best of best ccie.pdf

7/27/2019 BEST OF BEST CCIE.pdf

http://slidepdf.com/reader/full/best-of-best-cciepdf 1/82



Routing and Switching Written Qualification Exam (350-001)

Table of Contents Cisco Device Operation .................................................................................................................................................. 7

Commands..................................................................................................................................................................... 7

Infrastructure.................................................................................................................................................................. 7

Configuration Register................................................................................................................................................ 7

Configuration Register................................................................................................................................................ 8

Software Configuration Bit Meanings......................................................................................................................... 8

Bunch of Bits (some of the more interesting Configuration Register Bits, and what they do) .................................. 9

More Bits .................................................................................................................................................................. 10

Seeing and Changing Configuration Register Settings............................................................................................ 11

Boot Command ........................................................................................................................................................ 11

My simplistic description of the boot sequence........................................................................................................ 11

Operations.................................................................................................................................................................... 11

Password recovery................................................................................................................................................... 11

Copying and Backing up Configuration Files ........................................................................................................... 11

Configuring a new router .......................................................................................................................................... 12

Security & Passwords .............................................................................................................................................. 12

General Networking Theory .......................................................................................................................................... 13

OSI Models .................................................................................................................................................................. 13

MAC Addressing ...................................................................................................................................................... 13

General Routing Concepts........................................................................................................................................... 14

Standards..................................................................................................................................................................... 15 Ethernet Cable Specifications .................................................................................................................................. 15

Protocol Mechanics...................................................................................................................................................... 16

Transmission Control Protocol (TCP) ...................................................................................................................... 16

Fragmentation & MTU.............................................................................................................................................. 17

Bridging and LAN Swi tching ........................................................................................................................................ 17

Transparent Bridging (TB) ........................................................................................................................................... 17

Translational Bridging............................................................................................................................................... 18

Integrated Routing and Bridging (IRB)..................................................................................................................... 18

Bridge ACL & Filtering.............................................................................................................................................. 18

Multiple-Instance Spanning Tree Protocol (MISTP)................................................................................................. 19

Source-Route Bridging (SRB)...................................................................................................................................... 19

Data Link Switching (DLSw) and DLSw+................................................................................................................. 20

Source-Route Transparent Bridging (SRT) and Source-Route Translational Bridging (SR/TLB) .......................... 20

LAN Switching.............................................................................................................................................................. 21




Switching Technique Types ..................................................................................................................................... 21

Command-Line Interface (CLI)................................................................................................................................. 21

Trunking.................................................................................................................................................................... 22

Virtual LAN (VLAN) .................................................................................................................................................. 23

VLAN Trunk Protocol (VTP) ..................................................................................................................................... 23 Spanning-Tree Protocol (STP)................................................................................................................................. 23

Root Bridges and Switches ...................................................................................................................................... 24

Bridge Protocol Data Units (BPDUs)........................................................................................................................ 24

How STP Works ....................................................................................................................................................... 24

STP Timers .............................................................................................................................................................. 24

Ports in an STP domain will progress through the following states: ........................................................................ 24

Notes about STP Port States: .................................................................................................................................. 25

STP Enhancements: ................................................................................................................................................ 25

DISL.......................................................................................................................................................................... 26 Fast Ether Channel (FEC)........................................................................................................................................ 26

Cisco Discovery Protocol (CDP) .............................................................................................................................. 26

CGMP....................................................................................................................................................................... 26

Security ........................................................................................................................................................................ 26

802.1X ...................................................................................................................................................................... 27

Multi-Layer Switching (MLS)........................................................................................................................................ 27

Multi-Layer Switching (MLS)........................................................................................................................................ 28

Internet Protocol (IP) ..................................................................................................................................................... 28

IP Addressing............................................................................................................................................................... 28

Subnetting ................................................................................................................................................................ 28

Subnetting Tricks...................................................................................................................................................... 29

Route Summarization............................................................................................................................................... 29

Services & Applications ............................................................................................................................................... 30

DNS.......................................................................................................................................................................... 30

ARP & RARP............................................................................................................................................................ 30

BOOTP & DHCP ...................................................................................................................................................... 30

ICMP......................................................................................................................................................................... 31

NAT .......................................................................................................................................................................... 31

HSRP & VRRP ......................................................................................................................................................... 31

Telnet........................................................................................................................................................................ 32

FTP & TFTP ............................................................................................................................................................. 32

SNMP ....................................................................................................................................................................... 32

Access Control Lists (ACL).......................................................................................................................................... 32




Access list types are designated by the list Numbers:............................................................................................. 33

Internet Protocol Version 6 (IPv6)................................................................................................................................ 33

IP Routing ....................................................................................................................................................................... 34

Routing Protocol Concepts .......................................................................................................................................... 34

Distance-Vector Routing Protocols .......................................................................................................................... 34 Link State Routing Protocols.................................................................................................................................... 34

Hybrid Routing Protocols.......................................................................................................................................... 34

Distribution Lists ....................................................................................................................................................... 35

Routing Loops .......................................................................................................................................................... 35

Administrative Distance............................................................................................................................................ 36

Open Shortest Path First (OSPF) ................................................................................................................................ 36

Area 0....................................................................................................................................................................... 37

OSPF Area Types: ................................................................................................................................................... 37

Stub and Totally Stubby Area Similarities: ............................................................................................................... 37 Stub and Totally Stubby Area Differences: .............................................................................................................. 38

Router Types:........................................................................................................................................................... 38

Traffic Types:............................................................................................................................................................ 38

NMBA Networks ....................................................................................................................................................... 38

LSA Types:............................................................................................................................................................... 39

Routing Authentication ............................................................................................................................................. 39

Border Gateway Protocol (BGP).................................................................................................................................. 39

Synchronization/Full Mesh ....................................................................................................................................... 40

Next-Hop-Self Command ......................................................................................................................................... 40

BGP Path Selection.................................................................................................................................................. 40

Scalability Problems (and Solutions) with IBGP....................................................................................................... 41

Configuring Neighbors & Networks .......................................................................................................................... 41

Route Dampening .................................................................................................................................................... 41

Enhanced Interior Gateway Routing Protocol (EIGRP)............................................................................................... 42

Tables:...................................................................................................................................................................... 42

Choosing routes: ...................................................................................................................................................... 43

Intermediate System-to-Intermediate System (IS-IS).................................................................................................. 43

Access-Control & Filtering ........................................................................................................................................... 44

Distribution Lists ....................................................................................................................................................... 44

Route-Maps.............................................................................................................................................................. 44

Policy Routing .......................................................................................................................................................... 45

Redistribution ........................................................................................................................................................... 45

Route-Tagging.......................................................................................................................................................... 45




Dial-on-Demand Routing (DDR) .................................................................................................................................. 45

DDR has two important applications:....................................................................................................................... 45

Encapsulation Methods for DDR:............................................................................................................................. 45

Dial Backup .............................................................................................................................................................. 45

Interior Gateway Routing Protocol (IGRP)............................................................................................................... 46 Router Information Protocol (RIP) Version 1 and 2 ................................................................................................. 46

QoS ................................................................................................................................................................................. 46

Fancy Queuing............................................................................................................................................................. 46

Weighted Fair Queuing (WFQ) ................................................................................................................................ 46

Priority Queuing........................................................................................................................................................ 47

Custom Queuing ...................................................................................................................................................... 47

Packet over SONET/SDH (PoS) and IP Precedence.................................................................................................. 47

Class of Service (CoS)................................................................................................................................................. 47

Random Early Detection (RED) and Weighted RED (WRED) .................................................................................... 48 Weighted Round-Robin (WRR)/Queue Scheduling..................................................................................................... 48

Weighted Round-Robin (WRR)/Queue Scheduling..................................................................................................... 49

Shaping vs. Policing / Committed Access Rate (CAR)................................................................................................ 49

Committed Access Rate (CAR)................................................................................................................................ 49

Network-Based Application Recognition (NBAR) ........................................................................................................ 50

Configuring NBAR.................................................................................................................................................... 50

802.1x....................................................................................................................................................................... 51

Differentiated Services Code Point (DSCP) ................................................................................................................ 51

WAN ................................................................................................................................................................................ 51

Integrated Services Digital Network (ISDN)................................................................................................................. 51

ISDN Specifics ......................................................................................................................................................... 52

Channels .................................................................................................................................................................. 53

Flavors of ISDN ........................................................................................................................................................ 53

Point-to-Point Protocol (PPP)................................................................................................................................... 53

OSPF and ISDN....................................................................................................................................................... 53

Frame Relay ................................................................................................................................................................ 53

Types of Circuits....................................................................................................................................................... 54

Data Link Connection Identifier (DLCI) .................................................................................................................... 54

Local Management Interface (LMI) .......................................................................................................................... 54

Encapsulation........................................................................................................................................................... 54

Frame-Relay Traffic Shaping (FRTS) ...................................................................................................................... 54

Frame-Relay Compression ...................................................................................................................................... 55

Frame-Relay Mapping.............................................................................................................................................. 55




Split Horizon and Frame Relay Interfaces ............................................................................................................... 55

Speed Elements........................................................................................................................................................... 55

Asynchronous Transfer Mode (ATM)........................................................................................................................... 55

ATM is comprised of four major layers:.................................................................................................................... 56

ATM Adaptation Layer (AAL) ................................................................................................................................... 56 IISP and PNNI .......................................................................................................................................................... 56

NSAP Format ATM Addresses ................................................................................................................................ 57

Service-Specific Connection-Oriented Protocol (SSCOP)....................................................................................... 57

RFC 1483 & RFC 2684 – Multiprotocol Encapsulation over AAL5 .......................................................................... 57

ATM Mapping........................................................................................................................................................... 57

Physical Layer.............................................................................................................................................................. 58

Serial Interface Abbreviations .................................................................................................................................. 58

Is Your Interface a DTE or a DCE?.......................................................................................................................... 58

RS-232 ..................................................................................................................................................................... 58 V.35 Interface ........................................................................................................................................................... 59

Troubleshooting Serial Links.................................................................................................................................... 59

Show Controllers Command .................................................................................................................................... 61

Serial Line Conditions .............................................................................................................................................. 62

Debug Commands ................................................................................................................................................... 62

Increasing Output Drops .......................................................................................................................................... 63

Increasing Input Drops ............................................................................................................................................. 63

Excessive Aborts...................................................................................................................................................... 64

Clocking Problems ................................................................................................................................................... 64

Increasing Interface Resets on a Serial Link............................................................................................................ 65

Increasing Carrier Transitions Count on Serial Link ................................................................................................ 65

CRC and Framing Errors.......................................................................................................................................... 66

SONET / SDH .......................................................................................................................................................... 66

T1 Encoding ............................................................................................................................................................. 66

Leased Line Protocols.............................................................................................................................................. 67

HDLC........................................................................................................................................................................ 67

PPP .......................................................................................................................................................................... 67

Packet over SONET (PoS)....................................................................................................................................... 67

DPT / SRP................................................................................................................................................................ 67

LAN ................................................................................................................................................................................. 68

Ethernet/FE/GE............................................................................................................................................................ 68

Ethernet/Fast Ethernet/Gigabit Ethernet .................................................................................................................. 68

Fast EtherChannel (FEC)......................................................................................................................................... 68




Carrier Sense Multiple Access Collision Detect (CSMA/CD)................................................................................... 68

Wireless/802.11 ........................................................................................................................................................... 69

Deployment issues for wireless include: .................................................................................................................. 69

Wireless Security...................................................................................................................................................... 69

Important wireless networking terms:....................................................................................................................... 70 Radio Frequency (RF) Terms:.................................................................................................................................. 70

Cisco Deployments .................................................................................................................................................. 70

Multiservice .................................................................................................................................................................... 71

Voice/Video.................................................................................................................................................................. 71

Coder-decoders (Codecs)............................................................................................................................................ 71

Signaling System 7 (SS7) ............................................................................................................................................ 71

Signaling System 7 (SS7) ............................................................................................................................................ 72

Real-Time Transport Protocol (RTP) ........................................................................................................................... 72

Real-Time Transport Control Protocol (RTCP)............................................................................................................ 72 Session Initiation Protocol (SIP) .................................................................................................................................. 72

Multiprotocol Label Switching (MPLS) ......................................................................................................................... 72

Definitions follow for the MPLS terms: ..................................................................................................................... 73

MPLS Operations ..................................................................................................................................................... 73

How the LFIB is Propagated .................................................................................................................................... 74

Quality of Service and Traffic Engineering............................................................................................................... 74

IP Multicast ..................................................................................................................................................................... 74

Addressing ................................................................................................................................................................... 75

Translate Multicast Addresses into Ethernet MAC addresses................................................................................. 76

Internet Group Management Protocol (IGMP) and Cisco Group Management Protocol (CGMP).............................. 77

IGMP ........................................................................................................................................................................ 77

CGMP....................................................................................................................................................................... 78

IGMP Snooping ........................................................................................................................................................ 78

Multicast Distribution Trees.......................................................................................................................................... 79

Protocol Independent Multicast (PIM).......................................................................................................................... 79

PIM-Spare Mode Mechanics........................................................................................................................................ 80

PIM-SM Joining & Pruning ....................................................................................................................................... 80

IP Multicast Routing Table (mroute)......................................................................................................................... 80

Distribution Trees......................................................................................................................................................... 80

Rendezvous Points ...................................................................................................................................................... 80

Bootstrap Router (BSR) ........................................................................................................................................... 81




Cisco Device Operation

CommandsCisco routers are configured and maintained primarily through the issuing of IOS commands. If you have reached thepoint of preparing for the CCIE Written exam, I must assume that you have spent considerable time configuring Cisco

routers and switches. You should, however, make sure you have a complete understanding of how the differenttechnologies are configured, and thorough knowledge of the show and debug commands that are used to troubleshootthem.

A note on debug commands: you should know that debug commands can seriously stress the resources of a router,and they should be used carefully and as conservatively as possible when working in a production environment.

InfrastructureThe infrastructure of a Cisco router includes the main board, memory, CPU, Flash and interfaces. You shouldunderstand what each of these devices does, and how they interact. The most commonly misunderstood are:

RAM (Random Access Memory) – In all but a few low-end routers like 2500’s, the RAM holds the running version of the IOS and the current running configuration. This is also where the routing tables, caches, and queues are stored.Remember that when the router is powered-off, everything in RAM is lost.

ROM (Read-Only Memory) – Holds some basic router commands and usually a limited version of Cisco IOS(Internetwork Operating System). It also houses the power-on diagnostics and the bootstrap program. The ROM isread-only and cannot be changed.

NVRAM (Non-Volatile Random Access Memory) – This is where the router’s saved configuration file is stored. Thisinformation will not be lost if the router is powered down.

Flash memory – Home for the router’s IOS image and microcode. Prior to installing any IOS, ensure that you haveenough flash to support the proposed image. Depending on the version and feature set of the IOS, the image can beof various sizes. Newer versions with more powerful features will often require additional flash. Remember that filesdeleted from flash can remain in place, marked for deletion, until the “squeeze” command is issued.

http://www.preplogic.com/products/voucher/view-exam-vouchers.asp?campaignid=csstudyguide




Configuration Register

Early Cisco routers had a set of hardware switches that controlled certain aspects of the router’s performance, such asthe boot sequence. This was phased out some time ago, but there is now a software equivalent, the sixteen-bitSoftware Configuration Register, which is written into nonvolatile memory.

Common reasons for modifying the register include:

Recovering a lost password

Changing the router boot configuration to allow Flash or ROM boot

Loading an image into Flash memory

Enabling or disabling the console break key

Here are some of the common Configuration Register values:

0x2102 – The most common value, which establishes booting to flash and NVRAM

0x2142 – The value used most commonly to recover passwords

0x2100 – Boots using the bootstrap found in ROM

Software Configuration Bit Meanings

* Please note that a boot system global command in the router’s NVRAM configuration will override thedefault net-boot filename.




Bunch of Bits (some of the more interesting Configuration Register Bits,and what they do)

Bits 0,1,2 and 3 are known collectively as the boot field, and determine where the router will load its IOS image from.

If the boot field value is 0x0, you will need to boot the operating system manually by entering the “b” commandat the bootstrap prompt.

If the boot field value is 0x1 (the factory default), the router will boot using the default ROM software.

If the boot field has any other value, the router uses the resulting number to form a default boot filename for network booting, which is created as part of the automatic configuration process. To form the boot filename, theserver starts with the word “cisco”, attaches the octal equivalent of the boot field number, then a dash, and finallythe processor-type name. The following table lists the default boot filenames for boot field values between 0x2and 0xf on an IGS router.

Default Boot Filenames

Bit 3 Bit 2 Bit 1 Bit 0 Hex Value Net -bootFilename

0 0 1 0 0x2 cisco2-igs






1 0 0 0 0x8 cisco10-igs

1 0 0 1 0x9 cisco11-igs

1 0 1 0 0xa cisco12-igs

1 0 1 1 0xb cisco13-igs

1 1 0 0 0xc cisco14-igs

1 1 0 1 0xd cisco15-igs

1 1 1 0 0xe cisco16-igs

1 1 1 1 0xf cisco17-igs

It’s important to remember that the boot sequence, baring the involvement of “boot system” commands in theconfiguration, is Flash, Network, ROM.




More Bits

Bit 4 enables "Fast Boot", which is only supported on a dual RSP chassis. This allows the "slave" RSP to reloadwithout going through an IOS load sequence; just reload the config file and go. The documentation says it willaccomplish a fast boot in approximately 30 sec.

Bit 6 determines whether the router should load its startup config from NVRAM (1) or not (0). This is the key bit

used for recovering a lost password. If it is turned on, the startup configuration (usually in NVRAM) is ignored.This will allow you to log in without using a password and display the startup configuration passwords.

Bit 7 allows Cisco boot messages to be suppressed when IOS is licensed to another manufacturer.

Bit 8 controls the console Break key. Setting bit 8 on (the factory default) causes the processor to ignore theconsole Break key. Clearing bit 8 causes the processor to interpret the break as a command, which forces thesystem into the bootstrap monitor, halting normal operation. Remember that a break can be issued anytimeduring the first 60 seconds of booting to go to ROM mode, regardless of the configuration settings.

Bit 10 controls the host portion of the IP broadcast address. Setting bit 10 causes the processor to use all zeros;clearing bit 10 (the factory default) causes the processor to use all ones. Bits 10 and 14 interact to control thenetwork and subnet portions of the broadcast address. This table shows how these settings are configured.

Bit 14 Bit 10 Address(<net><host>)

Off Off <ones><ones>

Off On <zeros><zeros>

On On <net><zeros>

On Off <net><ones>

Bits 11 and 12 determine the baud rate of the console port. The default setting is 9600 (00). The most commonreason for changing the speed is to increase the speed at which you can transfer a new IOS version through theconsole port connection. Here are the possible combinations of these two bits, and the speeds they represent:

Bit 12 Bit 11 Baud Rate

0 0 9600

0 1 4800

1 0 1200

1 1 2400

Bit 13 determines the router’s response to a boot load failure. If the bit is turned on (1), it causes the server toload IOS from ROM after five unsuccessful attempts to load a boot file from the network. If the bit is set to “0”(factory default), the router will continue trying to load a boot file from the network indefinitely. The importantthing to remember is that if the bit is (0) and no IOS is found the router will hang. If the bit is (1), and no IOS isfound, the router will boot from ROM.




Bit 14 controls the network and subnet portions of the broadcast address and allows subnet or directedbroadcasts. It should be seen as being related to the function of bit 10.

Bit 15 in a hardware configuration register causes NVRAM configuration files to be ignored. This is not true of virtual configuration registers.

Seeing and Changing Configuration Register SettingsTo display the current configuration register value and the value that will be used next time the router is loaded (if thetwo values are different) use the “show version” enable command.

The “config-register” global command is used to modify configuration register settings while the operating system isrunning. Remember that configuration register changes only take effect when the router is rebooted.

Boot Command

You can alter the boot sequence by using the “boot” global configuration command. Here are several possibleconfigurations:

Boot from a specific Flash image (using the boot system flash filename command).

Boot from an undefined network server by sending broadcast TFTP requests (using the boot system filename command).

Boot from a specific network server by sending a direct TFTP request to a specific IP address (using the bootsystem filename address command).

My simplistic description of the boot sequence

The main thing to remember is that with standard configuration register settings (last four bits are between 0x2 and0xF), and if there are “boot system” commands present in the startup, the boot sequence will not attempt to boot fromthe network using the default image name. If there aren’t any “boot system” commands, it will attempt a network boot:

With “boot system” commands in the configuration - Flash, ROM

Without “boot system” commands in the configuration - Flash, Network, ROM

Operations

Password recovery

For every family of Cisco routers and switches, there is a procedure for hacking out the password when it is lost. Todevelop a basic understanding of how this is done you should review the procedures for several devices, including the2600 and 3700 routers, and the Cat3550 switches. These are explained in detail on the Cisco website athttp://www.cisco.com/warp/public/474/index.shtml. If you have physical access to this equipment, I would recommendfollowing the procedures several times to get familiar with the process.

Copying and Backing up Configuration Files

You can and should understand (and practice) backing up the running configurations on your routers. This can bedone to Flash as the startup configuration, or even better, to an off-router TFTP server.

http://www.cisco.com/warp/public/474/index.shtml

http://www.cisco.com/warp/public/474/index.shtml




Configuring a new router

There are several ways to prepare a new router for production, including:

Connecting to the console port of the router with a rolled cable, andrunning the Setup dialog that appears when the router first boots up.

Connecting to the console port with a rolled cable, bypassing theSetup dialog, and manually typing the configuration commands.

Connecting to the console port with a rolled cable, defining a minimumconfiguration, and using TFTP to download an existing predefinedconfiguration file.

Use BOOTP with SLARP/RARP to download an existing configurationfile.

Security & Passwords

Below are the different types of router passwords:

Privileged Mode / Enable Password – There are two types of passwords that allow you to move from user mode to privileged mode.They are the enable password and the enable secret password.

Enable – this is an unencrypted password used to allow themovement into privileged mode. From privileged mode, youcould move into global configuration mode. To configure anenable password you would type:

Router(config)# enable password cisco

• Secret - this is an encrypted password used to allow themovement into privileged mode. From privileged mode, youcould move into global configuration mode. If you configurea secret password and do a “show running-configuration”,you will not be able to see your password as it will be in anencrypted form. To configure a secret password you wouldtype:

Router(config)# enable secret cisco

Although you can have both passwords configured, the enablesecret overrides the enable password.

Console Password – to protect the console from unauthorizedaccess, you would configure a console password. To configure aconsole password you would type:

Router(config)# line console 0

Router(config-line)# loginRouter(config-line)# password cisco

The login commands enable password checking on the line. Withoutthe login command, the password can be configured but you are notprompted to enter the password.

