building scalable cisco networks introduction (bscn) - …docstore.mik.ua/cisco/pdf/bscn.pdf ·...

1

Building ScalableCisco NetworksIntroduction

OverviewBuilding Scalable Cisco Networks (BSCN) is an instructor-led course presentedby Cisco Systems, Inc. training partners to their end-user customers. This five-day course focuses on using Cisco routers connected in local area networks(LANs) and wide area networks (WANs) typically found at medium to largenetwork sites.

Upon completion of this training course, you will be able to select andimplement the appropriate Cisco IOS services required to build a scalable routednetwork.

This chapter highlights the course prerequisites and course highlights as well assome administrative issues. It includes the following topics:

■ Course Objectives

■ Course Topics

■ Prerequisites

■ Participant Role

■ General Administration

■ Sources of Information

■ Course Syllabus

■ Graphic Symbols

1-2 Building Scalable Cisco Networks Copyright 1999, Cisco Systems, Inc.

Course ObjectivesThis section lists the course objectives.

© 1999, Cisco Systems, Inc. www.cisco.com BSCN—1-2

Course ObjectivesCourse Objectives

Upon completion of this course, youwill be able to perform the following tasks:• Given a network specification that calls for

simplifying IP address management at branchoffices by centralizing addresses, select andconfigure the appropriate services

• Given a network specification calling for ascalable routed network that includes link stateprotocols and redistribution, implement theappropriate technologies

Upon completion of this course, you will be able to perform the following high-level tasks:

■ Select and configure a scalable IP address solution (including routesummarization) for a branch office environment, given a list ofspecifications

■ Select and implement the technologies necessary to redistribute between andto support multiple, advanced, IP routing protocols, given a networkspecification

Copyright 1999, Cisco Systems, Inc. Introduction 1-3


Course Objectives (cont.)Course Objectives (cont.)

• Given a network specification calling foreither a single or a multi-homedinterconnection into an ISP’s BGP network,configure the edge routers to properlyinterconnect into the BGP cloud

• Given a network specification calling forcontrolling access to networks or devices, orfor minimizing overhead traffic, select andconfigure the appropriate access list features

■ Configure and test edge router connectivity (either single or multi-homedconnection) into a BGP network, given a network specification

■ Configure access lists, given a need to control access to devices and toselectively reduce overhead traffic in the network



Course Objectives (cont.)Course Objectives (cont.)

• Given various network specificationscalling for multiple routed and routingprotocols, implement case studies thatreflect a scalable internetwork

■ Implement the results of case study discussions in a laboratory environment,given a specification containing multiple routed and routing protocols


Course TopicsThis section lists the topics that will be covered in this course.


LegendFastEthernet/EthernetPrimary

Secondary

Course TopicsCourse Topics

BGPAS #2

BGPAS #1

The figure shows a high-level overview of a network that you should be able tobuild at the end of this class. To accomplish this course goal, you will be taughthow to configure Cisco routers with Ethernet LAN and serial WAN interfaces.You will configure the following on a Cisco device:

■ Transmission Control Protocol/Internet Protocol (TCP/IP) and InternetProtocol (IP) addresses

■ Hierarchical addressing using variable length subnet masking (VLSM) androute summarization

■ Routing protocols: Enhanced Internet Gateway Routing Protocol (EIGRP),Open Shortest Path First (OSPF), and Border Gateway Protocol (BGP)

■ Redistribution between different routing protocols

■ Access lists to control IP traffic and routing updates

■ Serial WAN connections over interfaces that use High-Level Data LinkControl (HDLC) and Point-to-Point Protocol (PPP)

■ Serial WAN connections over subinterfaces that use Frame Relayencapsulation

Configuration, verification, and troubleshooting are done with Cisco IOSsoftware.


PrerequisitesThis section lists the course’s prerequisites.


• Understanding distancevector routing protocoloperation and configuringRIP and IGRP

• Determining when to usestatic and default routesand enabling them on aCisco router

• Working knowledge of the OSIreference model and thehierarchical model

• Understanding of internetworkingfundamentals

Building ScalableCisco Networks

(BSCN)

• Operating and configuringa Cisco IOS device

• Working knowledge of theTCP/IP stack and how toconfigure a routedprotocol, such as IP

PrerequisitesPrerequisites

To fully benefit from BSCN, you should already possess certain prerequisiteskills. The skills are presented in the following figures. These skills can begained from self-paced/instructor-led training sessions and from workexperience. These prerequisites are highlighted in the figures and are outlined onthe following pages. The participant should have a working knowledge of:

■ Commonly used networking terms, numbering schemes, and topologies

■ The Open System Interconnection (OSI) reference model

■ Operation and configuration of a Cisco router

■ TCP/IP stack and configuration of IP addresses

■ Distance-vector routing protocol (RIP, IGRP) operation and configuration

■ Static and default route usage, implementation, and configuration



• Verifying routerconfigurations withavailable tools like showand debug commands

• Displaying and interpreting aCisco routing table

• Enabling an IP standard andextended access list


(BSCN)

• Enabling a WAN serialconnection

• Configuring Frame RelayPVCs on interfaces andsubinterfaces


The participant should also have a working knowledge of:

■ Contents and interpretation of a Cisco routing table

■ Traffic filtering with standard and extended access lists

■ Verifying router configuration using show and debug command output

■ WAN serial interface configuration using HDLC

■ WAN serial interface configuration using Frame Relay PVCs




(BSCN)


Successful completion of:• Internetworking Technologies

Multimedia (ITM)

• Plus ...

One of the followingcombinations:

• Introduction to CiscoRouter Configuration(ICRC) and Cisco LANSwitch Configuration(CLSC)

• Cisco Router and LANSwitches (CRLS)

• Interconnecting CiscoNetwork Devices(ICND)

The participant should already possess certain knowledge and skills gained in astructured learning environment. These skills can be gained from completing theInternetworking Technology Multimedia (ITM) CD-ROM plus a combination ofinstructor-led training sessions. These courses are highlighted in the figure andare outlined below:

■ Introduction to Cisco Router Configuration (ICRC) contains routerconfiguration basics and Cisco LAN Switch Configuration (CLSC) containsLAN switch configuration basics

■ Cisco Router and LAN Switches (CRLS) contains router and LAN switchconfiguration basics

■ Interconnecting Cisco Network Devices (ICND) contains router and LANswitch configuration basics


Participant RoleThis section discusses your responsibilities as a student.


Student role• Meet prerequisites

• Introduce yourself

• Ask/answer questions

Participant RoleParticipant Role

To take full advantage of the information presented in this course, you shouldmeet the prerequisites for this class.

Introduce yourself to the instructor and other students who will be working withyou during the five days of this course.

You are encouraged to ask any questions relevant to the course materials.

If you have pertinent questions concerning other Cisco features and products notcovered in this course, please bring these topics up during breaks or after classand the instructor will try to answer the questions or direct you to an appropriateinformation source.



Welcome: PleaseIntroduce YourselfWelcome: Please

Introduce Yourself

• Your name and work location

• Your job responsibilities

• Your internetworking experience

• Your objectives for this week

Introduce yourself, stating your name and the job function you perform at yourwork location.

Briefly describe what exposure you have with installing and configuring Ciscorouters, attending Cisco classes, and how your work experience helped you meetthe prerequisites highlighted earlier.

You should also state what you expect to learn from this course.


General AdministrationThis section highlights miscellaneous administrative tasks that must beaddressed.


General AdministrationGeneral Administration

Class-related• Sign-in sheet

• Length and times

• Participant materials

• Attire

Facilities-related• Rest rooms

• Site emergencyprocedures

• Break and lunchroom locations

• Communications

The instructor will discuss the administrative issues in detail so you will knowexactly what to expect from both the class and facilities. The following itemswill be discussed:

■ Recording your name on a sign-in sheet

■ The starting and anticipated ending time of each class day

■ What materials you can expect to receive during the class

■ The appropriate attire during class attendance

■ Rest room locations

■ What to do in the event of an emergency

■ Class breaks and lunch facilities

■ How to send and receive telephone, email and fax messages


Sources of InformationThis section identifies additional sources of information.


Sources of InformationSources of Information

• Student kit

• www.cisco.com

• CD-ROM

• Cisco Press

Most of the information presented in this course can be found on the CiscoSystems Web site or on CD-ROM. These supporting materials are available inHTML format, and as manuals and release notes.

To learn more about the subjects covered in this course, feel free to access thefollowing sources of information:

■ Cisco Documentation CD-ROM or www.cisco.com

■ ITM CD-ROM or www.cisco.com

■ Cisco IOS 12.0 Configuration Guide and Command Reference Guide

All of these documents can all be found at the following URL:

http://www.cisco.com


Course SyllabusThis section discusses the week’s schedule.


Course SyllabusCourse Syllabus


Introduction

Overview of ScalableInterenetworks

Routing Principles

Extending IPAddressess

Managing Trafficand Access

Configuring IPAccess List

Optimizing RoutingUpdate Operation

Scaling IPAddresses in Your

Internetwork

ImplementingScalability Featuresin Your Internetwork

Module 1 Module 2 Module 3

Scalable RoutingProtocol Overview

Configuring OSPF in aSingle Area

InterconnectingMultiple OSPF Areas

Configuring EnhancedIGRP

Configuring BasicBorder Gateway

Protocol

Implementing BGP inScalable ISP Networks

The following schedule reflects the recommended structure for this course. Thisstructure allows enough time for your instructor to present the courseinformation to you and for you to work through the laboratory exercises. Theexact timing of the subject materials and labs depends on the pace of yourspecific class.

Module 1, Scalable Internetworks

The purpose of the module is to introduce you to the training room andthe BSCN network environment. This section describes thecharacteristics of scalable networks and provides a review of routingfundamentals. You will also be introduced to methods for extending IPaddresses, such as VLSM and route summarization.

Module 1 includes the following chapters:

■ Chapter 1Building Scalable Cisco Networks Introduction

■ Chapter 2Overview of Scalable Internetworks

■ Chapter 3Routing Principles

■ Chapter 4Extending IP Addresses

Module 2, Scalable Routing Protocols

The purpose of the module is to describe the operation andconfiguration of different, sophisticated, routing protocols.You will learn to configure OSPF, Enhanced IGRP and BGP.



■ Chapter 5Scalable Routing Protocols Overview

■ Chapter 6Configuring OSPF in a Single Area

■ Chapter 7Interconnecting Multiple OSPF Areas

■ Chapter 8Configuring Enhanced IGRP

■ Chapter 9Configuring Basic Border Gateway Protocol

■ Chapter 10Implementing BGP in Scalable ISP Networks

Module 3, Controlling Scalable Internetworks

The purpose of the module is to describe ways to control overheadtraffic, including routing updates, in a growing network environment.You will also learn how to control network access using access lists. Inthis section, you will learn about redistributing routes betweendifferent routing protocols such as RIP, IGRP, Enhanced IGRP andOSPF. After a discussion on scalable IP address solutions, the modulecompletes with a comprehensive lab implementing most of thescalability features discussed throughout the course.


■ Chapter 11Managing Traffic and Access

■ Chapter 12Configuring IP Access Lists

■ Chapter 13Optimizing Routing Update Operation

■ Chapter 14Scaling IP Addresses in Your Internetwork

■ Chapter 15Implementing Scalability Features in YourInternetwork


Graphic SymbolsThis section illustrates symbols that are used throughout the course.


WAN “cloud”

Accessserver

ISDNswitch

Data Service Unit/Channel Service Unit

Web Server

Graphic SymbolsGraphic Symbols

Bridge Switch Router

Ethernet Serial Line Fast Ethernet

DSU/CSU

File ServerPersonal computer

Modem

VLAN(Color May Vary)

Hub Network Cloud orBroadcast Domain

Circuit SwitchedLine

Multi-layerswitch

Networkswitch

These symbols are used in the graphical presentations of this course to representdevice or connection types.

Note The addressing schemes and telephone numbers used in this course arereserved and not to be used in the public network. They are used in this course asexamples to facilitate learning. When building your network, use only the addresses andtelephone numbers assigned by your network designer and service provider.

Copyright © 1999, Cisco Systems, Inc. Overview of Scalable Networks 1-1

2

Overview of ScalableInternetworks

2-2 Building Scalable Cisco Networks Copyright © 1999, Cisco Systems, Inc.


Objectives

Upon completion of this chapter, you willbe able to perform the following tasks:

• Describe the key requirements of a scalableinternetwork

• Select a Cisco IOS feature as a solution for agiven internetwork requirement

ObjectivesThis chapter defines scalable internetworks and discusses some of the Cisco IOSfeatures that can be used to meet the needs of these networks. Topics include:

■ Objectives

■ Scaling Large Internetworks

■ Characterizing Scalable Internetworks

■ Summary

■ Written Exercise: Overview of Scalable Internetworks

■ Answers to Exercise

Copyright © 1999, Cisco Systems, Inc. Overview of Scalable Internetworks 2-3


Scaling Large Internetworks

Core

Distribution

Access

Campus Backbone

Branch Office

WAN Backbone

Scaling Large InternetworksToday’s internetworks need to be scalable because they are experiencingphenomenal growth, primarily due to the increasing demands for connectivity inbusiness and at home. What do scalable networks look like? What are therequirements that you, as an administrator, must be aware of when managing thegrowth of your scalable internetwork?

Scalable internetworks are typically described as networks that are experiencingconstant growth. They must be flexible and expandable. The best-managedscalable internetworks are typically designed following a hierarchical model.This simplifies the management of the internetwork and allows for controlledgrowth without overlooking the network requirements.

The graphic illustrates a three-layer hierarchical model. The layers are defined asfollows:

■ Core—The core is the central internetwork for the entire enterprise and mayinclude LAN and WAN backbones. The primary function of this layer is toprovide an optimized and reliable transport structure.

■ Distribution—This represents the campus backbone. The primary function ofthis layer is to provide access to various parts of the internetwork, as well asaccess to services.

■ Access—This provides access to corporate resources for a workgroup on alocal segment.

A hierarchy simplifies things such as addressing and device management. Usingan addressing scheme that maps to the hierarchy reduces the chance of youneeding to redo the network addresses as a result of growth. Knowing wheredevices are placed in a hierarchy enables you to configure all routers within onelayer in a consistent way because they all must perform similar tasks. Routerspecialization allows the best use of the Cisco IOS features discussed in thiscourse.



Defining the Router’s Role in a Hierarchy

Core

Distribution

Access

Campus Backbone

Building Backbone

Dial-In Branch Office

Workgroups Telecommuter

WAN Backbone

Defining the Router’s Role in a HierarchyThe hierarchical model provides a physical topology for building internetworks.Because the hierarchical structure uses three distinct layers that provide uniquefunctionality, the routers placed at each layer also have unique functionality.

■ Core routers provide services that optimize communication among routes atdifferent sites or in different logical groupings. In addition, core routersprovide maximum availability and reliability. Core routers should be able tomaintain connectivity when LAN or WAN circuits fail at this layer.

■ Distribution routers control access to resources that are available at the corelayer, and must make efficient use of bandwidth. In addition, a distributionrouter must address the quality of service (QoS) needs for different protocolsby implementing policy-based traffic control to isolate backbone and localenvironments.

■ Access routers control traffic by localizing broadcasts and service requests tothe access media. Access routers must also provide connectivity withoutcompromising network integrity. For example, the routers at the access pointmust be able to detect whether a telecommuter dialing in is legitimate, withminimal authentication steps required by the telecommuter.



Scalable internetworks need to be:• Reliable and available• Responsive• Efficient• Adaptable• Accessible but secure

Characterizing Scalable Internetworks

Characterizing Scalable InternetworksThe key requirements inherent in scalable internetworks are in the following list.This course presents features and technologies that can be used to respond tothese requirements.

■ Reliable and available—This includes being dependable and available 24hours, 7 days a week. In addition, failures need to be isolated and recoverymust be nonvisible to the end user.

■ Responsive—This includes managing the QoS needs for the differentprotocols being used without affecting response at the desktop. For example,the internetwork must be able to respond to latency issues common forSystems Network Architecture (SNA) traffic, but still allow for the routingof desktop traffic, such as IPX, without compromising QoS requirements.

■ Efficient—Large internetworks must optimize the use of resources,especially bandwidth. Reducing the amount of overhead traffic such asunnecessary broadcasts, service location, and routing updates results in anincrease in data throughput without increasing the cost of hardware or theneed for additional WAN services.

■ Adaptable—This includes being able to accommodate disparate networksand interconnect independent network clusters (or islands), as well as tointegrate legacy technologies, such as those running SNA.

■ Accessible but secure—This includes the ability to enable connections intothe internetwork using dedicated, dialup, and switched services whilemaintaining network integrity.



Making the Network Reliableand Available

Use routing protocols that• Increase reachability

• Decrease convergence time

OSPF

Making the Network Reliable and AvailableThe internetwork should be reliable and available at all layers, but most criticallyat the core layer. Core routers are reliable when they can accommodate failuresby rerouting traffic and respond quickly to changes in the network topology. Theprotocols that enhance network reliability and availability that the Cisco IOSsupports are as follows:

■ Scalable protocols—Includes Open Shortest Path First (OSPF) and EnhancedIGRP (EIGRP). These protocols provide the following features:

– Reachability—Scalable networks, including those using a hierarchicaldesign, can have a large number of reachable networks or subnetworks.These networks can be subject to reachability problems due to metriclimitations of distance vector routing protocols. Scalable routingprotocols such as OSPF and EIGRP use metrics that expand thereachability potential for routing updates because they use cost, ratherthan hop count, as a metric.

– Fast convergence time—Scalable protocols can converge quicklybecause of the router’s ability to detect failure rapidly and because eachrouter maintains a network topology map. Routers also forward networkchanges quickly to all routers in the network topology.



Making the NetworkResponsive

Use routing protocols that

• Use alternate paths

• Load balance

• Use dial backup over WANs

Making the Network Responsive■ Scalable protocols support additional features, such as:

– Alternate paths—Scalable protocols, such as EIGRP and OSPF, enablea router to maintain a map of the entire network topology, so when afailure is detected the router can reroute traffic by looking at thenetwork topology and finding another path. Enhanced IGRP is also afeasible solution because it keeps a record of alternate routes in case thepreferred route goes away.

– Load balancing—Because scalable protocols have a map of the entirenetwork topology, and because of how they maintain their routingtables, they are able to transport data across multiple paths to a givenlocation simultaneously.

■ Dial backup—On WAN connections, you can configure backup links whenyou need to do the following:

– Make the primary WAN connection more reliable by configuring one ormore on backup connections.

– Increase availability by configuring the backup connections to be usedwhen a primary connection is experiencing congestion.



Making the Network Efficient

Optimize bandwidth utilization using

• Access lists

• Route summarization

• Incremental updates

Making the Network EfficientOptimizing your network at all layers of an internetwork hierarchy is criticalbecause it can reduce potential costs in additional WAN services. In this course,the focus is on optimizing your bandwidth. Bandwidth optimization is normallydone by reducing the amount of update traffic over a WAN connection, withoutdropping essential routing information, to increase data traffic throughput.

Cisco IOS features discussed in this course that help optimize bandwidth use are:

■ Access lists—Can be used to permit or drop (deny) protocol update traffic,data traffic, and broadcast traffic. Access lists are available for IP and otherprotocols and can be tailored to meet the needs for each protocol. Forexample, an access list can be defined by Transmission Control Protocol(TCP) port or by other criteria, depending on the situation.

■ Reduce the number of routing table entries—You can reduce the number ofrouter processing cycles by reducing the overall number of routing entries ina router’s routing table. This can be done using the following Cisco IOSfeatures:

– Route summarization—The number of entries in a routing table can be reducedby using route aggregation or, as it is more commonly known, routesummarization. Summarization of routes occurs at major network boundariesfor most routing protocols. Some IP routing protocols, such as OSPF andEnhanced IGRP, allow manual summarization on arbitrary boundaries withinthe major network. Careful planning and address allocation is required for routesummarization to be most effective.

– Incremental updates—Protocols such as Enhanced IGRP and OSPF make moreefficient use of bandwidth than distance vector protocols by only sendingtopology changes rather than the entire routing table contents at fixed intervals.



Making the Network Efficient(cont.)

• Dial-on-demand routing

• Switched access

• Snapshot routing

• Compression over WANs

DCE ISDN or Basic

Service

Dial Connection

Making the Network Efficient (cont.)■ Dial-on-demand routing (DDR)—Connections for infrequent traffic flow can

be accomplished using DDR. Active links are created only after interestingtraffic is detected by the router. This “only as required” service replacesdedicated circuits that are charged for even when that link is idle.

■ Switched access—Packet-switched networks such as X.25 and Frame Relayoffer the advantage of providing global connectivity through a large numberof service providers with established circuits to most major cities.

■ Snapshot routing—Allows peer routers to exchange full distance vectorrouting information upon initial connection, then on a predefined interval.Typically used with ISDN, this feature can reduce WAN costs when usingdistance vector protocols because routing information is exchanged at aninterval you define. Between update exchanges, the routing tables for thedistance vector protocols are kept frozen.

■ Compression over WANs—Several compression techniques can be used toreduce traffic that is crossing a WAN connection. Cisco supports TCP/IPheader compression and data (payload) compression. In addition, you canconfigure link compression, which compresses header and data informationin packets that cross point-to-point (leased lines) connections. Compressionis accomplished in software by the router before the frame is placed on themedium.



Making the Network Adaptable

Network must support routable andnonroutable traffic

IP

SNA SNA

Making the Network AdaptableBecause scalable internetworks experience change frequently, they must be ableto adapt to changes such as:

■ Mixing routable and nonroutable protocols—A network delivering bothroutable and nonroutable traffic has some unique problems. Mostnonroutable protocols lack a mechanism to provide flow control and aresensitive to delays in delivery. Any delays in delivery or packets arriving outof order can result in session loss.

■ Integrating “islands” of networks—Many companies are integrating islandsof networks that are typically using different protocols in their hierarchicaldesign. In this case, you can add any protocols used by the network islands tothe core layer, or create a tunnel in the backbone that will connect thenetwork islands but not add new protocol traffic to the core backbone.

■ Meeting the varying requirements for each protocol in the internetwork—When multiple protocol traffic is present, the network must be balancedbetween the special needs of each protocol.

In this course, Cisco IOS features that focus on network adaptability are asfollows:

■ EIGRP—A routing protocol that supports IP, IPX, and AppleTalk traffic.

■ Redistribution—You can exchange routing information between networksthat are using different routing protocols.



Making the NetworkAccessible but Secure

Network should support the necessaryconnection types

Dialup

Dedicated

Packet Switched Frame

Relay

PSTN

Making the Network Accessible but SecureThe network should be accessible, particularly at the access layer. Access routersneed to connect to a variety of WAN services, yet be secure. For example, accessrouters must allow telecommuters to dial in, but be able to differentiate betweenlegitimate and hostile connection attempts. Cisco IOS features discussed in thiscourse that support access are as follows:

■ Dedicated and switched WAN support:

– Dedicated access—Cisco routers can be directly connected to basictelephone service or digital services such as T1/E1. This means that youcan create a core WAN infrastructure for heavy traffic loads, then useother access services for sporadic traffic requirements.

– Switched access—Cisco routers support Frame Relay, X.25, SMDS, andATM. With this variety of support, you can determine which switchedservice, or combination of switched services, to use, based on cost,location, and traffic requirements.

■ Exterior protocol support—Cisco IOS supports several exterior protocolsincluding Exterior Gateway Protocol (EGP) and Border Gateway Protocol(BGP). BGP, which is discussed in this course, is often used by InternetService Providers (ISPs) and by organizations that want to connect to ISPs.



Making the NetworkAccessible but Secure (cont.)

• Secure access to and from eachremote site

• Secure access to devices within anetwork

Authentication Procedure

Central-Site

Making the Network Accessible but Secure (cont.)Features discussed in this course that support network security are as follows:

■ Access lists—Access lists can be defined to prevent user traffic fromaccessing portions of the network. Access lists can also assist in providingsecurity because when they block user traffic effectively, the usersthemselves are being denied access to sensitive areas of the network.

■ Authentication protocols—On WAN connections using PPP, you canconfigure authentication protocols such as Password Authentication Protocol(PAP) or Challenge Handshake Authentication Protocol (CHAP).

Note For a complete discussion of how Cisco supports security, and how to make

your network secure using Cisco products, refer to the “Managing Cisco Network Security”course.



Summary

• Scalable internetworks must be reliable,responsive, efficient, adaptable, andaccessible

• Routers can be specialized based ontheir location in the internetwork

• Cisco IOS features can be used to meet therequirements of today's scalableinternetworks

SummaryKey points from this chapter include the following:

■ Scalable internetworks must meet several requirements, as listed in thegraphic. Note that these requirements are more or less critical to meet at eachlayer of the three-layer hierarchy presented.

■ Remember that routers should be configured based on the key functions theyneed to perform at a given layer of the hierarchy.

■ The Cisco IOS provides a large number of features, but not all featuresshould be configured on a router. Only those features that meet the desirednetwork requirements should be enabled on the router.


Written Exercise: Overview of Scalable InternetworksObjective: Describe the key requirements of a scalable internetwork.

Objective: Select a Cisco IOS feature as a solution for a given internetworkrequirement.

Complete the table by doing the following:

■ Assigning each network problem one of the five requirements listed below.

_____ Reliable and available

_____ Responsive

_____ Efficient

_____ Adaptable

_____ Accessible but secure

■ Listing one or more Cisco IOS features that can be used to correct eachnetwork problem.

Network Problem Key Requirement Cisco IOS Feature(s)

Connectivity restrictions

Single paths available toall networks

Too much broadcast traffic

Convergence problems withmetric limitations

Competition for bandwidth

Illegal access to services onthe internetwork

Single WAN links available toeach remote site

Expensive tariffs on WANlinks that do not get much use

Very large routing tables

Integrate networks usinglegacy protocols


© 1999, Cisco Systems, Inc. www.cisco.com 1-15

Answers toExercise

Answers toExercise

Answers to Exercise


Written Exercise: Overview of Scalable Internetworks


Connectivity restrictions Accessible but secure ■ Dedicated and switchedaccess technologies

■ BGP support

Single paths available to all networks Reliable and available ■ Scalable protocols

■ Dial backup

Too much broadcast traffic Efficient ■ Access lists

■ Scalable protocols

Convergence problems with metric limitations Reliable and available ■ Scalable protocols

Competition for bandwidth Efficient ■ Access lists

■ Snapshot routing

■ Compression over WANs

■ Generic Traffic Shaping

Illegal access to services on the internetwork Accessible but secure ■ Access lists (not anend-all solution)

■ Authentication protocols

■ Lock and Key Security

Single WAN links available to each remote site Responsive ■ Dial backup

Expensive tariffs on WAN links that do not getmuch use

Efficient ■ Switched access

technologies

Very large routing tables Efficient ■ Route summarization

■ Incremental updates

Integrate networks using legacy protocols Adaptable ■ Bridging mechanisms

3

Routing Principles

OverviewThis chapter covers concepts related to logical Internet Protocol (IP) networkaddresses and the usage of network masks to make routing decisions. Themechanisms by which Cisco routers learn and maintain knowledge of the networktopology is also discussed.

It includes the following topics:

■ IP Address Overview

■ Subnetting Overview

■ Distance-Vector Operation

■ Link-State Operation

■ Routing Table Analysis


ObjectivesThis section lists the chapter’s objectives.


ObjectivesObjectives

Upon completion of this chapter, you will beable to perform the following tasks:• List the key information routers need to route data

• Describe classful and classless routing protocols

• Compare distance vector and link-state protocoloperation

• Describe the use of the fields in a routing table

• Given a pre-configured laboratory network, discoverthe topology, analyze the routing table, and testconnectivity using accepted troubleshootingtechniques

ObjectivesThis chapter covers a review of IP addressing and routing principles. Thedifference between distance vector and link-state routing protocol behavior isexplained and an example of each is presented in a Case Study. Convergenceissues surrounding the most commonly used interior routing protocols (RIP,IGRP, Enhanced IGRP and OSPF) are also presented.

Upon completion of this chapter, you will be able to perform the following tasks:

■ List the major classes of IP addresses and describe the default maskassociated with each

■ Describe the requirements for subnetting a classful network

■ Compare and contrast the two major functions performed by a router

■ Describe, in detail, the functionality of each field in a routing table entry

■ Explain the convergence steps used by the following routing protocols

– Routing Information Protocol (RIP)

– Interior Gateway Routing Protocol (IGRP)

– Enhanced IGRP

– Open Shortest Path First (OSPF)

Copyright 1999, Cisco Systems, Inc. Routing Principles 3-3

IP Addressing ReviewThis section contains review information related to IP addressing and subnettingconcepts.

Section topics are as follows:

■ Classes of IP Addresses

■ Default Routing Masks

■ Creating Subnets by Extending the Mask

■ Subnetting Examples



IP Address OverviewIP Address Overview

Boundary between network and host isdetermined by a 32-bit mask• Mask contains contiguous ones in the network portion

• Mask contains contiguous zeros in the host portion

Once the network portion of the address isdefined, all devices on the network will share thesame binary pattern in the network portion

Network Host

32 bits

IP Address OverviewIP addresses are composed of 32 binary bits and uniquely identify devices withinthe Transmission Control Protocol/Internet Protocol (TCP/IP) domain. TheTCP/IP domain includes all device connected to the Internet using the WorldWide Web (WWW).

An IP address contains two parts: a network part and a host part. The boundarybetween the two parts of the IP address is defined by another 32-bit field, referredto as a routing mask. There is a bit-for-bit alignment between the IP address andthe routing mask. The routing mask contains a field of all ones and a field of allzeros.

The routing mask contains contiguous ones starting at the left and moving to theright. The routing mask also contains a field of contiguous zeros starting at theright and moving to the left. Where the contiguous ones stop indicates theboundary between the network part and the host part of the IP address. Thenetwork boundary can occur at any place after the eighth bit position from theleft. Once the boundary between the network part and the host part of the IPaddress is known, all devices addressed in that network will have a commonbinary pattern in the network part that identifies the device as belonging to thespecified network.



IP Address ClassesIP Address Classes

IP address and associated mask arerepresented in 32-bit dotted decimal

Other formats are commonly used

Decimal value in the first octet determines theClass of the address• 001 - 126 = Class A

• 128 - 191 = Class B

• 192 - 223 = Class C

• 224 - 239 = Class D

• 240 - 254 = Class E

IP Address ClassesBoth the IP address and the associated routing mask contain 32 bits. Routingdevices are similar to computers in that they both use the binary numberingscheme to represent addresses. Working with 32-bit binary numbers is thestandard operational mode for a routing device. However, network administratorsdo not use binary numbers on a daily basis and have therefore adopted otherformats to represent 32-bit IP addresses. Some common formats include decimal(base 10) and hexadecimal (base 16) notation.

The generally accepted method of representing IP addresses and routing masks isto break the 32-bit field into four groups of eight bits and to represent those eight-bit fields in a decimal format separated by decimal points. Hence the reference toIP addresses and routing masks being represented in 32-bit dotted decimalnotation.

Although the dotted decimal notation is commonly accepted, that notation meansnothing to the routing device because the device internally uses the 32-bit binarystring as an address identifier. All routing decisions are based on the 32-bit binaryfield.

IP addresses belong to ‘classes’ defined by the decimal value represented in thefirst eight bits (octet). The decimal number ranges are strictly dictated by thebinary weights of the ones and zeros patterns within the octet. The class definitionis referred to the ‘First Octet Rule’. Classes A through E are defined, but onlyClass A, B and C addresses are used to identify devices connected to the Internet.The two remaining classes are used for special or testing purposes.



IP Address Default MasksIP Address Default Masks

IP address Class determines thedefault mask• A = 255.0.0.0

• B = 255.255.0.0

• C = 255.255.255.0

A bit for bit alignment exists betweenan IP address and its associated mask

IP Address Default MasksOnce the class of address is known, the number of bits in the default routing maskis also known. By default, routing masks contain one or more octets of contiguousones that define the network part of the IP address. To simplify the classrepresentation, the fields of contiguous ones are limited to the fields separated bythe decimal points.



Which Class of address is 201.222.5.12?

Determining IP Address ClassDetermining IP Address Class

Network Host

201. 222. 5. 12

201 is in the 192 - 223 range = Class C

255. 255. 255. 0

DeviceAddress

DefaultMask

Determining IP Address ClassTo determine the class of an IP address, one only has to match the decimal valuein the first octet to the accepted number ranges. Once the class of address isknown, the default routing mask is also known.

In the example above, because 201 is in the Class C range of addresses there is adefault 24-bit routing mask. The bit position where the 24 contiguous one bits enddefines the end of the network part of the address. Therefore, all of the bits thatrepresent 201.222.5 are part of the network part of the IP address. As describedearlier, the routing mask will help routing devices forward traffic to the networkdefined by the binary bits in the network portion of the IP address.



Subnetting OverviewSubnetting Overview

Moving the network boundary to the right createsadditional subnetworks at the expense of fewerhosts on each segment

The new network mask will contain additionalcontiguous ones indicating by how many bits thenetwork portion has been extended

The formula 2 n, where n equals the number ofextended bits, indicates the maximum numberof subnets created

Subnetting OverviewWhen additional contiguous ones are added to the default routing mask, the all-ones field is longer and that extends the definition of the network part of an IPaddress. Adding bits to the network part of an address is responsible fordecreasing the number of bits in the host part. Creating additional network binarypatterns is done at the expense of the number of host devices that can occupy eachnetwork segment.

The number of bits added to the point where the default routing mask endedcreates a counting range. This binary range counts ‘sub’ networks. Each count is aunique binary pattern and defines a location within the master network addressspace.

The remaining bits not allocated as the network part or the subnetwork part forma counting range for hosts. Host addresses are selected from these remaining bitsand must also be numerically unique from all other hosts on this network.



Creating SubnetsCreating Subnets

Subnet HostCounting Subnet Counting Host Range Number Range Number

4 2 1 16 8 4 2 1

0 0 0 0 0 0 0 0 0 0 ** 0 0 1 1 0 0 0 0 1 1 0 1 0 2 0 0 0 1 0 2 0 1 1 3 0 0 0 1 1 3 1 0 0 4 0 0 1 0 0 4 1 0 1 5 . . . . . . . 1 1 0 6 . . . . . . . 1 1 1 7 . . . . . . .

1 1 1 1 0 30 1 1 1 1 1 31 **

201. 222. 5. 0255. 255. 255. 224

128 64 32 16 8 4 2 1 1 1 1 0 0 0 0 0

S S S H H H H H

NetworkMask

Extending the mask creates subnets

** Special usage

Creating SubnetsIn the example above, the network part has been extended and is indicated by thenew mask of 255.255.255.224, which is three bits longer than the default mask of255.255.255.0. Once the default routing mask has been extended, in this case bythree bits, it creates a counting range to represent subnetworks.

