer 2 headers areremoved and the IP datagrams are encapsulated with the MPLS headers. Customer data arrives at aVPRN SAP, is encapsulated with an inner service label and an outer transport label, and is then carriedacross the network using MPLS.

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e



7750 SR and 7450 ESS Services Overview

Module Summary and Learning Assessment

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Module Summary

After the successful completion of this module, you should beable to:

Describe the different types of routers and their function in aVPN services-based network

Describe the concept of tunneling and its role in providingVPN services

Describe how MPLS can be used as a method of tunneling andlabel switching

Describe the three major VPN services - VPWS, VPLS, andVPRN

Describe SAPs, SDPs, and their application to VPN services

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e





Learning Assessment

CE routers reside on customer premises and are unaware of VPNservices provided to the customer by carrier PE routers

P Routers make up the service provider’s core network and areconcerned with switching labeled packets across the network

Tunneling allows a service provider to transparently transport acustomer’s traffic though an IP/MPLS network

MPLS employs label switching as a method of tunneling

There are three major VPN services, VPWS, VPLS, and VPRN

VPWS is a layer 2 point to point service that supports Ethernet,frame relay or ATM connections

VPLS is a layer 2 Ethernet multipoint service that emulates anEthernet switch

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

oN

o t Di s

t r i b u t e




Learning Assessment (continued)

VPRN is a layer 3 routed VPN service over a service providersexisting IP / MPLS network

MPLS transport tunnel labels are swapped by the serviceprovider routers along an MPLS path as the customer datatraverses the MPLS nework.

MPLS service labels are inner labels negotiated by the PErouters of the service and remain constant as the traffictraverses the MPLS network

A l c

a t el -L

u c en

t C onf i d

en

t i al f or i n

t er n

al u

s e

onl y --D

alcatel-lucent scalable ip networks student guide v2.0_downloadable

Documents