Vty Password – inbound telnet lines to the router/switch are called vtylines (virtual TTY lines). To protect these lines from unauthorizednetwork access, you would configure a vty password. By default, there

http://www.preplogic.com/default.asp?campaignid=csstudyguide




are 5 of these lines (zero through four). To configure a vty password, on all 5 lines, you would type:

Router(config)# line vty 0 4

Router(config-line)# login

Router(config-line)# password cisco

General Networking Theory

OSI ModelsMost people who attempt the CCIE Written have either gone through the CCNA and CCNP exams, or already have asolid background in networking. In either case, I’m sure you have a solid grasp on the OSI model; but it’s on theblueprint and therefore deserves at least a quick review.

The OSI model is a common tool for conceptualizing how network traffic is handled. For the CCIE track, the bulk of your focus will be on the three lower levels. Just a reminder, you can use the old mnemonic “ All People Seem ToNeed Data Processing” as a way to help remember the sequence. The seven layers of the OSI model are:

Appl ication –Provides services directly to applications.

Presentation –Provides a variety of coding and conversion functions that ensure information sent from theapplication layer of one system will be readable by the application layer of another.

Session –Establishes, manages, maintains, and terminates communication sessions between applications.

Transport – Segments and reassembles data into data streams, and provides for both reliable and unreliableend-to-end data transmission.

Network – Applies logical addressing to provide routing and related functions to allow multiple data links to becombined into an internetwork. Network layer protocols include routing and routed protocols (make sure youknow the difference between these).

Data Link – The data link layer provides for reliable transmission of data across physical media. The Data linklayer is commonly subdivided into two sub-layers, known as the Media Access Control (MAC) Layer and the

Logical Link Control (LLC) layer. LLC – The LLC sub-layer manages communications between devices over a single link of a network.

It provides error control, flow control, framing, and MAC sub-layer addressing.

MAC –The MAC layer manages addressing and access to the physical layer.

Physical – The electrical, mechanical, procedural, and functional specifications for activating, maintaining, anddeactivating the physical link between communicating network systems.

Note: Remember that routing is handled at Layer-3 of the OSI model, while bridging is handled at Layer-2 of the OSImodel.

MAC Addressing

Media Access Control (MAC) is the lower of the two sub-layers of the Data Link Layer defined in the OSI model, whichprovides access to the shared media. MAC addresses are the standard, unique address that every networked devicemust have; it is the true burned-in physical address of the Network Interface Card (NIC) in a host, server, router interface or other device on a network. They are 6 bytes (48 bits) long and are controlled by the IEEE. They can bebroken down into two sub-fields:

The first three bytes (24 bits) are called the Organization Unique Identifier (OUI) field and are issued in series tomanufacturers.




The second part of the MAC address, the last three bytes (24 bits), is a unique identifier burned into the deviceby the manufacturer from the series issued to it.

General Routing Concepts

Link-State – Link state routing protocols use a complex algorithm to calculate the best route. Each router calculates its own routing table. Examples of Link-State routing protocols are OSPF and NLSP.

Distance Vector – Routing protocols that use hop counts to select the best path. Examples are RIP and IGRP.Distance vector routing protocols are best for small networks.

Switching vs. Routing – switching works at OSI Layer 2 (data-link) by keeping track of L2 addresses andsending out frames to only the ports where the destination MAC address has been seen. Routing, on the other hand, uses OSI Layer 3 (Network) addresses to determine the interface that the packet will exit the router.

Autonomous Systems (ASs) - A group of routers sharing a single routing policy; run under a single technicaladministration; and commonly, with a single Interior Gateway Protocol (IGP). Each AS has a unique identifyingnumber between 1 and 65,535 (64,512 through 65,535 are set aside for private use) usually assigned by anoutside authority.

Convergence– The process of bringing the routing tables on all the routers in the network to a consistent state.

Load Balancing – Load balancing allows the transmission of packets to a specific destination over two or morepaths.

Metrics – All routing protocols use metrics to calculate the best path. Some protocols use simple metrics, suchas RIP, which uses hop count. Others, such as EIGRP, use more meaningful information.

Passive-Interface – Prevents interfaces from sending routing updates. They will, however, continue to listen for updates. This command is applied in the router configuration, and specifies a physical interface.

Redistribution - The process of sharing routes learned from different sources (usually routing protocols). For instance, you might redistribute the routes learned through OSPF to a RIP domain, in which case you mighthave problems with VLSM; or you might redistribute routes learned through static entries into EIGRP.Redistribution is just the sharing of information learned from different sources, and it must be manuallyconfigured.

Route Flapping – The frequent changing of preferred routes as an interface or router goes into and out of operation (error condition). This process can create problems in a network, especially in complex OSPFnetworks, as this information will cause the routers to constantly recalculate their OSPF database and flood thenetwork with LSAs (Link State Advertisements).

Static Routing –Static routes can point to a specific host, a network, a subnet, or a super-net. You can alsohave floating static routes: routes that have an Administrative Distance (AD) set higher than the dynamic routingprotocol in use.

Split-Horizon - Split-horizon is used by Distance Vector routing protocols to block information about routes frombeing advertised to the same interface from which the information originated. This can be a problem withnonbroadcast networks (such as Frame Relay and SMDS), where spokes on a hub-and-spoke environment willhave trouble learning about each other. For these situations, you may choose to disable split-horizon.

Routing Loops - Routing loops occur when the routing tables of some or all of the routers in a given domainroute a packet back and forth without ever reaching its final destination. Routing loops often occur during routeredistribution, especially in networks with multiple redistribution points.

Tunneling – Tunneling is the transmission of one network’s data inside packets of another network. Usually, thisis done when you send a private network’s data over a public network. The private network’s data isencapsulated inside the public network’s packets, transmitted over the public network, and unencapsulated.




StandardsThere are several organizations that have taken responsibility for developing and documenting network standards,including:

The Institute of Electrical and Electronics Engineers (IEEE) – A professional organization that developscommunications and network standards. For example, details of all the 802.x protocols can be found on their

excellent website at www.ieee.org.

The Internet Engineering Task Force (IETF) – An international community of network designers, operators,vendors, and researchers concerned with the evolution of the Internet architecture and the smooth operation of the Internet. You will find a list of the current and developing Requests for Comment (RFCs) on their website athttp://www.ietf.org/home.html

Ethernet Cable Specifications

Some facts to note about Ethernet cabling are:

10Base-T

• Runs at 10Mb/sec• Maximum cable length is 100 meters, or about 300 feet.

• Uses Unshielded Twisted Pair (UTP) cable

Uses CSMA/CD standard

Can run on cabling as low as Category 3

100Base-T (Fast Ethernet)

Runs at 100Mb/sec

Requires UTP Category 5

Uses a RJ-45 connector, just like 10Base-T

Uses only two pairs of the 4-pair UTP cabling

100Base-FX

Same as 100Base-T but runs over Fiber optic cabling

Operates on two strands of multimode or single mode fiber cabling

Does not have the same 100 meter distance limitation as UTP cabling

1000Base-T (Gig-Ethernet)

Based on the 802.3ab standard for GE over copper Category 5 UTP cabling. Although, Category 5e or Category 6 cabling is highly recommended.

Different from 10 & 100base-T as it uses 4 pairs of a UTP cable (8 Very similar to 10Base-T and

100Base-T as it uses CSMA/CD, offer half and full duplex, RJ45 connectors, and maximum cablelength is still 100 meters.

Very similar to 10Base-T and 100Base-T as it uses CSMA/CD, offer half and full duplex, RJ45connectors, and maximum cable length is still 100 meters.

http://www.ieee.org/

http://www.ietf.org/home.html

http://www.ietf.org/home.html

http://www.ieee.org/




Protocol Mechanics

Transmission Control Protocol (TCP)

TCP is a connection-oriented Layer-4 (transport layer) protocol designed to provide reliable end-to-end transmission of data in an IP environment. It groups bytes into sequenced segments, and then passes them to IP for delivery.

These sequenced bytes have forward acknowledgment numbers that indicate to the destination host what next byte itshould see. Bytes not acknowledged to the source host within a specified time period are retransmitted, which allowsdevices to deal with lost, delayed, duplicate, or misread packets.

TCP hosts establish a connection-oriented session with one another through a "three-way handshake" mechanism,which synchronizes both ends of a connection by allowing both sides to agree upon initial sequence numbers. Eachhost first randomly chooses a sequence number to use in tracking bytes within the stream it is sending and receiving.Then, the three-way handshake proceeds in the following manner:

1. The initiating host (Host-A) initiates a connection by sending a packet with the initial sequence number ("X")and SYN bit (or flag) set to make a connection request of the destination host (Host-B).

2. Host-B receives the SYN bit, records the sequence number of "X", and replies by acknowledging the SYN(with an ACK = X + 1).

3. Host-B includes its own initial sequence number ("Y"). As an example: An ACK of "20" means that Host-b hasreceived bytes 0 through 19, and expects byte 20 next. This technique is called forward acknowledgment.

4. Host-A then acknowledges all bytes Host-B sent, with a forward acknowledgment indicating the next byte Host A expects to receive (ACK = Y + 1).

5. Data transfer can now begin.

You will find an excellent clarification of this process at:

http://www.inetdaemon.com/tutorials/internet/tcp/connections.html

There is an acknowledgment process associated with TCP. Here is a sample sequence to show how this works:

1. The sender (Host-A) has a sequence of ten bytes ready to send (numbered 1 to 10) to a recipient (Host-B)who has a defined window size of five.

2. Host-A will place a window around the first five bytes and transmit them together, then wait for anacknowledgment.

3. Host-B will respond with an "ACK = 6", indicating that it has received bytes 1 to 5, and is expecting byte 6 next.

4. Host-A then moves the sliding window five bytes to the right and transmits bytes 6 to 10.

5. Host-B will respond with an "ACK = 11", indicating that it is expecting sequenced byte 11 next. In this packet,the receiver might indicate that its window size is 0 (because, for example, its internal buffers are full). Host-Awon't send any more bytes until Host-B sends a subsequent packet with a window size greater than 0.

TCP also has a mechanism called "slow start" that is designed to expand and contract the window size based on flowcontrol needs, starting with small window sizes and increasing over time as the link proves to be reliable. When TCPsees that packets have been dropped (ACKS are not received for packets sent), it tries to determine the rate at whichit can send traffic through the network without dropping packets. Once data starts to flow again, it slowly begins theprocess again. This may create oscillating window sizes if the main problem has not been resolved, so the windowsize is slowly expanded after each successful ACK is received.




Fragmentation & MTU

Although the maximum size of an IP packet is usually 64k, most technologies enforce a smaller maximumtransmission unit. For instance, the MTU of Ethernet is 1514 Bytes. Because of the different MTU’s along the path thata packet travels, the packet may be fragmented into smaller packets. When the multiple smaller packets arrive at their destination, they must be reassembled into the original data.

In the IP packet header, there are flags that specify “don’t fragment” or “more fragments”. RFC 791 specifies themechanics of IP Fragmentation.

For an excellent explanation of how Fragmentation, Reassembly and MTU works, see this Cisco whitepaper:

http://www.cisco.com/en/US/tech/tk827/tk369/technologies_white_paper09186a00800d6979.shtml

Bridging and LAN Switching

Transparent Bridging (TB)Found predominantly in Ethernet environments, the operation of a Transparent Bridge is transparent to the network

end-devices concerned; the hosts are completely unaware that they are not local to one another when theycommunicate.

A TB learns the network's topology by reading the source address of incoming frames from all attached networks, andcaches that information in a forwarding table. TB’s never change the make-up of a frame. The fully intact frame iseither forwarded or filtered based on its destination MAC address. If the destination MAC address has not previouslybeen seen (and, thus, is not in the CAM table) then the frame is flooded out all ports on the switch/bridge.

The three functions of a bridge/switch are:

Learn the MAC addresses of all Ethernet devices and their ports

Send incoming frames to their destination port, based on previously learned frames

Drop incoming frames whose destination is the same as the sort port

The name of the table that Cisco switches store the learned MAC addresses & there ports in is the CAM table. CAMstands for Content Addressable Memory.



http://www.preplogic.com/products/exams/view-practice-exams.asp?campaignid=csstudyguide




Routers can be configured to bridge, just as a switch or bridge can. To transparently bridge packets on an IOS router,you would do:

Router(config)# bridge 1 protocol ieee

Router(config-if)# bridge group 1

One of the problems, inherent with this type of layer-2 technology, is loops. The Spanning Tree Protocol (STP), based

on the Spanning Tree Algorithm (STA), provides the bridge-to-bridge communication necessary to have the desiredredundancy, while not causing bridges to fail.

Bridge Protocol Data Units (BPDUs) are passed between the bridges at fixed intervals, usually every one to four seconds. If a bridge fails, or a topology change occurs, the lack of BPDUs will be detected and the STA calculation willbe re-run. Since topology decisions are made locally as the BPDUs are exchanged between neighboring bridges,there is no central control on the network topology. The tools for fine-tuning an STP domain include adjusting thebridge priority, port priority and path cost parameters.

There are two major disadvantages to TB:

The forwarding tables must be cleared each time STP reconfigures, which can trigger a broadcast storm as thetables are being reconstructed.

The volume of broadcasts can overwhelm low-speed serial interfaces when the network is flooded with unknown

frames.Cisco supports Transparent Bridging over DDR (Dial-on-Demand Routing) and Frame Relay networks.

Translational Bridging

A translational bridge is a bridge that can forward frames between different types of network technologies. For instance, a translational bridge would send frames between an Ethernet network and a Token-Ring network or between a FDDI Network and an Ethernet Network.

Integrated Routing and Bridging (IRB)

With IRB, a packet can be routed between routed interfaces and bridged between bridged interfaces. A Bridge VirtualInterface (BVI) is created to represent the bridge group it corresponds to. The number of the bridge group is also thenumber of the BVI. The BVI interface has networking features, like an IP address and subnet mask.

When you turn on routing for a protocol on the BVI, packets from routed networks but destined for hosts on the bridgednetwork are sent to the BVI. From the BVI, this traffic is sent to the bridged network. On the other hand, any trafficdestined for routed networks from a bridged network is sent to the BVI and then sent to the routed networks.

When configuring IRB, you must configure which protocols will be routed and which protocols will be bridged.

Bridge ACL & Filtering

To filter bridged packets, it is done in one of the following ways:

By MAC address with this command:

Router(config)# bridge {bridge-group} address {mac-address} {forward | discard} [interface]

By Vendor code with this command:

Router(config)# access-list {number} {permit | deny} {address} {mask}

Then, you would apply it to an interface with this command:

Router(config-if)# bridge-group {bridge-group} input-address-list {access-list number}




OR

Router(config-if)# bridge-group {bridge-group} output-address-list {access-list number}

Or by Protocol type with this command:

Router(config)# access-list {number} {permit | deny} {type-code} {wild-mask}

Then, you would apply it to an interface with this command:Router(config-if)# bridge-group {bridge-group} input-type-list {access-list number}

OR

Router(config-if)# bridge-group {bridge-group} output-type-list {access-list number}

Multiple-Instance Spanning Tree Protocol (MISTP)

MISTP is a Cisco-proprietary spanning-tree mode on Cisco switches. MISTP allows a switch to running a separateSpanning-Tree instance (process) for different groups of ports on the switch. Thus, with MISTP, not every port on thebridge is under the same spanning-tree process. With MISTP, you can scale your bridged network much larger.

Source-Route Bridging (SRB)Developed by IBM for its Token Ring environment, and further enhanced by the IEEE, SRB provides a means bywhich multiple rings can be connected together through bridges. SRB’s use the routing information field (RIF) in theMAC header to determine which Token Ring network segments the frame must transit. The source station inserts theRIF into the MAC header immediately following the source address field in every frame destined for a remote host,giving this style of bridging its name. The destination station reverses the routing field to reach the originating station.

There are two flavors of SRB - IBM and IEEE. The primary difference between them being that IBM allows only sevenbridges, while IEEE allows 13. Newer IBM bridge software programs, combined with new LAN adapters, support 13hops.

A RIF is included only in those frames destined for other rings. The first single bit of the first byte of the source MACaddress will tell the processing device if there is a RIF present. The presence of the routing information indicator (RII)bit indicates it is a RIF frame: If the RII value is 0, the RIF is absent; if the value is 1, there is a RIF present.

The RIF is made up of two fields:

Routing Control field – Provides information about the RIF, including the length and direction. There is alwaysone, and only one RC per RIF.

Route Descriptors - Made up of alternating sequences of ring and bridge numbers. A single RIF will containone or more routing descriptor fields.

Cisco’s source-route bridging implementation provides three types of explorer packets to collect RIF information:

Directed frame - A data frame that already contains the defined path across the network.

Al l-routes explorer packets (also known as all -rings explorer packets) - All route explorers go through thewhole network looking for Source-Route Bridges; all SRB’s they encounter forward the frame to every port,except the one on which it was learned. This is how RIF’s are developed.

Spanning explorer packets (also known as single-route, or limited-route explorer packets) - Explorer packets pass through a predetermined path constructed by a spanning tree algorithm in the bridges. A stationshould receive only one single route explorer from the network. SR/TLB uses this to define an Ethernet domainto the SRB domain.

I have created a document specifically about reading RIFs, which you can obtain free at www.laganiere.net.

http://www.laganiere.net/





Data Link Switching (DLSw) and DLSw+

DLSw was developed as an advanced tool for transporting Systems Network Architecture (SNA) and other non-routable protocols over campus or wide-area networks. DLSw+ is Cisco’s version of DLSw, which offers more optionsand greater functionality than RSRB and has many enhancements over non-Cisco DLSw implementations, including:Dynamic peers, peers on demand, backup peers and the ability to load balance connections.

DLSw+ also provides a mechanism for dynamically searching a network for SNA or NetBIOS resources, and includescaching algorithms that help to minimize broadcast traffic. It can work with Token Ring, Ethernet, FDDI and Serialinterfaces, but not ATM.

The methods of encapsulation methods for DLSw+ are similar to RSRB, with one addition:

Direct Encapsulation – This method uses HDLC (High-Level Data Link Control) and is the simplest type of remote peering. It adds little overhead, but lacks reliability. The two routers must be directly attached to eachother, with no intermediate hops, through HDLC- encapsulated serial, FDDI, Ethernet or Token Ring interfaces.Direct Encapsulation is fast-switched.

Fast-Sequenced Transpor t (FST) – This method encapsulates SRB packets within IP packets. The primaryadvantage is that FST allows the link to traverse multiple hops. The IP encapsulation adds more overhead, butdoes not provide the reliability of TCP. FST is fast-switched.

Transport Control Protocol (TCP) – This is the most commonly used encapsulation type, and the onlyencapsulation method supported by RFC 1795. The primary advantage being that TCP encapsulation providesfor the reliable delivery of packets. TCP has greater overhead, both in actual bandwidth and router processor cycles, than either direct or FST encapsulation methods. TCP is process-switched.

DLSw Lite (also known as LLC2 or Frame Relay encapsulation) - This method supports many DLSw+features, but requires less overhead (16 bytes in a normal DLSw header, against 4 bytes in LLC2). It is currentlysupported over Frame Relay. DLSw Lite is process-switched.

SRB is an end-to-end protocol, which puts significant load on slow WAN links, especially while waiting for the return of acknowledgements and keepalives. DLSw+ terminates the LLC2 connection at the local switch so that traffic does notneed to traverse the link. Moving this traffic off the WAN link conserves bandwidth, and allows the local switch toprovide acknowledgement so that timeout issues are avoided.

When providing connectivity between Token Ring and Ethernet, DLSw+ handles the problems of bit ordering, MTU

sizes, and MAC address translation differences. Other limitations of SRB and RSRB include the hop count, and thelack of flow control and prioritization. DLSw+ has greater scalability, as the RIF terminates locally in the virtual ring,allowing a maximum of seven SRB hops on each side of the WAN cloud. This comes at the cost of end-to-end RIFvisibility, since each side of the WAN cloud builds its own RIF. Virtual ring numbers need not be the same on the twoend routers.

DLSw+ uses Switch-to-Switch Protocol (SSP) to communicate between routers (called data-link switches) at the datalink layer. This provides the mechanism to establish DLSw+ peer connections, locate resources, forward data, handleflow control, and perform error recovery. SSP uses TCP as the preferred reliable transport among data link switches.

McGraw-Hill’s “Configuring Cisco Routers for Bridg ing, DLSw+, & Desktop Protocols” by Tan Nam-Kee is anexcellent resource for learning more about DLSw+, and bridging in general.

Source-Route Transparent Bridging (SRT) and Source-RouteTranslational Bridging (SR/TLB)

SRT bridges can create a one spanning-tree between source-route nodes and transparent bridging nodes. It does thisby using a Routing Information Indicator (RII) to determine which nodes are SRB and which are TB. Here is how theSRT bridge determines this:

If the node is a SRB node, the RII = 0. This means that a RIF is being used.

If the node is a TB node, the RII = 1. This means that a RIF is not being used.




What SR/TLB provides is the ability to create a single spanning-tree and perform source-route bridging betweentranslational bridged networks. That means that you have a Token Ring and an Ethernet network and are performingbridging between them. As you know, there are many differences between how an Ethernet network and Token Ringnetwork functions. Some of these differences are: Bits of MAC addresses are reversed, MTU sizes are different, TokenRing uses a RIF, different spanning-tree algorithms, etc.

LAN SwitchingLayer-2 switches are sometimes called micro-segmentation devices because you can think of them as bridges withdozens of ports, sometimes having as few as one host per collision domain. Because switches facilitated the moveaway from shared media for end-devices, they had the affect of increasing available bandwidth without increasingcomplexity. They have the following features:

Each port on a switch is a separate collision domain.

Each port can be assigned a VLAN (Virtual Local Area Network) membership, which creates controllablebroadcast domains.

While switch ports are more expensive than shared media, they are generally much cheaper than Router ports.

Switching Technique Types

Store-and-forward – Receives the complete frame before forwarding. Copies the entire frame into the buffer and then checks for CRC errors. Higher latency than other techniques. This technique is used on Cat5000s.

Cut-through – Checks the destination address as soon as the header is received and immediately forwards itout, lowering the latency level.

Fast switch ing - The default switching type. It can be configured manually through use of the “ip route-cache”command. The first packet is copied into packet memory, while the destination network or host information isstored in the fast-switching cache.

Process Switching - This technique doesn’t use route caching, so it runs slow; however, slow usually meansSAFE. To enable, use the command “no protocol route-cache”.

Optimum Switching – From its name you can understand what it is – high performance! This is the default on7500’s.

Command-Line Interface (CLI)

One of the nicest things about working on Cisco routers is the transparency of IOS. Because a similar command sethas been developed for each family of routers, the knowledge gained from working on one router is applicable toothers.

This nicety does not carryover into the world of Cisco switches. Because there are several families of switches thatwere acquired from disparate places, the Command Line Interface (CLI) differs significantly between the families of switches.

Menu Configurable - Found primarily on older low-end switches, there are several different menu basedsystems, such as those found on the 1900 or 3900 series switches. These are meant to be intuitive, but havetheir own configuration problems awaiting the uninitiated, not the least of which is figuring out what keys themenu expects you to use to select between options.