For the sample network of 201.222.5.0, the fourth octet now contains twocounting ranges; a three-bit field for counting subnetworks and a five-bit field forcounting hosts. Each counting range is displayed with individual binary weightsassigned to the bit positions. As is true for eight-bit binary fields discussed earlier,the least significant bit (LSB) has a binary weight of one and is always located atthe right side of the field. Each count is an assignment for a subnetwork or adiscrete host.

Reminder: The count of all zeros and of all ones in the host range is reserved forspecial usage. The count of all zeros represents the segment identifier and thecount of all ones represents a broadcast address used to contact all hosts on thatsegment.

Reminder: The count of all zeros in the subnetwork range must be explicitlyallowed. The count of all ones has no special significance in the subnetwork rangeand identifies a location within the major network.

Only after all of the binary counts have been performed, can the 32 binary bits bebroken into four eight-bit fields and represented as a dotted decimal value. Onlyafter the binary bits have been represented in dotted decimal notation does the IPaddress have significance to the network administrator. An example of the dotteddecimal notation for the counting ranges is shown on the following page.



Subnet AddressingSubnet Addressing

201.222.5.0255.255.255.0

201.222.5.0Host Range Hosts/Seg. 001 - 254 254

33 - 62 30

65 - 94 30 . . . . . . . . . . . . . . . . . . . . . 225 - 254 30

Total 210

201.222.5.0255.255.255.224

201.222.5.160 (101)

201.222.5.32 (001)

201.222.5.192 (110)

201.222.5.64 (010)

201.222.5.224 (111)

201.222.5.128 (100)

201.222.5.96 (011)

* Additional configuration required to activate subnet zero

After subnetting

After subnetting

Extend mask by three bits23 = 8 subnets

Before subnetting

Before subnetting

Subnet AddressingIn the upper portion of the graphic, the Class C network of 201.222.5.0 is shownwith all host addresses belonging to a single segment. This major network isassociated with the default routing mask of 255.255.255.0.

In the lower portion of the graphic, the default routing mask for network201.222.5.0 has been extended by three bits, as indicated by the subnet mask of255.255.255.224. The mask extension creates a three-bit counting range, which,using the 2n formula, generates eight possible counts. The seven counts which donot require additional configuration statements on the Cisco router are shownabove. Subnetwork zero must be explicitly allowed using configurationcommands in Cisco IOS releases prior to 12.0. In Cisco IOS Release 12.0 andlater, subnet zero is enabled by default.

Once each unique count is determined in the subnetwork range, the valid countsfrom the host range are added to it. The resulting decimal values represent a rangeof valid host addresses for each location (subnetwork) within the network addressspace.

The function of extending the network mask (subnetting) creates additionalunique locations within the network at the expense of fewer hosts on eachsegment. There is a small loss of usable host addresses due to the special usage ofsome bits within the host range. This loss of usable host addresses can beminimized by good network design with an eye toward address utilization on aper segment basis.


Routing FundamentalsThis section discusses the components that make up a routing decision. Thedifferent methods of learning and the mechanisms for maintaining the router’sawareness of the network topology are covered in detail. These topics areconsolidated into a discussion of how to read and understand the contents of arouting table display.

Section topics are as follows:

■ What is routing?

■ Routing requirements

■ Router functions

■ Distance vector routing protocols

– Operation

– Comparison

■ Link-state routing protocols

– Operation

– Comparison

■ Convergence on a new network topology

■ Routing table interpretation



What is Routing?What is Routing?

Routing is the process of forwarding an itemfrom one location to another

Routers forward traffic to a logical destinationin a computer network

Routers perform two major functions:• Routing

Learning the logical topology of the network

• SwitchingForwarding packets from an inbound interface to anoutbound interface

What is Routing?What is routing? Routing is a relay system by which items are forwarded fromone location to another. In computer networks, user generated traffic, such aselectronic mail or graphic/text documents, is forwarded from a logical source to alogical destination. Each device in the network has a logical address so it can bereached individually or in some cases as part of a larger group of devices.

For a router to act as an effective relay device, it must be able to understand thelogical topology of the network and to communicate with its neighboring devices.The router understands several different logical addressing schemes and regularlyexchanges topology information with other devices in the network. Themechanism of learning and maintaining awareness of the network topology isconsidered to be the routing function. The actual movement of transient trafficthrough the router is a separate function and is considered to be the switchingfunction. Routing devices must perform both a routing and a switching functionto be an effective relay device.



Routing RequirementsRouting Requirements

Is the protocol suite active on this device?

Is the destination network known to this device?• Is there an entry in the routing table?

• Is the route currently available?

Which outbound interface represents the bestpath?• Lowest metric path is preferred

• Equal lowest metric paths are shared

Routing RequirementsThere are three major decisions that have to be made in order to make a routingdecision. First and foremost, can the routing device understand the logicaldestination address? For a logical address understanding to exist within the router,the protocol suite that uses that logical addressing scheme must be enabled andcurrently active. Some examples of common aprotocol suites are TCP/IP, IPX,DECnet, and others.

Secondly, once the router can understand the addressing scheme, does thedestination logical network exist within the current routing table as a validdestination. If the destination logical network does not exist in the routing table,routing devices are programmed to discard the packet and to generate an InternetControl Message Protocol (ICMP) message to notify the sender of the event.Some network managers have successfully reduced the size of their network’srouting tables by including only a few destination networks and manuallyspecifying a default route entry. If specified, a default route will be followed ifthe destination logical network, as indicated by the packet header, is not includedas part of this device’s routing table.

Lastly, if the destination network is in the routing table, through which outboundinterface will the packet be forwarded? The routing table should contain only thebest path to any given destination logical network. The best path to a destinationnetwork has been associated with a particular outbound interface by the routingprotocol process. Routing protocols use a metric scheme to determine the bestpath to a destination. A smaller metric indicates a preferred path and if two ormore paths have an equal lowest metric, then all of those paths will be equallyshared. Sharing packet traffic across multiple paths is referred to as loadbalancing to the destination. Once the outbound interface is known, the routermust also have an encapsulation solution to forward with. An encapsulationmethod (framing) is required to forward the packet to the next-hop logical devicein the relay path.



Routing InformationRouting Information

Most of the necessary information is containedin the routing table

I 172.16.8.0 [100/118654] via 172.16.7.9, 00:00:23, Serial0I 172.16.8.0 [100/118654] via 172.16.7.9, 00:00:23, Serial0

I -- How the route was learned (IGRP)172.16.8.0 -- Destination logical network/subnet[100 -- Administrative distance (prioritization factor)/118654] -- Metric value (reachability)via 172.16.7.9 -- Next hop logical address (next router)00:00:23 -- Age of entry (in hours:minutes:seconds)Serial0 -- Interface through which route was learned and

through which the packet will leave

Routing InformationMost of the information required to perform the routing operation is included inthe routing table on a per-entry basis. Each entry is created by the routingprotocol process and indicates the following:

■ By which mechanism the was route learned. Learning methods can be eitherdynamic or manual entries.

■ Logical destination address, expressed either as a major network or as asubnetwork of a major network. In isolated cases, host addresses can becontained in the routing table.

■ Administrative distance; a measure of the trustworthiness of the learningmechanism.

■ Metric; a measure of the aggregate path cost specified in a format consistentwith the metric used by that routing protocol.

■ Address of the next relay device (router) in the path to the destination.

■ How current is the route information? This field indicates the amount of timethe information has been in the routing table. Entry information is refreshedperiodically to ensure it is current.

■ The interface associated with reaching the destination network. This is theport through which the packet will leave the router, being forwarded to thenext-hop relay device.



Administrative DistanceAdministrative Distance

Administrative Distance is a prioritizationmethod for IP routing protocols

The lower the administrative distance, the moretrusted the learning mechanism

• Manually entered routes are preferred todynamically learned routes

• Routing protocols with sophisticated metricsare preferred over protocols with simple metricstructures

Administrative DistanceThe routing process is responsible for selecting the best path to any destinationnetwork. The concept of an administrative distance is required to handle the casewhen there are multiple inputs on the same route. More than one learningmechanism can exist inside the router at any given time.

The routing process has been programmed to prefer lower values rather thanhigher values when comparing administrative distances. In general,administrative distances have been assigned in a fashion to prefer manual entriesover dynamically learned entries and to prefer routing protocols with moresophisticated metrics over routing protocols with simple metrics. A comparisonchart of administrative distances is located on the following page.



Administrative DistanceComparison Chart

Administrative DistanceComparison Chart

Connected Interface Connected Interface 00Static Route out an InterfaceStatic Route out an Interface 00Static Route to a Next HopStatic Route to a Next Hop 11Enhanced IGRP Summary RouteEnhanced IGRP Summary Route 55External BGPExternal BGP 2020Internal Enhanced IGRPInternal Enhanced IGRP 9090IGRPIGRP 100100OSPFOSPF 110110IS-IS IS-IS 115115RIP v1, v2RIP v1, v2 120120EGPEGP 140140External Enhanced IGRPExternal Enhanced IGRP 170170Internal BGPInternal BGP 200200UnknownUnknown 255255

Route SourceRoute Source Default DistanceDefault Distance

Administrative Distance Comparison ChartThe chart above compares the administrative distances for the different learningmethods available in a TCP/IP environment.



Routing DecisionsRouting Decisions

Routing protocols maintain a loop-free, singlepath to each destination network

Routes are advertised with a reachability factorreferred as a metric

The path to the destination network isrepresented by the sum of the metricsassociated with all intermediate links

The routing process uses the metric value toselect a preferred path to each destination

Multiple paths can be used if metric valuesare equal

Routing DecisionsIn a routed network, the routing process relies on the routing protocol to maintaina loop-free topology. In addition to maintaining a loop-free topology, the routingprocess must locate the best path to every destination network.

The concept of what is the ‘best’ path to any destination is what distinguishesdifferent routing protocols in the TCP/IP environment. Each routing protocol usesa different measurement as to what is ‘best’. Routers advertise the path to anynetwork in terms of a metric value. Some common examples of metrics are: hopcount (how many routers to pass through), cost (based on bandwidth) andcomposite (using several parameters in their calculation). If the destinationnetwork is not local to this router, then the path is represented by the total ofmetric values defined for all of the links that must be traversed to reach thatnetwork.

Once the routing process knows the metric values associated with the differentpaths (assuming that multiple paths exist), then the routing decision can be made.The routing process will select the path that has the smallest metric value. InCisco routers, if multiple, lowest, equal metric paths exist in an IP environment,then, load sharing (also known as load balancing) will be in effect across themultiple paths. Cisco supports up to six equal metric paths to a commondestination network.



RIP Routing MetricsRIP Routing Metrics

Routing metric used by RIP is hop countUsing a neighboring router interface is a hop

Routing process arbitrarily selects a path fromseveral possible paths

IP load balancing is enabled by default

TR

10.0

5.15.2

5.3

5.4

C 4.0 dir conn Ser0C 5.0 dir conn Eth0

R 10.0 [120/4] via 5.2, Eth0R 10.0 [120/4] via 5.3, Eth0R 10.0 [120/4] via 5.4, Eth0

4.0FDDI

RIP Routing MetricsThe Routing Information Protocol (RIP) is a commonly used routing protocol insmall-to-medium sized TCP/IP networks. RIP uses hop count as a metric (basedupon how many neighboring routers must be passed through to reach thedestination). In the topology indicated above, traditional RIP implementationswould arbitrarily choose one path in order to reach network 10.0. In this case,only the selected path would be displayed in the routing table.

In Cisco routers, the RIP implementation is such that multiple equal hop paths canbe shared. In the graphic above, notice that network 10.0 can be reached by threedifferent paths that vary in bandwidth but have an equal hop count. As a result ofthe equal metric, all three paths will be displayed in the routing table as the lowestmetric path. This graphic illustrates that bandwidth is not a consideration in RIP’sunderstanding of the ‘best’ path to reach network 10.0. In addition, this topologyis for demonstration purposes only and does not represent an optimal networkdesign.



IGRP Routing MetricsIGRP Routing Metrics

Routing metric used by IGRP is compositeBandwidth, delay, reliability, load, MTU

Routing process selects the “fastest” pathIP load balancing is enabled by default

C 4.0 dir conn Ser0C 5.0 dir conn Eth0

I 10.0 [100/327684] via 5.4, Eth0

TR

10.0

5.15.2

5.3

5.4

4.0FDDI

IGRP Routing MetricCisco’s IGRP is a commonly used routing protocol in medium-to-large sizedTCP/IP networks. IGRP uses a composite metric, one based upon bandwidth,delay, reliability, load, and Maximum Transfer Unit (MTU). In IGRP’s standardalgorithm computation, only the bandwidth and delay values are enabled bydefault.

Load balancing is enabled for all IP routing protocols implemented by Cisco.IGRP’s composite metric can distinguish subtle differences in link characteristicsand, therefore, will select the highest bandwidth (fastest) path to the destinationnetwork. In the graphic above, the FDDI-link path is selected because its’ 100Mbps bandwidth is higher than the other available paths. If equal (at least equalwithin one percent) metric paths exist, load balancing will be in effect. IGRP iscapable of load balancing across as many as six equal metric paths. Again, thistopology is for demonstration purposes only and does not represent an optimalnetwork design.



Routers Forward TrafficRouters Forward Traffic

Routing protocols maintain neighborrelationships with adjacent (connected) routers• Neighboring routers/routing protocols exchange

frames containing either:

– Hello packets

– Routing update packets

• Routing tables contain routes learned fromneighboring routers

Routers forward traffic to the destinationnetwork by passing packets to the next-hoplogical device (router) in the delivery path

Routers Forward TrafficImmediately after a router completes its’ startup procedure, the router attempts toestablish a routing relationship with neighboring routing devices. The purpose ofthis initial communication is to identify the neighboring devices and to beginlearning the network topology. The method of establishing adjacencies and initiallearning of the topology varies between different routing protocols. Often,broadcast frames are used to locate the neighboring devices, especially until themedia access control (MAC) addresses of the adjacent network interface card(NIC) cards are learned.

The routing process, via the routing protocol, establishes a peer relationship at thesoftware layers (layers four through seven) of the OSI reference model with theneighboring routers. The routing protocol(s) will exchange either periodic Hellomessages or periodic routing updates to maintain the on-going communicationbetween the neighbors.

Once the network topology is understood and the routing table contains the ‘best’path to all known destination networks, the forwarding of traffic can begin. Thefunction of forwarding transient packets by the router is referred to as theswitching. The switching function relies heavily on the router knowing the MACaddress of the next-hop routing device. The MAC address learning process was acritical phase in establishing the neighbor relationship after startup. The graphicon the following page summarizes the switching operation performed by therouter.



Maptable

(WAN)

Basic Switching FunctionsBasic Switching Functions

Check framing andbuffer packet

Associate destination logicaladdress with next-hop

logical device and outbound interface

Associate next-hop logicaldevice with physical address

to create frame header

Create framing andforward packet

Inboundinterface

Routingtable

ARPcache(LAN)

Outboundinterface

Maintained byrouting protocol*

Maintained byARP or InverseARP process*

1

2

3

4

* Manual entries available

Basic Switching FunctionsIn order to forward a packet that has arrived at a router interface, the router mustperform the switching function. The switching function needs the end result of therouting function, which is a routing table entry that points to the destinationlogical network. The switching function has four basic steps:

■ A packet transiting the router will be accepted into the router if the frame (inwhich the packet resides) header contains the MAC address of one of therouter’s NIC cards. If properly addressed, once the framing is checked, theframe and its content (the packet) will be buffered pending further processing.The buffering occurs in main memory or some other specialized memorylocation.

■ The switching process checks the destination logical network portion of thepacket header against the network/subnetwork entries in the routing table. Ifthe search is successful, the switching process associates the destinationnetwork with a next-hop logical device and an outbound interface.

■ Once the next-hop logical device address is known, a lookup is performed tolocate a physical address for the next device in the relay chain. The lookup isperformed in an Address Resolution Protocol (ARP) table for local-areanetwork (LAN) interfaces or a map table for wide-area network (WAN)interfaces. The contents of these tables can be created either by dynamicmeans or by manual entries.

■ Once the physical address of the next delivery device is known, an overwriteof the frame header occurs in the memory locations where the frame (andpacket) is buffered. After the frame header is created, the frame isprogrammatically moved to the outbound interface for transmission onto themedia. As the frame is placed on the media, the outbound interface adds theCRC character and ending delimiters to the frame. These characters will needto be validated at the arriving interface on the next-hop relay device.



Classful Routing OverviewClassful Routing Overview

Classful routing protocols are a consequence ofthe distance vector method of route calculation

• RIPv1

• IGRP

Routing masks are not carried within the routine,periodic routing updates

Within a network, consistency of mask isassumed

Classful Routing OverviewClassful routing is a consequence of the fact that routing masks are not advertisedin the periodic, routine, routing advertisements generated by distance vectorrouting protocols.

In a classful environment, the receiving device must know the routing maskassociated with any advertised subnets or those subnets cannot be advertised to it.How would the receiving device know the mask of an advertised subnet? Thereare two ways this information can be gained:

■ Share the same routing mask as the advertising device

■ If the routing mask does not match, this device must summarize the receivedroute a classful boundary and send the default routing mask in its ownadvertisements.



Classful RoutesClassful Routes

Subnetwork routes are shared by devices withinthe same network

Summary routes are exchanged between foreignnetworks

Summary routes are automatically created atmajor network boundaries

Classful RoutesClassful routing protocols, such as RIPv1 and IGRP, exchange routes tosubnetworks within the same network. This is possible because all of thesubntworks in the major network will have the same routing mask. Thisconsistency is enforced by administrative controls invoked by the networkadministrators.

When routes are exchanged with foreign (networks whose network portion doesnot match ours) networks, subnetwork information from this network cannot beincluded because the routing mask of the other network is not known. As a result,the subnetwork information from this network must be summarized to a classfulboundary using a default routing mask prior to inclusion in the routing update.The creation of a classful summary route at major network boundaries is handledautomatically by classful routing protocols. Summarization at other points withinthe major network address is not allowed by classful routing protocols.



Classful SubnettingRequirements

Classful SubnettingRequirements

All router interfaces in the network must havethe same subnet mask

This approach may not fully utilize availableallocation of host addresses

201.222.5.129 /27

201.222.5.98 /27

201.222.5.33 /27 201.222.5.65 /27

201.222.5.97 /27

S1

S0

E1E0

E0A requirement for only

two host addresses -Forced to allocate 30

host addresses

Classful Subnetting RequirementsWhen performing subnetting in conjunction with a classful routing protocol, caremust be taken to assign the same subnet mask to all router interfaces in theclassful routing domain. This consistency is a requirement for subnetwork routesto be advertised correctly.

The consistency of subnet mask has a potential downside from the standpoint ofefficient address allocation. While a 27-bit mask, as shown in the graphic above,allocates the proper number of host addresses (approximately 30 addresses) ontoeach Ethernet segment, not all of the 30 addresses can be utilized on the seriallink.



Distance Vector RoutingUpdate Traffic

Distance Vector RoutingUpdate Traffic

In a distance vector environment, routingupdates are propagated only to directly-connected neighbors

Routing Table

All Routes

Distance Vector Routing Update TrafficThe periodic, routine, routing updates generated by distance vector routingprotocols are only addressed to directly-connected routing devices. Theaddressing scheme most commonly used is a logical broadcast, although unicastupdates can be specified.

In a distance vector environment, the routing update includes a complete routingtable. By receiving a neighbor’s full table, a router can verify all of the knownroutes and make changes to the local table based upon updated informationreceived from the neighboring router. This process is easily understood, but itbecomes obvious that this router’s understanding of the network is based upon theneighbor’s perspective of the network topology. The distance vector approach torouting is sometimes referred to as “routing by rumor”.



Distance Vector ProtocolComparison Chart

Distance Vector ProtocolComparison Chart

Characteristic RIPv1 RIPv2 IGRP EIGRP

Count to infinity X X XSplit horizon with poison reverse X X X XHold-down timer X X XTriggered updates with route poisoning X X X X

Load balancing - equal paths X X X XLoad balancing - unequal paths X XVLSM support X XRouting algorithm B-F B-F B-F DUALMetric Hops Hops Comp CompHop count limit 16 16 100 100Scalability Med Med Large Large

** Enhanced IGRP is an advanced distance vector protocol

**

Distance Vector Protocol Comparison ChartThe chart above compares the characteristics of the different distance vectorrouting protocols supported on Cisco routers. Most distance vector routingprotocols use the Bellman-Ford (B-F) algorithm for route calculation. EnhancedIGRP is an advanced distance vector protocol and uses the Diffusing Update-based algorithm (DUAL).

The hop count limit for IGRP defaults to 100 but is configurable up to amaximum of 255 hops.


Written Exercise: Comparing Distance VectorRouting Protocols

Objective: Describe the operating characteristics of different distance vectorrouting protocols.

1. Complete the following table by indicating which protocol(s) demonstrate thecharacteristic shown in the right-hand column.Indicate your choice(s) in the left-hand column by entering one or more of thefollowing distance vector routing protocols: RIPv1, RIPv2, IGRP, EIGRP

Protocol Characteristic

Has a hop count limitation of 15 hops

Uses broadcast packets to propagate routing updates

Has an administrative distance of 100

Supports split horizon to avoid routing loops

Uses a composite metric to determine best path

Employs a count to infinity concept to avoid routing loops

Can select preferred path based upon bandwidth consideration

Supports variable length subnet masks (VLSM)

Is supported by all vendors of routing equipment

2. Which of the following statements are true for all distance vector routingprotocols? Indicate your selection by placing a T in the blank area in front ofeach statement.

_______ Routing updates contain all routes in the routing table

_______ Load balancing of equal metric paths in enabled by default

_______ Automatic route summarization occurs at major networkboundaries

_______ Length of the subnet mask is carried in the routing update

_______ Consistency of subnet mask is a network design requirement


Case Study: Using Distance Vector RoutingProtocols


Distance Vector Case StudyDistance Vector Case Study

TokenRing

TokenRing

Class C

Class C

Class C

Gigabit EthernetFast EthernetEthernetSerial

Distance vector routing protocols are commonly deployed in small to mediumsized networks. These protocols are popular, well understood, and straight-forward to configure. Although distance vector protocols, such as RIP and IGRP,are widely deployed there are still some operational guidelines that must beadhered to.

Some operational concepts that require consideration include:

■ Topology considerations

■ Metric limitations

■ Routing update traffic

■ Convergence

■ Ease of configuration and management



Classless Routing OverviewClassless Routing Overview

Classless routing protocols include the routingmask with the route advertisement• Open Shortest Path First (OSPF)

• Enhanced IGRP

• RIPv2

• IS-IS

• BGP

Routing updates triggered by topology changes

Summary routes manually controlled at anypoint within the network

Classless Routing OverviewClassless routing protocols can be considered as second generation protocolsbecause they are designed to deal with some of the limitations of the earlierclassful protocols.

One of the most serious limitations in a classful network environment is that therouting mask is not exchanged during the routing update process. This originalapproach required the same routing mask be used on all subnetworks. Theclassless approach advertises the routing mask for each route and therefore a moreprecise lookup can be performed in the routing table.

Once the initial topology learning phase is complete, updates about networkroutes are triggered by changes in topology. The event-driven approach reducesthe periodic bandwidth consumption associated with full table updates.

Classless routing protocols also addressed another limitation of the classfulapproach: the need to summarize to a classful network with a default routingmask at major network boundaries. In the classless environment, thesummarization process is manually controlled and can be invoked at any pointwithin the network. Since subnet routes are propagated throughout the routingdomain, summarization is required to keep the size of the routing tables at amanageable size.



Classless SubnettingRequirements

Classless SubnettingRequirements

Router interfaces within the same network canhave different subnet masks

Variable length subnet masking (VLSM) is supported

This approach maximizes allocation of availablehost addresses

201.222.5.129 /27

201.222.5.209 /30

201.222.5.33 /27 201.222.5.65 /27

201.222.5.210 /30

S1

S0

E1E0

E0A requirement for only

two host addresses -VLSM support

accommodates this

Classless Subnetting RequirementsAnother limitation of classful routing protocols was the requirement for aconsistent mask to be applied to all router interfaces within the major network.This strict (classful) approach resulted in inefficient utilization of host addressesClassless routing protocols understand that different routes within a majornetwork can have different masks. The use of different masks within a majornetwork is referred to as Variable Length Subnet Masking (VLSM). Classfulrouting protocols support VLSM and that in turn leads to more efficientutilization of host addresses. In the graphic above, the serial link has beenconfigured with a subnet mask that properly supports the link’s requirement foronly two host addresses.



Link-State Routing Update Traffic

Link-State Routing Update Traffic

In a link-state environment, link-stateannouncements are propagated to all devices inthe routing domain

Hierarchical design can limit the requirement tonotify all devices

Routing Table

One Route

Link State Routing Update TrafficLink state routing protocols generate routing updates only when there is a changein the topology. When a link changes state, a link-state advertisement (LSA)concerning that link (route) is created by the device that detected the change andpropagated to all neighboring devices using a special multicast address. Eachrouting device takes a copy of the LSA, updates its topological database andforwards the LSA to all neighboring devices. This ‘flooding’ of the LSA isrequired to ensure that all routing devices update their database before creating anupdated routing table that reflects the new topology.

Most link-state routing protocols require a hierarchical design, especially tosupport proper address summarization. The hierarchical approach, such ascreating multiple logical areas for OSPF, reduces the need to flood an LSA to alldevices in the routing domain. The use of areas restricts the flooding to the logicalboundary of the area rather than to all devices in the OSPF domain. In otherwords, a change in one area should only cause routing table recalculation in thatarea, not in the entire domain.



Link-State ProtocolComparison ChartLink-State ProtocolComparison Chart

Characteristic OSPF IS-IS EIGRP

Hierarchical topology - required X X Retains knowledge of all possible routes X X XRoute summarization - manual X X XRoute summarization - automatic XEvent triggered announcements X X X

Load balancing - equal paths X X XLoad balancing - unequal paths XVLSM support X X XRouting algorithm Dijks IS-IS DUALMetric Cost Cost CompHop count limit 200 1024 100Scalability Large VryLg Large

** Enhanced IGRP has some link-state features

**

Link State Routing Protocol Comparison ChartThe chart above compares some of the characteristics exhibited by link-staterouting protocols. Enhanced IGRP is technically an advanced distance vectorprotocol, but it demonstrates some link-state features.

The routing algorithm used by OSPF is the Dijkstra algorithm. Iintermediatesystem-to- intermediate system (IS-IS) is the routing algorithm used by theInternational Standards Organization (ISO) protocol suite, which includesconnectionless network services (CLNS). Enhanced IGRP uses DistributedUpdate-based algorithm (DUAL) in its route calculations.


Written Exercise: Comparing Link State RoutingProtocols

Objective: Describe the operating characteristics of link-state routingprotocols

1. Complete the following table by indicating which protocol(s) demonstrate thecharacteristic shown in the right-hand column.Indicate your choice(s) in the left-hand column by entering one or more of thefollowing distance vector routing protocols: OSPF, IS-IS, EIGRP


Maintains additional tables to assist in rapid convergence

Uses broadcast packets to propagate topology updates

Has an administrative distance of 115

Supports flooding of updates to avoid routing loops

Requires a hierarchical design to operate correctly

Allows manual route summarization at any location

Can select preferred path based upon bandwidth consideration


Is supported by all vendors of routing equipment

2. Which of the following statements are true for all link-state routingprotocols? Indicate your selection by placing a T in the blank area in front ofeach statement.

_______ Routing updates contain only the affected routes in the routingtable

_______ Load balancing of equal metric paths in enabled by default





Case Study: Using Link State Routing Protocols


Link-State Case StudyLink-State Case Study

Area

DR BDR

FDDI

TokenRing

Hi-speedCore


Link state routing protocols are commonly deployed in medium to large-scalenetworks. Implementation of these protocols requires that sound design principlesbe followed with an eye towards a hierarchical topology. A hierarchical structureis important for both router functionality and for address allocation.

Some operational concepts that require consideration include:

■ Topology considerations

■ Metric limitations

■ Routing update traffic

■ Convergence

■ Ease of configuration and management



ConvergenceConvergence

Convergence is the time that it takes for allrouters to agree on the network topology aftera change

• New routes being added

• Existing routes changing state

Convergence time is effected by:

• Update mechanism (hold-down timers)

• Size of the topology table

• Route calculation algorithm

ConvergenceIn a routed network, the routing process in each router must maintain a loop-free,single path to each possible destination logical network. When all of the routingtables are synchronized and each contains a usable route to each destinationnetwork, the network is described as being ‘converged’. Convergence is theactivity associated with making the routing tables synchronized after a topologychange occurs. Convergence efforts are different within different routingprotocols and the default timers used within the same routing protocol can varyby vendor implementation.

Convergence time can vary within any network. One of the critical questions tobe answered when measuring convergence time is how was the link changedetected? Using the OSI reference model terminology as a guideline, there are atleast two different detection methods. First, when the NIC (at the Physical/DataLink layer) fails to receive three consecutive keepalives, the link is considered tobe down. Second, when the routing protocol (at the Network/Transport Layer)fails to receive three consecutive Hello messages (or routing updates, etc.), thelink is considered to be down.

Once the detection method is understood, factors associated with routing protocoloperation come into play. Most routing protocols have timers that preventtopological loops from forming during periods of link transition. For example,when a route is suspect, it is placed in hold-down and no new routing informationabout that route will be accepted until the hold-down timer expires. This approachgives the network topology an opportunity to stabilize before new routecalculations are performed. Unfortunately, a network cannot converge morerapidly than the duration of the hold-down timer. The concept of a hold-downtimer is primarily associated with distance vector routing protocols. In addition totimer values, other factors such as the size of internet, the efficiency of therouting algorithm and how the failure information is radiated all affectconvergence time. Some examples are shown on the following pages.



RIP ConvergenceRIP Convergence

Steps of convergence:1. C detects link failure; sends flash update, goes to D and B

- Route is poisoned to B and D; removed from C’s routing table2. C sends a request to neighbors for alternate path

- Broadcast for v1, multicast for v23. D reports no alternate path; B reports route with weaker metric

- Route via B immediately placed in routing table4. C advertises route via B in periodic update to D

- No change to table because route is in hold-down5. In D, E, and F, as hold-down timer expires, route added to table

- New route propagated in periodic updateConvergence time at F: 6 update intervals + 60 seconds

S1

S0

E1 E0

S0

S0

E0F E

B

ACD

RIP ConvergenceThe sequence of events for RIP convergence is as follows:

1. Router C detects the link failure between A and C, C sends a flash updatewith a poisoned route to B and D. D creates a new flash update and sends it toE. E creates a new flash update and sends it to F. C purges the entry for thedown link and removes all routes associated with that link from the routingtable.

2. Router C sends a query to its neighbors on 255.255.255.255 (v1) and224.0.0.9 (v2). D responds with a poisoned route and B responds with a routewith a weaker metric. The route from B is immediately installed in therouting table.

3. Router C does not go into hold-down because the entry was already purged.

4. Router D is in hold-down for the failed route. When C makes its periodicadvertisement that the route is available with a weaker metric, D ignores theroute because it is in hold-down. D continues to send a poisoned route to C inD’s updates.

5. As routers D, E, and F come out of hold-down, the new route announced by Cwill cause their routing table entries to be updated.

From F’s perspective, convergence time is the total of detection time, plus hold-down time, plus two update times (D to E and E to F), plus one partial or fullupdate time. The actual time to converge at F could exceed 240 seconds orapproximately four minutes.



IGRP ConvergenceIGRP Convergence

Steps of convergence:1) C detects link failure; sends flash update, goes to D and B

- Route is poisoned to B and D; removed from C’s routing table2) C sends query to neighbors for alternate route

- Broadcast on all interfaces3) C receives route with weaker metric from B; no route from D

- Route via B placed in routing table4) C advertises route via B in flash update to D and B

- No change to table because route is in hold-down5) In D, E, and F, as hold-down timer expires, route added to table

- New route propagated in periodic updateConvergence time at F: 5 update intervals + 30 seconds

S1

S0

E1 E0

S0

S0

E0F E

B

ACD

IGRP ConvergenceThe sequence of events for IGRP convergence is as follows:

1. Router C detects the link failure between A and C, C sends a flash updatewith a poisoned route to B and D. D creates a new flash update and sends it toE. E creates a new flash update and sends it to F. C purges the entry for thedown link and removes all routes associated with that link from the routingtable.

2. Router C sends a query to its neighbors on 255.255.255.255 using allinterfaces including the one that is down. D responds with a poisoned routeand C sends (out all interfaces) a flash update without the failed link entry.

3. B responds with a route with a weaker metric. The route from B isimmediately installed in the routing table. Router C does not go into hold-down because the entry was already purged. C sends a flash update with thenew route information out all interfaces.

4. Router D is in hold-down for the failed route. When C makes its flashadvertisement that the route is available with a weaker metric, D ignores theroute because it is in hold-down. D continues to send a poisoned route to C inD’s updates.

5. As routers D, E, and F come out of hold-down, the new route announced by Cwill cause their routing table entries to be updated.

From F’s perspective, convergence time is the total of detection time, plus hold-down time, plus two update times (D to E and E to F), plus one partial or fullupdate time. The actual time to converge at F could exceed 490 seconds orapproximately six minutes.



EIGRP ConvergenceEIGRP Convergence

Steps of convergence:1) C detects link failure; has no FS, goes into active convergence

- No successor candidates present in topology database2) C sends query to B and D to get logical successor

- No route with a lower feasible distance available3) D’s response indicates no logical successor4) B’s response indicates FS with higher feasible distance5) C accepts new path and distance, adds route via B to table6) Sends flash update about higher metric, goes to D and B

- Only higher metric propagated in triggered updateConvergence time to F: approximately 2 seconds

S1

S0

E1 E0

S0

S0

E0F E

B

ACD

Enhanced IGRP ConvergenceThe sequence of events for IGRP convergence is as follows:

1. Router C detects the link failure between A and C, checks the topology tablefor a feasible successor, doesn’t find a qualifying alternate route and enters inan active convergence state.

2. C sends a Query out all interfaces for other routes to the failed link. Theneighboring routers acknowledge the query.

3. The reply from D indicates no other route to the failed link.

4. B’s reply contains a route to the failed link, although it has a higher feasibledistance.

5. Router C accepts the new path and metric information, places it in thetopology table, and creates an entry for the routing table.

6. C sends an update about the new route out all interfaces. All neighborsacknowledge the update and send updates of their own (which areacknowledged) back to the sender. These bi-directional updates are necessaryto ensure the routing tables are synchronized and to validate the neighbor’sawareness of the new topology.