IOS-Like - Another common CLI is the IOS-like version found on many Access-layer switches, like the 2950 and3550 series. Those who have worked on Cisco routers in the past will find that the command nomenclature isfamiliar and, other than a few new commands, the same rules generally apply.




Set-based - The most common CLI is that which was brought into the Cisco family with the acquisition of Crescendo Communications in 1993. It is found on the Catalyst 4000/5000/6000 series of switches, and is oftencalled XDI, CatOS, or the Set-based CLI. This is what you will find on most of the Core and Distribution layer switches, and most new products use this CLI. XDI is based on the Unix csh or c-shell prompt, and the reason itis commonly called the Set-based CLI is that “Set” is one of the three primary commands used. Most commandsstart with one of the following keywords:

Set – Implements configuration changes

Show – Verifies and provides information on the configuration

Clear – Removes configuration elements

In a separate document intended for people studying for the Cisco Switching exam, I put together a list of whichmodels use what interface, and a sample configuration for each type. I think this document is also useful for CCIEWritten exam candidates who want to review the basics of switch configuration. This document can be found atwww.laganiere.net.

Trunking

Trunks transport the packets of multiple VLANs over a single network link using either IEEE 802.1Q or Cisco’s

proprietary Inter-Switch Link (ISL). IEEE has become common in Cisco networks because it gives you the flexibility toinclude other vendor’s equipment, and because of the reduced overhead when compared to ISL, which isencapsulated with a 26-byte header that transports VLAN IDs between switches and routers.

Note that not all Cisco switches support all encapsulation methods; for instance the Cat2948G and Cat4000 seriesswitches support only 802.1Q encapsulation. In order to determine whether a switch supports trunking, and whattrunking encapsulations are supported, look to the hardware documentation or use the "show port capabilities"command.

Trunks are configured for a single Fast-Ethernet, Gigabit Ethernet, or Fast- or Gigabit EtherChannel bundle andanother network device, such as a router or second switch. Notice that I specifically excluded 10Mb Ethernet ports,which cannot be used for trunking. For trunking to be enabled on EtherChannel bundles, the speed and duplexsettings must be configured the same on all links. For trunking to be auto-negotiated on Fast Ethernet and GigabitEthernet ports, the ports must be in the same VTP domain.

To help understand how trunks negotiate, this chart tells where they will form, based on the settings of the ports:

Trunk Negotiation

Ports On Off Auto Desirable Non-Negotiate

On Yes No Yes Yes Yes

Off No No No No No

Auto Yes No No Yes No

Desirable Yes No Yes Yes Yes

Non-Negotiate Yes No No Yes Yes






Virtual LAN (VLAN)

A VLAN is an extended logical network that is configured independent of thephysical network layout. Each port on a switch can be defined to joinwhatever VLAN suits the Network Architect’s plans.

VLAN Trunk Protocol (VTP)VTP is a layer-2 messaging protocol that centralizes the management of VLANs on a network-wide basis, simplifying the management of largeswitched networks with many VLANs.

Switches defined as part of a VTP domain can be configured to operate inany of three VTP modes:

Server – Advertise VLAN configuration to other switches in the sameVTP domain and synchronize with other server switches in the domain.You can create, modify, and delete VLANs, as well as modify VLANconfiguration parameters such as VTP version and VTP pruning for theentire domain. This is the default mode for a switch.

Client – Advertise VLAN configuration to other switches in the sameVTP domain and synchronize their VLAN configuration with other switches based on advertisements received over trunk links; however,they are unable to create, change, or delete VLAN configurations.

Transparent – Does not advertise its VLAN configuration and doesnot synchronize its VLAN configuration with other switches. If theswitch is running VTP version 2, it does forward VTP advertisements,while still not acting on them.

Switches can only belong to one VTP domain, but if you have more than onegroup of switches, and each group has a different set of VLANs that it has torecognize, you could use a separate domain for each group of switches.

There is a second version of VTP that has features not supported in versionone, including Token Ring LAN Switching and VLANs, unrecognized TypeLength Value, Version Dependent Transparent Mode and ConsistencyChecks. Please note that all switches in the VTP domain must run the sameVTP version. In general, don’t enable VTP version 2 in the VTP domainunless you are ready to migrate all the switches to that version. However, if the network is Token Ring, you will need VTP version 2.

Spanning-Tree Protocol (STP)

Spanning-Tree Protocol (STP) is a Layer 2 link management protocoldesigned to run on bridges and switches to provide path redundancy andprevent undesirable loops from forming in the network. It uses the SpanningTree Algorithm (STA) to calculate the best loop-free path through a switchednetwork.

http://www.preplogic.com/products/mega-guides/view-mega-guides.asp?campaignid=csstudyguide




Root Bridges and Switches

The key to STP is the election of a root bridge, which becomes the focal point in the network. All other decisions in thenetwork, such as which ports are blocked and which ports are put in forwarding mode, are made from the perspectiveof this root bridge.

When implemented in a switched network, the root bridge is usually referred to as the "root switch." Depending on the

type of spanning-tree enabled, each VLAN may have its own root bridge/switch. In this case, the root for the differentVLANs may all reside in a single switch, or it can reside in varying switches, depending on the estimates of theNetwork Architect.

You should remember that selection of the root switch for a particular VLAN is extremely important. You can allow thenetwork to decide the root based on arbitrary criteria, or you can define it yourself.

Bridge Protocol Data Units (BPDUs)

All switches exchange information to use in the selection of the root switch, as well as for subsequent configuration of the network. This information is carried in Bridge Protocol Data Units (BPDU).

The primary functions of BPDUs are to:

Propagate bridge IDs in order for the selection of the root switch.

Find loops in the network.

Provide notification of network topology changes.

Remove loops by placing redundant switch ports in a backup state.

How STP Works

When the switches first come up, they start the root switch selection process with each switch transmitting BPDU to itsdirectly connected switch neighbors on a per-VLAN basis.

As the BPDUs go through the network, each switch compares the BPDU it sent out to the ones it has received from its

neighbors. From this comparison, the switches determine the root switch. The switch with the lowest priority in thenetwork wins this election process. (Remember, there may be one root switch identified per VLAN, depending on thetype of STP selected.)

STP Timers

Hello timer - How often the switch broadcasts Hello messages to other switches.

Forward delay timer - Amount of time a port will remain in the listening and learning states before going into theforwarding state.

Maximum age timer – How long protocol information received on a port is stored by the switch.

Ports in an STP domain will progress through the following states:

Blocking – Listens for BPDUs from other bridges, but does not forward them or any traffic.

Listening – An interim state while moving from blocking to learning. Listens for frames and detects availablepaths to the root bridge, but will not collect host MAC addresses for its address table.

Learning – Examines the data frames for source MAC addresses to populate its address table, but no user datais passed.




Forwarding – Once the learning state is complete, the port will begin its normal function of gathering MACaddresses and passing user data.

Disabled – Either there has been an equipment failure, a security issue or the port has been disabled by theNetwork Administrator.

Notes about STP Port States: A port in blocking state does not participate in frame forwarding. The switch always goes into blocking state

immediately following switch initialization.

When a port changes from the listening state to the learning state, it is preparing to participate in frameforwarding.

Port in the forwarding state actually forwards frames (User data, BPDUs, etc.).

STP Enhancements:

There are three major enhancements available for Spanning Tree, as it is applied on Cisco devices:

PortFast - By default, all ports on a switch are assumed to have the potential to have bridges or switchesattached to them. Since each of these ports must be included in the STP calculations, they must go through thefour different states whenever the STP algorithm runs (when a change occurs to the network). EnablingPortFast on the user access ports is basically a commitment between the Network Architect and the switch,agreeing that the specific port does not have a switch or bridge connected, and therefore this port can be placeddirectly into the Forwarding state; this allows the port to avoid being unavailable for 50 seconds while it cyclesthrough the different bridge states, simplifies the STP recalculation and reduces the time to convergence.

UplinkFast - Convergence time on STP is 50 seconds. Part of this is the need to determine alternative pathswhen a link between switches is broken. This is unacceptable on networks where real-time or bandwidth-intensive applications are deployed (basically any network). If the UplinkFast feature is enabled (it is not bydefault) AND there is at least one alternative path whose port is in a blocking state AND the failure occurs on theroot port of the actual switch, not an indirect link; then UplinkFast will allow switchover to the alternative linkwithout recalculating STP, usually within 2 to 4 seconds. This allows STP to skip the listening and learningstates before unblocking the alternative port.

BackboneFast - BackboneFast is used at the Distribution and Core layers, where multiple switches connecttogether, and is only useful where multiple paths to the root bridge are available. This is a Cisco proprietaryfeature that speeds recovery when there is a failure with an active link in the STP. Usually when an indirect linkfails, the switch must wait until the maximum aging time (max-age) has expired, before looking for an alternativelink. This delays convergence in the event of a failure by 20 seconds (the max-age value). When BackboneFastis enabled on all switches, and an inferior BPDU arrives at the root port - indicating an indirect link failure - theswitch rolls over to a blocked port that has been previously calculated.

The primary difference between UplinkFast and BackboneFast is that BackboneFast can detect indirect link failures,and is used at the Distribution and Core layers, while UplinkFast is aware of only directly connected links, and is usedprimarily on Access layer switches. If UplinkFast is turned on for the root switch, it will automatically disable it. SinceBackboneFast is an enhancement strictly for Core and Distribution layer devices, and these are all Set-based

switches, there is no command to enable it for IOS based switches.

The Cisco Press book “Cisco LAN Switching” by Clark and Hamilton is an excellent resource for leaning aboutswitching.




DISL

Dynamic Inter-Switch Link Protocol is only used when you have two Cisco devices, connected together by a FastEthernet link. DISL will ease the configuration burden because only one end of the ISL link needs to be configured.

Fast Ether Channel (FEC)For information on Fast Ether Channel (FEC), see that section later in this Cramsession under the “LAN” Heading.

Cisco Discovery Protocol (CDP)

CDP is Cisco’s proprietary management protocol. With this protocol, you can obtain hardware and platform informationabout the Cisco switches and routers on your network. As CDP works at Layer 2 (data-link) it is not dependant onproper IP address configuration, routing protocols, or Layer 3 security settings.

CDP is enabled by default. CDP uses SNAP frames.

To disable CDP on the entire router, you would do:

Router(config)# no cdp run

To disable CDP on a particular interface, you would do:

Router(config-if)# no cdp enable

CGMP

You will find information on CGMP in the Multicast section of this Cramsession.

Security

VLAN Access-Lists (VACL) A VACL is an access-list, on a switch, that can control traffic between switch ports. With a VACL you could filter trafficbetween two hosts without that traffic ever going through a router.

VACL’s work like a route-map. You can filter either on MAC address or IP traffic. Assuming you are going to filter IPtraffic you would:

create an access-list that defines your traffic

create a vlan access-map that tells the switch what to do with that traffic (forward it or drop it)

apply it to the vlan (or list of vlans) that you want to filter your traffic in

IP Receive Access-list (RACL)Receive access-lists are, currently, only available on Cisco 7500 and 12000 platforms.

These access-lists are used, primarily, as a security measure to make sure that traffic that is destined for the router isgiven the highest priority and arrives at its destination. The important traffic that is destined for the router is usuallyrouting traffic (routing protocols). This filtering happens after the input access-list on the ingress interface.




Private VLANs

Private VLAN is a feature that is not available on all models of Cisco switches or routers. This feature allows for devices on a switch to be isolated into their own Layer 2 networks while still having Layer 3 IP addresses on the samesubnets. This can be configured such that certain ports could be allowed to reach a default gateway, if desired.

There are three types of Private VLANs:

Community ports – can communicate within their community and with a promiscuous port.

Isolated ports – are completely isolated at Layer 2 from all other isolated ports (and all other ports on the switch).Broadcasts from isolated ports are forwarded to all promiscuous ports.

Promiscuous ports – communicates with all other private vlan ports on the same switch

You cannot configure a Private VLAN using the numbers 1 or 1002-1005.

802.1X

The IEEE standard, 802.1X performs port-based authentication. What this means is that the switch canactually request authentication of the user connected to the switch before providing connectivity to the network. Justlike a network access server (NAS) would do to a dial-up user, the switch requests the user’s credentials, relays thoseto an authentication server, and verifies their validity before granting permission to access the network.

The device/user connected to the switch must use 802.1X client software for this authentication to work. This type of client is included in the Windows XP operating system. Prior to successful authentication, the only traffic that cancommunicate across the port on the switch is the Extensible Authentication Protocol (EAP) over LAN (or EAPOL). Theswitch acts as an authentication proxy for the client as it is just passing the authentication credentials along to theauthentication server by encapsulating and unencapsulating the EAP packets. The switch uses the RADIUS protocolto communicate with the authentication server by passing the EAP packets in RADIUS packets.

To configure the switch for this process to work, you must configure the following on the switch:

AAA

RADIUS

dot1x port-control auto (on each interface)





Multi-Layer Switching (MLS)Multi-Layer Switching is also known as Layer-3 Switching. With MLS, instead of using the traditional routing softwareand CPU to route packets, these packets are routed using a dedicated hardware chip. This chip is called an ASIC, or

Application Specific Integrated Circuit. Usually, the routing done by the ASIC is done at “wire-speed”, resulting issignificantly less latency than a traditional router.

Internet Protocol (IP)

IP AddressingIP is the routed protocol of the Internet, and is the default protocol in most networks today. Addresses are 32 bits long,with the most significant bits specifying the network, as determined by a subnet mask. This subnet is either derivedfrom the first few bits of the address, or specified directly; depending on if you are using classful (confirming to major address boundaries) or classless (further subnetting classful addresses) addressing. IP addresses are written indotted-decimal format, with each set of eight bits separated by a period. The minimum and maximum packet headersfor IP are 20 and 24 bytes, respectively.

Though a long discussion on the nature of Subnet Masks is possible, for the purposes at hand, let us just discuss themajor classes - A, B, C, D, and E. Only the first three are available for commercial use; the others are special purposeaddress ranges. The left-most (high-order) bits indicate the network class. Here are the basic facts about the differentclasses of IP addresses:

IP Address

Class

Purpose High-Order Bit(s)

Default

Subnet Mask

Address Range

A Few largeorganizations

0 255.0.0.0 1.0.0.0 to 126.0.0.0

B Medium-sizeorganizations

10 255.255.0.0 128.1.0.0 to191.254.0.0

C Relatively smallorganizations

110 255.255.255.0 192.0.1.0 to223.255.254.0

D Multicast groups(RFC 1112)

1110 N/A 224.0.0.0 to239.255.255.255

E Experimental 1111 N/A 240.0.0.0 to254.255.255.255

Remember that the default Subnet Mask is just that, a default; it can be adjusted as necessary (depending on therouting protocol) by the network designer.

Subnetting

IP addresses are made up of two pieces of information, the network that the host can be found on, and the uniqueaddress of the host. The network segment is on the left, the host portion on the right, but where the delineation occursdepends on the definition of the subnet mask. The subnet mask provides the ability to have an extended network




prefix by taking bits from the host portion of the address, and adding them to the network prefix. For example, aclassful Class C network prefix consists of the first 24 bits of the IP address (three octets); but the network prefix canbe extended into the fourth octet to provide more granularity to the configuration.

It is also common to designate the subnet mask in the /bits ("slash bits") format. This is simply the number of bitsdedicated to the network part of the IP address. In the two examples above, the /bits designations would be /27 and/21.

Subnetting Tricks

I have found the following chart to be helpful for quick subnet mask calculations. If you take a few seconds at thebeginning of the test session and write this out from memory on a piece of scratch paper, it can be a useful timesaver during any exam that requires subnetting and binary conversion.

Line 1 Bits 1 2 3 4 5 6 7 8

Line 2 Binaries 128 64 32 16 8 4 2 1

Line 3 Subnet 128 192 224 240 248 252 254 255

Line 4 Hosts 126 62 30 14 6 2 0 0

Line 5 Nets 2 4 8 16 32 64 128 256

How to create the chart:

Line #1 - Write the numbers one through eight from left-to-right. Besides being a handy column header, thisprovides the number of bits in a subnet.

Line #2 - Starting with 1 and working from right-to-left, double each number. This gives you the column valuesfor hex-to-binary conversion.

Line #3 - Write out your subnets. You can derive these values by adding the number above to the number onthe left (example: 64+128=192).

Line #4 - The number of hosts per subnet can be derived by subtracting two from the values in row #2 (if thevalue is <0, round up to 0).

Line #5 - Start with two in the left most column, and double each number going across. This will give you thenumber of networks for each subnet.

Route Summarization

Route summarization condenses routing information by consolidating like routes, and collapsing multiple subnet routesinto a single network route. Where summarization is not applied, each router in a network must retain a route to every

subnet in the network. This means as the network grows, the routing table becomes larger and larger. Routers thathave had their routes summarized can reduce some sets of routes to a single advertisement, which reduces the loadon the router and simplifies the network design.

Some important reasons to take advantage of summarization:

The larger the routing table, the more memory is required because every entry takes up some of the availablememory.

The routing decision process may take longer to complete as the number of entries in the table are increased.




An added benefit of reducing the IP routing table size is that it requires less bandwidth and time to advertise thenetwork to remote locations, thereby increasing network performance.

Depending on the size of the network, the reduction in route propagation and routing information overhead can besignificant. Route summarization is of minor concern in production networks until their size gets considerable.However, if summarization has not been taken into account during the initial design phase, it is very difficult toimplement later.

Some routing protocols, EIGRP for example, summarize automatically. Other routing protocols, such as OSPF, requiremanual configuration to support route summarization.

Remember that when redistributing routes from a routing protocol that supports VLSM (such as EIGRP or OSPF) intoa routing protocol that does not (such as RIPv1 or IGRP) you might lose some routing information.

Some important requirements exist for summarization:

Multiple IP addresses must share the same high-order bits. Since the summarization takes place on the low-order bits, the high-order bits must have commonality.

Routing tables and protocols must use classless addressing to make their routing decisions; in other words, theyare not restricted by the Class A, B and C designations to indicate the boundaries for networks.

Routing protocols must carry the prefix length (subnet mask) with the IP address.

Services & ApplicationsBelow, are the most common IP services and applications with a summary of each.

DNS

Domain Name Service (DNS) resolves names to IP addresses. DNS uses TCP and UDP port 53. An example of DNSwould be someone entering a fully-qualified domain name (FQDN) like www.cisco.com into their web browser. Thatdevice would then do a DNS lookup to a DNS server to resolve the name to an IP address.

ARP & RARPOnce a device has the IP address that it wants to communicate with, it must get the MAC address (Layer 2 address).To get the MAC address, it uses Address Resolution Protocol (ARP). An ARP is a broadcast packet that does not passthrough routers. The ARP response is a unicast packet. The device that does the ARP keeps an ARP cache of themost recently requested IP addresses with their corresponding MAC addresses.

RARP is Reverse Address Resolution Protocol. RARP allows a device to ask for its IP address. RARP is not used andhas been replaced with BOOTP or DHCP.

BOOTP & DHCP

BOOTP is a protocol where a device sends a request to learn its IP address. BOOTP uses UDP ports 67 and 68.

BOOTP has been replaced with DHCP. BOOTP requests are broadcasts and, thus, won’t pass through a router without configuring the ip helper-address x.x.x.x command.

Dynamic Host Configuration Protocol (DHCP) is the current standard in use for a device to learn its IP address. Whenyou boot up a computer, usually, it does a DHCP request to request its IP address. The DHCP server responds andthe client obtains a lease on the IP address it is provided. Like BOOTP, DHCP uses UDP ports 67 & 68, usesbroadcast for the DHCP request, and the ip-helper command must also be configured to forward DHCP requestsacross a router link.

http://www.cisco.com/

http://www.cisco.com/




ICMP

Internet Control Message Protocol (ICMP) works at Layer 3 (Network). ICMPis used to communicate errors between hosts and routers. The mostcommonly used form of the ICMP protocol is the ping application. Someexamples of common ICMP messages are echo, echo reply, destinationunreachable, redirect, and time exceeded.

NAT

Network Address Translation (NAT) converts network addresses. Usually,NAT is used to convert from private (internal) IP addresses to public(external) IP addresses. NAT can be used to reduce the need for Internetaddresses. There is some NAT terminology you should know:

Inside Local —This is the local IP address of the private host on your network (i.e., your PC’s IP address).

Inside Global —This is the public, legal, registered IP address that the

outside network sees as the IP address of your local host. Outside Local —This is the local IP address from the private network,

which your local host sees as the IP address of the remote host.

Outside Global —This is the public, legal, registered IP address of theremote host (i.e., the IP address of the remote Web server that your PC is connecting to).

There are also different types of NAT that you should be familiar with. Theyare:

Static NAT – maps a single inside address to a single outside address.

Dynamic NAT – maps inside addresses to outside addresses, asneeded.

NAT Overload – maps a larger number of inside addresses to asmaller number of outside addresses (the outside addresses areoverloaded as there is a smaller number of them than there are insideaddresses)

NAT Overlap – maps inside and outside addresses when they areusing conflicting IP addresses (overlapping networks).

HSRP & VRRP

Hot Standby Routing Protocol (HSRP) is a Cisco proprietary protocol thatprovides high available for routing services. For example, you could have a

virtual IP address configured as your default gateway. You would have tworouters that would respond to this virtual IP address. One of the routerswould be the primary and one would be the secondary.

The industry-standard version of HSRP is the Virtual Router RedundancyProtocol (VRRP).





Telnet

Telnet is used to remotely configure router, switches, or servers. Any system that runs a telnet server can beconnected to with telnet. Once connected, you can perform commands on that system or network device. Telnet usesTCP port 23.

FTP & TFTPFile Transfer Protocol (FTP) and Trivial File Transfer Protocol (TFTP) both send and receive files over a network. FTPuses TCP ports 20 and 21. TFTP users UDP port 69. FTP is more reliable and featured than TFTP. TFTP is commonlyused to send & receive router & switch configuration and IOS files.

SNMP

Simple Network Management Protocol (SNMP) is used for network management. Network devices (like routers,switches, servers, PCs, or even laser printers) can have SNMP agents. You would have a network managementapplication that uses SNMP to communicate with these network devices. With SNMP, you could gather statistics andbe alerted of utilization, for example. SNMP uses UDP port 161.

Access Control Lists (ACL) An Access List is an ordered set of statements that permit or deny the flow of packets through an interface. They areused for security purposes, to provide QoS, or to define types of traffic for purposes of filtering, queuing or prioritizing.

They define the criteria on which decisions are made based on information contained inside the packets. Decisionsare based on the source and/or destination network/subnet/host address(es) of the packets.

The basic concept of the access list wildcard mask is that any “0” in the wildcard mask means the corresponding bit inthe address has to match, and any “1” in the wildcard mask means the value isn’t checked.

You can only append to an access list, you cannot add lines to the middle of it. To make changes, copy your accesslist to notepad, and make your changes there; then from the Cisco router console type “no access-list” and the

number, then paste the updated access list into the configuration.

Things to know about ACLs:

The wildcard mask, which looks like a reversed subnet mask, defines which bits of the address are used for theaccess list decision-making process.

Lists are processed top-down. In other words, the first matching rule preempts further processing.

Only one access list is allowed per port/per direction/per protocol.

Remember that there is an implicit deny at the end of all access lists (so the last configured line should alwaysbe a permit statement).

If you apply an access number that does not exist, all traffic will be passed.

An Access Class limits VTY (telnet) access.

A Distribution List filters incoming or outgoing routing updates.




Access list types are designated by the list Numbers:

1-99 IP standard

100-199 Extended IP

200-299 Protocol type-code

300-399 DECNet

400-499 XNS standard

500-599 XNS extended

600-699 AppleTalk

700-799 48-bit Mac Address

800-899 IPX standard

900-999 IPX extended

1000-1099 IPX Sap

1100-1199 Extended 48-bit Mac Address

1200-1299 IPX Summary Address

O’Reilly & Associates’ “Cisco IOS Access Lists” by Jeff Sedayao, and McGraw-Hill’s “Cisco Access Lists : FieldGuide” by Held and Hundley are excellent resources for this topic.

Internet Protocol Version 6 (IPv6)IPv6 address types are distinguished by the value of the high-order octet of the addresses: a value of 0xFF (binary11111111) identifies an address as a multicast address; 0x00 indicates loopback or unassigned addresses; any other value identifies an address as a Unicast address. Anycast addresses are taken from the Unicast address space, andare not syntactically distinguishable from Unicast addresses.

Ipv6 addresses can be written in a compressed format by using a double colon to summarize at least one octet of continuous zeros.

Anycast can be understood best by comparing it with Unicast and Multicast. IP Unicast allows a source node totransmit IP datagrams to a single destination node. The destination node is identified by a Unicast address. IPmulticast allows a source node to transmit IP datagrams to a group of destination nodes. A multicast group identifiesthe destination nodes, and we use a multicast address to identify the multicast group.

IP Anycast allows a source node to transmit IP datagrams to a single destination node out of a group of destinationnodes. IP datagram will reach the closest destination node in the set of destination nodes, based on routing measureof distance. The source node does not need to care about how to pick the closest destination node, as the routingsystem will figure it out (in other words, the source node has no control over the selection). The set of destinationnodes is identified by an Anycast address.

Valid Ipv6 Unicast or Anycast addresses:

1080:0:0:0:8:800:200C:417A

1080::8:800:200C:417A




Valid Ipv6 Multicast addresses:

FF01:0:0:0:0:0:0:101

FF01::101

Valid Ipv6 Lookback addresses

0:0:0:0:0:0:0:1

::1

IP Routing

Routing Protocol ConceptsRouting protocols provide dynamic network information to the routers that are part of the domain, and represent one of the most important areas for a Network Engineer to master.

Distance-Vector Routing Protocols

Protocols that are designed to periodically pass the full contents of their routing tables to all of their immediateneighbors (usually every 30 to 90 seconds). Each recipient then increments the values and updates its routing table tosend out in the next update. Once this information has made the rounds, each router will have built a routing table withinformation about the "distances" to networked resources without learning anything specific about the other routers, or about the network's actual topology.

The primary benefits of these protocols are how easy they are to configure and maintain. The problems associatedwith them include slow convergence, routing loops, counting to infinity problems, and excessive bandwidth utilizationfrom the size and repetition of the updates.

The two common Distance Vector protocols are the Routing Information Protocol (RIP), and Cisco's proprietaryInterior Gateway Routing Protocol (IGRP), which uses bandwidth and delay.

Link State Routing ProtocolsLink State Routing Protocols develop and maintain a full knowledge of the network's routers, as well as how theyconnect to one another. This information is gathered through the exchange of link-state advertisements (LSAs)between routers, which develop a topological database that is used by the Shortest Path Algorithm to computereachability to networked destinations. This process allows quick discovery of changes in the network topology.

The chief advantages of Link State protocols is that the transmission of LSAs takes less bandwidth than the fullupdates provided by Distance Vector routing protocols; faster convergence, and greater scalability.

The concerns with Link-State protocols include flooding that is done during the initial discovery process, and that theycan be both memory and processor intensive.

Open Shortest Path First (OSPF) and Intermediate System-to-Intermediate System (IS-IS) are the primaryexamples of Link State protocols.

Hybrid Routing Protocols

Hybrid Routing Protocols combine characteristics of both Distance Vector and Link State protocols. They convergemore rapidly than distance-vector protocols, while avoiding the processing overhead associated with link-stateupdates. Also, they are event driven rather than using a timer to decide when to send updates; this conservesbandwidth for the transmission of user data.




Cisco's proprietary Enhanced Interior Gateway Routing Protocol (EIGRP) is the most common Hybridized routingprotocol (and the only one I’ve ever heard of). It was designed to combine the best aspects of distance-vector andlink-state routing protocols without incurring any of the performance limitations specific to either. Remember that oneof the major limitations to EIGRP is that it only runs on Cisco equipment.

Distribution Lists

Distribution lists are used to filter the contents of inbound or outbound distance vector routing protocol updates (RIPand IGRP). Standard IP access lists are used to define a list against which the contents of the routing updates arematched. Remember that the access list is applied to the contents of the update, not to the source or destination of the routing update packets themselves.

The “distribute-list” command is entered at the global or router configuration levels, and there is an option to apply thelist to specific interfaces. For any given routing protocol, it is possible to define one interface-specific distribute-list per interface, and one protocol-specific distribute-list for each process/autonomous-system pair.

Example:

access-list 1 permit 10.0.0.0 0.255.255.255access-list 2 permit 172.16.3.0 0.0.0.255router rip

distribute-list 1 in ethernet 0

distribute-list 2 out

Routing Loops

Routing loops occur when the routing tables of some or all of the routers in a given domain route a packet back andforth without ever reaching its final destination. Routing loops often occur during route redistribution, especially innetworks with multiple redistribution points.

There are several commonly used methods for preventing routing loops, including:

Holddowns – Routes are held for a specified period of time to prevent updates advertising networks that arepossibly down. The period of time varies between routing protocols, and is configurable. Holddown timersshould be set very carefully - if they are too short, they are ineffective; too long and convergence will bedelayed.

Triggered updates – Also known as flash updates, these are sent immediately when a router detects that a metrichas changed or a network is no longer available. This helps speed convergence. Instead of waiting for acertain time interval to elapse to update the routing tables, the new information is sent as soon as it is learned.

Split horizon – If a router has received a route advertisement from another router, it will not re-advertise it backout the interface from which it was learned.

Poison reverse – Once you learn of a route through an interface, advertise it as unreachable, back through thatsame interface.




Administrative Distance

When a route is advertised by more than one routing protocol, the router must decide which protocol’s routes to use.The predefined Administrative Distances of routing protocols allow the router to make that decision, more or less tellingthe router the relative trustworthiness of the different protocols. Here is a list of the common ADs:

Directly Connected 0

Static 1

EBGP 20

EIGRP (Internal) 90

IGRP 100

OSPF 110

IS-IS 115

RIP 120

EGP 140

EIGRP (External) 170

IBGP 200

BGP Local 200

Unknown 255

Open Shortest Path First (OSPF)OSPF is an open standard Link State routing protocol that uses Dijkstra’s Shortest Path First (SPF) algorithm. Severalof OSPF’s advantages include fast convergence, classless routing, VLSM support, authentication support, support for much larger inter-networks, the use of areas to minimize routing protocol traffic, and a hierarchical design.

All OSPF routers must have a unique router ID. The router ID is the highest IP address on any of its loopbackinterfaces. If the router doesn’t have any loopback interfaces, then it chooses the highest IP address on any of itsenable interfaces. The interface doesn’t have to have OSPF enabled on it. Loopback interfaces are often usedbecause they are always active and there is usually more leeway in its address assignment.

OSPF contains five network types:

Point-to-point

Broadcast

Non-broadcast multi-access (NBMA)

Point-to-multipoint, and virtual-links.

OSPF routers keep track of three databases. They are:

Neighbor database

Topology table

Master routing table




Area 0

This is the core area for OSPF. One of the basic rules of OSPF is that all areas must connect to area 0 (just as allroads lead to Rome). If there is an area that is not contiguous with area “0”, your only option is to use a virtual-link.This will provide a tunnel through another area in order to make it appear that the area is directly connected to area 0.

Area Border Routers (ABRs) are responsible for maintaining the routing information between areas. Internal routers

receive all routes from the ABR except for those routes that are contained within the internal area.Traffic destined for networks outside of the AS must traverse Area 0 to an Autonomous System Border Router (ASBR).The ASBR is responsible for handling the routing between OSPF and another AS using another routing protocol suchas EIGRP.

OSPF Area Types:

Standard - Accepts internal, external and summary LSA’s.

Backbone (transit area) - In multi-area OSPF networks all other areas must connect directly to this area in order to exchange route information. It must be labeled area “0”, and it accepts all LSA types. This behaves like anormal Standard area, except it happen to reside in the middle of the network.

Stub - Refers to an area that does not accept Type-5 LSAs to learn of external ASs. If routers need to route to

networks outside the autonomous system, they must use a default route.Not-so-stubby – Also know as NSSA. It is the same as a stub area, except it accepts LSA Type 7. This is useful

if you want to accept redistributed routes from another routing protocol. Once these redistributed routes leavethe NSSA they are converted to Type 5. Type 7 LSAs can only exist in an NSSA.

Totally Stubby – All LSAs except Type 1 and 2 are blocked. Intra-area routes and the default route are the onlyroutes passed within a totally stubby area. This is Cisco proprietary.

Stub and Totally Stubby Area Similarities:

There can only be a single ABR and single exit point from the area.

All routers within the stub area must be configured as stub routers. If not, they cannot form adjacencies with theother stub routers.

A stub area cannot be used as a transit area for virtual links.

An ASBR cannot be internal to a stub area.

Inter-area routing is based on a default route.





Neither will accept Type-5 LSAs (autonomous system entries).

Typically used in a hub and spoke topology with the spokes being remote sites configured as stub or totallystubby areas.

Stub and Totally Stubby Area Differences: Totally stubby areas have smaller routing tables, since the only routes they accept are from area 0, which is the

default route.

Totally stubby will not accept Summary LSA’s (Type-3 and Type-4).

Totally stubby is Cisco proprietary, while Stub is an OSPF standard.

Router Types:

Internal Router (LSA Type 1 or 2) – Routers that have all their interfaces in the same area. They have identicallink-state databases and run single copies of the routing algorithm.

Area Border Router (LSA Type 3 or 4) – Routers that have interfaces attached to multiple areas. Theymaintain separate link-state databases for each area. This may require the router to have more memory andCPU power. These routers act as gateways for inter-area traffic. They must have at least one interface in thebackbone area, unless a virtual link is configured. These routers will often summarize routes from other areasinto the backbone area.

Autonomous System Boundary Router (LSA Type 5 or 7) – Routers that have at least one interface into anexternal network, such as a non-OSPF network. These routers can redistribute non-OSPF network informationto and from an OSPF network. Redistribution into an NSSA area creates a special type of link-stateadvertisement (LSA) known as type 7. This router will be running another routing protocol besides OSPF, suchas EIGRP, IGRP, RIP, IS-IS, etc.

Traffic Types:Intra-area - Traffic passed between routers within a single area.

Inter-area - Traffic passed between routers in different areas.

External - Traffic passed between an OSPF router and a router in another autonomous system.

NMBA Networks

Designated Routers (DRs) and Backup Designated Routers (BDRs) are elected on Broadcast and Nonbroadcast Multi-access networks such as Ethernet broadcast domains. You can control the selection of DRs through the use of the “IPOSPF Priority” command; the highest priority wins, and a setting of “0” makes the router ineligible to become DR.

If a router joins the network with a priority somewhere between the existing DR and BDR, the network does notrecalculate until the DR fails, then the BDR becomes the DR, and the new router will become BDR.




LSA Types:

Router link entry - Type 1 LSA. Broadcasts only in a specific area. Contains all the default Link Stateinformation. Generated by each router for each area to which it belongs. It describes the state of the router’s linkto the area. The link status and cost are two of the descriptors provided.

Network entry - Type 2 LSA. Multicast to all area routers in a multi-access network by the DR. They describe

the set of routers attached to a particular network and are flooded only within the area that contains the network.

Summary entry - Type 3 and 4 LSA’s. Type 3 LSA’s have route information for the internal networks and aresent to the backbone routers. Type 4 LSA’s have information about the ASBRs. This information is broadcast bythe ABR, and it will reach all the backbone routers.

Autonomous system entry - This is a Type 5 or 7 LSA. It comes from the ASBR and has information relating tothe external networks. Type 7 LSA’s are only found in NSSA areas.

Routing Authentication

OSPF authentication is used to validate that the remote router that this router is about to exchange routes with is reallywho it says it is. This is done with a shared password. Anyone with the shared password is allowed to exchange routes

on the network.

OSPF supports two types of authentication- plain text and MD5 encrypted. With MD5 encrypted authentication, thepassword is encrypted as it goes across the network link.

The same authentication type must be used across an entire OSPF area.

Border Gateway Protocol (BGP)BGP version 4 is a path vector routing protocol used to exchange routing information between Autonomous Systems,and can be considered the routing protocol of the Internet. It carries information as a sequence of AS numbers, whichindicate the autonomous systems that must be used to get to a destination network.

Specific neighbor commands must be entered to create BGP neighbors because neighbors are defined in the

configuration, not by their physical location in the network. Even if two routers are physically connected, they are notnecessarily neighbors unless they form a TCP connection, which is configured by the Network Engineer.

When BGP talkers (routers) communicate for the first time, they exchange their entire routing tables. The protocolmaintains a table version number to track the current instance of the BGP routing table, and uses keepalives to makesure their neighbors are up. BGP uses TCP (port 179) as its transport protocol to ensure reliable delivery.

There are both internal and external flavors of BGP (IBGP and EBGP) configurations.

Internal BGP (IBGP) - Used inside a specific BGP Autonomous System. Neighbors don’t need to be directlyconnected, but they do need IP connectivity via an IP Internal Gateway Protocol (IGP), such as OSPF. Theadministrative distance for iBGP is 200.

External BGP (EBGP) - Used between different BGP Autonomous Systems. Neighbors normally need directconnectivity, however, Cisco provides the “ebgp-multihop” router configuration command to override this

behavior. The administrative distance for EBGP is 20. Any time you make changes to the BGP configuration on a router, your BGP neighbor connection must be reset. Usethe Cisco IOS command "clear ip bgp *" to perform this task. Use the command "show ip bgp" command to view your BGP table.

BGP’s effective use of Classless Inter-domain Routing (CIDR) has been a major factor in slowing the explosive growthof the Internet routing table. CIDR doesn’t rely on classes of IP networks such as Class A, B, and C. In CIDR, a prefixand a mask, such as 197.32.0.0/14, represent a network. This would normally be considered an illegal Class Cnetwork, but CIDR handles it just fine. A network is called a super-net when the prefix boundary contains fewer bitsthan the network’s natural mask.




Situations that may require BGP:

Extremely large networks

A network that is connected to more than one AS

Networks that are connected to two or more Internet Service Providers

When you’re preparing for, or taking the CCIE Lab exam

Synchronization/Full Mesh

IBGP must either maintain a full mesh within an AS, or use route reflectors to simulate the mesh. This is necessarybecause BGP doesn’t advertise to internal BGP (IBGP) peer routes that were learned via other IBGP peers.

BGP routing information must be in sync with the IGP before advertising transit routes to other ASs. This can be turnedoff using the Cisco IOS command “no sync”; but this isn’t recommended unless all the routers in your BGP AS arerunning BGP and are fully meshed, or the AS in question isn’t a transit AS. The careless use of the “no sync”command could cause non-BGP routers within an autonomous system to receive traffic for destinations that they don’thave a route for. With synchronization enabled, BGP waits until the IGP has propagated routing information acrossthe autonomous system before advertising transit routes to other ASs.

Next-Hop-Self Command

In a non-meshed environment where you know that a path exists from the current router to a specific address, theBGP router command “neighbor {ip-address | peer-group-name} next-hop-self” can be used to disable next-hopprocessing. This will cause the current router to advertise itself as the next hop for the specified neighbor, simplifyingthe network. Other BGP neighbors will then forward packets for that destination to the current router. This would not beuseful in a fully meshed environment, since it will result in unnecessary extra hops where there may be a more directpath.

BGP Path Selection

BGP will select what it considers the one best path, which is then put into the BGP routing table and then propagatedto its neighbors. The criteria for selecting the path for a destination is:

If the path specifies a next hop that is not accessible, the update is dropped.

The path with the largest weight is preferred.

If the weights are the same, the path with the larger local preference is preferred.

If the local preference is the same, then prefer the path that originated on this router.

If no route originated on this router, then prefer the one with the shortest AS-path.

If they have the same AS_path, then prefer the path with the lowest origin path.

If the origin codes are the same, then prefer the path with the lowest MED.

If the MED is the same, then prefer an external path to an internal path. If these are the same, then prefer a path through the closest IGP neighbor .

Lastly, prefer the path with the lowest IP address, as specified by the BGP router ID. If a loopback isconfigured, this will be used as the router ID.




Scalability Problems (and Solutions) with IBGP

Autonomous systems consisting of hundreds of routers can create management problems for network administrators.Remember that IBGP must be fully meshed unless you use one of the techniques listed below, which requires BGPneighbor statements to and from every IBGP router in a given AS.

Peer Groups - Several BGP routers that share the same update policies can be grouped into a peer group to

simplify configuration and to make updating more efficient. The power of this function will be obvious the firsttime you need to configure hundreds of routers and type the same commands over, and over, and over again.The members of a peer group will inherit changes made to the peer group, simplifying updates.

Confederations - Confederations eliminate the need to fully mesh BGP communications in a given AS bysplitting a single AS into sub-AS’s and using EBGP between them. The sub-ASs will usually use private ASnumbers. In most BGP environments it is too cumbersome to have all the BGP routers peered to each other.

ASs external to the confederation group look like a single AS to the routers inside.

Route Reflectors - Route reflectors can also reduce the number of BGP peering statements by configuringsome of the IBGP routers as route reflectors. The route reflector clients only peer with the route reflectors, andnot each other. This setup can greatly reduce the number of BGP peering configurations required in an AS. Youcan cluster BGP Route Reflectors to provide redundancy. This prevents the failure of a single router frombringing down your IBGP domain.

Configuring Neighbors & NetworksMost BGP configuration is done with the neighbor command. For example, to add a new neighbor with BGP, youwould do:

Router(config)# router bgp {Your AS Number}

Router(config-router)# neighbor {their IP address} remote-as {their AS Number}

If the new neighbor has the same AS number as your router, then you are configuring IBGP, or internal BGP. If the neighbor youare configuring has a different AS number than your router then you are configuring EBGP, or external BGP.

To advertise a network that your router has to offer, you would use the network statement. For example, say that your Ethernetnetwork is 10.1.1.0/24, you would configure the following to advertise it to other BGP routers:

Router(config)# router bgp {Your AS Number}

Router(config-router)# network 10.1.1.0 mask 255.255.255.0

Route Dampening

A network that has a router with flapping routes (routes that go up and down) can often cause problems, as the BGProuters must continuously update their routing tables. Route dampening is used to control this route instability.Dampening classifies routes as "well-behaved" or "ill-behaved" based on their past reliability and penalties areassigned each time a route flaps. When a set penalty is reached, BGP suppresses the route until it is well behavedand trusted again. There is no penalty limit at which a route is permanently barred from joining the domain. Routedampening is not enabled by default.

The Cisco Press books “Internet Routing Architectures, 2nd

edition” by Sam Halabi, “Routing TCP/IP, volume 2”

by Jeff Doyle and the “Cisco BGP-4 Command and Configuration Handbook” by William Parkhurst are excellentresources for BGP.




Enhanced Interior Gateway Routing Protocol(EIGRP)EIGRP is a Cisco proprietary protocol that is considered a ‘hybrid’ because itcombines attributes of both Link State and Distance Vector routing protocols.It was released as an enhancement to Cisco's other proprietary routing

protocol, IGRP. It also supports automatic route summarization, VLSMaddressing, multicast updates, non-periodic updates, unequal-cost loadbalancing, and independent support for IPX and AppleTalk.

EIGRP has a number of added features to overcome the limitations of IGRP:

DUAL (Diffusing Update Algorithm) - Tracks all the routesadvertised by all neighbors. DUAL will use various metrics to select themost efficient path. It selects routes to be inserted into the routing tablebased on feasible successors.

Protocol Dependent Modules - These are individually responsible for IP, IPX, and Appletalk. The IPX EIGRP module is responsible for sending and receiving EIGRP packets that are encapsulated in IPX.The Apple EIGRP module is responsible for AppleTalk packets. The IPEIGRP module is responsible for IP packets. They route like strangersin the night, except they don’t even exchange glances.

Neighbor Discovery/Recovery - Routers learn of the other routers ontheir directly attached networks dynamically, by sending Hello Packets.

A router is assumed to be present by its neighbor through the hellopackets it sends.

Performs incremental updates instead of periodic updates; meaningchanges are only sent out when changes occur.

Does classless routing.

Results in more efficient summarization of networks.

Is efficient in the use of link bandwidth for routing updates. Provides authentication.

EIGRP sends hello packets every 5 seconds on high bandwidth links, likePPP and HDLC leased lines, Ethernet, TR, FDDI and Frame Relay point-to-point and ATM. It sends hellos every 60 seconds on low bandwidthmultipoint links, like FR multipoint and ATM multipoint links.

An important point to remember with EIGRP is that very old routes are to beexpected in a healthy network. Since updates only occur when there is achange, change is bad. Like fine wines, EIGRP routes should be seasonedby time.

Tables: Neighbor table – The current configuration of all the router’s

immediately adjacent neighbors.

Topology table - This table is maintained by the protocol dependentmodules and is used by DUAL. It has all the destination networksadvertised by the other neighbor routers.

Routing table - EIGRP chooses the best routes to a destination





network from the topology table and places these routes in the routing table. The routing table contains:

How the route was discovered

Destination network address and the subnet mask

Metric Distance: This is the cost of the metric from the router

Next hop address

Route age

Outbound interface

Choosing routes:

DUAL selects primary and backup routes based on the composite metric and guarantees that the selected routes areloop free. The primary routes are then moved to a routing table. The rest (up to 6) are stored in the topology table asfeasible successors.

EIGRP uses the same composite metric as IGRP to determine the best path*. The default criteria used are:

Bandwidth - The smallest bandwidth cost between source and destination Delay - Cumulative interface delay along the path

Reliability - Worst reliability between source and destination based on keepalives

Load - Utilization on a link between source and destination based on bits per second on its worst link

MTU - The smallest Maximum Transmission Unit

* Only Bandwidth and Delay are used by default

** To help you remember, think of “Bob Doesn’t Really Like Me” for Bandwidth, Delay, Reliability, Load andMTU.

The command to disable EIGRP’s default summarization of addresses at network boundaries is “no auto-summary”.