From F’s perspective, convergence time is the total of detection time, plus Queryand Reply times, plus Update times. The actual time to converge at F is veryrapid, approximately two seconds.



OSPF ConvergenceOSPF Convergence

S1

S0

E1 E0

S0

S0

E0F E

B

ACD

Steps of convergence:1) C detects link failure; sends link-state advertisement, goes to D and B

- Topology change is detected, traffic forwarding suspended2) All routers update topology database; copy LSA and flood to neighbors

- All devices have topological awareness3) All routers run Dijkstra algorithm, generate new routing table

- Route via B in routing tables, traffic forwarding resumedConvergence time to F: approximately 6 seconds

OSPF ConvergenceThe sequence of events for OSPF convergence is as follows:

1. Router C detects the link failure between A and C and tries to perform a DRelection process on the LAN interface, but fails to reach any neighbors. Cdeletes the route from the routing table, builds a router LSA and sends it outall other interfaces.

2. Upon receipt of the LSA, routers B and D copy the advertisement andforward (flood) the LSA packet out all interfaces other than the one uponwhich it arrived.

3. All routers, including router C, wait five seconds after receiving the LSA andrun the shortest path first (Dijkstra) algorithm. After running the algorithm,router C adds the new route to the routing table, and routers D, E and Fupdate the metric in the routing table.After approximately 30 seconds, A sends an LSA after aging out the topologyentry from router C about the failed link. After five seconds, all routers runthe SPF algorithm again and update their routing tables to reflect that B is thepath to the failed link.

From F’s perspective, convergence time is the total of detection time, plus LSAflooding time, plus five seconds. The actual time to converge at F is very rapid,approximately six seconds and could be longer depending on the size of thetopology table. If A’s LSA about aging out of the topology entry is alsoconsidered in F’s convergence, approximately another 30 - 40 seconds could beadded before the network is again “stable”.



Single Entry

Routing UpdatesRouting Updates

RoutingTable

RoutingTable

FullTable

Distance vector

Approach

link-state

Approach

Different ways to send route information

Routing UpdatesThere are two basic ways to send routing updates: the distance vector approachand the link-state approach. These approaches are being described after the initiallearning mechanisms have completed.

Distance-vector protocols use a routine, periodic announcement that contains theentire contents of the routing table. These announcements are usually broadcastsand are propagated only to directly-connected devices. This approach allows therouter to view the network from the neighbor’s perspective and facilitates theaddition of the router’s metric to the ‘distance’ already stated by the neighboringrouter. The downside of this approach is that considerable bandwidth is consumedat regular intervals on each link even if there are no topology changes to report.

Link-state protocols use a triggered-update type of announcement. Theseannouncements are generated only when there is a topology change within thenetwork. The link-state announcements only contain information about the linkthat changed (such as a single route) and are propagated to all devices in thenetwork. The “flooding” of the announcement is required because link-statedevices all make their route calculations independently but those calculations arebased upon a common understanding of the network topology. This approachsaves bandwidth on each link because the announcements contain lessinformation, as well as, only being sent when there is a topology change. In somelink-state protocols, a periodic announcement (every 30 minutes for OSPF) isrequired to ensure that the topology database is synchronized among all routingdevices.



Routing TablesRouting Tables

Entries are listed in binary descending orderSimplifies the search mechanism

Multiple paths to a common destination can belisted

Load balancing is enabled by default for IP

Displayed by the show ip route commandEntries can be refreshed by clear ip routecommand• Specify a single entry, use network number• Specify all entries, use * as a wildcard character

Routing TablesThe entries in a routing table represent each possible logical destination networkthat is known to this router. The entries for major networks are listed in ascendingorder and, most commonly, within each major network the subnetworks are listedin descending order. The order of the entries may at times look like a randompattern, but the order is optimized by bit patterns to facilitate the lookup processbased upon length of subnet mask.

The routing process must maintain a single, loop-free path to each destinationnetwork. If equal, lowest metric paths exist to a destination, all paths (up to amaximum of six) will be listed in the routing table. The IP routing process willattempt to load share traffic across equal metric paths.

An IP routing table display can be requested with the privileged EXEC commandshow ip route. If the information that is displayed is not trusted, an update can beobtained from the neighboring devices with the clear ip route command. Anoptional keyword, either an individual network/subnetwork route or the *(wildcard for all) character, can be used to further identify the route(s) to berefreshed.



Sample Routing TableSample Routing Table

Include sample displayInclude Static, default and gateway of last resort

Sample Routing TableClick here to enter topic content.


Lab Exercise: Discovering the NetworkRefer to the Lab Guide for details about the tasks to be performed during this labexercise.

The lab will be pre-configured by the instructor and includes IP and IGRP. Thefollowing is an overview of the tasks to be performed:

■ Use show commands and CDP to discover

– Addresses

– Protocols

– Metrics

■ Analyze the contents of the routing table

■ Verify connectivity to all other pods

■ Using the addresses assigned to your pod, determine

– Subnet ID

– Host IDs

– Broadcast address


SummaryThis section summaries the tasks you learned to complete in this chapter


SummarySummary

After completing this chapter, you should beable to perform the following tasks:• List the key information routers need to

route data

• Describe classful and classless routingprotocols

• Compare distance vector and link-state protocoloperation

• Describe the use of the fields in arouting table


Answers to Exercises

Answers toExercises

Answers toExercises




Written Exercise: Comparing Distance Vector Routing Protocols

Objective: Describe the operating characteristics of different distance vectorrouting protocols.



RIPv1, RIPv2 Has a hop count limitation of 15 hops

RIPv1, IGRP Uses broadcast packets to propagate routing updates

IGRP Has an administrative distance of 100

RIPv1, RIPv2,IGRP, EIGRP


IGRP, EIGRP Uses a composite metric to determine best path

RIPv1, RIPv2 Employs a count to infinity concept to avoid routing loops

IGRP, EIGRP Can select preferred path based upon bandwidth consideration

RIPv2, EIGRP Supports variable length subnet masks (VLSM)

RIPv1 Is supported by all vendors of routing equipment



___T___ Load balancing of equal metric paths in enabled by default

___T___ Automatic route summarization occurs at major networkboundaries




Written Exercise: Comparing Link State Routing Protocols

Objective: Describe the operating characteristics of link-state routingprotocols



OSPF, IS-IS,EIGRP


None Uses broadcast packets to propagate topology updates

IS-IS Has an administrative distance of 115

OSPF Supports flooding of updates to avoid routing loops

OSPF, IS-IS Requires a hierarchical design to operate correctly

OSPF. IS-IS,EIGRP


OSPF, EIGRP Can select preferred path based upon bandwidth consideration

OSPF, IS-IS,EIGRP


OSPF Is supported by all vendors of routing equipment

2. Which of the following statements are true for all link-state routingprotocols? Indicate your selection by placing a T in the blank area in front ofeach statement.

___T___ Routing updates contain only the affected routes in the routingtable



___T___ Length of the subnet mask is carried in the routing update


.

4

Extending IP Addresses

OverviewThis chapter discusses various aspects if IP addressing.

This chapter includes the following topics:

■ Objectives

■ Issues with IP Addressing

■ IP Addressing Solutions

■ Hierarchical Addressing

■ Variable-Length Subnet Masks

■ Written Exercise: Calculating VLSMs

■ Route Summarization

■ Written Exercise: Using Route Summarization

■ Classless Inter-domain Routing

■ Case Study: Introduction to Course Case Studies

■ Summary

■ Review Questions




Objectives

Upon completion of this chapter, you willbe able to perform the following tasks:• Given an IP address, use VLSMs to extend the

use of the IP address• Given a network plan that includes IP addressing,

explain if route summarization is or is not possible


■ Given an IP address, use VLSMs to extend the use of the IP address.

■ Given a network plan that includes IP addressing, explain if routesummarization is or is not possible.

Copyright 1999, Cisco Systems, Inc. Extending IP Addresses 4-3

Issues with IP AddressingThis section discusses issues with IP addressing.


Issues with IP Addressing

U N I V E R S I T YU N I V E R S I T Y

Internet

• IP address exhaustion• Routing table growth

When IP addressing was first defined, in 1981, it was a 32-bit number that had twocomponents: a network address and a node (host) address. Classes of addresseswere also defined—class A, B, and C and later classes D and E. Since then, thegrowth of the Internet has been incredible. Two addressing issues have resultedfrom this explosion:

■ IP address exhaustion—This has largely been due to the random allocation ofIP addresses by the NIC. It is also due to the fact that subnetting with onesubnet mask may not be suitable for a typical network topology, as you willsee later in this chapter.

■ Routing table growth and manageability—One source indicates that in 1990only about 5000 routes were tracked in order to use the Internet. This numberhad grown to 74,000 routes by 1999. In addition to the exponential growth ofthe Internet, the random assignment of IP addresses throughout the world hasalso contributed to the exponential growth of routing tables.

Next-generation IP (IP version 6) tries to respond to these problems by introducinga 128-bit address. In the meantime Internet Request For Comments (RFCs), havebeen introduced to enable the current IP addressing scheme to continue to beuseful.


IP Addressing SolutionsThis section identifies solutions to IP addressing issues.


IP Addressing Solutions

• Subnet Masking, RFC 1812• Address Allocation for Private Internets, RFC

1918• Network Address Translation, RFC 1631

• Hierarchical Addressing

• Variable-Length Subnet Masks, RFC 1812

• Route Summarization, RFC 1518

• Classless Inter-Domain Routing, RFCs 1518,

1519

Since the 1980s, solutions have been developed to slow the depletion of IPaddresses and to reduce the number of Internet route table entries by enablingmore hierarchical layers in an IP address. These solutions include:

■ Subnet Masking—RFCs 950 (1985), 1812 (1995)—Developed to add anotherlevel of hierarchy to an IP address. This additional level allows for extendingthe number of network addresses derived from a single IP address. (Subnetmasking is discussed in chapter 3 of this course and in detail in theInterconnecting Cisco Network Devices [ICND] course.)

■ Address Allocation for Private Internets—RFC 1918 (1996)—Developed fororganizations that do not need much access to the Internet. The only reason tohave a NIC-assigned IP address is to interconnect to the Internet. Any and allcompanies can use the privately assigned IP addresses within theirorganization, rather than using a NIC-assigned IP address unnecessarily.(Private addresses are discussed in chapter 14 of this course and in theBuilding Cisco Remote Access Networks [BCRAN] course).

■ Network Address Translation (NAT)—RFC 1631 (1994)—Developed forthose companies that use private addressing or use non-NIC-assigned IPaddresses. This strategy enables an organization to access the Internet with aNIC-assigned address, without having to reassign the private or “illegal”addresses that are already in place. (NAT is discussed in chapter 14 of thiscourse and in the BCRAN course).

■ Hierarchical Addressing— Applying a structure to addressing such thatmultiple addresses share the same leftmost bits. Hierarchical addressing isdiscussed later in this chapter.


■ Variable-Length Subnet Masks (VLSMs)—RFC 1812 (1995)—Developed toallow multiple levels of subnetworked IP addresses within a single network.This strategy can only be used when it is supported by the routing protocol inuse, such as OSPF and EIGRP. VLSMs are discussed later in this chapter.

■ Route Summarization—RFC 1518 (1993)—A way of having a single IPaddress represent a collection of IP addresses when you employ a hierarchicaladdressing plan. Route summarization is discussed later in this chapter.

■ Classless Inter-Domain Routing (CIDR)—RFCs 1518, 1519 (1993), 2050(1996)—Developed for ISPs. This strategy suggests that the remaining IPaddresses be allocated to ISPs in contiguous blocks, with geography being aconsideration. CIDR is discussed later in this chapter.


Hierarchical AddressingThis section discusses what hierarchical addressing is and the benefits of using it.


Planning an IP AddressHierarchy

Does a telephone switch in California know how toreach a specific phone (1-703-555-1212) inVirginia?

Long (Remote)Distance

Long DistanceVirginia

Path to 703(An area codesummarizes

an area in VA)

Path to 555(A Prefix

summarizes a smaller area

in VA)

Path to 1212(Number)

Local OfficeAlexandria

Local Office

Aunt JudyCalifornia

Path to 1(A numberindicates

destinationis remote)

What is an addressing hierarchy, and why do you want to have it?

Perhaps the best known addressing hierarchy is the telephone network. Thetelephone network uses a hierarchical numbering scheme that includes countrycodes, area code, and local exchange numbers. For example, if you are in San Jose,California and call someone else in San Jose, then you dial the San Jose localexchange number, 528, and the person’s telephone number, 7777. The centraloffice, upon seeing the number 528, recognizes that the destination telephone iswithin its area so it looks for number 7777 and transfers the call.

To call Aunt Judy in Alexandria, Virginia from San Jose, dial 1, then the areacode, 703, the Alexandria prefix, 555, then Aunt Judy’s local number, 1212. Thecentral office first sees the number 1, indicating a remote call, then looks up thenumber 703. The central office immediately routes the call to a central office inAlexandria. The San Jose central office does not know exactly where 555-1212 isin Alexandria, nor does it have to. It only needs to know the area codes, whichsummarize the local telephone numbers within an area.

If there were no hierarchical structure, every central office would need to haveevery telephone number, worldwide, in its locator table. Instead, the central officeshave summary numbers, such as area codes and country codes. A summarynumber (address) represents a group of numbers. For example, an area code suchas 408 is a summary number for the San Jose area. That is, if you dial 1- 408 fromanywhere in the United States, then a seven-digit telephone number, the centraloffice will route the call to a San Jose central office. This is the kind of addressing


strategy that the Internet gurus are trying to work toward, and that you as anetwork administrator should implement in your own internetwork.



Benefits of HierarchicalAddressing

• Reduce the number of route table entries

–Summarize multiple addresses into routesummaries

• Efficient allocation of addresses

–Contiguous address assignment allowsyou to use all possible addresses

The benefits of hierarchical addressing include:

■ Reduced number of routing table entries—Whether it is with your Internetrouters, or your internal routers, you should try to keep your routing tables assmall as possible by using route summarization. Route summarization is a wayof having a single IP address represent a collection of IP addresses when youemploy a hierarchical addressing plan. By summarizing routes, you can keepyour routing table entries manageable, which means:

— More efficient routing.

— Reduced number of CPU cycles when recalculating a routing table, orsorting through the routing table entries to find a match.

— Reduced router memory requirements.

— Faster convergence after a change in the network.

— Easier troubleshooting

■ Efficient allocation of addresses—Hierarchical addressing enables you to takeadvantage of all possible addresses because you group them contiguously.With random address assignment, you may end up wasting groups ofaddresses because of addressing conflicts. For example, recall that classfulrouting protocols automatically create summary routes at a network boundary.These protocols therefore do not support discontiguous addressing (as you willsee later in this chapter), so some addresses would be unusable if not assignedcontiguously.


Variable-Length Subnet MasksThis section introduces variable-length subnet masks, including some examples,and discusses VLSM use with classless and classful routing protocols.


What Is a Variable-LengthSubnet Mask?

HQ

C

B

172.16.14.32/27

172.16.14. 64/27

172.16.14.96/27

172.16.14.132/30172.16.14.136/30

172.16.14.140/30

• Subnet 172.16.14.0/24 is divided into smaller subnets:– Subnet with one mask at first (/27)

– Further subnet one of these subnets not used elsewhere(/30)

A

172.16.1.0/24

172.16.0.0/16

172.16.2.0/24

VLSMs provide the ability to include more than one subnet mask within anetwork, and the ability to subnet an already subnetted network address. Thebenefits of VLSMs include:

■ Even more efficient use of IP addresses—Without the use of VLSMs,companies are locked into implementing a single subnet mask within an entireclass A, B or C network number.

For example, consider the 172.16.0.0/16 network address divided into subnetsusing /24 masking, and one of the subnetworks in this range, 172.16.14.0/24,further divided into smaller subnets with the /27 masking, as shown in thegraphic. These smaller subnets range from 172.16.14.0/27 to172.16.14.224/27. In the graphic, one of these smaller subnets, 172.16.14.128,is further divided with the /30 prefix, creating subnets with only two hosts, tobe used on the WAN links.

■ Greater capability to use route summarization—VLSMs allow for morehierarchical levels within your addressing plan, and thus allow for better routesummarization within routing tables. For example, in the graphic, subnet172.16.14.0/24 summarizes all of the addresses that are further subnets of172.16.14.0, including those from subnet 172.16.14.0/27 and from172.16.14.128/30.

Route summarization is discussed in more detail later in this chapter.



Classless and ClassfulRouting Updates

172.16.2.0/24 192.168.5.0/24172.16.1.0/24

172.16.2.0 172.16.0.0

172.16.2.0/24 192.168.5.0/24172.16.1.0/24

172.16.2.0/24A B C

172.16.2.0/24

Routing Table172.16.0.0/16

Routing Table172.16.2.0/24172.16.1.0/24

A B C

172.16.1.0/24

RIPv1 Network

OSPF Network

VLSMs can be used when the routing protocol sends a subnet mask along witheach network address. As discussed in chapter 3, routing protocols that include asubnet mask are known as classless routing protocols; they include RIPv2, OSPF,EIGRP, BGP, and ISIS. As also discussed in chapter 3, routing protocols that donot send subnet mask information along with each network address are known asclassful routing protocols. RIPv1 and IGRP are classful routing protocols andtherefore do not support VLSMs.

RIPv1 and IGRP networks support only one subnet mask per network addressbecause routing updates do not include a subnet mask field. As a result, uponreceiving a packet, the router does one of the following to determine the networkportion of the destination address:

■ If the routing update information is about the same network number asconfigured on the receiving interface, the router applies the subnet mask that isconfigured on the receiving interface.

■ If the routing update information is about a network address that is not thesame as the one configured on the receiving interface, the router will apply thedefault (by class) subnet mask.

For example, in the graphic the RIPv1 network Router B is attached to network172.16.1.0/24. Therefore, if Router B learns about any network on this interfacethat is also a subnet of the 172.16.0.0 network, it will apply the subnet maskconfigured on its receiving interface (/24) to that learned network. But, notice howRouter C, which is attached to Router B via the 192.168.5.0/24 network, handlesrouting information about network 172.16.0.0. Rather than using the subnet maskthat Router B knows about (/24), Router C applies the default (classful) subnetmask for a class B address (/16) when it receives information about 172.16.0.0.(Also notice that Router B summarized the routing information about the172.16.0.0 network when sending it to Router C, because it was sent over aninterface in a different network.)


It is impossible in this kind of environment to further subnet already subnetted IPaddresses without causing confusion. Instead VLSMs can be used only when therouting protocol sends subnet mask information along with the network address.

To contrast, in the lower graphic the OSPF network Router B passed the subnetand subnet mask information to Router C; Router C put the subnet details into itsrouting table. Router C did not have to use any default masks for the receivedrouting information.



Calculating VLSMs

1st Subnet: 10101100 . 000 10000 .0010 0000.00 000000=172.16.32.02nd Subnet: 172 . 16 .0010 0000. 01 000000=172.16.32.643rd Subnet: 172 . 16 .0010 0000.1 0 000000=172.16.32.1284th Subnet: 172 . 16 .0010 0000. 1 000000=172.16.32.1925th Subnet: 172 . 16 .0010 0001.0 0 000000=172.16.33.0

Network Subnet VLSMSubnet

Host

Subnetted Address: 172.16.32.0/20In Binary 10101100. 00010000.00100000.00000000

VLSM Address: 172.16.32.0/26In Binary 10101100. 00010000.00100000.00000000

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

1

As already discussed, VLSMs allow you to subnet an already subnetted address.Consider, for example, that you have a subnet address 172.16.32.0/20 and youneed to assign addresses to a network that has ten hosts. With this subnet address,however, you have over 4000 (212-2=4094) host addresses, so you would bewasting over 4000 IP addresses. With VLSMs you can further subnet the address172.16.32.0/20 to give you more network addresses and fewer hosts per network,which would probably work better in this network topology. If, for example, yousubnet 172.16.32.0/20 to 172.16.32.0/26, you gain 64(=26) subnets, each of whichcould support 62 (=26-2) hosts.

To further subnet 172.16.32.0/20 to 172.16.32.0/26 do the following:

1. Write 172.16.32.0 in binary form.

2. Draw a vertical line between the 20th and 21st bits, as shown in the graphic.

3. Draw a vertical line between the 26th and 27th bits, as shown in the graphic.

4. Calculate the 64 subnet addresses using the bits between the two vertical lines,from lowest to highest in value. The graphic shows the first five subnetsavailable. If necessary, refer to the “Job Aid: Binary – Decimal ConversionChart” in Appendix A.



A Working VLSM Example

172.16.32.0/26

Derived from the 172.16.32.0/20 Subnet

172.16.32.64/26

172.16.32.128/26

172.16.32.192/26Derived from the 172.16.33.0/26 Subnet

172.16.33.0/30

172.16.33.4/30

172.16.33.8/30

172.16.33.12/30

26 bit mask(62 hosts)

30 bit mask(2 hosts)

VLSMs are commonly used to maximize the number of possible addressesavailable for a network. For example, because point-to-point serial lines requireonly two host addresses, you want to use a subnetted address that will not wastescarce subnet numbers.

In the graphic, the addresses used on the ethernets are those generated on theprevious page, “Calculating VLSMs”. This graphic illustrates where the addressescan be applied, depending on the number of hosts anticipated at each layer. Forexample, the WAN links use addresses with a prefix of /30. This prefix allows foronly 2 hosts—just enough hosts for a point-to-point connection between a pair ofrouters.

To calculate the addresses used on the WAN links, further subnet one of theunused subnets. In this case, we further subnetted 172.16.33.0/26 with a prefix of/30. This provides 4 more subnet bits and therefore 24 = 16 subnets for the WANs.

Note It is important to remember that only subnets that are unused can be further

subnetted. In other words, if you use any addresses from a subnet, that subnet cannot befurther subnetted. In the example in the graphic, four subnet numbers are used on theLANs. Another, unused, subnet, 172.16.33.0/26, is further subnetted for use on the WANs.


Written Exercise: Calculating VLSMsObjective: Given an IP address, use VLSMs to extend the use of the IP address.

Task: You are in charge of the network in the graphic below. It consists of 5LANs with 25 users on each segment and 5 serial links. You have been assignedthe IP address 192.168.49.0/24 to allocate addressing for all links.


Written Exercise

Using VLSMs, define appropriate subnets for addressing the networks using 192.168.49.0/24.

HQC

D

B

E

A25 Users

25 Users

25 Users

25 Users

25 Users

C Serial

D Serial

E Serial

A SerialB Serial

Addresses forWAN links

A

B

C

E

D

_________________________________________________________________

_________________________________________________________________

_________________________________________________________________

_________________________________________________________________

_________________________________________________________________

_________________________________________________________________


Route SummarizationThis section describes and gives examples of route summarization, includingimplementation considerations.


What Is Route Summarization?

• Routing protocols can summarize addresses of severalnetworks into one address

I can route to the 172.16.0.0/16 network.

Routing Table172.16.0.0/16Routing Table

172.16.25.0/24172.16.26.0/24172.16.27.0/24

172.16.27.0/24

172.16.26.0/24

172.16.25.0/24

A B

In large internetworks hundreds or even thousands of network addresses can exist.In these environments, it is often not desirable for routers to maintain all theseroutes in their routing table. Route summarization, also called route aggregation orsupernetting, can reduce the number of routes that a router must maintain becauseit is a method of representing a series of network numbers in a single summaryaddress. For example, as the graphic shows, the router can either send three routingupdate entries, or summarize the addresses into a single network number.

Note The router in the graphic is saying that it can route to the network 172.16.0.0/16,

including all subnets of that network. However, if there were other subnets of 172.16.0.0elsewhere in the network (for example, if 172.16.0.0 was discontiguous), summarizing in

this way may not be valid. Discontiguous networks and summarization are discussed laterin this chapter.

Another advantage to using route summarization in a large, complex network isthat it can isolate topology changes from other routers. That is, if a specific link inthe 172.16.27.0/24 domain was “flapping”, the summary route would not change,so no router external to the domain would need to keep modifying its routing tabledue to this flapping activity.

Route summarization is most effective within a subnetted environment when thenetwork addresses are in contiguous blocks in powers of two. For example, 4, 16,or 512 addresses can be represented by a single routing entry because summary


masks are binary masks—just like subnet masks—so summarization must takeplace on binary boundaries (powers of two).

Routing protocols summarize or aggregate routes based on shared networknumbers within the network. Classless routing protocols—RIPv2, OSPF, andEnhanced IGRP—support route summarization based on subnet addresses,including VLSM addressing. Classful routing protocols—RIPv1 and IGRP—automatically summarize routes on the class network boundary, and do not supportsummarization on any other boundaries.

Summarization is described in RFC 1518, An Architecture for IP AddressAllocation with CIDR.



Summarizing within an Octet

172.16.168.0/24 = 10101100 . 00010000 .10101 000 . 00000000

= 172 . 16 .10101 001 . 0

= 172 . 16 .10101 010 . 0

= 172 . 16 .10101 011 . 0

= 172 . 16 .10101 100 . 0

= 172 . 16 .10101 101 . 0

Number of Common Bits = 21Summary: 172.16.168.0/21

Noncommon Bits = 11

172.16.169.0/24

172.16.170.0/24

172.16.171.0/24

172.16.172.0/24

172.16.173.0/24

The previous graphic illustrated a summary route based on a full octet—172.16.25.0/24, 172.16.26.0/24, and 172.16.27.0/24 could be summarized into172.16.0.0/16. What if a router received updates for the following routes—howwould the router summarize them?

■ 172.16.168.0/24

■ 172.16.169.0/24

■ 172.16.170.0/24

■ 172.16.171.0/24

■ 172.16.172.0/24

■ 172.16.173.0/24

To determine the summary route, the router determines the number of highest-order number of bits that match in all of the addresses. Referring to the list of IPaddresses on this page, 21 bits match in all of the addresses. Therefore the bestsummary route is 172.16.168.0/21, as shown in the graphic.

To allow the router to aggregate the most number of IP addresses into a singleroute summary, your IP addressing plan should be hierarchical in nature. Thisapproach is particularly important when using VLSMs, as illustrated on the nextpage.

You can summarize when the number of addresses is a power of two. If it is not apower of two you can divide the addresses into groups and summarize the groupsseparately.



Summarizing Addresses in aVLSM-Designed Network

Corporatenetwork

172.16.0.0/16

172.16

.64.0/

20

172.16.128.0/20

172.16.32.64/26

172.16.32.0/24

172.16.128.0/20

172.16.32.128/26

A

B

C

D172.16.64.0/20

A VLSM design allows for maximum use of IP addresses, as well as moreefficient routing update communication when using hierarchical IP addressing. Inthe graphic, for example, route summarization occurs at two levels:

■ Router C summarizes two routing updates from networks 172.16.32.64/26 and172.16.32.128/26 into a single update, 172.16.32.0/24.

■ Router A receives three different routing updates, but summarizes them into asingle routing update before propagating it to the corporate network.



Implementation Considerations

• Multiple IP addresses must havesame highest order bits

• Routing decisions made based onentire address

• Routing protocols must carry prefix(subnet mask) length

Route summarization reduces memory use on routers and routing-protocolnetwork traffic. Requirements for summarization to work correctly are as follows:

■ Multiple IP addresses must share the same high-order bits.

■ Routing protocols must base their routing decisions on a 32-bit IP address andprefix length that can be up to 32 bits.

■ Routing protocols must carry the prefix length (subnet mask) with the 32-bitIP address.



Route SummarizationOperation in Cisco Routers

• Supports host-specific routes, blocks ofnetworks, default routes

• Routers use the longest match

172.16.5.33 /32 host172.16.5.32 /27 subnet172.16.5.0 /24 network172.16.0.0 /16 block of networks0.0.0.0 /0 default

172.16.5.33 /32 host172.16.5.32 /27 subnet172.16.5.0 /24 network172.16.0.0 /16 block of networks0.0.0.0 /0 default

This following discusses the generalities of how Cisco routers handle routesummarization. Details about how route summarization operates with a specificprotocol are discussed in the specific protocol chapter. For example, routesummarization for OSPF is discussed in the “Interconnecting Multiple OSPFAreas” chapter.

Cisco routers manage route summarization in two ways:

■ Sending route summaries—Routing information advertised out an interface isautomatically summarized at major (classful) network address boundaries byRIP, IGRP, and Enhanced IGRP. Specifically, this automatic summarizationoccurs for those routes whose classful network address differs from the majornetwork address of the interface to which the advertisement is being sent. ForOSPF you must configure summarization.

Route summarization is not always a solution. You would not want to useroute summarization if you needed to advertise all networks across aboundary, such as when you have discontiguous networks (discussed on thenext page). EIGRP and RIPv2 allow you to disable autosummarization.

■ Selecting routes from route summaries—If more than one entry in the routingtable matches a particular destination, the longest prefix match in the routingtable is used. Several routes might match one destination, but the longestmatching prefix is used.

For example, if a routing table has different paths to 172.16.0.0/16 and to172.16.5.0/24, packets addressed to 172.16.5.99 would be routed through172.16.5.0/24 path because that address has the longest match with thedestination address.



172.16.5.0255.255.255.0

192.168.14.16255.255.255.240

172.16.6.0255.255.255.0

Summarizing Routes in aDiscontiguous Network

• RIPv1 and IGRP do not advertise subnets, andtherefore cannot support discontiguous subnets

• OSPF, EIGRP, and RIPv2 can advertise subnets,and therefore can support discontiguoussubnets

A BCRIPv1 will advertisenetwork 172.16.0.0 RIPv1 will advertise

network 172.16.0.0

Classful routing protocols summarize automatically at network boundaries. Thisbehavior, which cannot be changed with RIPv1 and IGRP, has important results:

■ Subnets are not advertised to a different major network.

■ Discontiguous subnets are not visible to each other.

In the example, the 172.16.5.0 255.255.255.0 and 172.16.6.0 255.255.255.0subnets are not advertised by RIP because RIP cannot advertise subnets; bothRouter A and Router B advertise 172.16.0.0. This leads to confusion when routingacross network 192.168.14.0; for example Router C receives routes about172.16.0.0 from two different directions so it cannot make a correct routingdecision.

This situation can be resolved by using RIPv2, OSPF, or Enhanced IGRP and notusing summarization, because the subnet routes would be advertised with theiractual subnet masks. Advertisements are configurable when using OSPF andEnhanced IGRP.

The Cisco IOS software also provides an IP unnumbered feature that permitsnoncontiguous subnets separated by an unnumbered link.



172.16.5.0/24

172.16.7.0/24

192.168.14.16255.255.255.240

Be Careful When SummarizingRoutes

• EIGRP on both Router A and Router B advertisea summarized route to 172.16.0.0/16

• Router C receives two routes to 172.16.0.0/16

• Router A (and/or B) should be configured to notsummarize

A BCEIGRP advertises

172.16.0.0/16 EIGRP advertises172.16.0.0/16

172.16.6.0/24

172.16.9.0/24

Be careful when using route summarization in a network that has discontiguoussubnets, or if not all of the summarized subnets are reachable via the advertisingrouter. If a summarized route indicates that certain subnets are reachable via arouter, when in fact those subnets are discontiguous and/or are not reachable viathat router, the network may have problems similar to those shown in the previousgraphic for a RIPv1 network.

However, since routers running classless routing protocols use the longest prefixmatch when selecting a route from the routing table, if the other subnets areadvertised without being summarized, then other routers can select the longestprefix match and follow the correct path. For example, in the graphic, if Router Acontinues to summarize to 172.16.0.0/16 and Router B was configured to notsummarize, then Router C would receive explicit routes for 172.16.6.0/24 and172.16.9.0/24 along with the summarized route to 172.16.0.0/16. All traffic forRouter B’s subnets would then be sent to Router B, while all other traffic for the172.16.0.0 network would be sent to Router A.


Written Exercise: Using Route SummarizationObjective: Given a network plan that includes IP addressing, explain if routesummarization is or is not possible.

Task: In the following graphics, indicate where route summarization can occur,and what the summarized address would be, by completing the tables.

Exercise 1


Written Exercise

Major Network 172.16.0.0/28

172.16.1.192/28 172.16.1.208/28

172.16.1.64/28 172.16.1.80/28

A B

C

D

172.16.1.96/28172.16.1.112/28

Exercise 1

172.16.1.128/28172.16.1.144/28172.16.1.176/28172.16.1.160/28172.16.1.48/28

Other NetworkAddresses

Router C Route Table Entries Routes That Can Be Advertised to RouterD from Router C


Exercise 2


Written Exercise (cont.)

172.16.1.128/28 172.16.1.144/28

172.16.1.160/28172.16.1.176/28

D

F G

H

172.16.1.48/28

Major Network 172.16.0.0/28

Exercise 2

172.16.1.192/28172.16.1.208/28172.16.1.64/28172.16.1.80/28172.16.1.96/28172.16.1.112/28

Other NetworkAddresses

Router H Route Table Entries Routes That Can Be Advertised to RouterD from Router H


Classless Inter-Domain RoutingThis section describes the classless inter-domain routing (CIDR) mechanism.


Classless Inter-domain Routing(CIDR)

• Mechanism developed to alleviateexhaustion of addresses and reducerouting table size

• Blocks of Class C addressesassigned to ISPs; ISPs assignsubsets of address space toorganizations

• Blocks are summarized in routingtables

Classless Inter-domain Routing (CIDR) is a mechanism developed to helpalleviate the problem of exhaustion of IP addresses and growth of routing tables.The idea behind CIDR is that blocks of multiple Class C addresses can becombined, or aggregated, to create a larger (that is, more hosts allowed) classlessset of IP addresses. Blocks of Class C network numbers are allocated to eachnetwork service provider. Organizations using the network service provider forInternet connectivity are allocated subsets of the service provider's address spaceas required.

These multiple Class C addresses can then be summarized in routing tables,resulting in fewer route advertisements

CIDR is described further in RFCs 1518 and 1519. RFC 2050, the InternetRegistry IP Allocation Guidelines, specifies guidelines for the allocation of IPaddresses.



CIDR Example

HQ

H

B

192.168.8.0/24

192.168.9.0/24

192.168.15.0/24

• Networks 192.168.8.0/24 through 192.168.15.0/24 aresummarized by HQ in one advertisement 192.168.8.0/21

A

.

.

.

192.168.8.0/21

192.168.15.0/24

192.168.9.0/24

192.168.8.0/24

.

.

.

The graphic shows an example of CIDR and route summarization. The class Cnetwork addresses 192.168.8.0/24 through 192.168.15.0/24 are being used and arebeing advertised to the HQ router. When the HQ router advertises the networksavailable, instead of separately advertising the eight class C networks, it cansummarize these into one route. By advertising 192.168.8.0/21, the HQ router issaying: “I can get to all destination addresses that have the first 21 bits the same asthe first 21 bits of the address 192.168.8.0”.

The mechanism used to calculate the summary route to advertise is the same asshown earlier in the chapter.


Case Study: Introduction to Course Case StudiesThis section introduces the case studies used throughout the remainder of thecourse.


Case Study: Introduction toCourse Case Studies

Internet

Acquisition B

JKL Corporation

3 Class C - PublicIP RIP Only500 Devices, out of addr.6 Hops

1 Class B - PublicRecently re-designed, optimalOSPF Area 0 - Small, RedundantOSPF Multi-Area, HierarchicalVLSM with Route Summarization

JKL’s Problem: How to integrate Acquisitions A - D?

Acquisition A

1 Class A - Private2 Class C - PublicIGRP AS 350, RIPOSPF Area 0 - Small

Acquisition D

Acquisition C

1 Class B - PublicOSPF Area 0 - AllMulti-vendor EquipmentNo Summarization

1 Class B - Public1 Class C - PrivateEnhanced IGRP AS 400Discontig. Subnets

Check numbers with Kip

Throughout the rest of this course we will be using a Case Study of JKLCorporation to discuss various aspects of scalable routing. The case studies areused to review key concepts, to discuss critical issues surrounding networkoperation, and to provide a focus for the lab exercises.

JKL is an enterprise that will be making four acquisitions A, B, C and D. JKL’sultimate goal is to integrate the acquisitions’ networks with it’s own network.

JKL has recently undertaken to redesign their network and now have a robustdesign using OSPF, VLSM and route summarization. JKL has a class B publicaddress. As we introduce details on various topics throughout the rest of the coursewe will see the problems that JKL must overcome as it integrates the networks ofit’s acquisitions with it’s own OSPF network.

Acquisition A is using a mixture of routing protocols—RIP, IGRP and OSPF. Ithas two class C public addresses and uses a class A private address.

Acquisition B is using 3 class C public addresses and is using only IP RIP as it’srouting protocol. It has 500 devices and has run out of IP addresses.

Acquisition C has a multi-vendor environment and is using OSPF and 1 class Bpublic address. It is not using summarization.

Acquisition D has 1 class B and 1 class C public address and discontiguoussubnets. It is using EIGRP as the routing protocol.


In this course we elaborate on many issues relating to routing protocols andaddressing strategies; the JKL case study will provide a mechanism to study apractical application of these concepts.




Summary

After completing this chapter, youshould be able to perform thefollowing tasks:•Given an IP address, use VLSMs to extendthe use of the IP address•Given a network plan that includes IPaddressing, explain if route summarization isor is not possible


Review QuestionsAnswer the following questions.


Review Questions

1. What are some of the advantages of using ahierarchical IP addressing model?

2. Given an address with a prefix of /20, howmany additional subnets are gained whensubnetting with a prefix of /28?

3. When selecting a route, the __________prefix match is used.

.

5

Scalable RoutingProtocol Overview

Copyright 1999, Cisco Systems, Inc. Scalable Routing Protocol Overview 5-2



• List the key information routers need toroute data

• Compare distance vector and link-stateprotocol operation

Objectives

ObjectivesThis chapter discusses the kind of information routers need in order to route trafficand how distance vector and link-state routing protocols operate to get theinformation.

Sections:

■ Objectives

■ What Is Routing?

■ Comparing Routing Protocols

■ Written Exercise: Comparing Routing Protocols

■ Summary

■ Answers to Exercises



What Is Routing?

• Regular mail service• Two-week ground mail service• Overnight air mail service

Hong Kong

How do I get this to Hong Kong?

Options

What Is Routing?Routing is the process by which an item gets from one location to another. Manyitems get routed: for example, mail, telephone calls, and trains. In this class, youhave been learning how to configure a router, the device used to route traffic in acomputer network.

To be able to route anything, a router, or any other entity that performs the routing,needs to know the following key information:

■ The destination, or address of the item that needs to be routed.

■ From which source it can learn the paths to given destinations.

■ Possible routes, or paths, to intended destinations.

■ The best path(s) to the intended destinations.

■ A way of verifying that the known paths to destinations are the most current.

This information is exactly what a routing protocol provides a router. Further, eachrouting protocol uses a slightly different mechanism to obtain this information,nevertheless, the goal is the same.

The chapters in this module discuss routing protocols in the context of how theyoperate to provide a router the key information listed. In this way you should beable to better compare routing protocols and their application in your networkingenvironment.



Comparing Routing Protocols

What must I know to route to Hong Kong?

Protocol Categories

Distance Vector

Link State

Characteristic

Older; for small networks

Newer; for large networks

Supported Protocols

RIP, IGRP, RTMP

OSPF, NLSP, IS-IS

��

Destination addressWho I can learn routes fromPossible routes The best routeA way to verify the route is current

Comparing Routing ProtocolsAlthough there are numerous routing protocols such as RIP, OSPF, IS-IS, andNLSP, they can all be classified under one of the categories shown in the table.

Category Routing Protocol

Distance vector routing protocols IP RIP, IPX RIP, AppleTalk RTMP, IGRP

Link-state routing protocols IP OPSF, IPX NLSP, IS-IS

Although the protocols operate slightly differently, the mechanisms they use forlearning and selecting paths, for example, have their origin in either distancevector or link-state routing. Distance vector protocols were written first and weredesigned for use in smaller network environments. Link-state protocols werecreated as a result of growing networks in order to address the limitations thatdistance vector protocols have when used in larger internetworks.

This subsection summarizes the differences in how each routing protocol categoryobtains the following key information for a router:

■ Addressing

■ Identifying neighbors

■ Discovering routes

■ Selecting route

■ Maintaining routing information



Hierarchical Addressing

I can route to the172.16.0.0 network.

172.16.27.0

172.16.26.0

172.16.25.0

172.16.28.0

A single address, similar to astate, represents a largecollection of addresses

A single address, similar to acity, represents a smallercollection of addresses

Hierarchical AddressingIn a small networking environment, there is no concern about running out ofaddresses. In large and growing networking environments, however, the number ofaddresses can become very limited unless the addresses are structured into ahierarchical framework. A hierarchical addressing framework has at least two keyadvantages—increased availability of addresses and reduced need to memorize alladdressing entries.

Consider, the postal system, which uses the following hierarchy for routing mail inthe United States:

■ Zip code

■ State

■ City

■ Street

■ House number (most specific)

This six-layer hierarchical structure enables an unlimited number of addresses toexist. In addition, a postal carrier need not memorize all the streets in Chicago,Illinois, if he or she delivers mail in San Diego, California. All the carrier needs toknow is what zip code represents Chicago. That is, the zip code is a single entrythat represents all house addresses in a given area. In other words, it is a summaryof the addresses in an area. To accommodate large internetworks, a similar type ofhierarchical framework must be used. To support hierarchical addressing, thismodule discusses variable length subnet masking (VLSM), which is specificallyused in IP environments, and route summarization.



Hello, are you my neighbor?

Identifying Neighbors

DAA C

B

D

Identifying NeighborsIn networks with few routers, routers can converge in a reasonable amount of time,even though a downed router is not detected quickly. However, the delay indetecting a downed router in a large network can be disastrous.

To make sure that a downed router is located quickly in a large network, link-stateprotocols include a process for identifying neighbors and verifying periodicallythat the neighbors exist.

The key differences in how distance vector and link-state protocols identifyneighbors is as follows:

Distance Vector Link-State

Does not have a formal way of learningabout neighbors.

Establishes a formal connection (link-state) with each directly connectedneighbor. This is done using the Helloprotocol, which is discussed in detail inthe “Configuring OSPF in a Single Area”chapter.

Detects when a neighbor is unavailableonly when the neighbor does not send itsrouting update during the periodic routingupdate interval, which can range from 10to 90 seconds.

Detects when a neighbor is unavailablewhen a hello is not received inpredefined update interval. Typically theinterval is 10 seconds.



Discovering Paths toDestinations

What routes do I have to each network?

TokenRing

FDDI

Discovering Paths to DestinationsIn networks with few routers, distance vector protocols can use the hearsay methodto communicate because there are not many routers through which the informationmust cross. Further, sending out the entire routing table in a small internetworkdoes not use much overhead. But consider an internetwork with 100 routers. Whatwould happen if each router sent out its entire routing table? To reduce trafficoverhead, link-state routers send information for specific links, not their entirelink-state table. In addition, because the link-state information is received firsthandby each router, there is less chance for routing errors to be propagated throughoutthe network.

The key differences in how distance vector and link-state protocols discover thenetwork are as follows:


Each router creates a routing table thatincludes its directly connected networksand sends the routing table to itsdirectly connected neighbors.

Each router creates a link-state table thatincludes entries about the entire network.

The neighbor incorporates all receivedrouting tables into its own routing tableand sends the updated routing table toits neighbors.

Each router floods the entire internetworkwith information about the links it knowsabout in update packets.

Each neighboring router receives theupdate packet, copies the contents, andcontinues sending it. Note that the routerdoes not recalculate its routing tablebefore sending the entry to its neighbors.



Selecting the Best Path

What is the best path to host B?

TokenRing

FDDI

B

A

Selecting the Best PathIn small networks, the media types used are generally the same and the metric usedto determine distance is based on the number of routers that are in the path to thedestination. But both of these conditions may be problematic in a large andgrowing network, particularly in the case when there are 100 or so routers andwhen mixed media is present throughout the network. To address these issues,link-state protocols use bandwidth to determine the distance to a destination.

The key differences in how distance vector and link-state protocols select the bestpath to a destination in the internetwork are as follows:


The typical metric used is to count thenumber of routers (hops) on the path tothe destination. IPX RIP also uses a timevalue called a tick.

The metric used is a numerical value basedon the bandwidth of the link. The value iscalled cost.

The path with the lowest number of hopsis the best path. The maximum numberof hops is typically 15.

The path with the lowest total cost is thebest path. The maximum possible cost isalmost unlimited.

To determine the shortest path, theBellman-Ford algorithm is used.

The algorithm used to determine the lowestcost is the shortest path first (SPF)algorithm.

The routing table can include multipleequal cost routes to a given destination.These can be used for load balancing orredundancy.

The routing table can include multiple equalcost routes to a given destination. Thesecan be used for load balancing orredundancy.



Maintaining Routes

• Send routing table periodicallyor

• Send updated entries incrementally

RoutingTable

RoutingTable

RoutingTable

RoutingTable

B RoutingUpdate

DCAA CB D

Maintaining RoutesIn a small network using a distance vector protocol, neighboring routers exchangetheir route information at a periodic interval, which is acceptable because a smallnetwork does not typically have much route information. In contrast, routers inlarge networks must manage large amounts of routing information. Exchanginglarge routing tables periodically could bring down a network and not allow anydata traffic to flow. Link-state protocols address this issue.

The key differences in how distance vector and link state protocols maintain routesis as follows:


When a router learns about a change inthe internetwork, the router updates itsrouting table with the change and sendsits entire routing table to its neighbors.

When a router learns about a change inthe internetwork, it updates its link-statetable and sends an update only aboutchanged entries to all routers in theinternetwork.

Neighboring routers incorporate thereceived routing table into their routingtable, run the Bellman-Ford algorithm,and forward their updated routing tables.

Each router receives the update and addsit to the link-state table.

This process continues until all routersconverge.

The routers then run the SPF algorithm toselect the best paths.

If there is no change in the internetworkat a periodic interval (usually 60seconds), each router sends out itsrouting table to its neighbors.

If no change occurs in the internetwork,then the routers will send updates only forthose route entries that have not beenupdated periodically—from 30 minutes to2 hours, depending on the routingprotocol.


Written Exercise: Comparing Routing ProtocolsObjective: List the key information routers need to route data.

Objective: Compare distance vector and link-state protocol operation.

Task: List the five pieces of information that a router needs in order to routetraffic.

1 __________________________________________________________

2 __________________________________________________________

3 __________________________________________________________

4 __________________________________________________________

5 __________________________________________________________

Task: In the line to the left of each statement, identify the routing protocol byplacing a DV for distance vector or LS for link-state. If a sentence describes morethan one routing protocol, identify all protocols that apply.

_____________ 1. Sends periodic updates, even if no network change hasoccurred.

____________ 2. Sends out updates when network changes occur.

____________ 3. The simplest routing protocol to configure.

____________ 4. RIP and RTMP are examples of this routing protocol.

____________ 5. OSPF is an example of this protocol.

____________ 6. Learns about neighbors to ensure bidirectionalcommunication.

____________ 7. This protocol determines the best path by the lowest hopcount.

____________ 8. This protocol uses the shortest path first algorithm.



Summary

• A routing protocol learns the followinginformation:

–Destination address

– Identified neighbors

–Paths to destinations

–Best path

–Route information maintained

• Distance vector protocols are designed forsmaller networks

• Link-state protocols are designed for largernetworks

Summary


Answers to Written Exercise: Comparing Routing Protocols

First Written Exercise1 Destination address

2 Identify neighbors

3 Discover routes

4 Select routes

5 Maintain routing information

Second Written Exercise1 DV (Note: OSPF sends out updates every 30 minutes.)

2 LS

3 DV

4 DV

5 LS

6 LS

7 DV

8 LS

.

6

Configuring OSPF in aSingle Area

Copyright 1999, Cisco Systems, Inc. Configuring OSPF in a Single Area 6-2

© 1999, Cisco Systems, Inc. www.cisco.com BSCN 6-2

Objectives

Upon completion of this chapter, you willbe able to perform the following tasks:• Explain why OSPF is better than RIP in a large

internetwork• Explain how OSPF discovers, chooses, and

maintains routes in Multiaccess, Point-to-Pointand NBMA networks

• Configure OSPF for proper operation• Verify OSPF operation

ObjectivesThis chapter covers the use, operation, configuration, and verification of OSPF.Sections:

■ Objectives

■ OSPF Overview

■ OSPF Operation within a Single Area

■ Mutliaccess Network

■ Point-to-Point Network

■ NBMA Network

■ Written Exercise: OSPF Operation

■ Configuring OSPF in a Single Area

■ Verifying OSPF Operation

■ Summary

■ Lab Exercise: Configuring OSPF for a Single Area


■ Supplement A—OSPF Single Area Configuration Examples

Note OSPF was written for large and growing networks. It allows you to segregate the

internetwork into smaller areas. This chapter discusses how OSPF operates within an areaand the next chapter, “Interconnecting Multiple OSPF Areas,” discusses how the areasinteroperate with each other.


OSPF OverviewThis section provides an overview of OSPF


• Has fast convergence

• Supports VLSM

• Has no hop count limitation

• Processes updates efficiently

• Selects paths based on bandwidth

• Supports equal-cost multipath

What Is OSPF?

What Is OSPF?OSPF is a link-state technology, as opposed to a distance vector technology suchas RIP. The OSPF protocol performs the two basic primary function of everyrouting protocol algorithm: path selection and path switching . OSPF wasdeveloped by the Internet Engineering Task Force (IETF) in 1988. The most recentversion, known as OSPF version 2, is described in RFC 2328. OSPF is an InteriorGateway Protocol (IGP) which means that it distributes routing informationbetween routers belonging to the same Autonomous System. OSPF was written toaddress the needs of large, scalable internetworks that RIP could not. The issues itaddresses are as follows:■ Speed of convergence—In large networks, RIP convergence can take several

minutes as the routing algorithm goes through a holddown and route-agingperiod. With OSPF, convergence is faster than with RIP because routingchanges are flooded immediately and computed in parallel.

■ Support for Variable-Length Subnet Masks (VLSMs)—RIP1 does not supportVLSMs. OSPF supports subnet masking and VLSMs. (Note that RIP2supports VLSMs.)

■ Network reachability—A RIP network that spans more than 15 hops(15 routers) is considered unreachable. OSPF has virtually no reachabilitylimitations.

■ Use of bandwidth—RIP broadcasts full routing tables to all neighbors every30 seconds, which is especially problematical over slow WAN links. OSPFmulticasts link state updates and only sends the updates when there is a changein the network.


■ Method for path selection—RIP has no concept of network delays and linkcosts. Routing decisions are based purely on hop count, which could lead tosuboptimal path selection in cases where a longer path (in terms of hop count)has a higher aggregate link bandwidth and shorter delays. OSPF uses a costvalue, which is based on the speed of the connection. As with RIP and IGRP,OSPF also provides support for equal-cost multipath.

Note that although OSPF was written for large networks, implementing it requiresproper design and planning, which is especially important if your network hasmore than 50 routers.



Area 1

TokenRing

Cost=10

Cost=1785Cost=6

Area 0

OSPF Terminology

DR

BDR

RoutingTable

Lists Best Routes

TopologyDatabase

Lists All Routes

NeighborsLists

Lists Neighbors

Autonomous System

Interfaces

Neighbors

OSPF TerminologyThis page introduces you to a variety of terms related to link-state technology andOSPF. The following are basic terms to get you started:

■ Interface—The connection between the router and one of its attachednetworks. An interface is sometimes referred to as a link in OSPF literature.

■ Link state—The status of a link between two routers, that is a router’sinterface and its relationship to its neighboring routers.

■ Cost—The value assigned to a link. Rather than hops, link-state protocolsassign a cost to a link that is based on the speed of the media. A cost isassociated with the output side of each router interface, referred to as“Interface Output Cost”.

■ Autonomous System—A group of routers exchanging routing informationusing a common routing protocol.

■ Area—A collection of networks and routers that have the same areaidentification. Each router within an area has the same link-state information.A router within an area is an “internal” router.

■ Neighbor—Two routers that have interfaces on a common network. Neighborrelationship are usually discovered and maintained by the Hello protocol.

■ Hello—Protocol used by OSPF to establish and maintain neighborrelationship.

■ Designated router (DR) and backup designated router (BDR)—A router that iselected by all other routers on the same LAN to represent all the routers. Eachnetwork has a DR and BDR. These routers have special responsibilities thatare discussed later in this chapter.


■ Neighborship list —A listing of all the neighbors to which a router hasestablished bi-directional communication. Not every pair of neighboringrouters become adjacent.

■ Link-state database, also known as a topological database—A list of link-stateentries of all other routers in the internetwork. It shows the internetworktopology. All routers within an area have identical link-state databases. Thelink-state database is pieced together from LSAs generated by routers

■ Routing table—The routing table (also known as forwarding database)generated when an algorithm is run on the link-state database. Each router’srouting table is unique.


OSPF OperationThe following section discusses the operation of OSPF.


OSPF TopologiesOSPF Topologies

Point-to-Point

NBMA X.25Frame Relay

Broadcast Multiaccess

OSPF TopologiesOSPF can run over multi-access networks or over non-broadcast networks. Thetopology of a network has an impact on how adjacencies are created. Followingare the different topologies found in OSPF and covered in this chapter.

■ Broadcast Multi-access networks—Networks supporting many (more thantwo) attached routers, together with the capability to address a single physicalmessage to all of the attached routers (broadcast). An Ethernet segment is anexample of a broadcast network.

■ Point-to-point networks—A network that joins a single pair of routers. A T1dedicated serial line is an example of a point-to-point network.

■ Non-broadcast Multi-access networks—Networks supporting many (more thantwo) routers, but having no broadcast capability. Frame Relay and X.25 areexample of Non-Broadcast Multiaccess Networks (NBMA)


OSPF Operation in a Multi-Access NetworkThe following section discusses OSPF operation in a multi-access environment,such as Ethernet or Token Ring


Neighborship

Hello

A

D E

CB

Hello

afadjfjorqpoeru39547439070713

Router IDHello/Dead IntervalsNeighborsArea-IDRouter PriorityDR IP AddressBDR IP AddressAuthentication PasswordStub Area Flag

* *

* *

* Entry must match on neighboring routers

NeighborshipBecause OSPF routing is dependent on the status of a link between two routers,neighbor routers must “recognize” each other on the network before they can shareinformation. This process is done using the Hello protocol. The Hello Protocol isresponsible for establishing and maintaining neighbor relationships.. It ensuresthat the communication between neighbors is bi-directional, where a router seesitself listed in the Hello packet it received from a neighbor.

Hello packets are sent periodically out of each interface participating in OSPFusing IP multicast address 224.0.0.5.

The information contained in a Hello packet is as follows:

— Router ID—A 32-bit number which uniquely identifies the router withinan Autonomous System. The highest IP address on an active interface ischosen by default, for example, IP address 131.108.13.5 would be chosenover 128.11.4.1. This identification is important in establishing neighborrelationships and coordinating messages between copies of the SPFalgorithm running in the network. Also, the router ID is used to break tiesduring the DR and BDR election processes if the priority values are equal.(DR and BDR are discussed later.)

— Hello and dead intervals—The hello interval specifies the frequency inseconds that a router sends hellos (ten-second default on multi-access


networks). The dead interval is the time in seconds that a router waits tohear from a neighbor before declaring the neighbor router down (fourtimes the hello interval by default). These timers must be the same onneighboring routers.



Neighborship (cont.)

Hello

A

D E

CB

Hello


Router IDHello/Dead IntervalsNeighborsArea-IDRouter PriorityDR IP AddressBDR IP AddressAuthentication PasswordStub Area Flag

* *

* *

* Entry must match on neighboring routers

Neighborship (cont.)— Neighbors—The neighbors to which a bi-directional communication has

been established. Bi-directional communication is indicated when therouter sees itself listed in the neighbor's Hello Packet. (At this point, thisfield is empty.)

— Area-ID—To communicate, two routers must share a common segmentand have their interfaces belong to the same area on that segment(also same subnet and mask). These routers will all have the samelink-state information.

— Router Priority— An 8-bit number that indicates the priority of this routerwhen selecting a designated DR and BDR.

— DR and BDR—If known, the IP addresses of the DR and BDR for thespecific network(covered in next section).

— Authentication password—If authentication is enabled, two routers mustexchange the same password. Authentication does not have to be set, butif it is set, all peer routers must have the same password.

— Stub area flag—A stub area is a special area that will be discussed in thenext chapter. Two routers must agree on the stub area flag in the hellopackets.



Neighborship (cont.)

172.68.5.1/24

E0

I am router ID 172.68.5.2, and I see 172.68.5.1

Router ANeighbors List

172.68.5.2/24, int E0

172.68.5.2/24

E1

Router BNeighbors List

172.68.5.1/24, int E1

I am router ID 172.68.5.1 and I see no one.

A BDown State

Init State

Two-Way State

Neighborship (cont.)The exchange process, using the hello protocol, when all routers are coming up onthe network at the same time, is as follows:

1. Router A is enabled on the LAN and is in a down state because it has notexchanged information with any other router. It begins by sending a hellopacket through each of its interfaces participating in OSPF, even though it doesnot know the identity of the DR or of any other routers. The Hello packet issent out using multicast address 224.0.0.5.

2. All routers running OSPF receive the hello packet from router A and add routerA to their list of neighbors. This is the Init state.

3. All routers that received the packet send a unicast reply hello packet to router Awith their corresponding information, as listed in step 1. The neighbor fieldincludes all other neighboring routers, including router A.

4. When router A receives these packets, it adds all the routers that had its (routerA’s) router ID in their packet to its own neighborship database. This is referredto as the two-way state. At this point, all routers that have each other in theirlist of neighbors have established bi-directional communication.

5. The routers determine who the DR and BDR will be. The DR and BDR electionprocess is described in the next subsection, “Electing the DR and BDR.” Thisprocess must occur before routers can begin exchanging link-state information.Link-state exchanges are discussed in the “Discovering Routes” subsection.

6. Periodically (ten seconds by default) the routers within a network exchangehello packets to ensure communication is still working. The hello updatesinclude the DR/BDR and the list of routers whose hello packets have beenreceived by the router. Remember that “received” means that the receivingrouter saw its name as one of the entries in the received hello packet.



• Hellos elect DR and BDR• Each router forms adjacency with DR and BDR

Establishing Adjacency

DR BDR

Establishing AdjacencyAdjacency refers to the relationship, which exists between a router and itsDR/BDR. Adjacency is based upon the use of a common media segment,example, two routers connected on the same Ethernet segment. But prior toestablishing a preferred When routers first come up on a network, they perform thehello process, as discussed in the previous sub-section. A router will then attemptto form adjacencies with some of its newly acquired neighbors.

Routers must elect a DR and BDR to represent the network. The DR and BDRadd value to the network in the following ways:

■ Reducing routing update traffic—The DR and BDR act as a central point ofcontact for link-state information exchange on a given network, therefore, eachrouter must establish an adjacency with the DR/BDR. Instead of each routerexchanging link-state information with every other router on the segment, eachrouter sends the link-state information to the DR and BDR. The DR representsthe multiaccess network in the sense that it sends each router’s link-stateinformation to all other routers in the network. This flooding processsignificantly reduces the router-related traffic on a segment.

■ Manage link-state synchronization—The DR and BDR assure that the otherrouters on the network have the same link-state information about theinternetwork. In this way, the number of routing errors is reduced.

The BDR does not perform any DR functions when the DR is operating. Instead, itreceives all information, but allows the DR to performs the forwarding andsynchronization tasks. The BDR performs DR tasks only if the DR fails.

Note Once a DR/BDR is elected, then any router added to the network will go through

the “establishing adjacencies” process only with the DR and BDR.



• Hello packets exchanged via IP multicast• Router with highest OSPF priority elected

P=1 P=0P=1

Electing the DR and BDR

P=3 P=2

Hello

DR BDR

Electing a DR and BDRTo elect a DR and BDR, the routers view each other’s priority value during thehello packet exchange process, and use the following conditions to determinewhich is elected:

■ The router with the highest priority value is the DR.

■ The router with the second highest priority value is the BDR.

■ The default for the interface OSPF priority is 1. In case of a tie, the router’srouter ID is used.

■ A router with a priority set to 0 is ineligible to become DR or BDR.

■ If a router with a higher priority value gets added to the network, the DR andBDR do NOT change. The only time a DR or BDR will change is if one goesdown. If the DR goes down, then the BDR takes over as the DR and a newBDR is elected. If the BDR goes down, a new BDR is elected.

To determine if the DR is down, the BDR sets a timer. This is a reliabilityfeature. If the BDR does not hear the DR forwarding link-state advertisements(LSAs) before the timer expires, then the BDR assumes the DR is out ofservice.

In a multiaccess environment, each network segment will have its own DR andBDR. Therefore a router that is connected to multiple networks can be a DR onone segment and a regular router on another segment. How neighbors areperceived in other network topologies is discussed later on in this chapter.



Discovering Routes

E0

172.68.5.1

DRE0

172.68.5.3

No, I will start exchange because I have a higher router ID.

I will start exchange because I have router ID 172.68.5.1.

Here is a summary of my link-state database.

Hello


Hello


DBD


Exstart State

Exchange State

Here is a summary of my link-state database.DBD


Discovering RoutesOnce the DR and BDR have been elected, the routers are considered to be in theExstart state and are ready to discover the link-state information about theinternetwork and create their link-state databases. The process used to discover thenetwork routes is called the Exchange protocol, and is performed to get the routersto a Full state of communication. Once adjacent routers are in a Full state, they donot redo the exchange protocol unless the Full state changes. The exchangeprotocol operates as follows:

1. In the Exstart state, the DR and BDR establish adjacencies with each router inthe network. During this process, a master-slave relationship is created betweeneach router and its adjacent DR/BDR. The router that has the higher router IDacts as the master.

Note that link-state information is exchanged and synchronized only betweenthe DR/BDR and the routers to which they have established adjacenciesbecause having the DR represent the network in this capacity reduces theamount of routing update traffic.

2. The master and slave routers exchange one or more database descriptionpackets (DBDs or DDPs), which is referred to as the Exchange state.

A DBD includes the LSA entries that appear in the master router’s link-statedatabase. The entries can be about a link or about a network. Each LSA entryincludes such things as a link-state type, the address of the advertising router,the cost of the link, and the sequence number. The sequence number is arouter’s way of determining the “newness” of the received link-stateinformation. The sequence number used by the adjacent routers is the onedefined by the master.



Discovering Routes (cont.)

E0

172.68.5.1

E0

172.68.5.3

I need the complete entry for network 172.68.6.0/24.

Here is the entry for network 172.68.6.0/24.

Thanks for the information!

LSR


LSAck


LSU


Full State

Loading State.

Thanks for the information!LSAck


LSAck


DR

Discovering Routes (cont.)3. When the slave router receives the DBD, it does the following:

— Acknowledges the receipt of the DBD by echoing the link-state entrysequence numbers in a link-state acknowledgment (LSAck) packet.

— Compares the information it received with the information it has.Remember that the initial entries put into the link-state database are fromthe adjacencies database. If the DBD has a more up-to-date link-stateentry, then the slave router sends a link-state request (LSR) to the masterrouter.

The master router responds with the complete information about therequested entry in a link-state update (LSU) packet. Again, the slaverouter sends an LSAck when the LSU is received. The process of sendingLSRs is referred to as the Loading state.

4. All routers add the new link-state entries into their link-state database.

5. Once all LSRs have been satisfied for a given router, the adjacent routers areconsidered synchronized and in a Full state. The routers must be in a Full statebefore they can route traffic. At this point, the routers should all have identicallink-state databases.



Choosing Routes

Topology TableNet Cost Out Interface2.2.2.0 6 To03.3.3.0 7 To03.3.3.0 10 E0

TokenRing

Cost=10

Cost=6FDDI

Cost=1

A B C

This is the best route to C.

1.1.1.0/24 2.2.2.0/24 3.3.3.0/24

4.4.4.0/24

Choosing RoutesOnce a router has a complete link-state database, it is ready to create its routingtable so it can route traffic. Recall that distance vector protocols such as RIP selectthe best route to a destination based on a hop count metric. The Bellman-Fordalgorithm is run to determine the routes with the lowest hop count.

Link-state protocols use a cost metric to determine the best path to a destination.The default cost metric is based on media bandwidth. For example, 10-MbpsEthernet has a lower cost than a 56kbps line because it is faster.

To calculate the lowest cost to a destination, link-state protocols such as OSPF usethe Dijkstra algorithm. Using its link-state database as input, a router runs theDijkstra Algorithm, thus building its routing table step by step. In simple terms,the algorithm adds up the total costs between the local router (the root) and eachdestination network. If there are multiple paths to a destination, the lowest-costpath is preferred. But note that OSPF keeps up to six equal cost route entries in therouting table for load balancing.

Sometimes a link, such as a serial line, will go up and down rapidly (calledflapping), or a link-state change may affect another series of links. In thesesituations, a series of LSUs could be generated, which would cause routers torepeatedly recompute a new routing table. This flapping could be so serious thatthe routers would never converge. To minimize this problem, each time an LSU isreceived the router waits for a period of time before recalculating its routing table.The spf holdtime command was added to the Cisco IOS software to preventrouters from computing a new routing table after fewer than 10 seconds (default).

Refer to the OSPF version 2 RFC 2328 for a detailed description of the Dijkstraalgorithm.



• New router tells all OSPF DRs on 224.0.0.6

• DR tells others on 224.0.0.5

Maintaining RoutingInformation

New Routerxx

Link-State Change

LSU

LSU

LSU

1

2

3

I need to update my routing table.

DR

A B

4

Maintaining Routing InformationIn a link-state routing environment, it is very important for all routers' topologicaldatabases to stay synchronized. When there is a change in a link-state, the routersuse a flooding process to notify the other routers in the network of the change.Link State Update packets provide the mechanism for flooding LSAs. In general,the flooding process is as follows:

1. A router notices a change in a link state and multicasts an LSU packet thatincludes the updated LSA entry to 224.0.0.6, the “all OSPF DRs” (and BDR)address. . An LSU packet may contain several distinct LSAs.

2. The DR acknowledges the receipt of the change and floods the LSU to otherson the network using the OSPF multicast address 224.0.0.5. To make theflooding procedure reliable, each LSA must be acknowledged separately. Afterreceiving the LSU, each router responds to the DR with an LSAck.

3. If a router is connected to another network, it floods the LSU to other networksby forwarding the LSU to the DR of the multi-access network, or adjacentrouter if in a point-to-point network. The DR, in turn, multicasts the LSU to theother routers in the network.

4. When a router receives the LSU that includes the changed LSU, the routerupdates its link-state database. It then computes the SPF algorithm with thenew database to generate a new routing table. After a short delay, it switchesover to the new routing table.

OSPF simplifies the synchronization issue by requiring only adjacent routers toremain synchronized.


Note In a Cisco router, if a route already exists, the routing table is used simultaneously

as the SPF is calculating. But if the SPF is calculating a new route, the use of the routingtable occurs after the SPF calculation is complete.



Maintaining RoutingInformation (cont.)

Is entry inlink-state

database? Yes

No

Run SPF to calculate new routing table

Add to database

Flood LSA

Is seq. # the same?

Yes

No

Yes

Send LSUwith newer

information to source

EndEnd

LSA

LSU

Is seq. #newer?

No

A

Ignore LSA

Send LSAckto DR

Go to A

Maintaining Routing Information (cont.)Each LSA entry has its own aging timer, carried in the LS Age field. The defaulttimer value is 30 minutes (it is expressed in seconds in the LS age field). After anLSA entry ages, the router that originated the entry sends an LSU to the network toverify that the link is still active. This validation method saves on bandwidthcompared to distance vector routers, which send their entire routing table.

When each router receives the LSU, it does the following:

■ If the entry already exists and the received LSU has the same information, itignores the LSA entry.

■ If the entry already exists but the LSU includes new information, it sends anLSAck to the DR, adds the entry to its link state database, and updates itsrouting table.

■ If the entry already exists but the LSU includes older information, it sends anLSU with its information.

Note Remember that there are different types of LSAs. In this chapter, the LSAs

discussed are the router link LSA, which is an LSA about a link and its status, and thenetwork LSA, which the DR sends out. The network LSA describes all the routers attachedto a multiaccess segment. The next chapter will discuss other LSA types.


OSPF Operation in a Point-to-Point networkThe following section discusses the OSPF operation with Point-to-Point links


Point-to-Point NeighborshipPoint-to-Point Neighborship

• Router dynamically detects its neighboringrouter using the Hello protocol

• No election: adjacency is automatic as soon asthe two routers can communicate

• OSPF packets are always sent as multicast224.0.0.5

Point-to-Point NeighborshipA Point-to-point network joins a single pair of routers. A T1 serial line is anexample of a point-to-point network.

On point-to-point networks, the router dynamically detects its neighboring routersby sending its Hello packets to the multicast address AllSPFRouters, 224.0.0.0.5.On physical point-to-point networks, neighboring routers become adjacentwhenever they can communicate directly. No election is performed.

On physical point-to-point networks, the IP destination is always set to themulticast address AllSPFRouters, 224.0.0.5. On all other network types, themajority of OSPF packets are sent as unicasts, i.e., sent directly to the other end ofthe adjacency, sent as unicasts to the DR and BDR.