The Cisco Press book “EIGRP Network Design Solutions” by Ivan Pepelnjak is an excellent resource for learningEIGRP.

Intermediate System-to-Intermediate System (IS-IS)IS-IS is “the other” Link State protocol that Cisco supports. While not as popular as OSPF, IS-IS can be found in thebackbone of several major ISPs because it was stable before the bugs were worked out for OSPF and because eventoday it still scales better than OSPF.

To configure IS-IS you must create an IS-IS routing process and assign it to specific interfaces (rather than tonetworks). Only one IS-IS routing process is allowed per router. It summarizes networks to reduce the size of therouting tables, and is a classless protocol that supports VLSM.

IS-IS has many things in common with other Link State routing protocols, including OSPF.

Hierarchical segmenting of the routing domain into areas with one backbone and multiple non-backbone areas.Inter-area traffic must traverse the backbone.

Routers within an IS-IS domain use a hello mechanism to discover neighbors and form adjacencies.

The information exchanged between adjacent routers concerns type and status of links or interfaces, not actualroutes.

Each router builds a Link State Database (LSDB), which in a stable environment will be identical betweenrouters in an area.




Even though TCP/IP networks can use IS-IS, it is really an OSI CNLP protocol. For this reason IS-IS packets arecarried directly over Layer 2 using CLNP addressing, requiring a CLNP addressing structure in order to support theflow of IS-IS traffic. Normally one CLNP-based address is assigned to reach router in the domain. This address,configured in the router configuration section, is software based like a loopback interface, which means it will not godown as long as the router is running.

There are three types of IS-IS routers:

Level-1 routers - Similar to totally stubby areas in OSPF. A Level-1 router can only communicate with other Level-1 routers in its area and Level-1 / Level-2 routers in its area.

Level-2 routers - Similar to backbone routers in OSPF. Level-2 routers only communicate with other Level-2routers.

Level-1 / Level-2 routers - Similar to OSPF ABRs. A Level-1 / Level-2 router can communicate with Level-1routers within its area and other Level-2 routers.

There are only two network types for IS-IS, point-to-point and broadcast. There is no equivalent of the 'ip ospf network'command in IS-IS; the network type is entirely dependent on the interface type:

Frame Relay Configuration IS-IS Network Type

Physical Interface / frame relay map clns Broadcast

Physical Interface / frame interface-dlci Not supported

Point to Point Sub-Interface Point-to-point

Point to Multi Point Sub-Interface Not supported

Two important considerations with IS-IS are that:

IS-IS will not run over a hub and spoke NBMA - This means that you must have two IP subnets if you arerunning a hub and spoke setup.

IP is not the transport protocol for IS-IS - This means that physical and multipoint interfaces must have layer 2 to CLNS mappings.

The Cisco Press book “IS-IS Network Design Solutions” by Abe Martey is an excellent resource to learn more aboutthe IS-IS protocol.

Access-Control & Filtering

Distribution Lists

Distribution-lists are used to filter inbound and outbound routing updates. Distribution-lists can be used with multiplerouting protocols. Usually, distribution lists are used by configuring an access-list defining what you want to permit or deny, then use the distribute-list XXX {in | out} command under the routing protocol.

Route-Maps

A great method to filter & modify routing updates is to use a route-map. Route-maps are use match and set commandsto match what you are looking for and set some action to occur. An example of a route-map modifying routing updateswould be a certain IP route coming into BGP and that route having its metric modified.




Policy Routing

Besides modifying routing updates, route-maps can also be used with policy-based routing (known as PBR). PBR is asort-of manual routing method whereby you would match the destination of an IP packet and manually set itsdestination. Thus, you are manually routing the packet, even when there is no route in the routing table.

Redistribution

The process of sharing routes learned from different sources (usually routing protocols). For instance, you mightredistribute the routes learned through OSPF to a RIP domain, in which case you might have problems with VLSM; or you might redistribute routes learned through static entries into EIGRP. Redistribution is just the sharing of informationlearned from different sources, and it must be manually configured.

Route-Tagging

You use route-maps to assign a tag to the route to identify it. With this tag, you can set some action, based on the tag.For example, say that you use a route-map to tag all inbound routes from a certain router with the tag 30. Say thatlater, you redistribute routes into another routing protocol. You could, then, match that tag of 30 and only redistribute

the routes with the 30 tag.

Dial-on-Demand Routing (DDR)

DDR has two important applications:

When there is a limited use WAN link that is configured to pay for usage.

When there is a critical WAN link and there must be a cost-effective redundant connection.

DDR spoofs routing tables to provide the image of full-time connectivity using Dialer interfaces and filters outinteresting packets for establishing, maintaining, and releasing switched connections. Interesting traffic is defined byan access list.

Encapsulation Methods for DDR:

PPP – Recommended, as it supports multiple protocols and is used for synchronous, asynchronous, or ISDNconnections. It is also non-proprietary.

HDLC - Supported on synchronous serial lines and ISDN connections only, and supports multiple protocols, withNO authentication.

SLIP - Works on asynchronous interfaces and is IP only, and has NO authentication.

Dial BackupThere are a number of ways to perform dial backup however, the two most common ways are:

Backup Interface

Dialer-Watch

With the backup interface method, you select an interface to monitor. On that interface, you use the backup interface{interface} command to tell the router that if the monitored interface goes down, to initiate connection on the backupinterface. While the primary interface is up, the backup interface is placed in a standby mode.




With the dialer-watch method, a route is selected to be watched. If that route disappears from the routing table, thebackup interface is brought up. To configure dialer-watch, you must first make a dialer-watch list. This list tells therouter the route that you wish to monitor in the routing table. Next, on the backup interface, use the dialer-watchcommand to reference the list. When the route disappears from the routing table, the interface with the dialer-watchstatement is activated.

The important thing is that, prior to activating either of these methods, you completely configure and test the DDR

dialup configuration. If the dialup is not properly configured, the dial backup will certainly not function.

Interior Gateway Routing Protocol (IGRP)

IGRP is the Cisco proprietary routing protocol that was replaced by EIGRP. IGRP is similar to EIGRP but with fewer features. IGRP was developed by Cisco to overcome the limitations of RIPv1.

IGRP is not limited to a 15-hop network, like RIP. IGRP also supports multiple metrics but the primary metric isbandwidth. IGRP can load-balance over unequal-cost links. IGRP supports split-horizon with poison reverse, triggeredupdates, and holddown timers for loop-prevention & stability. IGRP is classful and does not support VLSM. IGRPautomatically summarizes at network boundaries.

Router Information Protocol (RIP) Version 1 and 2Router Information Protocol (RIP) is a distance-vector routing protocol. It uses hop count as its metric. RIPv1 isclassful and does not support VLSM. RIPv2 provides the following enhancements: authentication, multicast routingupdates, and VLSM support. By default, RIP sends a copy of its routing table to its neighbors every 30 seconds. RIPautomatically summarizes at network boundaries. RIP can load balance across multiple paths if they are the samecost. Both versions of RIP have an administrative distance of 120. RIPv2 uses the multicast address of 224.0.0.9 for routing updates. Both versions use UDP port 520 to send routing updates.

QoS

Fancy QueuingFancy queuing is Cisco’s collective term for custom, priority, or weighted fair queuing. Often if you call the TAC(Technical Assistance Center) for help on a problem, they will ask you to remove all the fancy queuing as a way tomake sure nothing critical is being blocked.

Weighted Fair Queuing (WFQ)

WFQ is designed to give low-volume traffic a higher priority than higher-volume traffic. For example, a time sensitiveSNA conversation would have a higher priority than a file transfer, where latencies are less of an issue. WFQ isenabled by default on all Cisco router links with speeds of less than E1. Since WFQ is a default method, it doesn’tnormally require any special configuration. You can adjust WFQ through the “fair-queue <congestion threshold>”

command, which allows you to change the number of messages in a queue where there is high volume traffic moving.The default is 64 messages and can be configured anywhere from 1 to 512.




Priority Queuing

Priority queuing uses four levels of queues, defined as; high, medium, normal, and low. The administrator defineswhat traffic belongs in which queue. The decisions are usually made based on the protocol type or the sourceinterface; however, any protocols supported by Cisco are allowed, and the command line arguments include TCP andUDP port designations.

The major thing to remember with priority queuing is that the “high” queue is serviced first; the “medium” queue will beignored until the its superior is finished. The same goes for the “normal” queue, it won’t see any bandwidth until boththe “high” and “medium” queues are empty, and so on.

Like access lists, the router reads the priority-list commands in order of appearance. When trying to classify a packet,the system searches the rule list for a matching criterion. When a match is made, the packet is assigned to theappropriate queue, and the search ends. Packets that do not match any of the rules are assigned to the default queue.The default queue is “normal” by default, but it can be changed.

Custom Queuing

The primary advantage custom has over priority queuing is that it will never completely ignore any one queue. You candefine up to 16 queues, and while some pass more data than others, because they are addressed in a round-robin

fashion, none are ever completely ignored.

Associated with each output queue is a configurable byte count, which specifies how much data should be deliveredfrom the one queue before the system moves on to the next. When a particular queue is being processed, packets aresent until the number of bytes sent exceeds the queue byte count for that queue, until the queue is empty, or until thequeue runs out of data. Once the appropriate number of bytes has been transmitted, the router moves on to the nextqueue. If the byte count has been reached and a packet has not been completely sent, it will continue to be sent; thepacket will not be fragmented.

Like access lists, the router reads the queue-list commands in order of appearance. When trying to classify a packet,the system searches the queue-list rules for a matching protocol or interface type. When a match is found, the packetis assigned to the appropriate queue. Since the list is searched in the order it is specified, the first matching ruleterminates the search.

By default, each queue is allocated 1,500 bytes, although the queue size is configurable. In this way, it is possible toallocate a percentage of the bandwidth to a specific protocol.

Packet over SONET/SDH (PoS) and IP PrecedenceCisco PoS has the IP layer riding directly above the SONET layer, eliminating the overhead usually required to run IPover ATM and SONET, while still offering strong quality-of-service (QoS) guarantees.

PoS was designed to overcome some of the limitations of IP that restricted its direct use on very high-speed links, andaddressing some of the QoS issues inherent with IP. The three IP precedence bits in the IP header make it possible toprovide differentiated classes of services by utilizing Random Early Detection (RED) and Weighted RED (WRED). Aspackets enter the network, the edge routers set their precedence, which is then used to determine the queuing of packets through the network. This allows PoS to facilitate reliable deployment of voice, video, and other time-dependent services on large, very high-speed (OC-3, OC-48 and OC-192 speed) provider networks.

Class of Service (CoS)CoS is the managing of network traffic by grouping similar types of traffic (like e-mail, or streaming video or voice)together and treating each type as a class with its own level of service priority.

CoS technologies do not guarantee a level of service in terms of bandwidth and delivery time; they offer a "best-effort."On the other hand, CoS technology is simpler to manage than QoS, and provides more scalability as a network grows.You can think of CoS as "coarsely-ground" traffic control, while QoS is "finely-ground" traffic control.




There are three main CoS technologies:

802.1p Layer 2 Tagging

Type of Service (ToS)

Differentiated Services (DiffServ)

Random Early Detection (RED) and Weighted RED (WRED)Random Early Detection (RED) is a congestion-avoidance mechanism that uses the flow control features of TCP toavoid congestion. It is typically found at the core of the network to control packet flow before congestion occurs bymanipulating the TCP sessions.

In order to understand how RED works, you need to understand Tail Drops and TCP Slow Start.

Tail Drop - Occurs when a transmit queue on an interface is filled and the router has more incoming packetsthan it can handle. The router drops all packets until the queue is below the maximum level. The problem withthis is that all flows of traffic are dropped, including TCP and UDP. Since TCP is a reliable protocol, lost packetswill be retransmitted. UDP and other unreliable protocols will either not be retransmitted, or have to rely onupper layer protocols for retransmission.

TCP Slow Start - Packets are sent only a few at a time so as to avoid retransmission. As packets are sentsuccessfully without retransmission, the router will gradually increase the rate it sends packets until itexperiences lost packets again.

RED works by randomly dropping packets, based on the number of packets that are in queue for an interface. Whenthe queue gets close to its maximum capacity, it speeds up the rate at which it drops packets to avoid the Tail Dropcondition.

Remember that RED drops some packets randomly, whereas Tail Drop just drops all the packets. RED will use TCPSlow Start to throttling back traffic flows.

By avoiding Tail Drop letting go of all packets, and by slowing down some traffic flows, a router interface using REDcan typically keep its queues from reaching their maximum.

Weighted Random Early Detection (WRED) provides separate thresholds and weights for different IP precedences,allowing different QoS levels for different traffic, meaning that during periods of congestion, standard traffic will bedropped in favor of premium traffic. Using WRED optimizes the transmission rates of individual flows and preventscongestion collapse and synchronization problems. WRED provides preferential treatment to voice traffic.





Weighted Round-Robin (WRR)/Queue SchedulingWRR scheduling is used on the egress ports of a layer-3 switch to manage the queuing and sending of packets. WRRsorts the packets into four queues, based on IP precedence. Devices that use WRR automatically create the four queues with a default weight for each interface. The network administrator can then assign different weights to each of the different queues; the higher the WRR weight, the higher the effective bandwidth for that particular queue. This

provides bandwidth to higher priority applications (using IP precedence), while still allowing access to lower priorityqueues.

The four queues on any destination interface are configured to be part of the same service class. Bandwidth is notexplicitly reserved for these four queues. Each of them is assigned a different WRR-scheduling weight, whichdetermines the way they share the interface bandwidth.

Shaping vs. Policing / Committed Access Rate (CAR)Cisco IOS QoS offers two kinds of traffic regulation mechanisms:

Policing - The rate-limiting features of committed access rate (CAR) and the Traffic Policing feature provide thefunctionality for policing traffic. A policer typically drops traffic.

Shaping - The features of Generic Traffic Shaping (GTS), Class-Based Shaping, Distributed Traffic Shaping(DTS), and Frame Relay Traffic Shaping (FRTS) provide the functionality for shaping traffic. A shaper typicallydelays excess traffic using a buffer, or queuing mechanism, to hold packets and shape the flow when the datarate of the source is higher than expected.

Both policing and shaping mechanisms use the traffic descriptor for a packet to ensure adherence and service.Policers and shapers usually identify traffic descriptor violations in an identical manner; but as can be seen above, theyusually differ in how they respond to violations.

Traffic shaping and policing can work in tandem. For example, a good traffic shaping scheme should make it easy for nodes inside the network to detect misbehaving flows (sometimes called policing the traffic of the flow).

Committed Access Rate (CAR)

CAR is used on interfaces to rate-limit traffic based on IP addresses or by protocol. The first step to using CAR issetting your rate policy, which determines what is to be done with traffic that exceeds a set bandwidth threshold. For example, you can configure an interface to drop all Telnet traffic that exceeds 64kbps.

The rate limit consists of 3 values: average rate (bits per second), normal burst size (bytes per second), and excessburst size (bytes per second). Note that average rate is specified at bits per second, and the other two values arebytes per second. If the bandwidth being utilized is below the average rate, it is said to conform to the rate policies.Once the traffic exceeds this defined threshold, it is said to exceed the rate policy. Once traffic exceeds the averagerate, it is allowed to continue being sent only if the policy allows for a burst.

This is all dependent on the values you choose. Normal burst size is the amount of traffic that can be sent before itgets to another exceeded value. Once traffic exceeds the normal burst value, it is subject to RED. RED only dropssome of the packets in order to get the traffic rate below the limit. If the traffic is not slowed enough by RED, and

exceeds the excess burst size, then all traffic is dropped or subject to whatever rate policy you decide.To configure CAR, you first define the access-list necessary for the traffic you want to limit, then create a rate-limit andapply it to an interface.




Network-Based Application Recognition (NBAR)Network-Based Application Recognition (NBAR) classifies application-level protocols so that QoS policies can beapplied to the classified traffic. This intelligent classification includes a wide variety of applications; including web-based and other difficult-to-classify protocols that utilize dynamic TCP/UDP port assignments. NBAR is also capable of determining which protocols and applications are currently running on a network so that an appropriate QoS policy can

be instituted. It can also perform subport classification of HTTP traffic by HOST name in addition to classification byMIME-type or URL. This enables users to classify HTTP traffic by web server names.

NBAR provides a special Protocol Discovery feature that determines which application protocols are traversing anetwork at any given time. The Protocol Discovery feature captures key statistics associated with each protocol in anetwork. These statistics can be used to define traffic classes and QoS policies for each traffic class.

NBAR can also classify static port protocols. Although Access Control Lists (ACLs) can also be used for this purpose,NBAR is easier to configure and can provide classification statistics that are not available when using ACLs.

Once an application is recognized and classified by NBAR, a network can invoke services specific to that application.In this way, NBAR ensures that network bandwidth is used efficiently by working with QoS features to provide:

Guaranteed bandwidth

Bandwidth limits

Traffic shaping

Packet coloring

NBAR introduces several new classification features:

Classification of applications that dynamically assign TCP/UDP port numbers.

NBAR can classify application traffic by looking beyond the TCP/UDP port numbers of a packet into theTCP/UDP payload itself and classifies packets on content within the payload such as transaction identifier,message type, or other similar data. This is called subport classification, an example of which would beclassification of HTTP by URL, HOST, or Multipurpose Internet Mail Extension (MIME) type.

NBAR can classify Citrix Independent Computing Architecture (ICA) traffic and perform support classification of that traffic based on Citrix published applications.

NBAR is capable of classifying the following three types of protocols:

Non-UDP and non-TCP IP protocols

TCP and UDP protocols that use statically assigned port numbers

TCP and UDP protocols that dynamically assign port numbers and therefore require stateful inspection

Configuring NBAR

Cisco Express Forwarding (CEF) must be enabled before NBAR can be configured. NBAR is configured by using thefollowing commands to configure traffic classes of policies that will be applied to those traffic classes, and the attachingof policies to interfaces:

Class-map - Defines one or more traffic classes by specifying the criteria by which traffic is classified.

Policy-map - Define one or more QoS policies (such as shaping, policing, and so on) to apply to traffic definedby a class map.

Service-policy - Attaches a policy map to an interface on the router.




802.1x

For information on 802.1x, please see that section under LAN Switching.

Differentiated Services Code Point (DSCP)Differentiated Services (DiffServ) is a QoS model that allows intermediate systems to treat traffic according to relativepriorities based on what was called the Type of Services (ToS) field. This is done by reallocating bits of the IP packetto increase the number of definable priority levels from 7 to 64.

The altered packet structure results in the DiffServ field taking over the Ipv4 ToS field, which is one entire byte (eightbits) of an IP packet, the last two bits of which have been unused. The six most signification bits of the former ToS bytenow become the DiffServ field. IP precedence did use the three most significant bits; while DSCP, an extension of IPprecedence, uses the whole six bits to select the per-hop behavior for the packet at each network node. The last twobits in the DiffServ field, which are not defined within the DiffServ field architecture, are now used as Early CongestionNotification (ECN) bits.

Cisco uses queuing techniques to control the per-hop behavior using the IP precedence or DSCP values in the IPheader of the packet to define traffic as belonging to a particular service class. Packets are first prioritized by class,then differentiated and prioritized by considering the drop percentage. It is important to note that DSCP does notspecify a precise definition of "low," "medium," and "high" drop percentages. Also remember that Diffserv is designedto allow a finer granularity of priority setting for the applications and devices that can make use of it; it does not specifyinterpretation (that is, the action to be taken) once the differentiation is made. This allows per-hop packet behavior decisions to be based on traffic conditions and how packets are classified.

There are three ways you can use the DSCP field:

Classifier - Using a traffic descriptor (either an ACL or map-class definition) to categorize packets within aspecific group to make them available for QoS handling by the network based on service characteristic definedby the DSCP value. This allows the partitioning of network traffic into multiple priority levels or classes of service.

Marker - Setting the DSCP field based on actual traffic conditions defined in a traffic profile.

Metering - Using Committed Access Rate, Class-Based Policing or DSCP-Compliant WRED to checkcompliance to the defined traffic profile using either a shaper or dropper function.

WAN

Integrated Services Digital Network (ISDN)ISDN is offered by regional telephone carriers to provide digital telephony and data-transport services over existingtelephone wires. When it was released, it represented an effort to standardize subscriber services, user/networkinterfaces, and network and internetwork capabilities. ISDN can be used to provide a PVC (Permanent Virtual Circuit)for data passing, or an on-demand circuit for backing up other WAN technologies, or for a cost-effective way of linkingremote sites that have limited requirements.

ISDN circuits will often require service profile identifiers (SPIDs), which are similar to telephone numbers in that they

are unique line identifiers provided by the LEC (Local Exchange Carrier). A common question people have is when isan SPID required, and when is it not. Well, the simple answer is – when the carrier requires it… Since the type of carrier switch or how the switch is configured determines the need for a SPID, you as an end-user will have no controlof this element of the configuration.

Encapsulation for ISDN can be PPP, HDLC or LAPD, with the default encapsulation method being HDLC. CHAP andPAP authentication techniques are associated with PPP.

Many Cisco routers with built-in ISDN interfaces (such as the 2503) have an ST interface. In order to convert the Uinterface circuit from the carrier to an ST interface circuit that the router can handle, an external Network Terminating




Unit (NT1) is required. There might be two of these units sitting between the BRI ports on the ISDN simulator and therouters. These units usually do not need to be configured, but the ports must be accurate: U goes to the simulator, S/Tto the router.

ISDN Specifics

TE1 S/T NT1 U LT V ET

TE2 R TA

* Note: U is two wire, S/T is four wire. The NT1 provides this conversion.

If you have completed the CCNP path, the diagram above should look familiar. It shows the relationship between theISDN equipment, protocol standards and reference points, which are of course:

Equipment

Reference

Points Protocol Standards

Terminal adapter (TA) – Converts RS-232, V.35, andother signals into BRI.

R - Defines thehand-off fromnon-ISDNequipment andthe TA.

E - Specifies ISDN on existingtelephone technology.

Terminal equ ipment (TE1|2):TE1 - An interface thatcomplies with the ISDN user-network interfacerecommendations, which

means it has an integrated TA.TE2 – Complies with interfacerecommendations other thanthe ISDN, which means itrequires a TA to connect andwork with ISDN.

S – Defines thehand-off fromuser terminalsto an NT2.

I - Specifies concepts,terminology and services.

Network termination type 1(NT1) - Equipment thatconnects the subscription 4wires to the 2 wire local loop.

T – Defines thehand-off between theNT1 and NT2.

Q - Specifies switching andsignaling.

Network termination type 2(NT2) – Equipment thatperforms protocol functions of the data link and networklayers.