It is possible to use IP unnumbered with OSPF. Usually, the IP source address isset to the address of the outgoing interface. Interfaces to unnumbered point-to-point networks have no associated IP address. On these interfaces, the IP sourcewill be set to any of the other IP addresses belonging to the router.


OSPF Operation in a NBMA networkThe following section discusses OSPF in a Non-Broadcast Multi-Accessenvironment.


NBMA NetworkNBMA Network

X.25Frame Relay

• Single interface interconnects multiple sites

• NBMA support multiple routers but withoutbroadcasting capabilities

NBMA NetworksWhen a single interface is used to interconnect multiple sites, you may havereachability issues because of the nonbroadcast multiaccess (NBMA) nature ofFrame Relay and X.25. With Frame Relay running multiple PVCs over a singleinterface, the primary issue is with split horizon. NBMA networks are thosenetworks that support many (more than two) routers, but have no broadcastcapability, such as Frame Relay. For the purpose of our NBMA presentation, wewill work with a Frame Relay environment.

By default, a Frame Relay network provides NBMA connectivity between remotesites. NBMA connectivity means that although all locations can reach each other,depending on the topology, routing update broadcasts received by one routercannot be forwarded to all locations because Frame Relay networks use splithorizon to reduce the number of routing loops.



• Reachability issues ?

Frame Relay TopologiesFrame Relay Topologies

Point-to-Point

(Star (Hub and Spoke))

Multiaccess

(Full Mesh)

Point-to-Multipoint

(Partial Mesh)

Frame Relay TopologiesFrame Relay allows you to interconnect your remote sites in a variety of ways, andby default interfaces that support Frame Relay are multipoint connection types.Example topologies, as shown in Figure 11-7, include the following:

■ A star topology, also known as a hub-and-spoke configuration, is the mostpopular Frame Relay network topology. In this topology, remote sites areconnected to a central site that generally provides a service or application. Thisis the least expensive topology because it requires the least number of PVCs.In this scenario, the central router provides a multipoint connection because itis typically using a single interface to interconnect multiple PVCs.

■ In a full-mesh topology, all routers have virtual circuits to all otherdestinations. This method, although costly, provides direct connections fromeach site to all other sites and allows for redundancy. When one link goesdown, a router at site A can reroute traffic through site C, for example. As thenumber of nodes in the full-mesh topology increases, the topology becomesincreasingly more expensive.

■ In a partial-mesh topology, not all sites have direct access to a central site.

Reachability Issues with Routing UpdatesBy default, a Frame Relay network provides NBMA connectivity between remotesites. NBMA connectivity means that although all locations can reach each other,depending on the topology, routing update broadcasts received by one routercannot be forwarded to all locations because Frame Relay networks use splithorizon to reduce the number of routing loops.



Split-horizonSplit-horizon

R1

R2

R3

Update

Central

S0

DLCI 51

DLCI 52

DLCI 53

Split-Horizon

• Routing updates are prevented from exiting therouter interface through which the update wasfirst learned

Split-Horizon in NBMASplit horizon reduces the number of routing loops by not allowing a routing updatereceived on one interface to be forwarded through the same interface. As shownabove, central router’s interface S0 receives a routing update from router R1.Central router is connecting through three PVCs over a single interface. SplitHorizon forbids Central router to send out updates via the same interface that itreceived them. Therefore, routers R2 and R3 will never receive the update.



OSPF over Frame RelayModes of operation

OSPF over Frame RelayModes of operation

• RFC-compliant modes:

–Non-broadcast multiaccess

–Point-to-multipoint

• Additional modes from Cisco:

–Broadcast multiaccess

–Point-to-Point

OSPF over Frame RelayAs described in RFC 2328, OSPF runs in one of two official modes over non-broadcast networks:

■ Nonbroadcast multiaccess (NBMA) - Simulates the operation of OSPF in abroadcast network. That is, the routers exchange update traffic to identify theirneighbors and elect a designated router (DR)/ backup designated router(BDR). This configuration is usually seen in a fully meshed network. Someconfiguring is necessary on the router for this mode to work properly, whichwe will see later on in this chapter. The neighbor will have to be staticallydefined or they are broadcast.

– Broadcasting is implemented by multiplicating packets in routers andindividually sent to destination. This process is CPU and bandwidthintensive.

■ Point-to-multipoint - Treats the non- broadcast network as a collection ofpoint-to-point links. Non-broadcast networks are referred to as NBMAnetworks or point-to-multipoint networks, depending on OSPF's mode ofoperation over the network. In this environment, the routers identify theirneighbors but do not elect a DR/BDR. This configuration is used typicallywith partially meshed networks.

– The OSPF point-to-multipoint mode is a numbered Point to pointinterface. This configuration is treated just like any other point to pointphysical interface. It can be either done under the serial interface itself(typically a point to point interface) or under a point to point subinterface.These point-to-point links operate as if you had a large number of leasedlines. Remember though that each point-to-point links must be on its ownseparate subnet for IP addresses.


The choice of mode of operation between NBMA mode and point-to-multipointmode, determines the way that the Hello protocol and flooding work over the non-broadcast network.



NBMA mode neighborshipNBMA mode neighborship

• Fully-meshed network

• Stability of network

• DR/BDR elected if more than two routers onthe Frame Relay network

• RFC 2328 compliant

OSPF in NBMA modeOSPF considers the NBMA environment like any other broadcast media such asEthernet. NBMA clouds are usually built in a hub and spoke topology. PVCs orSVCs are laid out in a partial mesh and the physical topology does not provide themulti access that OSPF believes is out there.

In NBMA mode, OSPF emulates operation over a broadcast network. A DR andBDR are elected for the NBMA network, and the DR/BDR originates an LSA forthe network. Note that in this environment, the routers must be fully meshed inorder for adjacencies to be established among the routers.

Assuming that there are not a lot of neighbors in the network, NBMA mode is themost efficient way to run OSPF over non-broadcast networks, both in terms oflink-state database size and in terms of the amount of routing protocol traffic.However, consider the following before using this mode:

■ Full Mesh: Requires all routers attached to the NBMA network to be able tocommunicate directly with each other. This restriction may be met on somenon-broadcast networks, such as an ATM subnet utilizing SVCs, or FrameRelay, when using subinterfaces, but it is not met in fully-meshed Frame Relaynetworks. In Fully meshed (and to certain extent partially meshed) FrameRelay networks, the split horizon rule is used, therefore, anything received ona PVC over a given interface, cannot be sent out the same interface on which itwas received, even if it is over another PVC, as explained earlier in thischapter.

■ Stability of the network: Link-state routing protocols require that, for amultiaccess environment, neighbor adjacencies has been defined in order forrouting updates to be exchanged. In OSPF, the designated router (DR) andbackup designated router (BDR), assure that all the routers on the have thesame link-state information regarding the internetwork. If the network is not


stable, anytime a connection is compromised, routers noticing the link statechange, multicast an update to the DR/BDR. DR will acknowledged theupdate and floods it to other routers. Further, any changes made to the linkstate database, will require the forwarding database to be recalculated, andthus burdening the router CPU.

DR and BDR are elected when there are multiple devices (more than two) on thesame segment. The intent is to prevent the segment from being overwhelmed withbroadcast updates from all of the devices on that same segment. It does not,however, mean that broadcasts are limited to those devices. When a modificationoccurs the DR and BDR handle the change for that segment. The change is thenflooded out into the area, which you will see in the next chapter. It is possible forthe frame relay cloud to be its own area, therefore isolating its link state changesfrom the rest of the network. This however is not a “rule” and depends on thecustomers network and their provider.

If you are using a single PVC on an interface, and that PVC goes down, theinterface goes down. This means that a link failure would be recognized. Ifrunning OSPF over subinterfaces, however, if a subinterface goes down, theinterface remains up, and therefore, the router does not reflect that there is aconnectivity problem.

On non-broadcast networks where not all routers can communicate directly, youcan break the non-broadcast network into logical subnets, with the routers on eachsubnet being able to communicate directly. Then, each separate subnet can be runas an NBMA network or a point to point network if each virtual circuit is definedas a separate logical subnet. However, this setting requires quite a bit ofadministrative overhead, and is prone to misconfiguration. It is probably better torun such a non- broadcast network in point-to-multipoint mode.



Point-to-Multipoint modeneighborship

Point-to-Multipoint modeneighborship

• Fully-meshed or partially meshed

• Static neighbor statement

• Unique IP subnet

• Duplicate LSA packets

• RFC 2328 compliant

OSPF in Point-to-Multipoint modePoint-to-multipoint networks are designed to work with partial mesh connectivity.In point-to-multipoint mode, OSPF treats all router-to-router connections over thenon- broadcast network as if they are point-to-point links, that is no DR/BDRs areelected, nor is there an LSA generated for the network.

In large Frame Relay networks, using point-to-multipoint mode reduces theamount of Frame Relay PVCs required for complete connectivity since you are notrequired to have fully meshed topology. In addition, not having a fully meshedtopology also reduces the number of neighbor entries in your neighbor table.

In contrast to NBMA networks, point-to-multipoint networks have the followingproperties:

■ Does not require fully-meshed network - This environment allows forrouting between two routers that are not directly connected, but are connectedthrough a router that has virtual circuits to each. The router that interconnectsthe non-adjacent neighbors is the one configured for point-to-multipoint. Theother routers, assuming that they only have connections to the target router,should be configured for point-to-point. If, however, a spoke router wasinterconnected to the hub router and another spoke router, then it would beconfigured as point-to-multipoint as well.

■ Requires static neighbor configuration- In a broadcast network, amulticasted hello packet is used to identify the router’s neighbors. In a point-to- multipoint, you must statically define neighbors using the neighborcommand, particularly since not all routers are adjacent.

– Using the neighbors command, you specify the neighbor by its IPaddress-number and modify, if necessary, the cost of the link to theneighbor. In a broadcast network, the cost of the link to each neighbor is


equal, but in a point-to-multipoint, the cost can be statically configured toreflect the different bandwidths of each link.

■ Uses unique IP subnets - When using subinterfaces, it requires a uniquesubnet for each point-to-point connection- can use ip unnumbered for this.

■ Duplicates LSA packet - When flooding out a non-broadcast interface (wheneither in NBMA or point-to- multipoint mode) the LSA update or LSA ACKpacket is replicated in order to be sent to each of the interface's neighbors, asdefined in the neighbors table.



Additional Cisco modesneighborship

Additional Cisco modesneighborship

• Broadcast mode

• Point-to-point subinterface mode

Cisco additional modesThe Broadcast mode approach is a workaround for using the "neighbor"command which statically lists all existing neighbors. The interface will belogically set to broadcast and will behave as if the router were connected to aLAN. DR and BDR election will still be performed so special care should be takento assure either a full mesh topology or a static selection of the DR based on theinterface priority.

The point-to-point subinterface mode, the same physical interface can be splitinto multiple logical interfaces, with each subinterface being defined as point-to-point. This was originally created in order to handle better issues caused by splithorizon over NBMA and vector based routing protocols. A point-to-pointsubinterface has the properties of any physical point-to-point interface. As far asOSPF is concerned, an adjacency is always formed over a point-to-pointsubinterface with no DR or BDR election, as explained earlier in the section onpoint-to-point neighborship.



Adjacencies creationAdjacencies creation

Point-to-Point interfaces coming up: No election%LINK-3-UPDOWN: Interface Serial1, changed state to upOSPF: Interface Serial1 going UpOSPF: Rcv hello from 192.168.0.11 area 0 from Serial1 10.1.1.2OSPF: End of hello processingOSPF: Build router LSA for area 0, router ID 192.168.0.10OSPF: Rcv DBD from 192.168.0.11 on Serial1 seq 0x20C4 opt 0x2 flag 0x7 len 32 state INITOSPF: 2 Way Communication to 192.168.0.11 on Serial1, state 2WAYOSPF: Send DBD to 192.168.0.11 on Serial1 seq 0x167F opt 0x2 flag 0x7 len 32OSPF: NBR Negotiation Done. We are the SLAVEOSPF: Send DBD to 192.168.0.11 on Serial1 seq 0x20C4 opt 0x2 flag 0x2 len 72

Ethernet interface coming up: ElectionOSPF: 2 Way Communication to 192.168.0.10 on Ethernet0, state 2WAYOSPF: end of Wait on interface Ethernet0OSPF: DR/BDR election on Ethernet0OSPF: Elect BDR 192.168.0.12OSPF: Elect DR 192.168.0.12 DR: 192.168.0.12 (Id) BDR: 192.168.0.12 (Id)OSPF: Send DBD to 192.168.0.12 on Ethernet0 seq 0x546 opt 0x2 flag 0x7 len 32<…>OSPF: DR/BDR election on Ethernet0OSPF: Elect BDR 192.168.0.11OSPF: Elect DR 192.168.0.12 DR: 192.168.0.12 (Id) BDR: 192.168.0.11 (Id)

Adjacencies creationOn this two debug output screen, you can see how no election is performed on apoint-to-point network. The DBD are exchanged as soon as the two routers cancommunicate.

On a Ethernet segment, an election takes place prior to any routing exchanges.



OSPF over NBMA SummaryOSPF over NBMA Summary

RFC orCisco

PreferredTopology

SubnetAddress Adjacency

Non-broadcast

MODE

Cisco

Cisco

RFC

RFCPoint-to-Multipoint

Point-to-Point Subinterface

Broadcast

Fully Meshed

Fully Meshed

Star

Any

Same

Same

Different foreach subint.

Same

Manualconfiguration

DR/BDR elected

AutomaticNo DR/BDR

AutomaticDR/BDR elected

AutomaticNo DR/BDR

OSPF over NBMA SummaryThe above table provides a concise comparison between the different modes ofoperation for OSPF over NBMA.

Note OSPF has two new features related to point-to-multipoint networks with IOS

11.3a:

point-to-multipoint broadcast networks: no need to specify neighbors. However, you canspecify neighbors with the neighbor command, in which case you should specify a cost tothat neighbor.

point to multipoint nonbroadcast networks: you now use the neighbor command toidentify neighbors.

You can find more information on the subject at www.cisco.com with the keywords: OSPFPoint-to-Multipoint Network with Separate Costs per Neighbor.


Written Exercise: OSPF Operation

Objective: Explain why OSPF is better than RIP in a large internetwork.

Objective: Explain how OSPF discovers, chooses, and maintains routes.

Task: Answer the following questions.

1 List three reasons why OSPF operates better than RIP in a large internetwork.

______________________________________________________________

______________________________________________________________

______________________________________________________________

2 What does a router do when it receives an LSU?

______________________________________________________________

______________________________________________________________

______________________________________________________________

3 Identify when the exchange protocol and the flooding protocol are used, anddescribe how each operates.

______________________________________________________________

______________________________________________________________

______________________________________________________________

______________________________________________________________

4 Write a brief description of the following:

Internal router _________________________________________________

LSU ________________________________________________________

DDP __________________________________________________________

Hello packet _________________________________________________

5 Match the term with the statement most closely describing it. Write the letterof the description next to the term.

____area A) The router responsible for route synchronization.

____Full state B) Indicates routers can route information.

____DR C) Indicates routers can discover link state information.

____Exchange state D) A collection of routers and networks.

6 Name the two RFC-compliant modes for OSPF over Non-broadcastMultiaccess network:.

______________________________________________________________


______________________________________________________________

Name the two additional Cisco modes for OSPF over NBMA:

______________________________________________________________

______________________________________________________________


Configuring OSPF in a Single AreaThe following section discusses how to configure OSPF in a Single Area


Configuring OSPF on InternalRouters

Can assign network or interface address.

Broadcast Network Point-to-Point Network

E010.64.0.1

10.64.0.2E0

S010.2.1.2

10. 2.1.1S1

A B C

<Output Omitted>interface Ethernet0 ip address 10.64.0.1 255.255.255.0!<Output Omitted>router ospf 1 network 10.0.0.0 0.255.255.255 area 0

<Output Omitted>interface Ethernet0 ip address 10.64.0.2 255.255.255.0!interface Serial0 ip address 10.2.1.2 255.255.255.0<Output Omitted>router ospf 50 network 10.2.1.2 0.0.0.0 area 0 network 10.64.0.2 0.0.0.0 area 0

Configuring OSPF on Internal RoutersTo configure OSPF, do the following:

Step 1 Enable OSPF on the router.router(config)# router ospf process-id

process-id—An internally used number to identify if you have multipleOSPF processes running within a single router. The process-id need notmatch process-ids on other routers. Running multiple OSPF processes onthe same router is not recommended because it creates multiple databaseinstances that add extra overhead.

Step 2 Identify which IP networks on the router are part of the OSPF network.For each network, you must identify to what area the networks belong.The network value can vary in that it can be the network addresssupported by the router, or the specific interface addresses configured.The router knows how to interpret the address by comparing the addressto the wildcard mask.router(config-router)# network address wildcard-mask area area-id

network area Command Description

address Can be the network address, subnet, or the addressof the interface. Instructs router to know whichlinks to advertise, which links to listen toadvertisements on, and what networks to advertise.

wildcard-mask An inverse mask used to determine how to read theaddress. The mask has wildcard bits where 0 is amatch and 1 is “don’t care”; for example,0.0.255.255 indicates a match in the first two bytes.


If specifying the interface address, use mask0.0.0.0.

area area-id Specifies the area to be associated with the address.Can be a number or can be similar to an IP addressA.B.C.D. For a single area, the ID must equal 0.



Router ID:• Number by which the router is known to OSPF

• Default: The largest IP address on anactive interface at the moment of OSPF process startup

• Can be overridden by a loopback interface: highestIP address of any active loopback interface

Real Loopback AddressEx: 131.108.17.5• In OSPF table • Uses address space• Can use ping

Bogus Loopback AddressEx: 1.1.1.1• Not in OSPF table• Saves address space• Cannot use ping

Network 131.108.0.0

Configuring OptionalCommands

Configuring Optional CommandsThe following commands can be used to modify OSPF behavior:

■ Modifying the OSPF router ID to a loopback address:

router(config-if)# interface loopback number

The highest IP address used as the router ID can be overridden by configuringan IP address on a loopback interface. OSPF is more reliable if a loopbackinterface is configured because it is always active and cannot go “down” like areal interface. So it is recommended that you use the loopback address on allkey routers, at least. If you plan to publish your loopback address with thenetwork area command, make sure you use a private IP address. Note that aloopback address requires a different subnet for each router.

Pros and cons exist in using a “made-up” or bogus address as opposed to usingreal subnet addresses. In addition to reliability, a bogus address saves on realIP addresses, but the address does not appear in the OSPF table, so it cannot bepinged. This decision represents a trade-off between the ease of debugging thenetwork and conservation of address space.

To determine the router ID of a router, type show ip ospf interface.

■ Modifying router priority—Changing the OSPF priority on an interface isdone using the following interface command:

router(config-if)# ip ospf priority number (from 0 to 255)

The default is 1. A priority value of 0 indicates an interface cannot be electedas DR or BDR.



• Assigns a cost to an outgoing interface• May be required for interoperability• Use default cost between Cisco devices

Cisco Non-Cisco

Traffic

TokenRing

Router(config-if)#

ip ospf cost cost

Configuring OptionalCommands (cont.)

Configuring Optional Commands (cont.)■ Modifying the link cost—Override the default cost value assigned to an OSPF

interface.

router(config-if)# ip ospf cost cost

cost—A number from 1 to 65535 that indicates the metric assigned to theinterface. Path cost is the total of the costs assigned to all interfaces thatforward traffic along the path to the destination.

Cisco’s OSPF default cost assignment is based on the bandwidth of the link.Other vendors might use a different mechanism to assign OSPF cost to a link,so you may have to change the default cost because all interfaces connected tothe same link must agree on the link’s cost.

In general, the path cost in Cisco routers is calculated using theformula:108/Bandwidth. Using this formula, the following are some exampledefault costs:

— 56-kbps serial link—Default cost is 1785

— T1 (1.544-Mbps serial link)—Default cost is 64

— Ethernet—Default cost is 10

— 16-Mbps Token Ring—Default cost is 6

Note On serial lines, the default bandwidth is 1.544 Mbps. If the line is a slower speed,

use the bandwidth command to specify the real link speed. The cost of the link will thenchange to correspond to the bandwidth you configured.



Configuring OSPFover Frame RelayConfiguring OSPFover Frame Relay

• Non-broadcast mode• Point-to-Multipoint mode• Broadcast mode• Point-to-point subinterface mode

Router(config-if)#

ip ospf network { non-broadcast | point-to-multipoint | broadcast }

Configuring OSPF over Frame RelayOSPF over Frame Relay can be configured in four different modes:

■ RFC compliant modes:

– Non-broadcast mode (RFC compliant)

– Point-to-Multipoint mode (RFC compliant)

– Broadcast mode (additional Cisco mode)

– Point-to-point mode (this mode is achieved through the subinterfacepoint-to-point configuration) (additional Cisco mode)

The following command is used to specify the ospf network configuration (notnecessarily the physical configuration):

router(config-if)#ip ospf network {non-broadcast | point-to-multipoint | broadcast}

Ip ospf network Command Description

Non-broadcast Sets the network type to non-broadcast

Point-to-multipoint Sets the network type to point-to-multipoint

Broadcast Sets the network type to broadcast



Configuring OSPF inNon-broadcast modeConfiguring OSPF inNon-broadcast mode

Router(config-router)#

Neighbor ip-address priority number poll-interval sec

R1(config)#interface Serial0

R1(config-if)#ip address 10.1.1.1 255.255.255.0

R1(config-if)#encapsulation frame-relay

R1(config-if)#ip ospf network non-broadcast

R1(config)#router ospf 1

R1(config-router)#network 10.1.1.0 0.0.0.255 area 0

R1(config-router)#neighbor 10.1.1.2



• Non-broadcast mode by default, so no need forthis command

• Neighbor statements necessary

Configuring OSPF in NBMA modeThe selection of the DR becomes an issue in a NBMA mode because the DR andBDR need to have full physical connectivity with all routers that exist on thecloud. Also, because of the lack of broadcast capabilities, the DR and BDR need tohave a static list of all other routers attached to the cloud. This is achieved usingthe neighbor command.

The neighbor commend is somewhat obsolete with the introduction of means ofsetting the interface Network Type to whatever we want irrespective of what theunderlying physical media is. Different methods can be used to avoid thecomplications of configuring static neighbors and having specific routersbecoming DRs or BDRs on the non-broadcast cloud. This is explained in thefollowing section.

The neighbor command is used to configure OSPF routers interconnecting tononbroadcast networks:

router(config-router)#neighbor ip address [priority number] [poll-interval seconds] [cost number]

Neighbor Command Description

Ip address Interface IP address of the neighbor

Priority (Optional) 8-bit number indicating the router priorityvalue of the nonbroadcast neighbor associated with theIP address specified. The default is 0. This keyworddoes not apply to point-to-multipoint interfaces.

Poll-interval (Optional) Unsigned integer value reflecting thepoll interval. RFC 1247 recommends that thisvalue be much larger than the hello interval. The


default is 120 seconds (2 minutes). This keyworddoes not apply to point-to-multipoint interfaces.

Cost (Optional) Assigns a cost to the neighbor, in theform of an integer from 1 to 65535. Neighborswith no specific cost configured will assume thecost of the interface, based on the ip ospf costcommand. On point-to-multipoint interfaces, thisis the only keyword and argument that makesense. This keyword does not apply to NBMAnetworks.



Configuring OSPF inPoint-to-Multipoint mode

Configuring OSPF inPoint-to-Multipoint mode

• No need for DR and neighbor statements• OSPF exchanges additional LSUs• Can be done with Star topology




R1(config-if)#ip ospf network point-to-multipoint



Configuring OSPF in Point-to-Multipoint modeAn OSPF point-to-multipoint interface is defined as a numbered point-to-pointinterface having one or more neighbors. The cloud is configured as one subnet. Noneed to worry about DRs and neighbor statements. OSPF point-to-multipointworks by exchanging additional link-state updates that contain a number ofinformation elements that describe connectivity to the neighboring routers.



Configuring OSPF inBroadcast mode

Configuring OSPF inBroadcast mode




R1(config-if)#ip ospf network broadcast



• No need for DR and neighbor statements• Full mesh topology required or a static selection of

the DR based on priority

Configuring OSPF in Broadcast modeThis approach is a workaround for using the "neighbor" command which staticallylists all existing neighbors. This configuration works best with a fully-meshednetwork.



Configuring OSPF inPoint-to-Point subinterface mode

Configuring OSPF inPoint-to-Point subinterface mode


R1(config-if)#no ip address


R1(config)#interface Serial0.1 point-to-point


R1(config-if)#frame-relay interface-dlci 51

R1(config)#interface Serial0.2 point-to-point


R1(config-if)#frame-relay interface-dlci 52



• OSPF considers each subinterface as aphysical point-to-point network

• Adjacency is automatic

Configuring OSPF in Point-to-Point subinterface modeTo configure subinterfaces on a physical interface, do the following:

1. Select the interface that you want to create subinterfaces on and get into theinterface configuration mode.

2. It is recommended that you remove any network-layer address assigned to thephysical interface and assign the network layer address to the subinterface.

3. Configure Frame Relay encapsulation, as discussed in the “Configuring BasicFrame Relay” section.

4. Select the subinterface you want to configure:

router(config)#interface serial number.subinterface-number {multipoint | point-to-point}

interface serial Command Description

.subinterface-number Subinterface number in the range 1 to 4294967293.The interface number that precedes the period (.) mustmatch the interface number to which this subinterfacebelongs.

multipoint Select this if routing IP and you want all routers in samesubnet.

point-to-point Select this if you want each pair of point-to-pointrouters to have its own subnet.


Verifying OSPF OperationThe following section describes commands to use to verify OSPF operation.


Router#

show ip ospf interface

Verifying OSPF Operation

• Displays area ID and adjacency information

Router#

show ip protocol

• Verifies OSPF is configuredRouter#

show ip route

• Displays all the routes learned by the router

Verifying OSPF OperationThe following commands can be used to verify OSPF operation and statistics.

The show ip protocol displays parameters about timers, filters, metrics, networks,and other information for the entire router.

The show ip route displays the routes known to the router and how they werelearned. This is one of the best ways to determine connectivity between the localrouter and the rest of the internetwork.

The show ip ospf interface verifies that interfaces have been configured in theintended areas. If no loopback address is specified, the interface with the highestaddress is taken as the router ID. It also gives the timer intervals including thehello interval and shows the neighbor adjacencies.



• Displays OSPF timers and statistics

• Displays information about DR/BDRand neighbors

• Displays the link-state database

Verifying OSPF Operation (cont.)

Router#

show ip ospf neighbor detail

Router#

show ip ospf database

Router#

show ip ospf


The show ip ospf displays the number of times the shortest path first (SPF)algorithm has been executed. It also shows the link-state update interval, assumingno topological changes have occurred.

The show ip ospf neighbor detail displays details list of neighbors, theirpriorities, and their state, for example, init, exstart, or full.

The show ip ospf database displays the contents of the topological databasemaintained by the router. The command also shows the router ID and the OSPFprocess ID. A number of database types can be shown with this command usingkeywords. Refer to the Cisco IOS Command Reference, Part 1 manual for detailsabout the keywords.




• Allows you to clear the IP routing table

Router#

clear ip route *

Router#

debug ip ospf

• Displays router interaction during thehello, exchange, and flooding processes

Verifying OSPF Operation (cont.)The following commands and their associated options can be used whentroubleshooting OSPF. These will be discussed further in the “Configuring OSPF”lab exercise.

■ Reset the IP routing table using the following options:

p2r2# clear ip route ?

* Delete all routes

A.B.C.D Destination network route to delete

■ Debug a variety of OSPF operations using the following debug options:

p2r2# debug ip ospf ?

adj OSPF adjacency events

events OSPF events

flood OSPF flooding

lsa-generation OSPF lsa generation

packet OSPF packets

retransmission OSPF retransmission events

spf OSPF spf

tree OSPF database tree



show ip ospf interfaceshow ip ospf interface

R2#sh ip ospf int e0Ethernet0 is up, line protocol is up Internet Address 192.168.0.12/24, Area 0 Process ID 1, Router ID 192.168.0.12, Network Type BROADCAST, Cost: 10 Transmit Delay is 1 sec, State DROTHER, Priority 1 Designated Router (ID) 192.168.0.11, Interface address 192.168.0.11 Backup Designated router (ID) 192.168.0.13, Interface address 192.168.0.13 Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 Hello due in 00:00:04 Neighbor Count is 3, Adjacent neighbor count is 2 Adjacent with neighbor 192.168.0.13 (Backup Designated Router) Adjacent with neighbor 192.168.0.11 (Designated Router) Suppress hello for 0 neighbor(s)

Show ip ospf interface commandThe show ip ospf interface command displays OSPF-related interfaceinformation:

Router>show ip ospf interface [type number]

Show ip ospf interfaceCommand

Description

Type (optional) Interface type

Number (Optional) Interface number



Show ip ospf neighborMultiaccess and Point-to-Point

Show ip ospf neighborMultiaccess and Point-to-Point

Neighbor ID Pri State Dead Time Address Interface192.168.0.13 1 2WAY/DROTHER 00:00:31 192.168.0.13 Ethernet0192.168.0.14 1 FULL/BDR 00:00:38 192.168.0.14 Ethernet0192.168.0.11 1 2WAY/DROTHER 00:00:36 192.168.0.11 Ethernet0192.168.0.12 1 FULL/DR 00:00:38 192.168.0.12 Ethernet0

OSPF over Ethernet - Multiaccess network

Neighbor ID Pri State Dead Time Address Interface192.168.0.11 1 FULL/ - 00:00:39 10.1.1.2 Serial1

OSPF over HDLC - Point-to-Point network

Show ip ospf neighbor command– multiaccess and point-to-pointmode

The show ip ospf neighbor OSPF-neighbor information on a per-interface basis:

Router>show ip ospf neighbor [type number] [neighbor-id] [detail]

Show ip ospf neighborCommand

Description

Type (optional) Interface type

number (Optional) Interface number

Neighbor-id (Optional) Neighbors ID.

detail (Optional) Displays all neighbors given in detail (list allneighbors).



Show ip ospf neighbor (cont.)NBMA network


Neighbor ID Pri State Dead Time Address Interface192.168.0.12 1 FULL/DROTHER 0:01:56 10.1.1.2 Serial0192.168.0.13 0 FULL/DROTHER 0:01:34 10.1.1.3 Serial0192.168.0.11 1 FULL/BDR 0:01:56 10.1.1.1 Serial0

OSPF over Frame Relay - Non-broadcast modeusing the neighbor command

Show ip ospf neighbor command (cont.) – Non-broadcast modeIf this example, though not visible, the neighbor statement was used under therouter ospf command, so the adjacencies could be established.





Neighbor ID Pri State Dead Time Address Interface192.168.0.14 1 FULL/DR 00:00:30 10.1.1.4 Serial0192.168.0.13 1 FULL/DROTHER 00:00:36 10.1.1.3 Serial0192.168.0.12 1 FULL/DROTHER 00:00:39 10.1.1.2 Serial0

OSPF over Frame Relay - Broadcast mode

Show ip ospf neighbor command (cont.) – Broadcast mode



R2#show ip ospf database

OSPF Router with ID (192.168.0.12) (Process ID 1)

Router Link States (Area 0)

Link ID ADV Router Age Seq# Checksum Link count192.168.0.10 192.168.0.10 817 0x80000003 0xFF56 1192.168.0.11 192.168.0.11 817 0x80000003 0xFD55 1192.168.0.12 192.168.0.12 816 0x80000003 0xFB54 1192.168.0.13 192.168.0.13 816 0x80000003 0xF953 1192.168.0.14 192.168.0.14 817 0x80000003 0xD990 1

Net Link States (Area 0)

Link ID ADV Router Age Seq# Checksum192.168.0.14 192.168.0.14 812 0x80000002 0x4AC8

show ip ospf databaseshow ip ospf database

Show ip ospf database commandWhen using the show ip ospf database command, you wish to confirm that yourrouter is aware of all segment in your area. You are also seen the advertisingrouter, the DR.



Debug ip ospf adjDebug ip ospf adj

192.168.0.14 on Ethernet0, state 2WAYOSPF: end of Wait on interface Ethernet0OSPF: DR/BDR election on Ethernet0OSPF: Elect BDR 192.168.0.14OSPF: Elect DR 192.168.0.14 DR: 192.168.0.14 (Id) BDR: 192.168.0.14 (Id)OSPF: Send DBD to 192.168.0.14 on Ethernet0 seq 0x11DB opt 0x2 flag 0x7 len 32OSPF: Build router LSA for area 0, router ID 192.168.0.11OSPF: Neighbor change Event on interface Ethernet0OSPF: Rcv DBD from 192.168.0.14 on Ethernet0 seq 0x1598 opt 0x2 flag 0x7 len 32state EXSTARTOSPF: NBR Negotiation Done. We are the SLAVEOSPF: Send DBD to 192.168.0.14 on Ethernet0 seq 0x1598 opt 0x2 flag 0x2 len 52OSPF: Rcv DBD from 192.168.0.14 on Ethernet0 seq 0x1599 opt 0x2 flag 0x3 len 92state EXCHANGEOSPF: Exchange Done with 192.168.0.14 on Ethernet0OSPF: Send DBD to 192.168.0.14 on Ethernet0 seq 0x159A opt 0x2 flag 0x0 len 32OSPF: Synchronized with 192.168.0.14 on Ethernet0, state FULLOSPF: Build router LSA for area 0, router ID 192.168.0.11OSPF: Neighbor change Event on interface Ethernet0OSPF: DR/BDR election on Ethernet0OSPF: Elect BDR 192.168.0.13OSPF: Elect DR 192.168.0.14 DR: 192.168.0.14 (Id) BDR: 192.168.0.13 (Id)

Debug ip ospf adj commandWhen using the debug ip ospf adj command to debug adjacency, you wish tomonitor the election of the DR and BDR as shown on the screen capture.

Be advised that the command is really: debug ip ospf adj



Summary

OSPF is a scalable, standards-based link-state routing protocol

Link-state protocol

OSPF benefits include:• No hop count limit

• Mulitcasts routing updates

• Faster convergence

• Better path selection

Summary


Case Study


OSPF Single AreaConsiderations

OSPF Single AreaConsiderations

Area 0 Process ID = 31

Area 0 Process ID = 63

Process ID = 109

PID = 16

PID = 17

PID = 18

PID = 19

RequiresInternal Route Redistribution

Frame Relay

Area 0

Ethernet

Point-to-Point

Point-to-Point

OSPF Single Area ConsiderationsFollowing are some points to consider when designing an OSPF network:

■ Which router should be the DR/BDR? Should I use the priority command?