U - Define thehand-off between theNT1 and line-terminationequipment in acarrier network.




Local Termination (LT) – Portion of the local exchangethat terminates the local loop.

Exchange Termination (ET) – Portion of the exchange that

communicates with the ISDNcomponents.

Channels

Data on an ISDN line is channelized, with the two types of channels being:

B(earer) channel: Used for transporting user data (voice or data).

D(ata) channel: Used for control/signaling information using LAPD. Q.931, the network layer protocol thatprovides messages for ISDN call setup and tear down, runs over the D Channel. It uses Q.921, a derivative of HDLC, as its data-link layer transport.

Flavors of ISDN

There are three types of ISDN circuit, only two of which are found in the United States:

BRI – 2B /1D (B=64kb / D = 16kb)

PRI – 23B / 1D (B=64kb / D = 64kb)

E1 (Europe) – 30B / 1D (B=64kb / D = 64kb)

Point-to-Point Protocol (PPP)

PPP is a standard encapsulation method for transporting multi-protocol datagrams over point-to-point links. PPP only

runs over the B Channels, where it provides: A means of encapsulating multi-protocol datagrams

A Link Control Protocol (LCP) for establishing, configuring and testing the data-link connection

A set of Network Control Protocols (NCPs) for establishing and configuring network layer protocols

PPP provides two methods of authentication, PAP and CHAP. CHAP is preferred because PAP transmits passwordsin clear text over the network.

OSPF and ISDN

OSPF can keep an ISDN dial-up link active through the periodic passing of hello packets. Applying the “ip ospf

demand-circuit” interface command on either side of a BRI connection will cause OSPF adjacencies to be formed andsuppress the passing of hello packets.

Frame RelayFrame Relay is a packet-switched WAN protocol that operates at the physical and data link layers of the OSI referencemodel, providing for speeds of up to 45 Mbps. It uses HDLC, PPP, or ISDN/LAPD encapsulations and provides simpleerror checking using a Frame Check Sequence (FCS) on each frame, which is similar to a CRC. It does not provide for error correction, only error detection; the end devices would need to provide error correction.




The Backward Explicit Congestion Notification bit (BECN), Forward ExplicitCongestion Notification bit (FECN) and Discard Eligible bit (DE) providecongestion notification.

Types of Circuits

Permanent Virtual Circuits (PVCs) are used for frequent and longconnection times. As the name implies, they are brought up to bepermanent connections, and are always available (except during anoutage).

Switched Virtual Circuits (SVCs) are for sporadic or infrequent traffic.They are setup when needed, broken down when not.

Data Link Connection Identifier (DLCI)

DLCI's are assigned by the frame-relay circuit provider, and have localsignificance only. They provide an identifier for the connection between therouter at your site and the big frame-relay switch at the provider.

Local Management Interface (LMI)

LMI provides the control protocol for PVC setup and management. Thereare three types available: Cisco, ANSI and q.933a (default is Cisco). Theservice provider will specify the LMI in use. LMI's control data keepalivesand verify the dataflow. The LMI type must be identical between the localdevice (router) and the local frame-relay switch; it does not have to beidentical for the end devices (because the end points are probably runningon different provider switches).

EncapsulationChoices are Cisco and IETF, with Cisco being the default. This designationis made per DLCI, and the encapsulation type must be identical at both enddevices. Since the Cisco encapsulation type is proprietary, if another manufacturer's devices are used at the frame-relay endpoints, then the IETFencapsulation type will be required.

Frame-Relay Traffic Shaping (FRTS)

FRTS attempts to reduce congestion on frame-relay networks. To do this,you would configure map-classes that define the sizes of frame-relay PVC’s.

In these classes, you would define parameters like CIR, BE, BC, queue-lists,priority groups, and whether adaptive-shaping is on or off. Once classes aredefined, you would enable FRTS on the major interface and apply the map-classes to the subinterfaces.

A common need for FRTS is when you have a hub and spoke configuration.With a hub and spoke you might have a large circuit (like a T1) as the hubcircuit and multiple smaller circuits (like 56k circuits) at the remotes. When aserver at the host goes to send something large to one of the remote sites, itcan send more out the host than the remotes can receive. Anything leftover





is dropped inside the frame-relay cloud (discarded). This discarding causes traffic to have to be resent, slowness, andnetwork inefficiency. FRTS prevents this, one way, from happening by buffering the traffic at the host and only sendingas fast as the remote can receive it. Another way FRTS can prevent this is to send as fast as it can but to slow downwhen the frame-relay switches tell the hub router that the remote circuit is overloaded. The frame switches would dothis by sending BECN frames. This mode is called “adaptive-shaping”.

Frame-Relay Compression

You can configure frame-relay payload compression on Cisco routers. This compresses the payload (the data beingsent) at each router before being sent over the frame-relay network. There are two types of compression you can useto do this- Stacker and FRF.9.

Frame-Relay Mapping

You can statically map a L2 Frame-relay DLCI to an IP address with the frame-relay map command or the frame-relayinterface dlci command.

Another way to get an IP address to map to a DLCI is to use the dynamic method- inverse arp. Inverse ARP is enable,by default.

Split Horizon and Frame Relay Interfaces

Split Horizon dictates that if a router has received a route advertisement from another router, it will not re-advertise itback out the interface on which it was learned. The default conditions for Frame Relay interfaces are:

Physical interfaces – Split Horizon is disabled by default

Multipoint subinterfaces – Split Horizon is enabled by default

Point-to-point subinterfaces – Split Horizon is enabled by default

Speed Elements Committed Information Rate (CIR) - The maximum transmission rate you've negotiated in your contract with

the provider to transfer information under normal circumstances. This is what you are defining as the peak levelof traffic you will send and be guaranteed service. Be careful when reviewing the contracts, as some vendors willattempt to slip in a CIR of 0, meaning they will do their best to provide service, but they're not guaranteeinganything.

Local Port Speed - The maximum speed at which your local interface can send information.

Committed Burst Rate - The maximum amount of data that a Frame Relay internetwork is committed to acceptand transmit at the CIR.

Excess Burst Rate - The maximum bits a Frame Relay node will attempt to transmit after the committed burstrate is exceeded.

Asynchronous Transfer Mode (ATM)Developed as a compromise between voice and data requirements, ATM is commonly found in large telecom networksor built into networks that have a strong need for QoS (Quality of Service). Traffic is passed using cells of equal size,always 53 bytes. The first 5 bytes of the cell contain header information, while the remainder (48 bytes) is used for payload. The consistent size of the ATM cell makes it easy to control traffic, but since the header consumes almost10% of the cell, there is quite a bit of overhead.




ATM is a connection-oriented service using Switched Virtual Circuits (SVCs) and Permanent Virtual Circuits (PVCs).SVCs are similar to ISDN dial-on-demand such that paths are created on an “as needed” basis. PVCs are similar toframe-relay because the circuits are always established and active. Both use Virtual Path Identifiers (VPI) and VirtualChannel Identifiers (VCI) to identify circuits and can support point-to-point and point-to-multipoint connections.Remember that one Virtual Path (VP) can contain several Virtual Channels (VC).

There are two different types of connections in the ATM network. There are network-to-network (NNI) connection

types and user-to-network (UNI) connection types. The NNI connection is used to form connections between ATMswitches. The UNI connection is used to connect end devices (such as workstations or servers) to an ATM switch.

The following are valid ATM header switch types:

UNI (User-to-Network Interface) header - Used on any interface between a user device, such as an ATMrouter, and an ATM network.

NNI (Network-to-Network Interface) header - Used on any interface that connects two ATM switches.

STI (StrataCom Trunk Interface) header - A Cisco proprietary extension of the other header types, STI is usedbetween Cisco switching nodes to provide advanced network features for improving performance, efficiency, andcongestion control.

ATM is comprised of four major layers: Higher layers – ATM signaling, addressing and routing.

AAL (ATM Adoption Layer) – Converts from higher level to ATM cells.

ATM – Defines ATM cell relaying and multiplexing.

Physical – Defines the physical network media and framing.

ATM Adaptation Layer (AAL)

The AAL translates between the larger Service Data Units (SDUs) of upper-layer processes and ATM cells. In other words, it breaks down packets from upper-level protocols (such as Appletalk, IP and IPX) and breaks them into the 48-byte segments that form the payload field of an ATM cell. There are several AAL standards:

AAL1 is appropriate for transporting telephone traffic and uncompressed video traffic.

AAL3/4 was designed for network service providers and is closely aligned with Switched Multimegabit DataService (SMDS).

AAL5 is the adaptation layer used to transfer most non-SMDS data, such as classical IP over ATM and local-area network (LAN) emulation.

IISP and PNNI

There are two ATM routing protocols:

Interim Interswitch Signaling Protocol (IISP) - Provides a static routing solution that is not easily scalable andwithout support for QoS.

Private Network-Node Interface (PNNI) - Provides a highly scalable routing solution with dynamically determinedrouting paths and support for QoS requirements.




NSAP Format ATM Addresses

NSAP addresses are 20 bytes long and designed for use within private ATM networks, whereas public networks willgenerally use E.164 addresses.

NSAP-format ATM addresses consist of three components:

Authority and format identifier (AFI) - Identifies the type and format of the IDI (see below).

Initial domain identifier (IDI) - Identifies the address allocation and administrative authority.

Domain specific part (DSP) - Contains actual routing information.

Service-Specific Connection-Oriented Protocol (SSCOP)

SSCOP resides in the service-specific convergence sub-layer (SSCS) of the ATM adaptation layer (AAL). It is atransport protocol for ATM that provides guaranteed, in-sequence delivery of messages to the signaling protocols thatreside above it in the signaling protocol stack. It also performs flow control, error reporting to the management plane,and a keep-alive function.

RFC 1483 & RFC 2684 – Multiprotocol Encapsulation over AAL5

RFC 1483 defines “Multiprotocol Encapsulation over ATM AAL5” using a LLC header. RFC 2684 has now replacedRFC 1483.

These RFC’s define two methods of doing this. They are:

Using routed protocol data units (PDU) where each protocol is run over its own ATM virtual circuit (VC).

Using bridged protocol data units (PDU), where different protocols can be multiplexed onto the same ATM VC.

With both of these methods, the LLC header contains the protocol type of the packet that is being sent. One of thesemethods is usually used to connect DSL lines to an ATM network.

ATM Mapping

Just as in Frame-Relay where you may the Layer 2 DLCI to the Layer 3 IP address, you must, somehow, perform thesame mapping with ATM.

There are several ways to create this mapping with ATM. They are:

Static mappings using ATM PVC’s

Dynamic mappings using ATM PVC’s

Or Mappings using ATM SVC’s

As previously mentioned, ATM identifies its Layer 2 circuits with VPI/VCI identifiers.




Physical Layer

Serial Interface Abbreviations

CSU Channel Service Unit

CTS Clear To Send [DCE --> DTE]

DCD Data Carrier Detected (Tone from a modem) [DCE --> DTE]DCE Data Communications Equipment (modems, DSU, etc.)DSR Data Set Ready [DCE --> DTE]DSRS Data Signal Rate Selector [DCE --> DTE] (Not commonly used)DSU Data Service Unit

DTE Data Terminal Equipment (computer, printer, etc.)DTR Data Terminal Ready [DTE --> DCE]FG Frame Ground (screen or chassis)NC No ConnectionRCk Receiver (external) Clock inputRI Ring Indicator (ringing tone detected)RTS Ready To Send [DTE --> DCE]RxD Received Data [DCE --> DTE]SG Signal GroundSCTS Secondary Clear To Send [DCE --> DTE]SDCD Secondary Data Carrier Detected (Tone from a modem) [DCE -->DTE]SRTS Secondary Ready To Send [DTE --> DCE]SRxD Secondary Received Data [DCE --> DTE]STxD Secondary Transmitted Data [DTE --> DTE]TxD Transmitted Data [DTE --> DTE]

Is Your Interface a DTE or a DCE?

Generally a DTE provides a voltage on TD, RTS, & DTR, whereas a DCE provides voltage on RD, CTS, DSR, & CD.You can use this to figure this out what you have in front of you by following these steps:

1. Measure the DC voltages between (DB25) pins 2 & 7 and between pins 3 & 7. Be sure the black lead isconnected to pin 7 (Signal Ground) and the red lead to whichever pin you are measuring.

2. If the voltage on pin 2 (TD) is more negative than -3 Volts, then it is a DTE, otherwise it should be near zerovolts.

3. If the voltage on pin 3 (RD) is more negative than -3 Volts, then it is a DCE.

4. If both pins 2 & 3 have a voltage of at least 3 volts, then either you are measuring incorrectly, or your device isnot a standard EIA-232 device.

RS-232

The RS-232 standard has been around for decades, providing an interface between DTE and DCE devices. It issimple, universal, and well understood; however, it does have some considerable shortcomings. It has had variousdesignations, including RS-232C, RS-232D, V.24, V.28 and V.10; but essentially all these interfaces are interoperable.RS-232 is used for asynchronous data transfer as well as synchronous links, such as SDLC, HDLC, X.25 and FrameRelay.

The standards provided connectivity at up to 256kbps with line lengths of 15M (50 ft), however high speed ports andhigh quality cable have allowed these boundaries to be overcome. The general rule of thumb is that the length of thecable and the speed it supports depends on the quality of the cable.




The clock signals are only used for synchronous communications. The modem or DSU extracts the clock from the datastream and provides a steady clock signal to the DTE. Note that the transmit and receive clock signals do not have tobe the same.

Some of the shortcomings of RS-232 include:

The interface uses a common ground between the DTE and DCE, which is fine as long as you are using a short

cable that connects DTE and DCE devices in the same room, but with longer links between devices, this maynot be true.

It is impossible to effectively screen noise for a signal on a single line. By screening the entire cable, you canreduce the influence of outside noise, but internally generated noise continues to be a problem. As the baud rateand line length increase, the effect of capacitance between the cables introduces crosstalk, until a point isreached where the data itself is unreadable.

V.35 Interface

V.35 is a high-speed serial interface standard that is designed to support DTE and DCE connectivity over digital lines.It was originally specified by CCITT as an interface for 48kbps line transmissions and has since been adopted for higher speeds. It was discontinued by CCITT in 1988, and replaced by recommendations V.10 and V.11.

Recognizable by its 34-pin black plastic box-like plug (about 20mm by 70mm), often with gold plated contacts andbuilt-in hold down and mating screws, V.35 combines the bandwidth of several telephone circuits to provide the high-speed interface between a DTE or DCE and a CSU/DSU. Cable distances can theoretically reach 4000 feet (1200 m)at speeds up to 100 Kbps, depending on the equipment used and the quality of the cable. To achieve such highspeeds and great distances, V.35 combines both balanced and unbalanced voltage signals on the same interface.

The control signals in V.35 are common earth single wire interfaces, because these signal levels are mostly constantor vary at low frequencies. The high frequency data and clock signals are carried by balanced lines (meaning that eachsignal has its own ground).

Most 56kbps DSUs are supplied with both V.35 and RS-232 ports because RS-232 is perfectly adequate at speeds upto 200kbps and generally provides a significant cost savings.

Troubleshooting Serial LinksOne of the most important diagnostic tools for serial links is the “show interfaces serial” privileged exec commandwhich displays statistics and information about a serial interface. Presented below is a sample output, with some of the more important data described below.

router#show interface s0

Line 01: Serial0 is up, line protocol is down

Line 02: Hardware is HD64570

Line 03: Internet address is 192.168.1.1/24

Line 04: MTU 1500 bytes, BW 1544 Kbit , DLY 20000 usec, rely 255/255, load 1/255 Line 05: Encapsulation HDLC, loopback not set, keepalive set (10 sec)

Line 06: Last input never, output 00:00:05, output hang never

Line 07: Last clearing of "show interface" counters never

Line 08: Input queue: 0/75/0 (size/max/drops); Total output drops: 0

Line 09: Queueing strategy: weighted fair

Line 10: Output queue: 0/1000/64/0 (size/max total/threshold/drops)




Line 11: Conversations 0/1/256 (active/max active/max total)

Line 12: Reserved Conversations 0/0 (allocated/max allocated)

Line 13: 5 minute input rate 0 bits/sec, 0 packets/sec

Line 14: 5 minute output rate 0 bits/sec, 0 packets/sec

Line 15: 0 packets input, 0 bytes, 0 no buffer Line 16: Received 0 broadcasts, 0 runts, 0 giants, 0 throttles

Line 17: 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

Line 18: 114 packets output, 3343 bytes, 0 underruns

Line 19: 0 output errors, 0 collisions, 39 interface resets

Line 20: 0 output buffer failures, 0 output buffers swapped out

Line 21: 74 carrier transiti ons

Line 22: DCD=up DSR=up DTR=up RTS=up CTS=up

router#

Line 1: This important line tells you if the physical interface and line protocols for the interface are active. Thephysical interface can be up (Carrier Detect –CD- is present), down (CD not present), or administrativelydisabled meaning someone has turned the interface off by issuing a “shut” command. The line protocol (layer-2 process of the router) considers the interface to be up if keepalives are being received. The bottom of thispage has descriptions of the possible conditions for these two entries.

Line 4: Provides information regarding bandwidth, delay and reliability of the link.

Line 5: Shows the layer-2 encapsulation type (Frame-relay, HDLC, X.25, etc.).

Line 8: Shows the number of input drops.

Line 9: Shows the packet queue information (weighted fair queuing in this example).

Line 10: Shows the number of output drops.Line 17: This line provides significant troubleshooting information, including the number of input, CRC, frame and abort

errors. Keep in mind that these counters are cumulative, so when working on a problem, run the showinterface serial command multiple times to see if the numbers are incrementing.

Line 19: Shows the number of interface resets.

Line 21: The number of carrier transitions indicates how many times the CD signal of a serial interface has changedstate. Usually this is either a problem with the interface, or a problem with the carrier.





Show Controllers Command

One of the most important diagnostic tools for serial links is the “show controllers” exec command that displaysstatistics and information about a serial interface. Presented below is a sample output, with some of the moreimportant data described below. While there are variations on this command for other platforms, most access layer switches will provide output similar to this:

Router#show controllers serial [Serial0]

HD unit 0, idb = 0xDC0BC, driver structure at 0xE1548

buffer size 1524 HD unit 0, V.35 DCE cable, clockrate 19200

cpb = 0x1, eda = 0x4940, cda = 0x4800

RX ring with 16 entries at 0x4014800

00 bd_ptr=0x4800 pak=0x0E45DC ds=0x401ECC8 status=80 pak_size=0

.

. [Section omitted]

.

16 bd_ptr=0x4940 pak=0x0E259C ds=0x4018108 status=80 pak_size=0

cpb = 0x1, eda = 0x5000, cda = 0x5000

TX ring with 1 entries at 0x4015000

00 bd_ptr=0x5000 pak=0x000000 ds=0x000000 status=80 pak_size=0


0 missed datagrams, 0 overruns

0 bad datagram encapsulations, 0 memory errors

0 transmitter underruns

0 residual bit errors

HD unit 1, idb = 0xE584C, driver structure at 0xEACD8 [Serial1]

buffer size 1524 HD unit 1, No cable, clockrate 19200

cpb = 0x2, eda = 0x3140, cda = 0x3000

RX ring with 16 entries at 0x4023000

00 bd_ptr=0x3000 pak=0x0EDD6C ds=0x402CE0C status=80 pak_size=0

.

. [Section omitted]

.16 bd_ptr=0x3140 pak=0x0EBD2C ds=0x402624C status=80 pak_size=0

cpb = 0x2, eda = 0x3800, cda = 0x3800

TX ring with 1 entries at 0x4023800



0 missed datagrams, 0 overruns




0 bad datagram encapsulations, 0 memory errors

0 transmitter underruns

0 residual bit errors

From the output above you can see that S0 is connected via a V.35 cable, while S1 is does not have a cableconnected.

Serial Line Conditions

Serial 0 line is up, line protocol is up - The serial link is working fine, and Carrier Detect (CD) signalkeepalives from the remote site are being sent and received.

Serial 0 line is up, line protocol is up (looped) – The circuit is looped, which is usually only done while testing.

Serial 0 line is up, line protocol is down – The router is not detecting (keepalives). This could mean amisconfiguration or hardware failure on one of the routers (local or remote); faulty cabling; or a problem with theline or provider, such as timing or noise. In a lab environment, make sure the clock rate command has beenissued on the DCE side of the link.

Serial 0 line is down, line protocol is down - No cable or modem is connected.

Serial 0 is administratively down, line protocol is down - The interface has to have been disabled by theadministrator.

Debug Commands

There are a number of debug commands that are useful for diagnosing problems on serial links, including:

debug serial interface —Verifies whether HDLC keepalive packets are incrementing. If they are not, a possibletiming problem exists on the interface card or in the network.

debug x25 events —Detects X.25 events, such as the opening and closing of switched virtual circuits (SVCs).

The resulting cause and diagnostic information is included with the event report.

debug lapb —Outputs Link Access Procedure, Balanced (LAPB) or Level 2 X.25 information.

debug arp —Indicates whether the router is sending information about or learning about routers (with ARPpackets) on the other side of the WAN cloud. Use this command when some nodes on a TCP/IP network areresponding, but others are not.

debug frame-relay lmi —Obtains Local Management Interface (LMI) information useful for determining whether a Frame Relay switch and a router are sending and receiving LMI packets.

debug frame-relay events —Determines whether exchanges are occurring between a router and a Frame Relayswitch.

debug ppp negotiation —Shows Point-to-Point Protocol (PPP) packets transmitted during PPP startup, wherePPP options are negotiated.

debug ppp packet —Shows PPP packets being sent and received. This command displays low-level packetdumps.

debug ppp errors —Shows PPP errors (such as illegal or malformed frames) associated with PPP connectionnegotiation and operation.

debug ppp chap —Shows PPP Challenge Handshake Authentication Protocol (CHAP) and Password Authentication Protocol (PAP) packet exchanges.




debug serial packet —Shows Switched Multimegabit Data Service (SMDS) packets being sent and received.This display also prints error messages to indicate why a packet was not sent or was received erroneously. For SMDS, the command dumps the entire SMDS header and some payload data when an SMDS packet istransmitted or received.

Increasing Output DropsOutput drops occur when the router is attempting to hand off a packet to a transmit buffer when there are noneavailable. By reviewing the output of repeated “show interfaces serial” privileged exec commands, you candetermine if the output drop count is incrementing. In most cases this would be a problem, but if the link is understoodto be oversubscribed, it might be preferable to drop packets if the protocol provides flow support and can retransmit,indicating a problem.

There are several ways to address this problem:

Up the bandwidth. This is the quick-and-dirty, throw-money-at-the-situation answer, but it should be considered.If you are dropping packets because there’s too much traffic, widen the road.

Reduce periodic broadcast traffic through the judicious use of access lists and other means.

Turn off fast switching for heavily used protocols on the impacted interfaces.

Increase the output hold queue size using the hold-queue out interface configuration command. This willprevent packet drops, but should be done carefully and in small increments (for instance, 25 percent).

Implement priority queuing on slower serial links by configuring priority lists. Once of the primary features of priority queuing is that lesser priority traffic will be dropped in favor of the more important. Again, this should bedone with great care.

Increasing Input Drops

If you review the output of repeated “show interfaces serial” privileged exec commands and determine the input dropcount is incrementing, this may be caused by any of several conditions: Simply oversubscribing the line, hardwareproblems, or issues on your provider side, including framing errors, aborts and CRC errors.

A common cause of excessive input drops is when more packets are being received by the interface than can beprocessed by the router, basically exceeding its capacity. This is typically seen when traffic is being routed betweenhigher speed LAN interfaces and serial interfaces. Backups can occur, forcing the router to start dropping packetsduring periods of congestion. There are several ways to address this problem:

Once again, up the bandwidth. If you are dropping packets because there’s too much traffic, increase the size of the pipe.

Use the “hold-queue number out” interface configuration command to increase the output queue size on theinterface that is dropping packets.

Reduce the input queue size from its default of 75 packets, using the “hold-queue number in” interfaceconfiguration command. This forces input drops to become output drops, which is less impactful.

Particularly high levels of input drops (exceeding 1% of total interface traffic) can be symptoms of:

Faulty equipment on the providers network

Serial line noise

Clocking misconfiguration

Bad or incorrectly configured cable, or a cable that exceeds maximum length of the specifications

A defective or misconfigured CSU or DSU

A router that is defective or misconfigured




A data converter or other device being used between router and DSU that is causing problems

There are several ways to address these kinds of problems:

A serial analyzer can be used to isolate the source of the input errors, basically looking at the traffic before it hitsthe router. If errors are detected, the problem is probably external to the router, there is a clock mismatch, or there is a hardware problem on the external network. Be careful doing this, as Cisco recommends against the

use of data converters when connecting a router to a WAN or a serial network. Use a combination of loopback configurations and ping tests to isolate the specific problem source.

Analyze the errors to look for patterns. Do errors occur at a consistent interval? Are they sporadic, and could thatbe related to some periodic function, such as the sending of routing updates?

Also, cyclic redundancy check (CRC) errors, framing errors, or aborts above 1 percent of the total interface traffic canindicate that there is a significant link problem that should be isolated and repaired immediately.

Excessive Aborts

Aborts indicate an illegal sequence of 1 bit (more than seven in a row). This condition can be created by any of thefollowing:

SCTE mode is not enabled on DSU.

Line clocking is improperly configured.

The serial cable is too long, or improperly shielded.

A “ones” density problem has occurred on the T1 link (incorrect framing or coding specification).

A packet terminated in mid-transmission (typical because an interface was reset, or a framing error occurred).

A hardware problem has occurred (possibly a result of a bad circuit, a bad CSU/DSU, or a bad sending interfaceon the remote router).

The proper steps to resolve abort problems are:

Make sure all devices are configured to use a common line clock. If they are capable of it, set SCTE on both the

local and remote CSU/DSUs. Make sure that the cable is properly shielded and within the recommended length.

Check the hardware at both ends of the link. Swap out any suspected faulty equipment, and ensure that allconnections are solidly seated.

Lower the data transmission rates, and monitor the situation to determine if the rate of aborts decrease.

Use local and remote loopback tests to determine where the aborts are happening.

Contact the provider and request they perform integrity tests on the line.

Clocking Problems

Clocking conflicts in serial connections can lead to degraded performance and even chronic loss of connection service.In general, clocking problems in serial WAN interconnections can be attributed to one of the following causes:

Incorrect CSU or DSU configuration

Nonstandard cables that are too long or not properly unshielded

Noisy or poor patch panel connections

Several cables connected in a row




In the lab, the failure of the Network Engineer to apply the “clock rate” interface configuration command to theDCE side of the link

To determine if you have a clocking problem, review the output from the “show interface serial” exec command on therouters at both ends of the link. CRC, framing errors, and/or aborts are indications of a clocking problem. If the errorsare in the approximate range of 0.5 percent to 2.0 percent of traffic on the interface, clocking problems probably existsomewhere in the WAN.

After you’ve determined that clocking conflicts are the most likely cause of input errors, use ping and loopback tests(both local and remote) to determine if the problem is in the line, or one of the connections. Depending on theseresults, and the output of the “show interfaces serial” exec commands on the various routers, you can usuallydetermine where the errors are accumulating:

If input errors are accumulating on both ends of the connection, clocking of the CSU is the most likely problem.

If only one end is experiencing input errors, there is probably a DSU clocking or cabling problem.

Aborts on one end suggest that the other end is sending bad information or that there is a line problem.

Increasing Interface Resets on a Serial Link

By reviewing the output of repeated “show interfaces serial” privileged exec commands you can determine if theInterface reset count is incrementing. These errors indicate missed keepalive packets. This condition can be causedby:

Congestion on the link (typically associated with output drops).

A bad line causing CD transitions.

Possible hardware problems at the CSU, DSU, or switch.

When interface resets are occurring, you should examine other fields of the “show interfaces serial” command outputto determine the source of the problem. Assuming that an increase in interface resets is being recorded, examine thefollowing fields:

If there is a high number of output drops, address this problem as described earlier in this document.

If carrier transitions or input errors are high while interface resets are being registered, the problem is likely to bea bad link or a bad CSU or DSU. Swap out any suspected faulty equipment.

Increasing Carrier Transitions Count on Serial Link

By reviewing the output of repeated “show interfaces serial” privileged exec commands you can determine if theCarrier transitions count is incrementing. This occurs whenever there is an interruption in the carrier signal (such asan interface reset at the remote end of a link).

This condition can be created by any of the following:

Line interruptions from an external source, such as a break in the cabling, CSU/DSU alarms, or a lightningstriking somewhere along the network.

Equipment failure, such as a faulty switch, DSU, or router.The proper steps to resolve abort problems is:

Use a breakout box or a serial analyzer to check hardware at both ends of the link.

Check the router.

Swap out any suspected faulty equipment.




CRC and Framing Errors

CRC and Framing errors occur when the CRC calculation does not pass(indicating that data is corrupted), or when a packet does not end on an 8-bitbyte boundary for one of the following reasons:

The serial line is too noisy.

The serial cable is too long or improperly shielded.

Clocking is incorrectly configured.

A “ones” density problem has occurred on a T1 link (indicatingincorrect framing or coding specification).

To resolve CRC and Framing error problems:

Ensure that the line is clean enough for transmission requirements.

Make sure that the cable is properly shielded and within therecommended length.

Double check that all devices are properly configured with commonline clocking, and that the local and remote CSU/DSU’s are configuredfor the same framing and coding scheme as that used by the serial linkprovider in-between (for example, ESF/B8ZS).

Contact the provider and request they perform integrity tests on theline.

SONET / SDH

SONET stands for Synchronous Optical NETwork. SONET allowsdatastreams of different formats to be combined onto a single high-speedfiber optic synchronous data stream. SDH stands for Synchronous DigitalHierarchy. SONET is the United States version of the International Version,

SDH.SONET supports a variety of data rates. Some of the most common datarates are:

OC-12 622Mbps

OC-48 2.488Gbps

OC-192 9.953Gpbs (or about 10Gbps)

These rates are the actual line speed. As with any protocol there is overheadto using the protocol so throughput rates will vary.

T1 EncodingThere are two types of T1 encoding you should be familiar with. They are:

AMI – Alternate Mark Inversion. AMI is an older form of encodingwhere 8kb of each 64kb channel is used to keep the two ends of theT1 synchronized.

B8ZS – Bipolar 8-zero substitution. B8ZS is based on AMI. B8ZSinserts two successive ones of the same voltage (called a bipolar violation) to keep the two ends of the T1 synchronized.





Leased Line Protocols

HDLC

High Level Data Link Control (HDLC) is one of the more common Data-Link (OSI Layer 2) protocols. HDLC is thedefault encapsulation protocol on all Cisco serial interfaces. HDLC is primarily used on leased lines (dedicated point-to-point lines) but it can also be used on dialup links. The version of HDLC used on Cisco routers is proprietary.

PPP

Point to Point Protocol (PPP) encapsulation protocol is commonly used on dial-up links but can also be used on point-to-point

leased lines. PPP replaced SLIP as the primary dialup protocol in use today. PPP can assign IP addresses to the dialup clients,

perform Multi-link PPP if you have multiple connections, monitor link quality, detect errors, and compress data going over the

link.

PPP consists of three parts:

Encapsulation - using HDLC frames

Link Control Protocol (LCP) – used to connect, monitor, and disconnect circuits

Network Control Programs (NCP) – used to support multiple upper-layer protocols

To authenticate the remote system, PPP supports a variety of authentication protocols. They are:

Password Authentication Protocol (PAP) – sends username & password in clear-text

Challenge Handshake Authentication Protocol (CHAP) – encrypts passwords

Microsoft CHAP (MS-CHAP) – Microsoft’s version of CHAP

Packet over SONET (PoS)

Cisco PoS has the IP layer riding directly above the SONET layer, eliminating the overhead usually required to run IP

over ATM and SONET, while still offering strong quality-of-service (QoS) guarantees. PoS was designed to overcomesome of the limitations of IP that restricted its direct use on very high-speed links, and addressing some of the QoSissues inherent with IP.

DPT / SRP

Dynamic Packet Transport (DPT) is a Cisco optical protocol. It uses dual, counter-rotating rings to send & receive data.

Spatial Reuse Protocol (SRP) is a MAC-layer protocol that is used with DPT. SRP uses destination-stripping for the most efficient

use of bandwidth possible. SRP also provides a high level of redundancy called Intelligent Protection Switching (IPS).

DPT/SRP uses fairness algorithms to ensure all stations connected to the ring get equal time/bandwidth.

DPT/SRP rings can work on underlying technologies like SONET and WDM (wave-division multiplexing).




LAN

Ethernet/FE/GEThere are two types of Ethernet, which are very similar but with a few significant differences:

802.3 – Has a two-byte length field (instead of a protocol type field). The protocol information is held in twofields: DSAP (Destination Service Access Protocol) and SSAP (Source Service Access Protocol). 802.3 runs at10Mbs, 100Mbs, or 1,000Mbs and supports all of layer one, and part of layer two of the OSI model.

Ethernet II - Has a two-byte protocol type field that indicates the protocol of the data that is being sent (insteadof a length field). Ethernet II runs at 10Mbs and supports layers one and two of the OSI model.

Ethernet/Fast Ethernet/Gigabit Ethernet

Legacy Ethernet runs at 10Mbps, and can still be found at the Access layer of some older installations that have asignificant investment in legacy technology, or where the communications requirements are very low. Most printservers, such as Intel NetPorts and HP JetDirects, are 10Mbps devices.

Fast Ethernet (100Mbps) has largely replaced legacy Ethernet at all three layers of the hierarchical model (Core,Distribution, Access layers) to become the most common LAN technology. Most Fast Ethernet equipment is capable of using out-of-bank Fast Link Pulse (FLP) bursts to auto-negotiate the fastest physical layer technology that can be usedby both communicating devices. This provides a parallel detection function for half- and full-duplex 1BaseT, half- andfull-duplex 100BaseTX, and 100BaseT4 physical layers.

Gig Ethernet is more expensive and will normally be found either at the Core or Distribution layers, although as per-port costs come down and the technology becomes cheaper, you can expect to see it more commonly at the accesslayer. Uplinks between phone closets and the computer room will often be Gigabit links over fiber; the higher speedallowing the consolidation of access device data streams, and the fiber overcoming distance limitations.

The most significant limitation of Ethernet is collisions. These become more prevalent as utilization increases. Thiscan reach levels where higher-layer applications are affected, or time sensitive protocols time-out.

The most common problems with Ethernet installations include reconciling configuration elements, like speed, duplex

and encapsulation settings.

Fast EtherChannel (FEC)

FEC is a Cisco proprietary method for aggregating the bandwidth of up to four Fast Ethernet channels (or two GigabitEthernet channels) on a switch and having them appear to be one logical connection. The requirements are that all theports be in the same VLAN; have the same speed and duplex settings; and, if the switch is not a Cat6000, thatcontiguous ports be used. Besides increasing the bandwidth available between devices, this also adds a level of protection, because if one of the links within the EtherChannel were to go down, the traffic would continue to pass atthe reduced rate without interruption.

The Port Aggregation Protocol (PAgP) allows automatic creation of EtherChannels by exchanging packets betweeneligible Ethernet ports (those in auto and desirable modes; ports in on or off mode do not exchange PAgP packets).

The protocol learns the capabilities of port groups dynamically, and then groups the ports into an EtherChannel.

Carrier Sense Multiple Access Collision Detect (CSMA/CD)

Defined by the IEEE 802.3, CSMA/CD listens on the Ethernet segment before transmitting; if a collision occurs, thestation that detects it sends out a jam signal to alert all other machines to stop trying to send. After the signal stops,the machines wait for a random period of time before attempting transmission again.




Wireless/802.11 Although the first wireless networks appeared over two decades ago, adoption has been slow because:

The original wireless data rates were inadequate (way too slow).

Proprietary solutions dominated the marketplace, providing little interoperability among devices.

Wireless solutions were very expensive.

In 1999, the IEEE ratified the 802.11b standard with data rates up to 11 Mbps, and interest in Wireless LANs (WLANs)exploded. Vendor interoperability is ensured by the Wireless Ethernet Compatibility Alliance (WECA), an independentinternational nonprofit association that identifies compliant products from more than 140 companies spanningcomponent manufacturers, equipment vendors, and service providers under its "Wi-Fi" Brand.

As with any new technology, wireless is continually evolving. Multiple standards that offer advancements in speed,bandwidth and security either exist, or are being developed to compete for dominance in the high-bandwidth WLANmarket. These include:

802.11b – This is the most widely deployed wireless standard, and can be found in both corporate and homewireless markets, with wireless "hot spots" popping up in hotels, airports, convention centers, and coffee shopsworldwide. It operates in the 2.4 GHz unlicensed radio band and delivers a maximum data rate of 11 Mbps.

802.11a -- Operates in the unlicensed portion of the 5 GHz radio band, making 802.11a immune to interferencefrom devices that operate in the 2.4 GHz band, such as microwave ovens, cordless phones, and Bluetooth (ashort-range, low-speed, point-to-point, personal-area-network wireless standard). 802.11a has a top data rate of 54 Mbps, nearly five times the bandwidth of 802.11b. It is the first of the higher-speed wireless standards to hitthe market, but has a major drawback in that it does not provide interoperability with existing 802.11b equipment.

802.11g -- A late entry, this standard boasts a top data rate of 54 Mbps, but operates in the same unlicensedportion of the 2.4-GHz spectrum as 802.11b, making it backward compatible with 802.11b devices. This newstandard is limited to the same three channels and crowded 2.4-GHz band as 802.11b, creating possiblescalability and interference issues.

Deployment issues for wireless include:

Interference sources: If an environment has a lot of interference sources in the 2.4-GHz frequency band, such asBluetooth devices or non-802.11b wireless phones, then 802.11a (5 GHz) may be the better choice.

Need for channels: 802.11b offers only three nonoverlapping frequency channels; 802.11a offers eight for moreflexibility in structuring coverage areas.

Installed base: The more 802.11b clients that are installed, the greater the need to have access points thatsupport 802.11b.

Types of applications: 802.11b is better for transaction-intensive applications; 802.11a is better for data-hungryapplications.

Cost: 802.11a systems could cost 20 to 30 percent more than current 802.11b products and may have a higher deployment cost because of the different RF characteristics of the 5-GHz frequency.

Wireless Security

Acknowledging the inherent security deficiencies of WLANs, the 802.11 committee adopted an encryption protocol, theWired Equivalent Privacy (WEP). WEP does not provide authentication, access control, or data integrity checking; justencryption.




Important wireless networking terms:

Access Point (AP) - A wireless LAN transceiver that acts as a center point of an all-wireless network or as aconnection point between wireless and wired networks.

Antenna - A device for transmitting or receiving a radio frequency (RF). Antennas are designed for specific andrelatively tightly defined frequencies, and are quite varied in design. An antenna designed for 2.4-GHz 802.11b

devices will not work with 2.5-GHz devices.

Beamwidth - The angle of signal coverage provided by an antenna. Beamwidth typically decreases as antennagain increases.

Broadband - In general, a RF system is deemed "broadband" if it has a constant data rate at or in excess of 1.5Mbps. Its corresponding opposite is "narrowband."

Fresnel Effect - A phenomenon related to line of sight whereby an object that does not obstruct the visual line of sight obstructs the line of transmission for radio frequencies.

Microcell - A bounded physical space in which numerous wireless devices can communicate. Because it ispossible to have overlapping cells as well as isolated cells, the boundaries of the cell are established by somerule or convention.

Multipath - The echoes created as a radio signal bounces off of physical objects.

Roaming - Movement of a wireless node between two microcells. Roaming usually occurs in infrastructurenetworks built around multiple access points.

Spread Spectrum - A radio transmission technology that "spreads" the user information over a much wider bandwidth than otherwise required in order to gain benefits such as improved interference tolerance andunlicensed operation.

Wireless Access Protoco l - A language used for writing Web pages that uses far less overhead, making itmore preferable for wireless access to the Internet by personal digital assistants (PDAs) and Web-enabledcellular phones.

Radio Frequency (RF) Terms:

Hz - The international unit for measuring frequency is hertz (Hz), which is equivalent to the older unit of cyclesper second.

MHz - one million hertz.

GHz - one billion hertz.

Just to understand how these relate, standard U.S. electrical power frequency is 60 Hz, the AM broadcast radiofrequency band is 0.55-1.6 MHz, the FM broadcast radio frequency band is 88-108 MHz, microwave ovens typicallyoperate at 2.45 GHz and wireless home phones typically run at 900MHz or 2.4 GHz.

Cisco Deployments

Currently the most flexible Cisco wireless access point is the Aironet 1200 Series which provides compatibility for all

the currently established and emerging wireless LAN standards. It has a dual-band design with eight 5 GHz channels,and three 2.4 GHz channels, enabling a mix of client devices. Software and hardware are field upgradeable.




Multiservice

Voice/VideoVoice and Video can be digitized and passed though a normal IP network as long as sufficient bandwidth is available,and the appropriate QoS issues are addressed. These technologies require more coverage than can be provided in a

short exam study guide; but for the purposes of this exam, and because you will probably face them in your career,you should develop an appreciation of Cisco’s Architecture for Voice, Video and Integrated Data (AVVID). AVVIDtechnologies enable advanced voice and data services to be delivered reliably over a Cisco router and switch network.

An excellent place to begin this research is at:

http://www.cisco.com/en/US/netsol/ns340/ns19/ns24/networking_solutions_packages_list.html

Coder-decoders (Codecs)Codecs use pulse code modulation to turn analog signals into digital bit streams, and conversely, transform digital bitstreams back into analog signals. This function is required by Voice-over-IP (VoIP) gateways to turn human speechinto digital data for transport, and back to analog sound to present it to the destination.

Common codecs specifications include:

G.711 – The format used for digital voice delivery in the telecom world, this standard describes the 64 KbpsPCM voice encoding technique.

G.726 – Describes ADPCM coding at 40, 32, 24 and 16 Kbps and can be used to communicate between packetvoice and other systems, provided the PBX or public phone system has ADPCM capability defined.

G.729 – Describes CELP compressions that allow voice to be encoded in 8 Kbps streams. This standard isfurther defined in two variations (G.729/G.729a). These provide standard voice-encoding algorithms that turnthe actual audio signal to digital data. These particular algorithms are significant in the VoIP arena because of the low-bandwidth requirement (8 Kbps), while providing speech quality comparable to a 32 Kbps ADPCM link.

G.731.1 – Describes a compression technique used to compress speech or the audio portion of a multimediapresentation, and is part of the H.324 family of standards. There are two bit rates associated with this coder -

5.3 and 6.3. The higher bit rate is based on MP-MLQ and provides a higher quality, while the lower rate isbased on CELP and provides good quality.







Signaling System 7 (SS7)The international standard telephony network common channel signaling protocol that allows communication betweenthe Public Switch Telephone Network (PSTN) and local phone switches. It defines the protocols and procedures thatallow the PSTN to exchange information for call setup, routing, and control. Examples of telecom signaling wouldinclude many sounds we’re all familiar with, such as off-hook notification, dial tone, ringing, number dialing, busy

signals and congestion (fast-busy). It also provides for out-of-band signaling and is responsible for routing, link status,and connection control. Local phone number portability, 1-800 calling, in-network phone mail and portable phoneroaming all are defined by SS7. These standards are used by both wireline (landline) and wireless telephony devices.

Because SS7 uses Common Channel Signaling (CCS) signaling, it allows Telecommunication providers to offer value-added services, such as call waiting and caller ID.

Real-Time Transport Protocol (RTP)Provides support for applications with real-time requirements, such as Video- or Voice-over-IP networks. This session-layer protocol uses UDP as its primary transport-layer protocol to minimize delay, and because retransmissions are not

just unnecessary, but undesirable. This is easy to see if, with VoIP, a small amount of lost traffic would beunnoticeable; traffic played-back out of order would be very difficult to understand.

RTP enhances the operation of connectionless UDP by providing sequence numbering, time-stamping and a payload-type field that identifies the application or process that the data is being transported for.

Real-Time Transport Control Protocol (RTCP)Built on top of RTP, RTCP adds additional functionality for identification of the RTP source, limiting control traffic,secondary transports for small amounts of information, and statistics about the RTP stream.

Session Initiation Protocol (SIP)

SIP is the IETF's standard ASCII-based, application-layer control protocol for multimedia conferencing over IP. Itestablishes, maintains, and terminates calls between, and is designed to provide signaling and session managementfor, a packet telephony network.

Multiprotocol Label Switching (MPLS)In a normal routed environment, frames pass in a hop-by-hop manner based on layer-3 addressing in the header todetermine the path to the destination. Routing protocols have very little interest in the layer-2 characteristics of thenetwork, particularly in regard to quality of service (QoS), traffic-management and loading.

Multiprotocol Label Switching (MPLS) fuses the intell igence of routing with the performance of switching, and providessignificant benefits to networks with a pure IP architecture, as well as those with IP and ATM or a mix of other Layer 2

technologies.MPLS enables devices to specify paths through the network based upon QoS and bandwidth requirements of theapplications, taking into account layer-2 attributes. The non-proprietary MPLS protocol developed by IETF is looselybased on Cisco's proprietary tag-switching protocol. Although the two protocols have much in common, they aredifferent enough to prevent tag-switching devices from interacting directly with MPLS devices. MPLS will likelysupercede tag switching.

MPLS technology is key to scalable virtual private networks (VPNs) and end-to-end quality of service (QoS), enablingefficient utilization of existing networks to meet future growth and rapid fault correction of l ink and node failure. Thetechnology also helps deliver highly scalable, differentiated end-to-end IP services with simpler configuration,




management, and provisioning for both Internet providers and subscribers.