■ For NBMA, what would be the advantages and disadvantages of each of thefollowing mode in terms of IP subnet addresses and how would the adjacencybe done:

– Non-broadcast

– Point-to-Multipoint

– Broadcast

– Point-to-point subinterface

■ If my router is running two separate OSPF Process, do I wish to redistributethe routes learned on one ID to the next Process ID? (Redistribution will bediscussed later in the course).


Answers to Written Exercise: OSPF OperationTask: Answer the following questions.


Refer to the list of reasons in the “What Is OSPF?” section.



— If the entry already exists and the received LSU has the sameinformation, it resets the aging timer on the LSA entry and sends anLSAck to the DR. (Recall that the DR is the central point of contactduring the flooding process.)

— If the entry already exists but the LSU includes new information, it sendsa LSR to request all the information about the entry.

— If the entry already exists but the LSU includes older information, itsends an LSU with its information.


— The exchange process is used to get neighboring routers into a Full state.To be initiated, two routers must agree on a master-slave relationship.The process enables them to synchronize their link-state databases usingDDPs. Once in a Full state the exchange process does not get done againunless the Full state is changed to a different state.

— The flooding process is used anytime there is a change in a link-state,such as the link goes down or a new link is added to the network. In thisprocess, all link-state changes are sent in LSU packets to the DR/BDR ofthe area. The DR is then responsible for forwarding the LSUs to all otherrouters in the network.


— Internal router—A router that resides within an area and routes traffic.

— LSU—A link-state update packet. This packet includes updateinformation about link-state advertisements.

— DDP—A database description packet. This packet is used during theexchange protocol and includes summary information about link-stateentries.

— Hello packet—Used during the hello process, includes information thatenables routers to establish themselves as neighbors.


___D area A) The router responsible for route synchronization.

___B Full state B) Indicates routers can route information.

___A DR C) Indicates routers can discover link state information.


___C Exchange state D) A collection of routers and networks.


Non-broadcast

Point-to-Multipoint


Broadcast

Point-to-point

.

7

Interconnecting MultipleOSPF Areas

Copyright 1999, Cisco Systems, Inc. Interconnecting Multiple OSPF Areas 7-2


Objectives

Upon completion of this chapter, you willbe able to perform the following tasks:• Describe the issues with interconnecting

multiple areas and how OSPF addresses each• Explain the differences between the possible

types of areas, routers, and LSAs• Configure a multiarea OSPF network• Configure area as Stubby, Totally Stubby and

Not-so-stubby-area• Verify OSPF operation

ObjectivesThis chapter covers the use, operation, configuration, and verification of OSPF.

Sections:

■ Objectives

■ Creating Multiple OSPF Areas

■ OSPF Operation across Multiple Areas

■ Written Exercise: OSPF Operation across Multiple Areas

■ Using and Configuring OSPF Multiarea Components

■ Verifying OSPF Operation

■ Summary

■ Lab Exercise: Configuring a Multiarea Network


■ Supplement A—OSPF Multiarea Configuration Examples

■ Supplement B—Virtual Links Overview

■ Supplement C—Not-So-Stubby Areas (NSSA) Overview


Creating Multiple OSPF Areas

Note This chapter presents OSPF capabilities. OSPF design is covered in the CiscoInternetwork Design course.


Issues with Maintaining aLarge OSPF Network

OSPFOSPF

OSPF

OSPF

OSPF

My routing table is too big, I am running low on memory.

The SPF is running toooften for me to route.

I am only receivingLSAs, no data.

Issues with Maintaining a Large Single-Area OSPF NetworkThus far you have seen how OSPF operates within a single area. What issueswould arise if this single area ballooned into having 400 networks? The followingissues, at a minimum, would need to be addressed:

■ Frequent SPF calculations—With such a large network, network changes areinevitable, so the routers would have to spend many more CPU cyclesrecalculating the routing table.

■ Large routing table—Each router would need to maintain at least one entry forevery network, that is, at least 400 networks. And assuming that there weremultiple paths to 25 percent of the networks, then that is another 100 entries.

■ Large link-state table—Because the link-state table includes the completetopology of the network, each router would need to maintain an entry for everynetwork in the area, even of the routes not selected for the routing table.

It is because of these kinds of issues that OSPF was written to allow large areas tobe separated into smaller, more manageable areas that can still exchange routinginformation.



Area 0

Area 1 Area 2

Autonomous System

• Consists of areas and autonomous systems

• Minimizes routing update traffic

The Solution: OSPFHierarchical Routing

The Solution: OSPF Hierarchical RoutingOSPF’s ability to separate a large internetwork into multiple areas is also referredto as hierarchical routing. Hierarchical routing enables you to separate largeinternetworks (autonomous system) into smaller internetworks that are calledareas. With this technique, routing still occurs between the areas (called interarearouting), but many of the minute internal routing operations such as recalculatingthe database are kept within an area. For example, if area 1 is having problemswith a link going up and down, routers in other areas need not continually run theirSPF calculation because they are isolated from the area 1 problem.

The hierarchical topology possibilities of OSPF have several importantadvantages:

■ Reduced frequency of SPF calculations—Because detailed route informationis kept within each area, it is not necessary to flood all link-state changes to allother areas. Thus, not all routers need to run the SPF calculation, only thoseaffected by the change.

■ Smaller routing tables—When using multiple areas, detailed route entries forspecific networks within an area are kept in the area. Instead of advertisingthese explicit routes outside the area, you can have the routes summarized intoone or more summary addresses. Advertising these summaries reduces theamount of LSAs propagated between areas, but keeps all networks reachable.

■ Reduced LSU overhead—LSUs can contain a variety of LSA types, includinglink-state information and summary information. Rather than send an LSUabout each network within an area, you can advertise a single or fewersummarized routes between areas to reduce the overhead associated with link-state updates when they are crossing areas.



OSPF Multiarea Components

Area 0I am a backbone.

Area 2I am a stub.

Area 1I am standard.

Areas Routers LSAs

Internal

ABR

ASBR

Backbone

Type 1


Type 2


Type 3/4


Type 5


OSPF Multiarea ComponentsHierarchical routing enables routing efficiency because it allows you to control thetypes of routing information that you allow in and out of an area. The way OSPFenables different types of routing updates is to assign characteristics to each areaand the routers connecting the areas. The characteristics an area and router havegovern how they process routing information, including what types of LSUs arouter can create, receive, and send. This subsection provides an overview of thefollowing OSPF multiarea components; details about their usage and configurationappear in the following section:

■ Types of areas

■ Types of routers

■ Types of LSAs



Types of OSPF Routers

InternalRouters

Area 1 Area 2

ASBR andBackbone

Router

Backbone/InternalRouters

ABR and Backbone

Router

Backbone Area 0

ExternalAS

ABR and Backbone

Router

InternalRouters

Types of OSPF RoutersTo control the traffic types that go in and out of the various types of areas, youneed certain types of OSPF routers. The router types are as follows:

■ Internal router—As already discussed, routers that have all interfaces in thesame area are internal routers. Internal routers within the same area haveidentical link-state databases and run a single copy of the routing algorithm.

■ Backbone routers—Routers that sit on the perimeter of the backbone area.They have at least one interface connected to area 0.These routers maintainOSPF routing information using the same procedures and algorithms asinternal routers.

■ Area Border Router (ABR)—Routers that have interfaces attached to multipleareas. These routers maintain separate link-state databases for each area towhich they are connected, and route traffic destined for or arriving from otherareas. ABRs are exit points for the area, which means routing informationdestined for another area can only get there via the local area’s ABR. ABRssummarize information from their link-state databases of their attached areasand distribute the information into the backbone. The backbone ABRs thenforward the information to all other connected areas. An area can have one ormore ABR.

■ Autonomous System Boundary Router (ASBR)—Routers that have at leastone interface into an external internetwork (another autonomous system), suchas a non-OSPF network. These routers can import (referred to asredistribution) non-OSPF network information to the OSPF network, and visaversa.

A router can be more than one router type. For example, if a router interconnectsto area 0 and area 1, as well as to a non-OSPF network, it would be both an ABRand ASBR.


A router has a separate link-state database for each area it is connected to.Therefore, a ABR would have a link-state database for Area 0 and another link-state database for the other area it participates to. Two routers belonging to thesame area have, for that one area, identical area link-state databases.

Also, remember that Link-state databases are synchronized between pairs ofadjacent routers, meaning that it is synchronized between a router and its DR/BDR



Types of Link-StateAdvertisements

Router

Area 1 Area 0

Network

Summary

External

ABR

DR

ASBR ExternalAS

p1r3#show ip ospf database OSPF Router with ID (10.64.0.1) (Process ID 1)

Router Link States (Area 1)Link ID ADV Router Age Seq# Checksum Link count10.1.2.1 10.1.2.1 651 0x80000005 0xD482 4

Net Link States (Area 1)Link ID ADV Router Age Seq# Checksum10.64.0.1 10.64.0.1 538 0x80000002 0xAD9A

Summary Net Link States (Area 1)Link ID ADV Router Age Seq# Checksum10.2.1.0 10.2.1.2 439 0x80000002 0xE6F8

Types of Link-State AdvertisementsFollowing are the types of LSAs that can be included in an LSU:


LSAType

Name Description

1 Router link entry(record)

(O-OSPF)

Generated by each router for each area it belongs to.It describes the states of the router's link to the area.These are only flooded within a particular area. Thelink status and cost are two of the descriptorsprovided.

2 Network link entry

(O-OSPF)

Generated by DRs in multiaccess networks. Theydescribe the set of routers attached to a particularnetwork. Flooded within the area that contains thenetwork only.

3 or 4 Summary link entry

(IA-OSPF Inter area)

Originated by ABRs. Describes the links between theABR and the internal routers of a local area. Theseentries are flooded throughout the backbone area tothe other ABRs. Type-3 describes routes to networkswithin the local area and are sent to the backbonearea. Type-4 describes reachability to ASBRs. Theselink entries are not flooded through totally stubbyareas.

5 Autonomous systemexternal link entry

(E1-OSPF externaltype-1)

(E2-OSPF externaltype-2)

Originated by the ASBR. Describes routes todestinations external to the autonomous system.Flooded throughout an OSPF autonomous systemexcept for stub and totally stubby areas.

Note All LSA types, except the AS-external-LSAs (LS type = 5), are flooded throughout

a single area only.



Calculating Costs for Summary andAS External Routes

Area 1 Area 0

1010 R1R5 R4

R 3’s Cost to:AS1 (E1) via R1 = 1795AS1 (E1) via R3 = 1785

10

1785

1785

AS1

R3

R 5’s Cost to:AS1 (E1) via R1 = 1815AS1 (E1) via R3 = 1805

E1E1

E1

Calculating Costs for Summary and AS External RoutesHow you calculate the cost for summary and external routes is as follows:

■ Calculating the cost for summary routes

The cost of a summary route is the smallest cost of a given interarea route thatappears in the summary plus the cost of the ABR link to the backbone. So ifthe ABR link to the backbone was 50, and the summary router had twointerarea routes, one at cost 49 and the other at cost 50, the total costassociated with the summary route would be 99. This calculation is doneautomatically for each summary route.

■ Calculating the cost of external routes

The cost of an external route differs depending on the external type configuredon the ASBR. You configure the router to generate one of the followingexternal packet types:

— Type-1 (E1)—If a packet is an E1, then the metric is calculated by addingthe external cost to the internal cost of each link the packet crosses. Usethis packet type when you have multiple ASBRs advertise a route to thesame autonomous system.

— Type-2 (E2)—(The default.) If a packet is an E2, then the packet willalways have the external cost assigned, no matter where in the area itcrosses. Use this packet type if only one router is advertising a route tothe autonomous system. Type-2 routes are preferred over type-1 routesunless two same-cost routes exist to the destination.

Note When different routing protocols exchange routing information, it is referred to as

redistribution. Redistribution is discussed in the “Optimizing Routing Update Operation”chapter.



Types of Areas

Stub Area Totally StubbyArea

Backbone Area 0

��

Does not acceptexternal LSAs.

��

Interconnects areas;

accepts all LSAs.

��

Does not acceptexternal or summary LSAs.

Types of AreasThe characteristics you assign an area controls the type of route information that itcan receive. The area types possible are as follows:

■ “Standard” area—An area that operates as discussed in the “ConfiguringOSPF” chapter. This area can accept link updates and route summaries.

■ Backbone area (transit area)—When interconnecting multiple areas, thebackbone area is the central entity to which all other areas connect. Thebackbone area is always labeled “0.” All other areas must connect to this areain order to exchange and route information. The OSPF backbone has all of theproperties of a standard OSPF area.

■ Stub area—Refers to an area that does not accept information about routesexternal to the autonomous system (that is, the OSPF internetwork) such asroutes from non-OSPF sources. If routers need to route to networks outside theautonomous system, they use a default route. A default route is noted as0.0.0.0.

■ Totally stubby area—An area that does not accept external autonomous system(AS) routes and summary routes from other areas internal to the autonomoussystem. Instead, if the router needs to send a packet to a network external tothe area, it sends it using a default route.

The following page shows example routing tables for some of the area types listed.


Routing Table Results with Different LSAsFollowing is a comparison of routing tables that result when using stub and totallystubby areas.


OSPF Operation across Multiple AreasThis section summarizes how routers generate link information, flood information,and build their routing tables when operating within a multiarea environment.

Note OSPF router operation is complex and accounts for numerous possible scenarios

based on the nature of the network. This section provides a basic overview; refer to theOSPF version 2 RFC for more detailed information


Forwarding Packets in aMultiarea Network

BBone

Internal InternalABR2ABR1

Area 50

Data


To ABR1 To Backbone To ABR2

To DestinationNetwork

Area 1 Area 0

Forwarding Packets in a Multiarea NetworkBefore reviewing how ABRs and other router types process route information, youshould know how a packet makes its way across multiple areas. In general, thepath a packet must take is as follows:

■ If the packet is destined for a network within an area, then it is forwarded fromthe internal router, through the area to the destination internal router.

■ If the packet is destined for a network outside the area, it must go through thefollowing path:

— The packet goes from the source network to an ABR.

— The ABR sends the packet through the backbone area to the ABR of thedestination network.

All packets must cross the backbone when being forwarded from one areato another.


— The destination ABR then forwards the packet through the area to thedestination network.



Type 5

afa djfjorqpoeru

395 47439070713

Flooding LSUs to MultipleAreas

Area 1 Area 0

BBone

InternalABR2ABR1

Area 50-Stub

Type 1


Type 3


RIP

Type 3


Type 5


Internal

Default


Flooding LSUs to Multiple AreasABRs are responsible for generating routing information about each area to whichthey are connected and flooding the information through the backbone area to theother areas to which they are connected. The general process for flooding is asfollows:

1. The intra-area routing process, as discussed in the “Configuring OSPF in aSingle Area” chapter, occurs. Note that the entire intra-area must besynchronized before the ABR can begin sending summary LSAs.

2. The ABR reviews the resulting link-state database and generates summaryLSAs.

By default, the ABR sends summary LSAs for each network that it knowsabout. To reduce the number of summary LSA entries, you can configure routesummarization so that a single IP address can represent multiple networks. Touse route summarization, your areas need to use contiguous IP addressing, asdiscussed in the “Extending IP Addressing Using VLSMs” chapter. The betteryour IP address plan, the lower the number of summary LSAs entries an ABRsends to advertise.

3. The summary LSAs (types 3 and 4) are placed in an LSU and distributedthrough all ABR interfaces, with the following exceptions:

— If the interface is connected to a neighboring router that is in a state belowthe exchange state, then the summary LSA is not forwarded.

— If the interface is connected to a totally stubby area, then the summaryLSA is not forwarded.

— If the summary LSA includes a type-5 (external) route and the interface isconnected to a stub or totally stubby area, then the LSA is not sent to thatarea.



Flooding LSUs to MultipleAreas (cont.)

��

Routing Table��

Interarea routes

Intra-area routes

External (non-OSPF routes)

Area 1

Area 1 Area 0

Area 1 RIP

Flooding LSUs to Multiple Areas (cont.)4. Once an ABR or ASBR receives summary LSAs, it adds them to their link-state

databases, and floods them to their local area. The internal routers thenassimilate the information into their databases.

Note that to reduce the number of route entries internal routers maintain, youcan define the area as stub, totally stubby, or not so stubby.

Updating the Routing TableOnce all router types receive the routing updates, they must add them to their link-state databases and recalculate their routing tables. The order in which paths arecalculated is as follows:

1. All routers first calculate the paths to destinations within their area and addthese entries into the routing table. These are the type-1 and type-2 LSAs.

2. All routers then calculate the paths to the other areas within the internetwork.These paths are the interarea route entries, or type-3 and type -4 LSAs. If arouter has an interarea route to a destination and an intra-area route to the samedestination, the intra-area route is kept.

3. All routers, except those that are in a form of stub area, then calculate the pathsto the AS external (type-5) destinations.

At this point, a router can get to any network within or outside the OSPFautonomous system.


Virtual Links Overview


• Backbone center of communication• Virtual links provide path to backbone• Avoid configuring virtual links if possible

Meeting the Backbone AreaRequirements

Area 3

��

Area 1 Area 2Virtual Link

Area 0(Backbone)

Transit Area

Meeting the Backbone Area RequirementsOSPF has certain restrictions when multiple areas are configured. One area mustbe defined as area 0, the backbone area. It is called the backbone because allcommunication must go through it. That is, all areas should be physicallyconnected to area 0 so that the routing information injected into area 0 can bedisseminated to other areas.

There are situations, however, where a new area is added after the OSPFinternetwork has been designed and configured and it is not possible to providethat new area with direct access to the backbone. In these cases, a virtual link canbe defined to provide the needed connectivity to the backbone area. The virtuallink provides the disconnected area a logical path to the backbone. The virtual linkhas two requirements:

■ It must be established between two routers that share a common area.

■ One of these two routers must be connected to the backbone.

When virtual links are used, they require special processing during the SPFcalculation. That is, the “real” next hop router must be determined so the true costto get to a destination across the backbone can be calculated.



Link discontiguous backbone

• Merged networks

• Redundancy• “Point-to-Point” Links

Meeting the Backbone AreaRequirements (cont.)

��Area 3

Area 0 Area 0

Transit AreaArea 1 Area 2

Meeting the Backbone Area Requirements (cont.)Virtual links serve the following purposes:

■ Linking an area that does not have a physical connection to the backbone. Thislinking could occur when two organizations merge, for example.

■ Patching the backbone in case discontinuity of area 0 occurs.

The graphic illustrates the second purpose. Discontinuity of the backbone mightoccur if, for example, two companies, each running OSPF, are trying to merge thetwo separate networks into one with a common area 0. The alternative would be toredesign the entire OSPF network and create a unified backbone.

Another reason for creating a virtual link is to add redundancy in cases where arouter failure causes the backbone to be split into two.

In the graphic, the disconnected area 0s are linked via a virtual link through thecommon area 3. If a common area does not already exist, one can be created tobecome the transit area.

For adjacency purposes, OSPF treats two routers joined by a virtual-links if theywere connected by an unnumbered point-to-point backbone network.


Written Exercise: OSPF Operation across Multiple AreasObjective: Describe the issues with interconnecting multiple areas and how OSPFaddresses these issues.

Objective: Compare the function of the different router, area, and LSA types usedby OSPF.

1 Define hierarchical routing and explain what internetwork problems it solves.

______________________________________________________________

______________________________________________________________

2 An internal router will receive type-5 LSAs if it is what type of area?

______________________________________________________________

______________________________________________________________

3 What area types are connected to the backbone area?

______________________________________________________________

______________________________________________________________

4 The backbone must be configured as what area?

______________________________________________________________


— Type-1 LSA_________________________________________________

— Type-2 LSA_________________________________________________

— Type-3/4 LSAs_________________________________________________

— Type-5 LSA_________________________________________________

6 Describe the path a packet must take in order to get from one area to another.

______________________________________________________________

______________________________________________________________

7 When is a default route injected into an area?

______________________________________________________________

______________________________________________________________


Using and Configuring OSPF MultiareaComponents

This section presents how to configure OSPF for Multiarea


Configuring OSPF ABRs

E010.64.0.1

10.64.0.2E0

S010.2.1.2

10. 2.1.1S1A B C

ABR

<Output Omitted>interface Ethernet0 ip address 10.64.0.1 255.255.255.0!<Output Omitted>router ospf 77 network 10.0.0.0 0.255.255.255 area 0

Area 1Area 0

<Output Omitted>interface Ethernet0 ip address 10.64.0.2 255.255.255.0!interface Serial0 ip address 10.2.1.2 255.255.255.0<Output Omitted>router ospf 50 network 10.2.1.2 0.0.0.0 area 1 network 10.64.0.2 0.0.0.0 area 0

Configuring OSPF ABRsThere are no special commands to make a router an ABR or ASBR. The routertakes on this role by virtue of the areas to which it is connected. As a reminder, thebasic OSPF configuration steps are as follows:

Step 1 Enable OSPF on the router.

router(config)# router ospf process-id

Step 2 Identify which IP networks on the router are part of the OSPF network.For each network, you must identify what area the network belongs to.When configuring multiple OSPF areas, make sure to associate thecorrect network addresses with the desired area ID, as shown in thegraphic.

router(config-router)# network address wildcard-mask area area-id

Step 3 (Optional) If the router has at least one interface connected into a non-OSPF network, perform the proper configuration steps. At this point therouter will be acting as an ASBR. How the router exchanges(redistributes) non-OSPF route information with the other OSPF routersis discussed in the “Optimizing Routing Update Operation” chapter.


Note Refer to the “Configuring OSPF for a Single Area” chapter for details about basic

OSPF configuration commands.



Default


Default


Summary


Default


Using Stub and Totally StubbyAreas

Area 1—Totally StubbyArea 0

InternalABR2ABR1

Area 50—Stub

Summary


External External


ASBR

RIP

InternalNon-Cisco

Router

BBone


Summary


Using Stub and Totally Stubby AreasOSPF allows areas to be configured as stub and totally stubby areas. Theirdifferences are as follows:

■ Configuring a stub area reduces the size of the link-state database inside anarea and as a result reduces the memory requirements of routers inside thatarea. External networks (type-5 LSAs), such as those redistributed from otherprotocols into OSPF, are not allowed to be flooded into a stub area. Routingfrom these areas to the outside world is based on a default route (0.0.0.0). Adefault route means that if a packet is addressed to a network that is NOT in aninternal router’s route table, the router automatically forwards the packet to theABR that sent a 0.0.0.0 LSA, which allows routers within the stub to reducethe size of their routing tables because a single default route replaces the manyexternal routes.

A stub area is typically created when you have a hub and spoke topology, withthe spoke being the stub area, such as a branch office. In this case, the branchoffice does not need to know about every network at the headquarters site,instead it can use a default route to get there.

■ To further reduce the number of routes in a table, you can create a totallystubby area, which is a Cisco-specific feature. A totally stubby area is a stubarea that blocks external type-5 LSAs and summary (type 3/4) LSAs (interarearoutes) from going into the area. This way, intra-area routes and the default of0.0.0.0 are the only routes known to the stub area. ABRs inject the defaultsummary link 0.0.0.0 into the totally stubby area. Each router picks the closestABR as a gateway to everything outside the area.

Totally stubby areas further minimize routing information (as compared tostub areas) and increase stability and scalability of OSPF internetworks. This


is typically a better solution than creating stub areas, unless the target area usesa mix of Cisco and non-Cisco routers.



• Typically single exit point into area, if multiple exitpoints, suboptimal paths may be selected

• An ASBR cannot be internal to stub

• Area is not the backbone Area 0

Stub and Totally Stubby AreaRestrictions

Single Exit Point

Area 20.0.0.0

ExternalAS

R4

XXR3

Stub and Totally Stubby Area RestrictionsAn area could be qualified as a stub or totally stubby when:

■ There is a single exit point from that area, or if there are multiple exits(ABRs), routing to outside of the area does not have to take an optimal path. Ifthe area has multiple exits, one or more ABR will inject a default into the stubarea. In this situation, routing to other areas or autonomous systems could takea suboptimal path in reaching the destination by going out of the area via anexit point that is farther to the destination than other exit points.

■ All OSPF routers inside the stub area (ABRs and internal routers) areconfigured as stub routers so that they will become neighbors and exchangerouting information. The configuration commands for creating stub networksare covered later in this chapter.

■ The area is not needed as a transit area for virtual links. (Virtual links arediscussed in Supplement B at the end of this chapter.)

■ No ASBR is internal to the stub area.

■ The area is not the backbone area (area 0).

These restrictions are made because a stub/totally stubby area is mainly configurednot to carry external routes, and any of the situations described cause external linksto be injected in that area.



• Creates a stub area

• Specifies cost for default route sentinto stub area


area area-id stub [ no-summary ]


area area-id default-cost cost

Configuring Stub and TotallyStubby Areas

Configuring Stub and Totally Stubby AreasTo configure an area as stub or totally stubby, do the following:

Step 1 Configure OSPF, as described in the “Configuring OSPF ABRs” section.

Step 2 Define an area as stub/totally stubby by adding this command to ALLrouters within the area:

router(config-router)# area area-id stub [no summary]

area stub Command Description

area-id Identifier for the stub/totally stubby area. Theidentifier can be either a decimal value or an IPaddress.

no-summary (Only for ABRs connected to totally stubbyareas.) Prevents an ABR from sending summarylink advertisements into the stub area. Use thisoption for creating a totally stubby area.

Step 3 (Optional. for ABRs only) Define the cost of the default route that isinjected in the stub/totally stubby area.



OSPF Stub Area ConfigurationExample��

��

192.168.15.2

Area 0

Stub Area 2

192.168.14.1 192.168.15.1S0

S0E0

ExternalAS

R4

R3

R3#

interface Ethernet 0ip address 192.168.14.1 255.255.255.0interface Serial 0 ip address 192.168.15.1 255.255.255.252

router ospf 100network 192.168.14.0 0.0.0.255 area 0network 192.168.15.0 0.0.0.255 area 2area 2 stub

R4#

interface Serial 0 ip address 192.168.15.2 255.255.255.252

router ospf 15network 192.168.15.0 0.0.0.255 area 2area 2 stub

router(config-router)# area area-id default-cost cost

area default-cost Command Description

area-id Identifier for the stub area. The identifier canbe either a decimal value or an IP address.

cost Cost for the default summary route used for astub/totally stubby area. The acceptable valueis a 24-bit number. The default cost is 1.

OSPF Stub Area Configuration ExampleIn this example, area 2 is defined as the stub area. No external routes from theexternal autonomous system will be forwarded into the stub.

The last line in each configuration, area 2 stub, defines the stub area. The areastub default-cost has not been configured on R3, so this router will advertise0.0.0.0 (the default route) with a default cost metric of 1 plus any internal costs.

Each router in the stub must be configured with the area stub command.

The only routes that will appear in R4’s routing table are intra-area routes(designated with an O in the routing table), the default route, and interarea routes(both designated with an IA in the routing table; the default route will also bedenoted with an asterisk).

Note The area stub command determines whether the routers in the stub become

neighbors. This command must be included in all routers in the stub if they are to exchangerouting information.



��

192.168.15.2

Area 0 Totally Stubby

Area 2

192.168.14.1 192.168.15.1S0

S0E0

ExternalAS

R4

R3

R4#

router ospf 15network 192.168.15.0 0.0.0.255 area 2area 2 stub

OSPF Totally StubbyConfiguration Example

R3#

router ospf 100network 192.168.14.0 0.0.0.255 area 0network 192.168.15.0 0.0.0.255 area 2area 2 stub no-summary

OSPF Totally Stubby Configuration ExampleIn this example, the keyword no-summary has been added to the area stubcommand on R3. This keyword causes summary routes (interarea) to also beblocked from the stub. Each router in the stub picks the closest ABR as a gatewayto everything outside the area.

The only routes that will appear in R4’s routing table are intra-area routes(designated with an O in the routing table) and the default route. No interarearoutes (designated with an IA in the routing table) will be included.

Note It is only necessary to configure the no-summary keyword on the totally stubby

border routers because the area is already configured as stub.



NSSA Overview

External AS

4

Branch Office

RIP or EIGRP 10.10.0.0/16 10.11.0.0/16

20.0.0.0/8

NSSA 1

19.2 kbps

172.19.92.0

2

1

10.10.0.0/16 10.11.0.0/16 20.0.0.0/8

Backbone Area 1172.19.89.0/24

Central Site

3 10.10.0.0/16 10.11.0.0/16 20.0.0.0/8

Type-7 Type-5

A B

Exchange 10.10.0.0, 10.11.0.0, and 20.0.0.0 to advertise to outside areas

Not-So-Stubby Areas (NSSA) Overview

NSSA was first introduced in Cisco IOS Release 11.2. It is based on RFC 1587,The OSPF NSSA Option. NSSA enables you to make a hybrid stub area in that thearea can accept some autonomous system external routes, referred to as type-7LSAs. Use a NSSA if you are an Internet service provider (ISP) or a networkadministrator that must connect a central site using OSPF to a remote site using adifferent protocol, such as RIP or EIGRP. You can use NSSA to simplify theadministration of this kind of topology. Prior to NSSA, the connection between thecorporate site ABR and the remote router used RIP or EIGRP, which meantmaintaining two routing protocols. Now, with NSSA, you can extend OSPF tocover the remote connection by defining the area between the corporate router andthe remote router as an NSSA, as shown in the graphic.

In the graphic, router A is defined as an ASBR. It is configured to exchange anyroutes within the RIP/EIGRP domain to the NSSA. Following is what happenswhen using an NSSA:

1 Router A receives RIP or EGRP routes for networks 10.10.0.0/16,10.11.0.0/16, and 20.0.0.0/8.

2 Router A, connected to the NSSA, imports the non-OSPF routes as type-7LSAs into the NSSA.

3 Router B, an ABR between the NSSA and the backbone area 0, receives thetype-7 LSAs.

4 After the SPF calculation on the forwarding database, router B translates thetype-7 LSAs into type-5 LSAs and then floods them throughout backbonearea 0.

It is at this point that router B could have summarized routes 10.10.0.0/16 and10.11.0.0/16 as 10.0.0.0/8, or could have filtered one or more of the routes.



Configuring NSSA

Backbone Area 0172.19.88.0/24

router ospf 1redistribute rip subnetsnetwork 172.19.92.0.0.0.255 area 1area 1 nssa!

router ospf 1summary-address 10.0.0.0.255.0.0.0 tag 8network 172.19.89.0.0.0.255 area 0network 172.19.92.0.0.0.255 area 1area 1 nssa!

RIP or EIGRP10.10.0.0/1610.11.0.0/16

20.0.0/8

200.0.0.63Router ID

200.0.0.62Router ID

19.2kbps

172.19.92.0/24

NSSA1

AB

Configuring NSSAThe steps used to configure OSPF NSSA are as follows:

Step 1 On the ABR connected to the NSSA, configure OSPF, as described inthe “Configuring OSPF ABRs” section.

Step 2 Configure an area as NSSA.

router(config-router)# area area-id nssa

Every router within the same area must agree that the area is NSSA,otherwise the routers will not be able to communicate with each other.Therefore, configure this command on every router in the NSSA area.

Step 3 (Optional) Control the summarization or filtering during the translation.The example shows how router B will summarize routes using thefollowing command:

router(config-router)# summary-address address mask prefix mask [ not-

advertise ]

Note The redistribute command shown in the graphic instructs the router to import RIP

packets into the OSPF network. Redistribution is discussed in detail in the “OptimizingRouting Update Operation” chapter.



Multiple Area NBMAenvironment

Multiple Area NBMAenvironment

Frame Relay

Area 0

Area 1

R1

Multiple Area NBMA environmentThe networks located at the corporate headquarters are in Area 0 while the Fully-Meshed Frame Relay network and each of the regional site networks are assignedto Area 1. One benefit of this design is that it eliminates the flooding of External-LSAs into the Frame Relay network since OSPF does not flood External-LSAsinto Stub areas, in this case Area 1. Router R1 functions as an ABR which keepstopology changes in Area 0 from causing a topological recalculation in Area. Withthis topology, LAN segment must participate in Area 1 or else Virtual Links wouldneed to be configured so LAN segment’s Area would connect to the Backbonearea.



Multiple Area NBMAenvironment (cont.)Multiple Area NBMAenvironment (cont.)

Frame Relay

Area 1

Area 0

Area 2

Area 3

Area 4

R1

Multiple Area NBMA environment (cont.)

Another possible OSPF Area configuration involves putting all Frame Relayinterfaces in Area 0. This permits the location of stub or transit areas at eachremote site and at Headquarters, but causes External-LSAs to be floodedthroughout the Frame Relay network and will result in a larger number of routersperforming recalculation if any topology change takes place in Area 0.



• Minimizes number of routing table entries• Localizes impact of a topology change

Using Route Summarization

Area 0 Backbone

ABRs

Area 1

Summarization

xx

Using Route SummarizationSummarizing is the consolidation of multiple routes into one single advertisement.Proper summarization requires contiguous addressing.

Route summarization is different than an LSA summary route.

Route summarization directly affects the amount of bandwidth, CPU, and memoryresources consumed by the OSPF process. With summarization, if a network linkfails, the topology change will not be propagated into the backbone (and otherareas by way of the backbone). As such, flooding outside the area will not occur.

There are two types of summarization:

■ Interarea route summarization—Interarea route summarization is done onABRs and applies to routes from within each area. It does not apply to externalroutes injected into OSPF via redistribution. In order to take advantage ofsummarization, network numbers within areas should be assigned in acontiguous way so as to be able to consolidate these addresses into one range.This graphic illustrates where interarea summarization occurs.

■ External route summarization—External route summarization is specific toexternal routes that are injected into OSPF via redistribution. Here again, it isimportant to ensure that external address ranges that are being summarized arecontiguous. Summarization overlapping ranges from two different routerscould cause packets to be sent to the wrong destination. Only ASBRs cansummarize external routes. These types of routes cannot be summarized byany other router type.



Supporting VLSMSupporting VLSM

• Hierarchical Addressing Scheme

• Efficient Route Summarization–Reduces LSAs–Save CPU

Supporting VLSMBecause OSPF supports variable-length subnet masking (VLSM), you can reallydevelop a true hierarchical addressing scheme. This hierarchical addressing resultsin very efficient summarization of routes throughout the network.

The operation and benefits of route summarization have been discussed in aprevious chapter. At this point though, you should realize the importance of propersummarization in a network. Not using summarization, every specific-link LSAwill be propagated into the OSPF backbone and beyond, causing unnecessarynetwork traffic and router overhead. Whenever an LSA is sent, all affected OSPFrouters will have to recompute their LSA database and routes using the SPFalgorithm.

OSPF will provide some added benefits if you design the network withsummarization. For example, only summary-link LSAs will propagate into thebackbone (area 0). This is very important because it prevents every router fromhaving to rerun the SPF algorithm, increases the network's stability, and reducesunnecessary traffic.

OSPF can carry multiple subnet information for the same major network, but otherprotocols such as RIP and IGRP cannot. Discontiguous subnets are supported byOSPF because subnets masks are part of the link-state database. If the same majornetwork crosses the boundaries of an OSPF and RIP domain, VLSM informationredistributed into RIP or IGRP will be lost and static routes will have to beconfigured in the RIP or IGRP domains.



• Interarea (IA) summary link carries mask• One entry can represent several subnets

Using Route Summarization(cont.)

O 131.108.8.0 255.255.252.0O 131.108.12.0 255.255.252.0O 131.108.16.0 255.255.252.0O 131.108.20.0 255.255.252.0O 131.108.24.0 255.255.252.0O 131.108.28.0 255.255.252.0

Routing Table for BLSAs sent to Router C

IA 131.108.16.0 255.255.240.0

Area 1 Area 0ABR

Summarization

BA C

IA 131.108.8.0 255.255.248.0

Using Route Summarization (cont.)In order to take advantage of summarization, as discussed in the “Extending IPAddresses Using VLSMs” chapter, network numbers in areas should be assignedin a contiguous way to be able to group these addresses into one range.

For example, referring to the table, the list of six networks in router B’s routingtable can be summarized into two summary address advertisements. The third octetof each address is shown in binary here, to illustrate which addresses can besummarized:

Bit value 128 64 32 16 8 4 2 1

0 0 0 0 1 0 0 0 = 8The first two addressescan be summarizedusing a /21 prefix 0 0 0 0 1 1 0 0 = 12

0 0 0 1 0 0 0 0 = 16

0 0 0 1 0 1 0 0 = 20

0 0 0 1 1 0 0 0 = 24

The last four addressescan be summarizedusing a /20 prefix

0 0 0 1 1 1 0 0 = 28

Actual Mask is /22

Note Refer to the “Extending IP Addresses Using VLSMs” chapter for details on

summarization.



• Consolidates IA (intra-area) routes on anABR

• Consolidates external routes (interarea) onan ASBR


area area-id range address mask


summary-address address mask

Configuring RouteSummarization

Configuring Route SummarizationSummarization is off by default. To configure route summarization on the ABR,do the following:

Step 1 Configure OSPF as discussed in the “Configuring OSPF ABRs” section.

Step 2 Instruct the ABR to summarize routes for a specific area before injectingthem into a different area.

router(config-router)# area area-id range address mask

area range Command Description

area-id Identifier of the area about which routes are to besummarized.

address Summary address designated for a range ofaddresses.

mask IP subnet mask used for the summary route.

To configure route summarization on an ASBR to summarize external routes, dothe following:

Step 1 Configure OSPF, as discussed in the “Configuring OSPF ABRs” section.

Step 2 Instruct the ASBR to summarize external routes before injecting theminto the OSPF domain.

router(config-router)# summary-address address mask

summary-address Command Description

address Summary address designated for a range ofaddresses.

mask IP subnet mask used for the summary route.



Route SummarizationConfiguration Example

R2

R2#router ospf 100network 172.16.64.1 0.0.0.0 area 2network 172.16.127.1 0.0.0.0 area 0area 0 range 172.16.96.0 255.255.224.0area 2 range 172.16.64.0 255.255.224.0

R1#router ospf 100network 172.16.32.1 0.0.0.0 area 1network 172.16.96.1 0.0.0.0 area 0area 0 range 172.16.96.0 255.255.224.0area 1 range 172.16.32.0 255.255.224.0

172.16.64.0 - 172.16.95.0255.255.255.0

Area 2

172.16.64.1

172.16.96.0 - 172.16.127.0255.255.255.0

172.16.127.1172.16.96.1

172.16.32.0 - 172.16.63.0255.255.255.0

Area 1

172.16.32.1

Interface Addresses(255.255.255.0 mask)

Interface Addresses(255.255.255.0 mask)

R1 R2

Area 0

Route Summarization Configuration ExampleThis example shows that route summarization can occur in both directions. In theconfiguration on the left:

■ area 0 range 172.16.96.0 255.255.224.0—Identifies area 0 as the areacontaining the range of networks to be summarized into area 1. The ABR R1is summarizing the range of subnets from 172.16.96.0 to 172.16.127.0 into onerange: 172.16.96.0 255.255.224.0. This summarization is achieved by maskingthe first three left-most bits of subnet 96 using the mask 255.255.224.0.

This summarization was successful because we are summarizing two distinctsubnet ranges into the backbone: 32 to 63 and 64 to 95.

■ area 1 range 172.16.32.0 255.255.224.0—Identifies area 1 as the areacontaining the range of networks to be summarized into area 0. The ABR R1is summarizing the range of subnets from 172.16.32.0 to 172.16.63.0 into onerange: 172.16.32.0 255.255.224.0.

The configuration on the right works exactly the same way.

Note that, depending on your network topology, you may not want to summarizearea 0 networks. For example, if you have more that one ABR between an area andthe backbone area, sending a summary LSA with the explicit network informationwill ensure that the shortest path is selected. If you summarize the addresses, asuboptimal path selection may occur.



remoterouter#show ip ospf interface ethernet 0Ethernet0 is up, line protocol is up Internet Address 10.64.0.2/24, Area 0 Process ID 1, Router ID 10.64.0.2, Network Type BROADCAST, Cost: 10 Transmit Delay is 1 sec, State DR, Priority 1 Designated Router (ID) 10.64.0.2, Interface address 10.64.0.2 Backup Designated router (ID) 10.64.0.1, Interface address10.64.0.1

Configuring Virtual Links

Creates a virtual link


area area-id virtual-link router-id

Configuring Virtual LinksTo configure a virtual link, do the following:

Step 1 Configure OSPF, as described in the “Configuring OSPF ABRs” section.

Step 2 On each router that will make the virtual link, create the virtual link. Therouters that make the links are the ABR that connects the remote area tothe transit area and the ABR that connects the transit area to thebackbone area.

router(config-router)# area area-id virtual-link router-id

area virtual-link Command Description

area-id Area ID assigned to the transit area for thevirtual link (decimal or dotted-decimalformat). There is no default.

router-id Router ID of the virtual link neighbor.

If you do not know the neighbor’s router ID, you can Telnet to it and type theshow ip ospf command.



OSPF Virtual LinkConfiguration Example

R2:router ospf 63 network 10.3.0.0 0.0.0.255 area 1 network 10.7.0.0 0.0.0.255 area 3area 1 virtual-link 10.3.10.5

R1:router ospf 100network 10.2.3.0 0.0.0.255 area 0network 10.3.2.0 0.0.0.255 area 1area 1 virtual-link 10.7.20.123

Router ID10.7.20.123

Area 3

Area 0

Area 1

Router ID10.3.10.5

TokenRing

R1

R2

OSPF Virtual Link Configuration ExampleIn this example, area 3 does not have a direct physical connection to the backbone(area 0), which is an OSPF requirement because the backbone is a collection pointfor LSAs. ABRs forward summary LSAs to the backbone, which in turn forwardsthe traffic to all areas. All interarea traffic transits the backbone.

To provide connectivity to the backbone, a virtual link must be configuredbetween R2 and R1. Area 1 will be the transit area and R1 will be the entry pointinto area 0. R2 will have a logical connection to the backbone through the transitarea.

Both sides of the virtual link must be configured.

■ R2: area 1 virtual-link 10.3.10.5—With this command, area 1 is defined tobe the transit area and the router ID of the other side of the virtual link isconfigured.

R1: area 1 virtual-link 10.7.20.123—With this command, area 1 is defined to bethe transit area and the router ID of the other side of the virtual link is configured.


Verifying OSPF OperationThis section present the commands used to verify OSPF operation


Show ip ospf command

• Lists the ABRs in the autonomous system

• Displays the status of the virtual link

• Displays statistics about each area to whichthe router is connected

• Displays the contents of the OSPF tables

show ip ospf process-idRouter#

show ip ospf virtual-linksRouter#

show ip ospf databaseRouter#

show ip ospf border-routersRouter#

Show ip ospf commandThe same show commands listed in the “Configuring OSPF for a Single Area”chapter can be used to verify OSPF operation in multiple areas. Some additionalcommands include:

■ show ip ospf border-routers—Displays the internal OSPF routing tableentries to an ABR.

■ show ip ospf virtual-links—Displays parameters about the current state ofOSPF virtual links.

■ show ip ospf process-id—Displays information about each area to which therouter is connected, and indicates if the router is an ABR, ASBR, or both.

■ show ip ospf database—Displays the contents of the topological databasemaintained by the router. Several keywords can be used with this command toget specific information about links:

— show ip ospf [process-id area-id] database [network]—Displaysnetwork link-state information.

— show ip ospf [process-id area-id] database [summary]—Displayssummary information about router link states.

— show ip ospf [process-id area-id] database [asbr-summary]—Displaysinformation about ASBR link-states.

— show ip ospf [process-id area-id] database [external]—Displaysinformation about autonomous system external link states.


— show ip ospf [process-id area-id] database [database-summary]—Displays database summary information and totals.

The “Configuring a Mutliarea Network” lab exercise covers these commands inmore detail.



OSPF components that make it useful ina large internetwork include:• Various types of areas including stub, totally

stubby, and transit

• Various types of routers including ABRs andASBRs

• Various types of link-state advertisements

Summary

Summary


Case StudyFollowing is a case study related to OSPF.


Case Study - OSPF MultiareaCase Study - OSPF Multiarea

Area 16Area 3

Area 0

Area 11

FDDI

Frame RelayNetwork


Case Study – OSPF MultiareaAs your organization grows, the network must be able to keep pace. Your networkand its initial design must enable it to expand accordingly. A network that cannotkeep pace with the organization's needs is not much use. Following are somepoints about Multiarea OSPF networks.

■ Hierarchical topology: Core Router, Distribution router, Access Router. Thebenefits of hierarchical network include:

– Scalable..

– Ease of Implementation.

– Ease of Troubleshooting

– Predictability

– Protocol Support

– Manageability

■ Route summarization

– Be sure that your network addressing scheme is configured so that therange of subnets assigned within an area is contiguous.

– Create an address space that will permit you to split areas easily as yournetwork grows.


– Plan ahead for the addition of new routers to your OSPF environment

■ DR/BDR functionality : Any device running OSPF is eligible to become theDR or BDR.

■ NBMA issues: Due to the lack of broadcast capability, some configurationinformation may be necessary to aid in the discovery of neighbors

■ Ease of configuration: Simplicity in the topology will translate in simplicityof management


Answers to Written Exercise: OSPF Operation across Multiple Areas

1 Define hierarchical routing and explain what internetwork problems it solves.

OSPF’s ability to separate a large internetwork into multiple areas is alsoreferred to as hierarchical routing. Hierarchical routing enables you toseparate your large internetwork (autonomous system) into smallerinternetworks that are called areas. The advantages include smaller routingtables, reduced frequency of SPF calculations, and reduced LSU overhead.


If it is an area that is NOT configured for stubby or totally stubby.


All area types are connected to the backbone.


The backbone area must always be area 0.


LSAType

Name Description

1 Router link entry (record)

(O-OSPF)

Generated by each router for each area itbelongs to. It describes the states of therouter’s link to the area. These are onlyflooded within a particular area. The linkstatus and cost are two of the descriptorsprovided.


(O-OSPF)

Generated by DRs in multiaccess networks.They describe the set of routers attached to aparticular network. Flooded within the areathat contains the network only.


(IA-OSPF interarea)

Originated by ABRs. Describes the linksbetween the ABR and the internal routers of alocal area. These entries are floodedthroughout the backbone area to the otherABRs. Type-3 describes routes to networkswithin the local area that are sent to thebackbone area. Type-4 describes routes fromthe ABR to the ASBR. These link entries arenot flooded through totally stubby areas.

5 Autonomous system external linkentry

(E1-OSPF external type-1)


Originated by the ASBR. Describes routes todestinations external to the autonomoussystem. Flooded throughout an OSPFautonomous system except for stub andtotally stubby areas.



The packet must go through the interarea, through the ABR, through thebackbone area, through the next ABR, and then through the internal routers toits final destination.


When the area is configured for stub or totally stubby.

.

8

Configuring EIGRP

Copyright 1999, Cisco Systems, Inc. Configuring EIGRP 8-2

Objectives


Objectives

Upon completion of this chapter, you willbe able to perform the following tasks:• Describe Enhanced IGRP features and

operation• Configure Enhanced IGRP• Describe Enhanced IGRPs usage in scalable

internetworks• Verify Enhanced IGRP operation

ObjectivesThis chapter presents Enhanced IGRP configuration.

Sections:

■ Objectives

■ Enhanced IGRP Overview

■ Enhanced IGRP Operation

■ Written Exercise: EIGRP Overview

■ Configuring EIGRP

■ Using EIGRP in Scalable Internetworks

■ Verifying Enhanced IGRP Operation

■ Summary

■ Case Study – Enhanced IGRP

■ Lab Exercise: Configuring EIGRP



Enhanced IGRP Overview


Enhanced IGRPOverview

Enhanced IGRP Overview



Enhanced IGRP supports:

• Rapid convergence

• Reduced bandwidth usage

• Multiple network-layer protocols

What Is Enhanced IGRP (EIGRP)?

EnhancedIGRP

IPX RoutingProtocols

AppleTalk Routing Protocol

IP RoutingProtocols

IPX RoutingProtocols

AppleTalk Routing Protocol

IP RoutingProtocols

What Is Enhanced IGRP (EIGRP)?Enhanced IGRP (EIGRP) is a Cisco proprietary protocol that combines theadvantages of link-state and distance vector routing protocols. As a hybridprotocol, EIGRP includes the following features:

■ Rapid convergence—EIGRP uses the Diffusing Update Algorithm (DUAL) toachieve rapid convergence. A router running Enhanced IGRP stores backuproutes, when available, for destinations so it can quickly adapt to alternateroutes. If no appropriate route or backup route exists in the local routing table,EIGRP queries its neighbors to discover an alternative route. These queries arepropagated until an alternate route is found.

■ Reduced bandwidth usage—EIGRP does not make periodic updates. Instead,it sends partial updates about a route when the path changes or the metric forthat route changes. When path information changes, the DUAL algorithmsends an update about that link only, rather than the entire table. In addition,the information is sent only to the routers that need it, in contrast to link-stateprotocol operation, which sends a change update to all routers within an area.

■ Multiple network-layer support—EIGRP supports AppleTalk, IP, and NovellNetWare through the use of protocol dependent modules (PDMs). Thesemodules are responsible for network-layer-specific protocol requirements.

Note Only TCP/IP implementations of Enhanced IGRP will be covered in this class.



EIGRP FeaturesEIGRP Features

Advanced distance vector

100% loop free

Fast convergence

Easy configuration

Less network design constraints than OSPF

EIGRP FeaturesEIGRP has its roots as a distance vector routing protocol and, as such, ispredictable in its behavior. Like its predecessor IGRP, EIGRP is easy to configureand is adaptable to a wide variety of network topologies. What makes EIGRP anadvanced distance vector protocol is its addition of several link-state features, suchas dynamic neighbor discovery.

EIGRP offers superior performance over IGRP because of its’ rapid convergenceand its’ guarantee of a loop-free topology at all times. These improvements are thekey to the name ‘Enhanced’ IGRP.



EIGRP Features (cont.)EIGRP Features (cont.)

Incremental updates

Supports VLSM and discontiguousnetworks

Classless routing

Compatible with existing IGRP networks

Protocol independent (supports IPX andAppleTalk)

EIGRP Features (cont.)EIGRP is compatible with existing IGRP networks and, at the same time, offersclear advantages in its’ default behavior. Changes in topology trigger routingupdates (rather than periodic announcements) and the information exchangedbetween routers is limited to only the affected routes. Because EIGRP is a classlessrouting protocol it advertises a routing mask for each destination network. Thisfeature enables EIGRP to support discontiguous subnetworks and variable lengthsubnet masks (VLSM).

An additional feature that brings great value to multiprotocol networks is EIGRP’sability to support IPX and AppleTalk protocols. EIGRP’s rapid convergence andsophisticated metric structure offer superior performance and stability whenimplemented in IPX and AppleTalk networks.



Advantages of EIGRPAdvantages of EIGRP

Uses multicast instead of broadcast

Utilize link bandwidth and delay• EIGRP Metric = IGRP Metric x 256

(32 bit Vs. 24 bit)

Unequal cost paths load balancing

More flexible than OSPF• Full support of distribute list

• Manual summarization can be done in anyinterface at any router within network

Advantages of EIGRPEIGRP offers many advantages over traditional distance vector routing protocols.One of the most significant advantages is in the area of bandwidth utilization.EIGRP’s operational traffic is primarily multicast rather than broadcast in nature.As a result, end stations are unaffected by routing updates and requests fortopology information.

Enhanced IGRP uses the same algorithm for metric calculation as does IGRP, butthe value is represented in 32-bit format to give it additional granularity whenselecting routes to destination networks. EIGRP supports unequal metric loadbalancing that allows administrators to more fully distribute traffic flow in theirnetworks.

Some of EIGRP’s operational characteristics are borrowed from link-stateprotocols. For example, EIGRP allows administrators to create summary routesanywhere within the network rather than the traditional distance vector approachof performing classful summarization only at major network boundaries. Inaddition, EIGRP supports bi-directional route redistribution from other routingdomains at the process level.



EIGRP Support for DifferentTopologies

EIGRP Support for DifferentTopologies

Enhanced IGRP supports• Multiaccess (ie. LANs)

• Point-to-point (ie. HDLC)

• NBMA (ie. Frame Relay)

S0

DA

B

Rest of the Core

S1C

E

F

G

H

FrameRelay

EIGRP Support for Different TopologiesEnhanced IGRP was designed to operate well in both LAN and WANenvironments. In multiaccess topologies, such as Ethernet and Token Ring,neighbor relationships are formed and maintained using reliable multicasting.Wide area network support for dedicated, point-to-point, links and non-broadcastmultiaccess (NBMA) topologies is a standard for EIGRP. Differences in mediatype is accounted for in the formation of neighbor adjacencies across WAN links.



EIGRP Support for IP AddressesEIGRP Support for IP Addresses

Enhanced IGRP supports• Variable length subnet masks (VLSM)

• Hierarchical designs

/16

D

NM

A

PO

B

SR

C

/27

/30

/24

World

EIGRP Support for IP AddressesEIGRP supports IP address implementation in both hierarchical and non-hierarchical designs. To further the efficient allocation of addresses in the network,EIGRP supports variable length subnet masks (VLSM). This allows differentmasks to be applied to different segments based upon the host requirements foreach link. Secondary addresses can be applied to interfaces to solve particularaddressing issues, although all routing overhead will be generated through theprimary interface address.



EIGRP Support for RouteSummarization

EIGRP Support for RouteSummarization

Enhanced IGRP performs route summarization• Classful network boundaries (default)

• Arbitrary network boundaries (manual)

172.16.0.0 /24 10.0.0.0 /18192.168.42.0 /27

172.16.0.0 /16 172.16.0.0 /16192.168.42.0 /24

EIGRP Support for Route SummarizationAs an advanced distance vector protocol, EIGRP supports route summarization atmajor network boundaries as the default. Administrators can configure manualsummarization on arbitrary network boundaries in order to shrink the size of therouting table.

Enhanced IGRP supports the creation of supernets or aggregated blocks ofaddresses (networks).



EIGRP Terminology

Neighbor Table—AppleTalkDestination Next Hop Router

Neighbor Table—IPXDestination Next Hop Router

Neighbor Table—IPNext Hop Interface Router

Topology Table—AppleTalkDestination 1 Next Router 1/CostDestination 1 Next Router 1/Cost

Topology Table—IPXDestination 1 Next Router 1/CostDestination 1 Next Router 1/CostTopology Table—IPDestination 1 SuccessorDestination 1 Feasible Successor

Routing Table—AppleTalkDestination 1 Next Router XDestination 1 Next Router X

Routing Table—IPXDestination 1 Next Router XDestination 1 Next Router X

Routing Table—IPDestination 1 Successor

EIGRP TerminologyThis section introduces you to a variety of terms related to EIGRP used throughoutthis chapter:

■ Neighbor table—Each EIGRP router maintains a neighbor table that listsadjacent routers. This table is comparable to the adjacencies database used byOSPF. It serves the same purpose, to ensure bi-directional communicationbetween each of the directly connected neighbors. There is a neighbor table foreach protocol that EIGRP supports.

■ Topology table—Each EIGRP router maintains a topology table for eachconfigured routing protocol. This table includes route entries for alldestinations that the router has learned. All learned routes to a destination aremaintained in the topology table.

■ Routing table—EIGRP chooses the best (successor) routes to a destinationfrom the topology table and places these routes in the routing table. The routermaintains one routing table for each network protocol.

■ Successor—A route selected as the primary route to use to reach a destination.Successors are the entries kept in the routing table.

■ Feasible successor—A backup route. These routes are selected at the sametime the successors are identified, but they are kept in a topology table,discussed later on this page. Multiple feasible successors for a destination canbe retained.


Enhanced IGRP Operation


Enhanced IGRPOperation

Enhanced IGRP Operation



EIGRP PacketsEIGRP Packets

Hello: Establish neighbor relationships

Update: Send routing updates

Query: Ask neighbors aboutrouting information

Reply: Response to query aboutrouting information

Ack: Acknowledgement of a reliable packet

EIGRP PacketsEIGRP supports five generic packet types.

Hello: Hello packets are used for neighbor discovery. They are sent as multicastsand carry a zero acknowledgment number.

Update: An Update is sent to communicate the routes that a particular router hasconverged on. These are sent as multicasts when a new route is discovered, orwhen convergence has completed (and the route is Passive). They are also sent asunicasts when neighbors start up in order to synchronize the topology tables (sinceUpdates are not sent periodically as in IGRP).

Queries: When a router is performing route computation, and it does not have afeasible successor, it will send a Query packet to its neighbors asking if they havea feasible successor for the destination. Queries are always multicast.

Replies: A Reply packet is sent in response to a Query packet. Replies are unicastto the originator of the Query.

ACK: The ACK is used for acknowledging other types of packets describedbelow. ACKs are Hello packets that are sent as unicasts, and contain a non-zeroacknowledgment number.



EIGRP Neighbor RelationshipEIGRP Neighbor Relationship

Two routers become neighbors when they seeeach other’s Hello packet• Hello address = 224.0.0.10

Hellos sent once every five seconds on thefollowing links:• Broadcast Media: Ethernet, Token Ring, FDDI, etc.

• Point-to-point serial links: PPP, HDLC, point-to-pointFrame Relay/ATM subinterfaces

• Multipoint circuits with bandwidth greater than T1:ISDN PRI, SMDS, Frame Relay

EIGRP Neighbor RelationshipWhen EIGRP is configured on an interface, the router sends periodic multicastHello packets on that interface. When a router running an EIGRP process with thesame Autonomous System number receives another router’s Hello packet, itestablishes a neighbor relationship (Adjacency). Hello packets are sent at varioustime intervals depending on the media. They default to once every 5 seconds overa LAN and dedicated or higher-speed WAN links.

When a router is configured for EIGRP it dynamically discovers other routersdirectly connected to it. Each router maintains information that it has learned fromits neighboring routers. This information is maintained in the Neighbor Table. Theaddress and the interface through which the neighbor can be reached is alsorecorded. The Neighbor Table also maintains an entry known as the HoldTime. Arouter, as part of its Hello message, reports the HoldTime. HoldTime is the amountof time the router treats the neighbor as reachable and operational.



EIGRP Neighbor Relationship(cont.)


Hellos sent once every 60 seconds on thefollowing links:• Multipoint circuits with bandwidth less than T1: ISDN

BRI, Frame Relay, SMDS, etc.

Neighbor declared dead when no EIGRPpackets are received within hold interval• Not only Hello can reset the hold timer

Hold time by default is three times the hellotime

EIGRP Neighbor Relationship (cont.)Hello packets are sent out less frequently on lower-speed links, such as multipointserial interfaces. Hellos are generated at 60-second intervals on this type ofinterface.

The Hello mechanism is also used to discover the loss of their neighbors. This isdone dynamically and quickly. If a Hello packet is not heard before the expirationof the HoldTime, then a topology change is detected. The neighbor adjacency isdeleted, and all topology table entries learned from that neighbor are removed (asif the neighbor had sent an Update stating that all of the routes are unreachable.This may cause routes to enter Active State). This enables the routes to quicklyreconverge if an alternate feasible route is available.

The rate at which hello packets are sent is called the hello interval, and can beadjusted per interface with the “ip eigrp hello-interval” command. The amount oftime that a router will consider a neighbor up without receiving a hello (or someother eigrp packet) is called the hold time, and is typically three times the hellointerval - so the hold times are 15 seconds and 180 seconds by default. HoldTimeis calculated as 3 x Hello time interval, but it can also be configured. The holdtime can be adjusted with the "ip eigrp hold-time" interface command.

Note If you change the hello interval, the hold time is not automatically adjusted to

account for this change you must manually adjust the hold time to reflect the configuredhello interval.





EIGRP will form neighbors even though hellotime and hold time don’t match

EIGRP sources Hello packets from primaryaddress of the interface

EIGRP will not form neighbor if K-values aremismatched

EIGRP will not form neighbor if AS numbersare mismatched

Passive interface configuration might berequired for compatibility (IGRP vs. EIGRP)

EIGRP Neighbor Relationship (cont.)It is possible for two routers to become EIGRP neighbors even though the helloand hold timers do not match. The hold time is included in the hello packets soeach neighbor should remain up correctly even though the hello interval and holdtimers do not match.

EIGRP will not build peer relationships over secondary addresses because allEIGRP traffic uses the primary address of the interface. In addition, peerrelationships will not be formed if the neighbor resides in a different autonomoussystem or if the metric-calculation mechanism (K values) is mis-aligned for thatlink. K values are discussed later in this section.

If you suspect that the network difficulties are caused by neighbor-relatedproblems, follow these suggestions:

• Running “show ip eigrp neighbor” several times in a row can give you a goodidea of what the hello interval and hold timers are for the given neighboringrouter. The Hold column should never get above the hold time, and shouldnever get below the hold time minus the hello interval (unless, of course, youare losing hello packets). If the Hold column usually ranges between 10 and 15seconds, the hello interval is 5 seconds and the hold time is 15 seconds.

• If the Hold column usually has a wider range - between 120 and 180 seconds -the hello interval is 60 seconds and the hold time is 180 seconds. If thenumbers do not seem to fit one of the default timer settings, check the interfacein question on the neighboring router - the hello and hold timers have probablybeen configured manually.



What Is in a Neighbor Table?

p2r2

p2r2#show ip eigrp neighborsIP-EIGRP neighbors for process 400H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num1 172.68.2.2 To0 13 02:15:30 8 200 0 90 172.68.16.2 Se1 10 02:38:29 29 200 0 6

What Is in a Neighbor Table?Like OSPF, EIGRP routers multicast hello packets to discover neighbor routersand to exchange route updates. If you recall, adjacent routers are the only ones thatcan exchange routing information. Each router builds a neighbor table from hellopackets that it receives from adjacent EIGRP routers running the same network-layer protocol.

EIGRP maintains a neighbor table for each configured network-layer protocol. Thetable includes the following key elements:

■ Neighbor address—The network-layer address of the neighbor.

■ Queue—Indicates the number of packets waiting in queue to be sent. If thisvalue is constantly higher than zero, then there may be a congestion problem.A zero means that there are no EIGRP packets in the queue.

■ Smooth Round Trip Timer—Indicates the average time it takes to send andreceive packets from a neighbor. This timer is used to determine the retransmitinterval (RTO).

■ Hold Time—The interval to wait without receiving anything from a neighborbefore considering the link unavailable. Originally, the expected packet was ahello packet, but in current Cisco IOS software releases, any EIGRP packetsreceived after the first hello will reset the timer.



EIGRP ReliableTransport Protocol

EIGRP ReliableTransport Protocol

EIGRP reliable packets are packets thatrequires explicit acknowledgement:• Update

• Query

• Reply

EIGRP unreliable packets are packets that donot require explicit acknowledgement:• Hello

• Ack

EIGRP Reliable Transport ProtocolReliable Transport Protocol (RTP) is responsible for guaranteed, ordered deliveryof Enhanced IGRP packets to all neighbors. It supports intermixed transmission ofmulticast or unicast packets. For efficiency, only certain Enhanced IGRP packetsare transmitted reliably. On a multi-access network that has multicast capabilities,such as Ethernet, it is not necessary to send hello packets reliably to all neighborsindividually. For that reason, Enhanced IGRP sends a single multicast hello packetcontaining an indicator that informs the receivers that the packet need not beacknowledged. Other types of packets, such as updates, indicate in the packet thatacknowledgment is required. RTP contains a provision for sending multicastpackets quickly when unacknowledged packets are pending, which helps ensurethat convergence time remains low in the presence of varying speed links.

All packets carrying routing information (Update/Query/Reply) must be sentreliably, since they are not sent periodically. Assigning a sequence number to eachreliable packet, and requiring an explicit acknowledgment for that sequencenumber provides reliability. Acknowledgments and Hello packets, which helpprovide the reliability mechanism, by their nature, are not sent reliably.



EIGRP ReliableTransport Protocol (cont.)


The router keeps a neighbor list and aretransmission list for every neighbor

Each reliable packet (Update, Query, Reply) willbe retransmitted when packet is not acked

Neighbor relationship is reset when retry limit(limit = 16) for reliable packets is reached

EIGRP Reliable Transport Protocol (cont.)RTP is also tasked with ensuring that on-going communication is maintainedbetween neighboring routers. As such, a retransmission list is maintained for eachneighbor. This list indicates packets (that require acknowledgement) to whichresponses have not yet been received. Reliable packets that have not beenacknowledged will be retransmitted up to a maximum of 16 times.

EIGRP’s reliability mechanism ensures delivery of critical route information toneighboring routers. This information is required to allow EIGRP to maintain aloop-free topology at all times.





EIGRP transport has window size of one (stopand wait mechanism)Every single reliable packet needs to be

acknowledged before the next sequenced packet canbe sent

If one or more peers are slow in acknowledging, allother peers suffer from this

Solution: The nonacknowledged multicastpacket will be retransmitted as a unicast to theslow neighbor

EIGRP Reliable Transport Protocol (cont.)The use of reliable multicast traffic is efficient and effective. A potential delayexists on multiaccess media where multiple neighbors exist. The next reliablemulticast packet cannot be transmitted until all peers have acknowledged theprevious multicast. If one or more peers are slow to respond, it adversely effects allpeers by delaying the next transmission. RTP is designed to handle ‘exceptions’just like the one described here. Neighbors that are slow to respond to multicastswill have the nonacknowledged multicast packets retransmitted as unicast packets.This allows the reliable multicast operation to proceed without delayingcommunication with other peers.



Discovering Routes

UpdateHere is my routing information.

I am router A, who is on the link?Hello

A B

1

2

Thanks for the information!Ack

Here is my route information.Update

Topology Table

34

5

Converged

Thanks for the information! Ack 6

Discovering RoutesThe neighbor establishment and discovering routes processes occur at the sametime in EIGRP. A high-level description of the process is as follows:

1. A new router (router A) comes up on the link and sends out a hello through allinterfaces.

2. Routers receiving the hello reply with update packets that contain all the routesthey have in their routing table, except those learned through that interface(split horizon). In addition, these update packets have the Init bit set, indicatingthat this is the initialization process.

An Update packet includes information about the routes a neighbor is aware of,including the metric that the neighbor is advertising for each destination.

3. Router A replies to each neighbor with an Ack packet, indicating that itreceived the update information.

4. Router A ports all update packets in its topology table.

The topology table includes all destinations advertised by neighboring(adjacent) routers. It is organized such that each destination is listed, alongwith all the neighbors that can get to the destination, and their associatedmetric.

5. Router A then exchanges update packets with each of its neighbors.

6. Upon receiving the update packets, each router sends an Ack packet to routerA.

When all updates are received, the router is ready to choose the primary andbackup routes to keep in the topology table.



EIGRP uses a composite metric to pick thebest path

EIGRP Route Selection

IPX

19.2

T1

T1 T1

IPX

AppleTalk

IP

AppleTalk

IPA B

DC

EIGRP Route SelectionEIGRP route selection is perhaps what distinguishes it most from other routingprotocols. Its key characteristics are as follows:

■ EIGRP selects primary and backup routes that are kept in the topology table(up to six per destination). The primary routes are then moved to a routingtable.

— Like OSPF, EIGRP supports several types of routes: internal, external(that is, non-EIGRP), and summary routes.

■ EIGRP uses the same composite metric as IGRP to determine the best path.The metric can be based on five criteria. The default criteria used are:

— Bandwidth—The smallest bandwidth between source and destination

— Delay—Cumulative interface delay along the path

Additional criteria that can be used follow. These criteria are notrecommended for use because they typically result in frequent recalculation ofthe topology table.

— Reliability—Worst reliability between source and destination based onkeepalives

— Loading—Worst load on a link between source and destination based onbits per second

— MTU—Smallest MTU in path

■ EIGRP uses the DUAL algorithm to calculate the best route to a destination.DUAL selects routes based on the composite metric and assures that theselected routes are loop-free.



EIGRP Metrics CalculationEIGRP Metrics Calculation

Metric = [K1 x BW + (K2 x BW) / (256 - Load) +K3 x Delay] x [K5 / (Reliability + K4)]

• By Default: K1 = 1, K2 = 0, K3 = 1, K4 = K5 = 0

Delay is sum of all the delays of the link along thepaths

• Delay = Delay/10

Bandwidth is the lowest bandwidth of the link along thepaths

• Bandwidth = 10000000/Bandwidth

EIGRP Metrics CalculationEIGRP uses the following formula to calculate a metric:

Metric = [K1*bandwidth + (K2*bandwidth)/(256 - load) + K3*delay] *[K5/(reliability + K4)]

In basic terms, the values K1, K2, K3, K4, and K5 represent Bandwidth, Load,Delay, MTU, and Reliability respectively.

‘K’ values are carried in Hello packets. Mismatched K values can cause a neighborto be reset. (Only K1 and K3 are used, by default, in metric complilation). These‘K’ values shouldn't be modified without extremely careful planning. Changingthese values can cause your network to fail to converge.

Some modifications to the values are made for purposes of use in the metriccalculation. For example, the format of the Delay and Bandwidth values isdifferent than those displayed by the “show interface” command. The EIGRPDelay value is divided by 10 to represent it in tens of uSec rather than in uSec as inthe “sho int” display. Likewise, EIGRP’s Bandwidth is the inverse of 107 (unlikeOSPF’s inverse of 109) rather than shown as Kbits in the “sho int” display. Forexample, EIGRP values Ethernet Delay as 100 (not as 1000 uSec) and Bandwidthas 1000 (not as 10000K).