Definitions follow for the MPLS terms:

Label —A header created by an edge label switch router (edge LSR) and used by label switch routers (LSR) toforward packets. The header format varies based upon the network media type. For example, in an ATM

network, the label is placed in the VPI/VCI fields of each ATM cell header. In a LAN environment, the header is a"shim" located between the Layer 2 and Layer 3 headers.

Label forwarding information base —A table created by a label switch-capable device (LSR) that indicateswhere and how to forward frames with specific label values.

Label switch router (LSR) —A device such as a switch or a router that forwards labeled entities based upon thelabel value.

Edge label switch router (edge LSR) —The device that initially adds or ultimately removes the label from thepacket.

Label switched — An LSR making a forwarding decision based upon the presence of a label in the frame/cell.

Label-switched path (LSP) —The path defined by the labels through LSRs between end points.

Label virtual circu it (LVC) —An LSP through an ATM system. Label switch controller (LSC) —An LSR that communicates with an ATM switch to provide and provision label

information within the switch.

Label distribution protocol (LDP) —A set of messages defined to distribute label information among LSRs.

XmplsATM —The virtual interface between an ATM switch and an LSC.

MPLS Operations

Frames enter the MPLS domain through an Edge label switch router (edge LSR), a device that initially adds or ultimately removes the label from the packet. This router serves as the gatekeeper to and from the MPLS domain. ALabel that has been created by the Edge LSR is added to the frame header, which is subsequently used by labelswitch routers (LSR) to forward packets through the domain. This header indicates what path the frame should travelto reach its destination. This header format varies based upon the network media type. For example, in an ATMnetwork, the label is placed in the VPI/VCI fields of each ATM cell header. In a LAN environment, the header is a"shim" located between the Layer 2 and Layer 3 headers.

Non-edge LSRs look at the frame, determine that there is a label embedded between Layers 2 and 3, and then treatthe frame according to the configuration in its Label forwarding information base (LFIB), a table created by the LSRdescribing where and how to forward frames with specific label values. The label in the frame is just an index to alarger record in the LFIB, which consists of an incoming label and one or more subentries (including outgoing label,outgoing interface, and outgoing link-level information). If the incoming label finds a match then, for each component inthe entry, the switch replaces the label in the packet with the outgoing label, replaces the link-level information (suchas the MAC address) in the packet with the outgoing link-level information, and forwards the packet over the outgoinginterface.

Each of the subsequent LSRs handles the frame in a similar manner until the frame reaches the egress Edge LSR,which then strips off all label information and passes a standard frame to the next hop.

Picture a series of LSRs (edge and core) interconnects, forming a physical path between two points. Because theframe could be directed through the network based on contents of the LFIB and did not need to perform usual routingoperation, the frame was handled more quickly.

Remember that label information can be carried in a packet in a variety of ways:

As a small, shim label header inserted between the Layer 2 and network layer headers




As part of the Layer 2 header, if the Layer 2 header provides adequate semantics (such as ATM)

As part of the network layer header (such as using the Flow Label field in IPv6 with appropriately modifiedsemantics)

This means MPLS can be implemented over any media type, including point-to-point links, multiaccess links, and ATM. Use of these types of control component(s) specific to a particular network layer protocol enable the use of label

switching with different network layer protocols. The label-forwarding component is independent of the network layer protocol.

How the LFIB is Propagated

LSRs distribute labels using a label distribution protocol (LDP). A label binding associates a destination subnet to alocally significant label. (Labels are locally significant because they are replaced at each hop.) Whenever an LSRdiscovers a neighbor LSR, the two establish a TCP connection to transfer label bindings. LDP exchanges subnet/labelbindings using one of two methods on with both LSRs must agree:

Downstream Unsolic ited Distribution - Disperses labels if a downstream LSR needs to establish a newbinding with its neighboring upstream LSR. For example, an edge LSR may enable a new interface with another subnet. The LSR then announces to the upstream router a binding to reach this network.

Downstream-On-Demand Distribution - A downstream LSR sends a binding upstream only if the upstreamLSR requests it. For each route in its route table, the LSR identifies the next hop for that route. It then issues arequest (via LDP) to the next hop for a label binding for that route. When the next hop receives the request, itallocates a label, creates an entry in its LFIB with the incoming label set to the allocated label, and then returnsthe binding between the (incoming) label and the route to the LSR that sent the original request. When the LSRreceives the binding information, the LSR creates an entry in its LFIB and sets the outgoing label in the entry tothe value received from the next hop.

Quality of Service and Traffic Engineering

Two important mechanisms are incorporated into MPLS to provide a range of QoS to packets passing through thedomain:

Classification of packets into different classes

Handling of packets via appropriate QoS characteristics (such as bandwidth and loss)

MPLS marks packets as belonging to a particular class during an initial classification using information carried in thenetwork higher-layer headers. A label corresponding to the resultant class is then applied to the packet. Labeledpackets could be handled efficiently by LSRs in their path without needing to be reclassified.

The Cisco Press book “MPLS and VPN Arch itectures” by Pepelnjak and Guichard is an excellent resource for learning more about MPLS.

IP MulticastIP Multicasting allows a device on the network to send a steam of information to a limited and defined group of hosts.These hosts generally add and remove themselves to and from the data stream. By this time you should becomfortable with the concepts behind Unicasts and Broadcasts, but just to reiterate:

Unicast – A packet that has a specific destination address of a unique host in the IP network. The packet ispassed through the routed or switched network to its destination, or dropped if it is unreachable.

Broadcast - Packet that a single host sends to all IP hosts on the broadcast domain (usually a networksegment). Keep in mind that every host that receives the broadcast interrupts its other work to process thepacket. Under normal circumstances, routers do not forward broadcasts.




Multicast traffic is a different beast. It’s based on the concept of a group; a collection of recipient hosts which have“asked” to join a particular data stream; the group does not necessarily have any physical or geographical boundaries(depending on the network design), and potentially, group members can be located anywhere on the Internet.

Analogously, think of it as a newspaper subscription, or a cable TV drop; they don’t normally “just happen”, therecipient must make an effort, you know - express an interest.

Hosts interested in receiving a particular data flow join the IP Multicast Group using Internet Group Management

Protocol (IGMP). Hosts must be a member of the group to receive the data stream. Hosts join the group – they receivethe traffic; if they don’t – they don’t.

The source then sends IP packets to an IP Multicast Group Address, then IP multicast routers forward out packets tointerfaces that lead to members of the group. This means one flow of traffic leaves the source, and the routers inbetween know how to process the packets to get them to a series of destinations that have either chosen or beendefined as part of a multicast group.

The same information could be sent through broadcasts, but then every destination would be affected; or it could besent through unicasts, but then each communication would require a separate data-stream, consuming valuablebandwidth. With thousands of potential receivers, even low-bandwidth applications benefit from using IP Multicast.High-bandwidth applications can often require a large portion of the available network bandwidth for just one singlestream; the thought of multiple monster streams is what keeps a good Network Architect from spending time with their family.

As you can see, we have been describing a bandwidth-conserving technology that reduces traffic by simultaneouslydelivering a single stream of information to any number of destinations, without forwarding the traffic to disinteresteddestinations. It delivers source traffic to multiple receivers without adding any additional burden on the source or thereceivers, while using less network bandwidth than might otherwise be the case.

Popular IP Multicast applications include:

Multimedia Conferencing – Geographically dispersed group meetings using audio/visual or audio-onlycommunication, and often including electronic whiteboard applications.

Data Distribut ion – Reliably replicating data files from a central site to a number of remote locations, such asdistributing price and product information from a central corporate headquarters to a number of remote saleslocations.

Real-Time Data Multicasts – Pushing out real-time data to a number of subscribing hosts, such as stock or

news ticker updates.

The benefits of IP Multicasting include significant savings in both bandwidth and server overhead because the sourcedevice only sends the material once. Because of the reduced bandwidth utilization, there may also be a reduction of router CPU utilization, although the added load of handling multicast traffic may negate that under somecircumstances.

Multicast packets are replicated in the network by Cisco routers enabled with Protocol Independent Multicast (PIM)and other supporting multicast protocols. Configuration is fairly simple, and should be part of your knowledge arsenalif you intend to take the CCIE path later.

Because IP Multicasting is a one-to-many proposition, UDP is the layer-4 protocol of choice. Problems related tounreliable packet delivery - such as lost packets, duplicate packets and lack of control over network congestion - doexist, but can be reduced by proper network design.

AddressingNormal Unicast traffic is defined with a specific destination IP address that corresponds to a specific physical device.This is not true of Multicast traffic, which forwards to a set of destinations, none of which has the specific IP addressdesignated in the packet. Remember when you first learned IP addressing, and you used A, B and C-classaddresses? Well, the instructor didn’t mention it to you - but there was also a D-class set of addresses, and that’swhat is used for multicast addressing.




Multicast IP addresses (D-class addresses) are in the range of 224.0.0.0 to 239.255.255.255, meaning the first four bits of the address are 0x1110. These addresses are administered by the Internet Assigned Number Authority (IANA),and tightly controlled they are. Don’t count on grabbing a few addresses in case you ever need them; with that limitedrange of addresses available, they are very stingy about assigning them. One interesting outcropping of this is thatthere is now a DHCP-like service running that allows the entire Internet community to share the remaining unassignedrange of IP multicast addresses dynamically (please notice I said DHCP-like, not actual DHCP).

The IANA has put aside 239.0.0.0 through 239.255.255.255 for private multicast domains, much like the reserved IPunicast ranges (192.168.x.x, 172.16.x.x and 10.x.x.x). When you are developing an internal application that willremain within the boundaries of your network, these should be the addresses you choose to implement.

The addresses in the range of 224.0.0.0 to 224.0.0.255 have been put aside by the IANA for use by routing protocolson the local network segment, meaning routers have been programmed not to forward them, regardless of what theTTL value is. Reserved addresses in this range include:

Address Usage

224.0.0.1 All Hosts

224.0.0.2 All Multicast Routers

224.0.0.4 DVMRP Routers

224.0.0.5 OSPF Routers

224.0.0.6 OSFP Designated Routers

224.0.0.7 ST Routers

224.0.0.8 ST Hosts

224.0.0.9 RIP2 Routers

224.0.0.10 IGRP Routers

224.0.0.12 DHCP Server/Relay Agent

224.0.0.13 All PIM Routers

Translate Multicast Addresses into Ethernet MAC addresses

IANA maintains a block of Ethernet MAC addresses from 0100.5e00.0000 through 0100.5e7f.ffff as the range of available Ethernet MAC address destinations for IP Multicast. This allocation allows 23 bits in the Ethernet Address tocorrespond to the IP Multicast group address.

As we’ve already discussed, Multicast IP addresses are Class-D addresses which are in the range 224.0.0.0 to239.255.255.255 (first octet equal to binary 11100000 through 11101111). They are also referred to as Group

Destination Addresses (GDA). For each GDA there is an associated MAC address. This MAC address is formed byappending 01-00-5e to the last 23 bits of the GDA, translated into hex. Remember that since only the last 23 bits of the GDA address is used, the second octet of the address can have either of two values and stil l be correct.

For example:

A GDA of 229.119.213.55 translates to a MAC of 01-00-5e-77-d5-37

Here’s why…

Decimal IP address = 229.119.213.55




Binary equivalent = 11100101.01110111. 11010101.00110111

Last 23 bits = 1110111. 11010101.00110111

Hex equivalent of last 23 bits = 77-d5-37

Append with 01-00-5e = 01-00-5e-77-d5-37

Internet Group Management Protocol (IGMP)and Cisco Group Management Protocol(CGMP)In order to manage IP multicasting, allow directed switching of multicasttraffic, and dynamically configure switch ports so that IP multicast traffic isforwarded only to the appropriate ports Cisco switches use:

Internet Group Management Protocol (IGMP) - A standard protocoldesigned to manage the multicast transmissions passed to routedports by dynamically registering individual hosts in a multicast group.

Hosts identify group memberships by sending IGMP messages to their local multicast routers. Under IGMP, routers listen to IGMP messagesand periodically send out queries to discover which groups are activeor inactive on a particular subnet. One of the problems with thisprotocol is if a VLAN on a switch is set to receive, all the workstationson that VLAN will get the multicast stream.

Cisco Group Management Protoco l (CGMP) - A Cisco proprietaryprotocol designed to control the flow of multicast streams to individualVLAN port members while limiting the impact on the switch. CGMPrequires IGMP to be running on the router.

IGMP

There are two versions of IGMP. Version 1 is defined in RFC 1112 andprovides just two different types of IGMP messages:

Membership Reports - Hosts send out IGMP Membership Reportscorresponding to a particular multicast group to indicate they areinterested in joining that group.

Membership Queries - The router periodically sends out an IGMPMembership Query to verify that at least one host on the subnet is stillinterested in receiving traffic directed to that group. When there is noreply to three consecutive IGMP Membership Queries, the router willstop forwarding traffic directed toward that group.

IGMP Version 2 is defined in RFC 2236.The primary difference is the

inclusion of a Leave Group message, which allows hosts to take the initiativeand actively communicate to the local multicast router that they no longer wish to be part of the multicast group. The router then sends out a groupspecific query and determines if there are any remaining hosts interested inreceiving the traffic. If there are no replies, the router will time out the groupand stop forwarding the traffic. This can greatly reduce the leave latencyfound with IGMP Version 1.

The default behavior for a Layer 2 switch would be to forward all multicasttraffic to every port that belongs to the destination LAN on the switch.





Basically, if one host on a VLAN wants to see the multicast, everybody on the VLAN gets it. Since the purpose of aswitch is to limit traffic to just the ports that need to see it, this is not a desirable behavior. There are two methods todeal the problem - Cisco Group Management Protocol (CGMP) and IGMP Snooping.

CGMP

CGMP and IGMP software components run on both the Cisco routers and Cisco Catalyst switches. Together theyallow these switches to leverage IGMP information on Cisco routers to make layer-2 (switching) forwarding decisions.With CGMP, IP Multicast traffic is delivered only to those Catalyst switch ports that are interested in the traffic; portsthat have not explicitly requested the traffic will not receive it.

When the CGMP/IGMP-capable router receives an IGMP control packet, it processes it as it would any other IGMPrequest, and then creates a CGMP message, which it then forwards to the switch. These can either be “join” or “leave”messages, depending on what the host is asking for.

The switch receives the CGMP message and then modifies the port status in its CAM (Content Addressable Memory)table for that multicast group. All subsequent traffic directed to this multicast group will be forwarded to the port. Therouter port is also added to the entry for the multicast group.

It’s important to note that Multicast routers are required to monitor all multicast traffic for every group, since the IGMP

control messages look just like regular multicast traffic. With CGMP, the switch only has to listen to CGMP “Join” and“Leave” messages from the router. The rest of the multicast traffic is forwarded using its CAM table as normal. Therouter carries the load.

Please note that if there is a spanning-tree topology change, the CGMP/IGMP-learned multicast groups on the VLANare purged and the CGMP/IGMP-capable router must generate new multicast group information. If a CGMP/IGMP-learned port link is disabled, the corresponding port is removed from any multicast group.

CGMP/IGMP-capable routers send out periodic multicast group queries, so if a host wants to remain in a multicastgroup, it must respond to the query. If, after a number of queries, the router receives no reports from any host in amulticast group, the router sends a CGMP/IGMP command to the switch to remove the group from the forwardingtables. CGMP’s fast-leave-processing allows the switch to detect IGMP version-2 leave messages sent to the all-routers multicast address by hosts on any of the supervisor engine module ports.

Remember that CGMP must be configured on both the multicast routers and the layer-2 switches and that CGMP is

Cisco proprietary.

IGMP Snooping

IGMP Snooping is another technique to avoid sending multicast traffic to disinterested switched Ethernet ports on aCisco switch. It requires the LAN switch to examine, (“snoop” through) network layer information in the IGMP packetssent between the hosts and the router.

When the switch hears the IGMP Host Report from a host for a particular multicast group, the switch adds the host'sport number to the associated multicast table entry. When the switch hears the IGMP “Leave” Group message from ahost, it removes the host's port from the table entry. This obviously puts the burden of processing on the switch,creating a potential performance impact on low-end switches with limited CPU horsepower. Many high-end switcheshave special ASICs that can perform the IGMP checks in hardware.




Multicast Distribution TreesMulticast capable routers use distribution trees to control the paths used by traffic as it traverses the network. Thereare two basic types of multicast distribution trees:

Source Trees - A source tree is the simplest type of a multicast distribution tree, with its root at the source andbranches forming a spanning tree through the network to all the receivers. Source trees have the advantage of

creating the optimal path between the source and the receivers, and are therefore often referred to as “shortestpath trees”. The size of the multicast routing table can create problems on larger multicast networks.

Shared Trees - Shared trees use a predefined shared root, called a Rendezvous Point (RP), which allows therouters to know little about the overall network layout, lowering the overall memory requirements for a networkthat only allows shared trees.

Because multicast group members can join or leave at any time, distribution trees must be dynamically updated.

Protocol Independent Multicast (PIM)PIM is used to forward multicast packets through a network. It must be enabled for a Cisco interface to perform IPmulticast routing. Enabling PIM on an Interface also enables IGMP operation on that interface. It can be configured in

Dense, Sparse or Dense-spare modes. Dense is used when most hosts have plenty of bandwidth and wish to be partof the multicast. Sparse is used when there is a lesser percentage of hosts that wish the service, RP’s are used, or if there are expensive WAN links that do not require the multicast broadcast.

PIM uses whichever unicast routing protocol is in place to populate the unicast routing table, including EIGRP, OSPF,BGP or even just static routes; that’s why it is considered IP routing protocol independent (thus the name). Theinformation gained from the unicast routing process is used to support the multicast forwarding function by performingReverse Path Forwarding (RPF) functions instead of building up a separate multicast routing table. This enablesrouters to correctly forward multicast traffic down a distribution tree by using existing unicast routing table informationto determine upstream and downstream neighbors. A router will only forward a multicast packet if it is received on theupstream interface. RPF check ensures that the distribution tree is free of loops.

For PIM to work, it must be in one of these modes (remember that PIM is not enabled by default; and does not have adefault mode):

PIM Dense Mode (PIM-DM) - Dense-mode interfaces are always added to the table. Dense mode is used whenmulticast group members are densely distributed throughout the network and there is plenty of bandwidthavailable. Dense mode PIM floods the multimedia packet to all routers and prunes routers that do not supportmembers of that particular multicast group. This should be considered a “push” model, used to flood multicasttraffic to every corner of the network. PIM-DM can only support source trees; it cannot be used to build a shareddistribution tree.

PIM Sparse Mode (PIM-SM) - Sparse-mode interfaces are added to the table only when periodic “join”messages are received from downstream routers, or when there is a directly connected member on theinterface. Sparse mode is used when members are more spread out and there is l imited bandwidth available.Sparse mode PIM relies on rendezvous points (RP). This should be considered a “pull” model, building itsgroups through requests from specific destinations. The explicit join mechanism prevents unwanted traffic fromflooding slow WAN links, and minimizing other network bandwidth utilization. PIM-SM uses a shared tree to

distribute its information. Sparse-dense Mode - These interfaces are treated as dense mode if the group is in dense mode, or in sparse

mode if the group is in sparse mode. This configuration option allows individual groups to run in either sparse or dense mode, depending on whether RP information is available for that specific group. If the router learns RPinformation for a particular group it will be treated as sparse mode, otherwise that group will be treated as dense.Sparse-dense mode provides a great deal of flexibility for the Network Architect.

A significant difference between Dense and Sparse modes is that a dense mode router assumes all other routers arewilling to forward multicast packets for a group, while a sparse mode router requires an explicit request for the traffic.




PIM-Spare Mode MechanicsIn dense mode, multicast traffic is initially flooded to all segments of the network. Routers with no downstreamneighbors or directly connected receivers prune back the unwanted traffic.

In sparse networks, only those segments with active receivers that have explicitly requested multicast data will beforwarded the traffic. Rendezvous points (RP) (described below) provide the mechanism for providing multiple

distribution points; the source feeds the RP with one stream, which is then redistributed to the destinations within thevarious RP domains.

PIM-SM Joining & Pruning

A Multicast join message is sent from the router to the Rendezvous Point (RP) when a new device requests themulticast group and the router is not already receiving it. A multicast group is requested to be pruned when there areno more devices receiving the group.

IP Multicast Routing Table (mroute)

The IP Multicast Routing table is known as the “mroute” table. This table shows the multicast groups the router canaccess with PIM-SM, the rendezvous point, and the interfaces for the group.

Distribution TreesMulticast-capable routers create distribution trees to control the path through the network. The two basic types of multicast distribution trees are:

Source Trees - These are the simplest form of a multicast distribution tree, where the root is the source of themulticast tree and the branches form a spanning tree through the network to the receivers. Because this treeuses the shortest path through the network, it is also referred to as a shortest path tree (SPT).

Shared Trees - Unlike source trees that have their root at the source, shared trees use a single common rootplaced at some chosen point in the network. This shared root is called the rendezvous point (RP).

Rendezvous PointsThe most significant difference between PIM sparse and dense mode configurations is the requirement for Rendezvous Points (RP) to be defined in sparse networks. This acts as the meeting place for sources and receiversof multicast data. The sources send their traffic to the RP, and it is then forwarded to receivers down a shareddistribution tree. By default, when the first hop router of the receiver learns about the source, it will send a joinmessage directly to the source, creating a source-based distribution tree from the source to the receiver.

Since by default the RP is only needed to start new sessions with sources and receivers, it experiences little additionaloverhead from traffic flow or processing.

In PIM-SM version 1, all routers directly connected to sources or receivers (leaf routers) are manually configured withthe IP address of the RP; for this reason this type of configuration is also known as a “static RP” configuration. Thisisn’t much of a problem in a small network (like a lab exam), but it can create obvious problems in a large, complexnetwork.

PIM-SM version 2 has an Auto-RP feature that automates the distribution of group-to-RP mappings in a PIM network.The advantages of this are:

Not having to configure a static RP address on every router.




Changes need only be configured on the RP routers, not on all the leaf routers.

The ability to “scope” the RP address within a domain, giving it an area of the network to cover. Scoping can beachieved by defining the time-to-live (TTL) value allowed for the Auto-RP advertisements.

Bootstrap Router (BSR)

PIM version 2 supports something called a Bootstrap router (BSR). A BSR is an alternative to using an the Auto-Rendezvous Point (Auto-RP) feature. BSR is detailed in RFC 2362 (PIM Version 2). To use BSR, you select BSRCandidate routers. These routers have priorities that you configure. The router with the highest priority becomes thebootstrap router.

The Cisco Press book “Developing IP Multicast Networks” by Beau Williamson is an excellent resource for MulticastNetworking.

Reference

The following text was used as a reference in the creation of this Cramsession:

CCIE Routing and Switching Exam Certification Guide by A. Anthony Bruno, ISBN 1-58720-53-8


best of best ccie.pdf

Documents