Enhanced IGRP represents its metrics in a 32-bit format vice the 24-bitrepresentation used by IGRP. This representation allows a more granular decisionto be made when calculating successor (and feasible successor) routes. Whenintegrating IGRP routes into an EIGRP domain, multiply the IGRP metric by 256to get the approximate EIGRP-equivalent metric.



Choosing Routes

B is current successor (lowest FD) H is the feasible successor (AD < FD) D is not a feasible successor (AD > FD)

7

Destination Feasible. Dist. Advert. Dist.77

HB

40 3031 21230 220

Topology Table

Network 7

FDDI

(10)

(10)(20)

(100)(100)(10)

C

E F

G(1)

Routing TableNeighbor

D

317

7

B

AD

B

H

Router A’s

Choosing RoutesEIGRP uses the following process to determine what routes to keep in thetopology and route tables:

1. DUAL is run on the topology table to determine the best and loop-free primaryand backup routes to each destination.

— Best is the lowest cost route that is calculated by adding the cost betweenthe next-hop router and the destination (referred to as advertised distance)to the cost between the local router and the next-hop router (referred to asfeasible distance). For example, in the graphic, from router A, theadvertised distance to network 7 using router B is 21, and the feasibledistance is 31 because of the additional link cost between routers A and B,which is 10.

— The next-hop router(s) selected as the best path is referred to as thesuccessor. Multiple successors can exist, if they have the same feasibledistance and use different next-hop routers. All successors are added tothe route table. In the graphic, router B is the successor for network 7.

— The next-hop router(s) for the backup path is referred to as the feasiblesuccessor. If the successor’s route is no longer valid and a suitablefeasible successor exists, this feasible successor replaces an invalidsuccessor in the routing table without a recomputation. More than onefeasible successor can be kept at one time. These routes need not have thesame feasible distance, but their advertised distance must be less than thefeasible distance of the successor route.

2. The successors and feasible successors are kept in the topology table, alongwith all other routes, referred to as possible successors. The only routesremoved are those that have a metric of infinity (unreachable).



Maintaining Routes - PassiveNet 7

FDDI(10)

(10)(20)

(100)(100)

(10)

C

E F

G(1)

Destination Feasible Dist. Advert. Dist.

7 H40 30Topology Table

Neighbor State

P

A

1

D

H

B

Routing Table407 H

Router A’s

21317 B P

2

Maintaining Routes - PassiveWhen there is a change in the network, the router that learned about the changeadvertises it to its neighbors by multicasting an update packet with the change. Ifthe update packets are to notify the neighbors that a router was added to thenetwork, then the process described in the previous “Discovering Neighbors” and“Discovering Routes” sections occurs. But if the update packet says that a link hasa worse metric, or is no longer available, the router must find an alternative path.

To obtain an alternative path, the router that lost the link looks for a new feasiblesuccessor in its topology table. If a feasible successor exists, it is promoted to asuccessor and added to the routing table, and used. The topology table is thenrecalculated to determine if there are any new feasible successors, based on thenew successor’s feasible distance.

If a feasible successor is found, the route remains passive and no interaction withneighboring routers is required. This operation represents the most rapid type ofconvergence for EIGRP. An example of this condition is demonstrated in thegraphic above.



Maintaining Routes - Active

Do you have feasible successor to network 7?Query

Net 7

(10)(10)(20)

(100)(100)

(10)

E F

G


7 H40 30Topology Table at A

Neighbor State

A

1

2

D

H

P A

At the same time



7 H40 30Topology Table at D

Neighbor State1

2

P A

A

D

Maintaining Routes – ActiveWhen a link fails and if a feasible successor is not available, the following processis followed:

1. The router (router A) flags the failed route as in an “active” state in thetopology table. When routes are operating well, they are in “passive” state.

2. Router A looks for an alternative path by sending out a query packet to all itsneighbors to learn if they have a path to the given destination. The query packetis multicast out every interface except the one from which the dead link waslearned about, thus following the split horizon rule.

Because the router expects a reply to the query from each neighbor, it tracks thesending and receiving of these packets from each neighbor from the topologytable.

In the graphic, for example, no feasible successor exists, because no router’sadvertised distance is less than router B’s feasible distance. As a result, routerA must query its neighbors to find new successors and feasible successors. Theroute to network 7 changes from passive to active state.

Router D also used router B as the next-hop router to reach network 7. RouterD flags the failed route as in an “active” state in the topology table and attemptsto locate a new route to network 7.



Maintaining Routes - Active(cont.)

Here is a successorto network 7. Reply


7 E220 120Topology Table at D

Neighbor


7 D230 220Topology Table at A

Neighbor

State

A PState

4

Topology Table at E

Here is a successorto network 7. Reply 3

A P

5


7 F120 20Neighbor

P401407 D P

State

E

D

Maintaining Routes – Active (cont.)3. If a neighbor has a feasible successor that does not use the querying router, or

no route at all to the destination, it unicasts a Reply packet to the requestorindicating the appropriate information.

If a neighbor that receives the query is using the querying router as its feasiblesuccessor, then it sends its own Query packet to its neighbors, which creates aquery ripple effect through the network until a major network boundary is metwith, a manual summarization is met with, or the router is on the autonomoussystem boundary.

4. When the query router receives replies it reacts, based on the answer in thereply:

— If the reply included a successor or feasible successor, the information isput into its topology table and the querying router waits until all repliesare received. Then it recalculates the topology table and adds thesuccessor(s) to the routing table. The route returns to a passive state in thetopology table and routing can continue.

– If none of the replies includes a successor or feasible successor, thequerying router removes the active route from its topology and routingtables. In addition, the router console receives a message indicating thatno route was found.

In the graphic, Router D receives a reply from router E about an alternate path tonetwork 7 and goes from active to passive on network 7. Router D sends a unicastreply to A indicating an alternate path and A updates its topology table by movingthe route from an active to passive state.



Removing Routes


I have no route to network 7. Reply


I have no route to network 7. Reply

Destination Advert. Distance Feasible Dist. Neighbor State Topology Table at A

1

Entry for network 7 removed

Net 7

(10)

(10)

(100)(100) (10)E F GA D

(100)(100)M NL

4

2

3

Removing RoutesIf one or more routers to which a query is sent do not respond with a reply withinthe active time of 180 seconds, EIGRP tears down the neighbor relationship withthis rogue router and puts routes that used the rogue router into an active state.Then the querying router generates queries for the route(s) it lost through the roguerouter. The reason for these additional queries is that other valid routes (in additionto the route that was just lost) may be reachible through the rogue router and pathinformation about those routes must be relearned.

In the graphic, when the link at router D fails, router A goes active on the route tonetwork 7 and queries router L. Router L has no other route to network 7 andgenerates a query to router M. Router M has no other route to network 7 andgenerates a query to router N. Each router replies that no additional route tonetwork 7 is available. Router L and router D reply to A indicating no additionalpath to network 7 is available. As a result, router A removes the entry for network7 from its topology table.



EIGRP DUALEIGRP DUAL

Diffusing update algorithm (DUAL)

Finite-State-Machine• Tracks all routes advertised by neighbors

• Select loop-free path using a successor andremembers any feasible successors

• If successor lost

– Use feasible successor

• If no feasible successor

– Query neighbors and recompute new successor

EIGRP DUALThe DUAL finite state machine embodies the decision process for all routecomputations. It tracks all routes advertised by all neighbors. The distanceinformation, known as a metric, is used by DUAL to select efficient loop-freepaths. DUAL selects routes to be inserted into a routing table based on feasiblesuccessors. A successor is a neighboring router used for packet forwarding that hasa least cost path to a destination that is guaranteed not to be part of a routing loop.

When there are no feasible successors but there are neighbors advertising thedestination, a recompilation must occur. This is the process where a new successoris determined. The amount of time it takes to recalculate the route affects theconvergence time. Even though the recompilation is not processor-intensive, try toavoid recompilation if it is not necessary. When a topology change occurs, DUALtests for feasible successors. If there are feasible successors, it uses any it finds inorder to avoid any unnecessary recompilation.



(1)

(1)

(1)

(1)

(2)(2)

A

D

EC

B

(a)

E EIGRP Topology (a) Cost (3) (fd)

via D Cost (3/2) (Successor)via C Cost (4/3)

E E EIGRP Topology EIGRP Topology (a) (a) Cost (3)Cost (3) (fd) (fd)

via Dvia D Cost (3/2) (Successor)Cost (3/2) (Successor)via Cvia C Cost (4/3)Cost (4/3)

D EIGRP Topology(a) Cost (2) (fd)

via B Cost (2/1) (Successor)via C Cost (5/3)

D D EIGRP TopologyEIGRP Topology(a) (a) Cost (2)Cost (2) (fd) (fd)

via Bvia B Cost (2/1) (Successor)Cost (2/1) (Successor)via Cvia C Cost (5/3)Cost (5/3)

C EIGRP Topology(a) Cost (3) (fd)

via B Cost (3/1) (Successor)via D Cost (4/2) (fs)via E Cost (4/3)

C C EIGRP TopologyEIGRP Topology(a) (a) Cost (3)Cost (3) (fd) (fd)

via Bvia B Cost (3/1) (Successor)Cost (3/1) (Successor)via Dvia D Cost (4/2) (fs)Cost (4/2) (fs)via Evia E Cost (4/3)Cost (4/3)

DUAL Example (Start)DUAL Example (Start)

DUAL Example (Start)In the graphic, the topology table indicates the following:

fd – feasible distance equals the sum of the links to reach (a)

Cost – link cost of the path to (a) (with hops shown, as well)

Successor – forwarding path to (a), path cost equal to fd

fs – feasible successor, an alternate path

The sample network is stable and converged.













C EIGRP TopologyC EIGRP Topology(a) (a) Cost (3)Cost (3) (fd) (fd)


(1)

DUAL ExampleDUAL Example

XXX

(1)

(1)

(1)

(2)(2)

A

D

EC

B

(a)

DUAL ExampleRouters B and D detect the link failure.

Upon being notified of the link failure, DUAL performs the following steps in thegraphic:

At D: Marks the path to (a) through B as unusable



D EIGRP Topology(a) **ACTIVE** Cost (-1) (fd)

via E (q)via C Cost (5/3) (q)

D D EIGRP TopologyEIGRP Topology(a) (a) **** ACTIVEACTIVE **** Cost (-1) (Cost (-1) (fdfd))

via Evia E (q)(q)via Cvia C Cost (5/3) Cost (5/3) (q)(q)






via B Cost (3/1) (Successor)via Dvia E Cost (4/3)


via Bvia B Cost (3/1) (Successor)Cost (3/1) (Successor)via Dvia Dvia Evia E Cost (4/3)Cost (4/3)

(1)

(1)

(1)

(2)(2)

A

D

EC

B

(a)


QQQQQQ

DUAL ExampleThe following steps occur in the graphic:

At D: Has no feasible successor to (a)

Sets the metric to (a) as unreachable (-1 is unreachable)

Goes active on (a)

Sends query to C and E for alternate path

Marks C and E as having a query pending (q)

At E: Marks the path to (a) through D as unusable




via E (q)via C Cost (5/3)

D D EIGRP TopologyEIGRP Topology(a) (a) **** ACTIVEACTIVE **** Cost (-1) (fd)Cost (-1) (fd)

via Evia E (q)(q)via Cvia C Cost (5/3)Cost (5/3)

E EIGRP Topology (a) **ACTIVE** Cost (-1) (fd)

via Dvia C Cost (4/3) (q)

E E EIGRP Topology EIGRP Topology (a) (a) **** ACTIVEACTIVE **** Cost (-1) (fd)Cost (-1) (fd)

via Dvia Dvia Cvia C Cost (4/3)Cost (4/3) (q)(q)


via B Cost (3/1) (Successor)via Dvia E


via Bvia B Cost (3/1) (Successor)Cost (3/1) (Successor)via Dvia Dvia Evia E


RRR

QQQ

(1)

(1)

(1)

(2)(2)

A

D

EC

B

(a)


At D: Receives reply from C, no change to path to (a)

Removes query flag from C

Stays active on (a), awaiting reply from E (q)

At E: Has no feasible successor to (a)

Generates query to C

Marks C as query pending (q)




via E (q)via C Cost (5/3)

D D EIGRP TopologyEIGRP Topology(a) (a) **** ACTIVEACTIVE **** Cost (-1) (fd)Cost (-1) (fd)

via Evia E (q)(q)via Cvia C Cost (5/3)Cost (5/3)


via C Cost (4/3) (Successor)via D


via Cvia C Cost (4/3) (Successor)Cost (4/3) (Successor)via Dvia D






RRR

(1)

(1)

(1)

(2)(2)

A

D

EC

B

(a)


At D: Stays active on (a), awaiting reply from E (q)

At E: Receives reply from C

Removes query flag from C

Calculates new fd and installs new successor route in table




via C Cost (5/3) (Successor) via E Cost (5/4) (Successor)


via Cvia C Cost (5/3) (Successor)Cost (5/3) (Successor) via Evia E Cost (5/4) (Successor)Cost (5/4) (Successor)










RRR

(1)

(1)

(1)

(2)(2)

A

D

EC

B

(a)


At D: Receives reply from E

Removes query flag from E

Calculates new fd

Installs new successor routes in table. Two routes match the fd andboth are marked as successor.




via C Cost (5/3) (Successor) via E Cost (5/4) (Successor)


via Cvia C Cost (5/3) (Successor)Cost (5/3) (Successor) via Evia E Cost (5/4) (Successor)Cost (5/4) (Successor)










(1)

(1)

(1)

(2)(2)

A

D

EC

B

(a)


At D: Two successor routes in the topology table for (a). Both successorroutes should be listed in the routing table and equal cost loadbalancing should be in effect.

The network is stable and converged.



(1)

(1)

(1)

(1)

(2)(2)

A

D

EC

B

(a)













DUAL Example (Start)DUAL Example (Start)

DUAL Example (Start)In the graphic, the original topology (prior to the link failure) shows E’s trafficpassing through D and B.



(1)

(1)

(1)

(2)(2)

A

D

EC

B

(a)

E EIGRP Topology(a) Cost (4) (fd)


E E EIGRP TopologyEIGRP Topology(a)(a) Cost (4)Cost (4) (fd) (fd)



via C Cost (5/3) (Successor)via E Cost (5/4) (Successor)


via Cvia C Cost (5/3) (Successor)Cost (5/3) (Successor)via Evia E Cost (5/4) (Successor)Cost (5/4) (Successor)





DUAL Example (End)DUAL Example (End)

DUAL Example (End)In the graphic, the new topology is represented and shows D’s and E’s trafficpassing through C and B.


Written Exercise: EIGRP OverviewObjective: Describe EIGRP features and operation.

Task: In this exercise, you can test your understanding of EIGRP by matchingterms with statements. Place the letter of the description in front of the term thatthe statement describes. A statement may describe several terms.

Term Statement

_____ 1. Successor A) A network protocol that EIGRP supports.

_____ 2. Feasible B) A table that contains feasible successor successor information.

_____ 3. Hello C) Administrative distance determines routinginformation that is included in this table.

_____ 4. Topology D) A neighbor router that has the best path to atable destination.

_____ 5. IP E) A neighbor router that has the best alternativepath to a destination.

_____ 6. Update F) An algorithm used by EIGRP that assures fastconvergence.

_____ 7. AppleTalk G) A multicast packet used to discover neighbors.

_____ 8. Routing table H) A packet sent by EIGRP routers when a newneighbor is discovered and when a changeoccurs.

_____ 9. DUAL

_____ 10. IPX


Configuring EIGRP


Configuring EIGRP

Configuring EIGRP



S2

Configuring EIGRP for IP

router eigrp 109network 1.0.0.0network 2.0.0.0

1.1.0.0

1.2.0.0

2.4.0.0

2.3.0.0

2.2.0.0

2.7.0.0

1.4.0.02.6.0.0

2.5.0.0

2.1.0.0

T0

S0

S13.1.0.0

TokenRing

TokenRing

A

B

C

E

D

Network 3.0.0.0 is not configured on router A because it is not directly connected to router A

AS=109

Configuring EIGRP for IPPerform the following steps to configure EIGRP for IP:

Step 1 Enable EIGRP and define the autonomous system.router(config)# router eigrp autonomous-system-number

autonomous-system-number—The number that identifies theautonomous system, it is used to indicate all routers that belong withinthe internetwork. This value must match on all routers within theinternetwork.

Step 2 Indicate which networks are part of the EIGRP autonomous system.router(config-router)# network network-number

network-number—The network number determines which interfaces ofthe router are participating in EIGRP, and which networks are advertisedby the router.

Step 3 If using serial and HDLC links, especially for Frame Relay or SMDS,elect the interface to have the bandwidth used for routing updateschanged. If you do not change the bandwidth for these interfaces, EIGRPassumes that the bandwidth on the link is of T1 speed. If the link isslower, the router may not be able to converge, or routing updates mightbecome lost.

Step 4 Define bandwidth of a link for the purposes of sending routing updatetraffic on the link.router(config-if)# bandwidth kilobits

kilobits—Intended bandwidth in kilobits per second. For generic serialinterfaces (PPP or HDLC) set the bandwidth to the line speed. For FrameRelay on point-to-point, set it to the CIR, or for multipoint connectionsset it to the sum of all CIRs.



EIGRP Summarization -Automatic

EIGRP Summarization -Automatic

Purpose: Smaller routing tables, smallerupdates, Query boundary

Auto summarization:• On major network boundaries, subnetworks are

summarized to a single classful (major) network

• Auto summarization is turned on by default

150.150.X.X

150.150.0.0/16

151.151.X.X

EIGRP Summarization - AutomaticSome of the features of EIGRP are characteristic of pure distance vector operation.The need to summarize routes at a major network boundary is an example ofdistance vector behavior. Distance-vector protocols cannot assume the mask fornon-directly connected networks because routing masks are not exchanged by therouting updates.

In addition to the restrictions imposed by the lack of mask information,summarizing routes at major (classful) boundaries creates smaller routing tables.Smaller routing tables, in turn, make the routing update process less bandwidthintensive. Routing protocols from Cisco that are based upon distance-vectorprinciples have auto summarization enabled by default.



EIGRP Summarization -Manual

EIGRP Summarization -Manual

Manual summarization• Configurable on per interface basis in any

router within network

• When summarization is configured on an interface, therouter immediate creates a route pointing to null zero withadministrative distance of five

– Loop prevention mechanism

• When the last specific route of the summary goes away, thesummary is deleted

• The minimum metric of the specific routes is used as themetric of the summary route

EIGRP Summarization - ManualThe lack of ability to create summary routes at arbitrary boundaries with a majornetwork has been a drawback of distance-vector protocols since their inception.EIGRP has the added functionality to allow administrators to turn off autosummarization and to create one or more summary routes within their network.

For manual summarization to be effective, blocks of contiguous addresses(subnets) must come together at a common router so that a single summary routecan be advertised by one interface. The number of subnets that can be representedby a summary route is directly related to the number of bits by which the subnetmask has been pulled back towards the major network (natural) mask. The formulaof 2n, where n equals the number of bits by which the subnet mask has beenreduced, indicates how many subnets can be represented by a single summaryroute. For example, if the summary mask contains three less bits than the subnetmask then eight subnets can be aggregated into one advertisement.

When specifying summary routes the administrator only needs to specify the IPaddress of the summary route and the routing mask. The IOS software for EIGRPhandles many of the details surrounding proper implementation. The IOS handlesdetails about metrics, loop prevention and removal of the route from the routingtable when the summary route is no longer valid.



Configuring SummarizationConfiguring Summarization

(config-router)#

no auto-summary

Turns off auto summarization for the EIGRP process(config-if)#

ip summary-address eigrp < as-number > <address > <mask >

Creates a summary address to be generatedby this interface

Configuring SummarizationEIGRP automatically summarizes routes at the classful boundary. In some cases,however, you may not want autosummarization to occur. For example, if you havediscontiguous networks, you need to turn off summarization to minimize routerconfusion.

To turn off automatic summarization, initiate the following command:

router(config-router)# no auto-summary

Use the ip summary-address command to manually create a summary route at anarbitrary network boundary within an EIGRP domain.

ip summary-address eigrpCommand Description

as-number Autonomous system number of the network beingsummarized.

address The IP address being advertised as the summaryaddress. This address does not need to be alignedon Class A, B, or C boundaries.

mask The IP mask being used to create the summaryaddress.



Summarizing EIGRP Routes

router eigrp 1network 10.0.0.0 network 172.16.0.0no auto-summary

172.16.1.0

172.16.2.0

192.168.4.2

S0World

10.0.0.0

router eigrp 1network 10.0.0.0network 192.168.4.0 !int s0 ip address 192.168.4.2 255.255.255.0

ip summary-address eigrp 1172.16.0.0 255.255.0.0

A

B

C

Summarizing EIGRP Routes

In the configuration example, routers A and B have turned off automatic routesummarization for the 172.16.1 and 172.16.2 subnets as those advertisements passinto network 10.0.0.0. These discontiguous subnets will now be included in therouting tables of routers in the 10.0.0.0 network. At router C, a manual summaryroute has been created to represent all subnets belonging to network 172.16.0.0 asa single entry in its’ advertisements to the rest of the world.

If you want to summarize networks in an address that you define, do the following:

Step 1 Select the interface that will propagate the route summary.

Step 2 Specify the format of the route summary and the autonomous system intowhich it needs to be injected.

Note that, for manual summarization, the summary is advertised only if acomponent (an entry that is represented in the summary) of the summary is presentin the routing table.



EIGRP Load BalancingEIGRP Load Balancing

Routes with metric equal to the minimummetric, will be installed in the routingtable (Equal Cost Load Balancing)

Up to six entries in the routing table forthe same destination Number of entries is configurable

Default is 4

EIGRP Load BalancingLoad balancing is the ability of a router to distribute traffic over all its networkports that are the same distance from the destination address. Good load-balancingalgorithms use both line speed and reliability information. Load balancingincreases the utilization of network segments, thus increasing effective networkbandwidth.

For IP, by default IOS does balance between equal-cost paths. Equal-cost loadbalancing cannot be disabled, as this is equivalent to removing certain routes fromthe routing table.

When a packet is process switched, load balancing over equal-cost paths is on aper-packet basis. When packets are fast switched, load balancing over equal-costpaths is on a per-destination basis. Remember for testing, don’t “ping” to/from therouters with the fast switching interfaces, because these packets will obviously beprocess switched rather than fast switched and might lead to confusing results.



EIGRP UnequalCost Load Balancing

EIGRP UnequalCost Load Balancing

EIGRP offers unequal cost load balancing Variance command

Variance allows the router to include routeswith a metric smaller than multiplier timesthe minimum metric route to thatdestination Multiplier is the number specified by the

variance command

EIGRP Unequal Cost Load BalancingEIGRP can balance traffic across multiple routes that have different metrics. Theamount of load balancing that is performed can be controlled by the "variance”subcommand.

The multiplier is a metric value that is used for load balancing. This value can befrom 1-128. The default is 1, which means equal cost load balancing. Themultiplier defines the range of metric values that will be accepted for loadbalancing. In our example on the following page, the value is 40. This value isused in the procedure for determining the "feasibility" of a potential route. A routeis feasible if the next router in the path is closer to the destination than the currentrouter and if the metric for the entire path is within the variance. Only paths thatare feasible can be used for the load balancing and included in the routing table.The two feasibility conditions are:

• Local best metric > Best metric learned from the next router

• The "multiplier" * Local best metric for the destination > Metric through the nextrouter

If both of these conditions are met, the route is called feasible and it can be addedto the routing table.



10

20

10

10

20

25

variance 2

Variance ExampleVariance Example

Router E will choose router C to get to network Zbecause FD=20

With variance of 2, router E will also choose router B toget to network Z (20 + 10) < (2 x [FD])

Router D will not be used to get to network Z (45 > 40)

Network Z

(config)#

D

C

B

AE

Variance ExampleIn the graphic, router E will use router C as the successor because its’ feasibledistance is lowest (20). With the “variance” command applied to router A, the paththrough router B meets the criteria for load balancing. In this case, the feasibledistance through B is less than twice the feasible distance for the successor (C).Router D will not considered for load balancing because the feasible distancethrough D is greater than twice the feasible distance for the successor (C).

Another Example:

If there were four paths to a given destination, and the metrics for these pathswere:

Path 1: 1100

Path 2: 1100

Path 3: 2000

Path 4: 4000

The router would, by default, place traffic on both paths 1 and 2. Using EIGRP,you can use the variance command to instruct the router to also place traffic ontopaths 3 and 4. Traffic will be placed on any link that has a metric less than the bestpath multiplied by the variance. To load balance over paths 1, 2, and 3, you woulduse variance 2, because 1100 x 2 = 2200, which is greater than the metric throughpath 3. Similarly, to also add path 4, you would issue “variance 4” under the“router eigrp” process in configuration mode.



Configuring WAN LinksConfiguring WAN Links

EIGRP supports different WAN links• Point-to-point

• NBMA

–Multipoint

–Point-to-point

EIGRP configurations must address• Bandwidth utilization

• Overhead traffic associated with routeroperation

Configuring WAN LinksEnhanced IGRP has been designed to operate well in WAN environments. It isscalable on both point-to-point links and NBMA links.

Due to the inherent differences in operational characteristics of the links listedabove, taking the default configuration parameters for all WAN links may not bethe best option. A solid understanding of EIGRP operation coupled with aknowledge of available link speeds can yield an efficient, reliable, scalable routerconfiguration.



EIGRP Bandwidth UtilizationEIGRP Bandwidth Utilization

Specifies what percentage of bandwidthEIGRP packets will be able to utilize onthis interface

Uses up to 50% of the link bandwidth forEIGRP packets, by defaultUsed for greater EIGRP load control

(config-if)#

ip bandwidth-percent eigrp as-number <nnn >

EIGRP Bandwidth UtilizationBy default, EIGRP will use up to 50% of the bandwidth of an interface or subinterface, as set with the "bandwidth" parameter. This percentage can be changedon a per interface basis by using the following interface subcommands:

router (config-if)# ip bandwidth-percent eigrp <as-number> <nnn>

In the above commands, “nnn” is the percentage of the configured bandwidth thatEIGRP is allowed to use. Note that this can be set to greater than 100. This isuseful if the bandwidth is configured artificially low for routing policy reasons.For example,

interface serial0

bandwidth 20

ip bandwidth-percent eigrp 1 200

This configuration would allow EIGRP to use 40Kbps (200% of the configuredbandwidth) on the interface. It is essential to make sure that the line is provisionedhandle the configured capacity.



Bandwidth over WANInterfaces

Bandwidth over WANInterfaces

Bandwidth utilization over point-to-pointsubinterfaces using Frame Relay• Treats bandwidth as T1, by default

• Best practice is to manually configurebandwidth as the CIR of the PVC

Bandwidth over WAN InterfacesIn the Cisco IOS, point-to-point Frame Relay subinterfaces are assumed to beoperating at full T1 link speed. In many implementations only fractional T1 speedsare available and, as a result, when configuring these types of interfaces, set thebandwidth to match the contracted CIR.



Bandwidth over WANInterfaces (cont.)


Bandwidth over multipoint Frame Relay, ATM,SMDS, and ISDN PRI:• EIGRP uses the bandwidth on the main interface

divided by the number of neighbors on thatinterface to get the bandwidth information perneighbor

Bandwidth over WAN Interfaces (cont.)When configuring multipoint interfaces, especially for Frame Relay, it is importantto understand that the bandwidth is shared equally by all neighbors. EIGRPconfiguration should reflect the correct percentage of the actual availablebandwidth on the line.





Each PVC might have different CIR, this mightcreate EIGRP packet pacing problem• Multipoint interfaces:

– Convert to point-to-point configuration

– Manually configure bandwidth = (lowest CIR xnumber of PVC)

• ISDN PRI:

– Use Dialer Profile (treat as point-to-point link)

Bandwidth over WAN Interfaces (cont.)Each installation has a unique topology and with that comes unique configurations.Differing CIR values often require a hybrid configuration that blends thecharacteristics of point-to-point circuits with multipoint circuits. When configuringmultipoint interfaces, configure the bandwidth to represent the minimum CIRtimes the number of circuits. This approach may not fully utilize the higher-speedcircuits but it certainly ensures that the circuits with the lowest CIR will not beoverdriven. If the topology has a small number of very low-speed circuits, theseinterfaces should be defined as point-to-point so that their bandwidth can be set tomatch the provisioned CIR.



EIGRP WAN Configuration -Pure Multipoint

EIGRP WAN Configuration -Pure Multipoint

CIR 56

C

EF G

H

FrameRelay

S0

CIR 56 CIR 56

CIR 56

T1

interface serial 0 encap frame-relay bandwidth 224

All VCs share bandwidth evenly: 4 x 56 = 224

EIGRP WAN Configuration – Pure MultipointIn the graphic, the interface has been configured for a bandwidth of 224 Kbps. In apure multipoint topology, each circuit will be allocated one quarter of theconfigured bandwidth on the interface and this 56K allocation matches theprovisioned CIR of each circuit.



EIGRP WAN Configuration -Hybrid Multipoint

EIGRP WAN Configuration -Hybrid Multipoint

CIR 256BW 224

C

EF G

H

FrameRelay

S0

CIR 256BW 224

CIR 256BW 224

CIR 56BW 56

T1

interface serial 0 encap frame-relay bandwidth 224

Lowest CIR x # of VC: 56 x 4 = 224

EIGRP WAN Configuration – Hybrid MultipointIn the graphic, one of the circuits has been provisioned for a 56K CIR while theother circuits have been provisioned for a much higher rate. This interface hasbeen configured for a bandwidth that represents the lowest CIR multiplied by thenumber of circuits being supported. This configuration protects againstoverwhelming the slowest speed circuit in the topology.



EIGRP WAN Configuration -Hybrid Multipoint (Preferred)

EIGRP WAN Configuration -Hybrid Multipoint (Preferred)

CIR 256BW 256

C

EF G

H

FrameRelay

S0

CIR 256BW 256

CIR 256BW 256

CIR 56BW 56

T1

interface serial 0.1 multipoint bandwidth 768

interface serial 0.2 point-to-point bandwidth 56

Configure lowest CIR VC as point-to-point, specify BW = CIRConfigure higher CIR VCs as multipoint, combine CIRs

EIGRP WAN Configuration – Hybrid Multipoint (Preferred)In the graphic, a hybrid solution is presented. There is only one lower speed circuitand the other circuits are all provisioned to the same CIR.

The preferred configuration shows the low-speed circuit being configured as point-to-point in an attempt to match the bandwidth with the CIR value. The remainingcircuits are designated as multipoint and their respective CIRs are added togetherto form the bandwidth for the interface. We should be reminded that in multipointinterfaces the bandwidth is shared equally amongst all circuits. Combining threeCIRs of 256 Kbps and then dividing the 768 by three again matches the bandwidthallocation to the link capacity.



EIGRP WAN Configuration -Pure Point-to-Point

EIGRP WAN Configuration -Pure Point-to-Point

CIR 56BW 25

C

EF G

H

FrameRelay

S0

CIR 56BW 25

CIR 56BW 25

CIR 56BW 25

256

interface serial 0.1 point-to-point bandwidth 25 ip bandwidth-percent eigrp 63 110 - - - -interface serial 0.10 point-to-point bandwidth 25 ip bandwidth-percent eigrp 63 110

Configure each VC as point-to-point, specify BW = 1/10 of link capacityIncrease EIGRP utilization to 50% of actual VC capacity

interface serial 0 bandwidth 25 ip bandwidth-percent eigrp 63 110

Hub and Spokewith 10x VCs

EIGRP WAN Configuration – Pure Point-to-PointThe graphic illustrates a common hub and spoke topology with ten virtual circuitsout to the remotes. This topology is characteristic of an oversubscribed FrameRelay network.

The circuits are provisioned as 56K links but there is not sufficient bandwidth atthe interface to support the allocation. In a pure point-to-point topology, all virtualcircuits are treated equally and are configured for exactly one tenth (25 Kbps) ofthe available link speed.

Enhanced IGRP’s default utilization is 50% of the configured bandwidth on thecircuit. In an attempt to ensure that EIGRP packets are delivered through theFrame Relay network, each subinterface has the EIGRP allocation percentageraised to 110% of the specified bandwidth. This adjustment results in EIGRPpackets receiving approximately 28 Kbps of the provisioned 56 Kbps on eachcircuit. This effective restores the 50-50 ratio that was tampered with when thebandwidth was set to an artificially low value.



EIGRP CommandEnhancements

EIGRP CommandEnhancements

Recent command additions improve easeof configuration• Classless networking

• Neighbor control

• Stub routers

EIGRP Command EnhancementsA number of new features are in the works for EIGRP in order to make it evenmore scalable and flexible.

The next few slides will briefly explain some of these features.

Note Refer to the release notes to see the final form of the features!



Classless Network StatementsClassless Network Statements

Selects interfaces to participate in the EIGRPprocess

Allows for supernetted interfaces

Provides more granular control of interfaces

Uses a wildcard mask to determinematching bit strings

(config-router)#

network ip-address wildcard-mask

Classless Network StatementsProvides similar functionality to OSPF wildcard bits.

In the past, supernetted interfaces were required to be redistributed as ‘connected’(showed up as externals.) With this feature, supernetted interfaces can be includednatively, as internal routes. Refer to the example on the following page todemonstrate a supernetted route.

This feature also allows you to identify which interfaces are to be included underthe EIGRP process. In the past, you could only define the major network and thenwould have to put passive-interface in for every interface that you didn’t intend torun EIGRP on.

For reference only! This feature is integrated in 12.0(03.00.02)PI04 12.0(03.04)T12.0(03.04)PI5.1.



Classless NetworkConfiguration

Classless NetworkConfiguration

router eigrp 1 network 10.1.0.0 0.0.255.255 network 192.31.0.0 0.0.255.255

10.1.1.0 /24

192.168.12.0 /27

192.31.44.0 /27

192.31.42.0 /27

10.1.2.0 /24

10.4.17.0 /24 OSPFDomain

On the left, enables upper two serial links for EIGRPOn the right, enables two Ethernets for EIGRP, but not the serial link to the external domain

Classless Network ConfigurationIn the graphic, the network statements applied to the EIGRP process contain awildcard mask (similar to OSPF configurations) to further delineate interfaceparticipation in the EIGRP routing process.

When the wildcard mask of 0.0.255.255 applied to the interfaces in the left-handcloud, it selects only interfaces that match 192.31 in the first two octets. The uppertwo serial interfaces match the network criteria and will route EIGRP packets.

The first two octets of the address on the serial link leading to the OSPF domaindo not match the requirement set down by the network 10.1.0.0 0.0.255.255statement. As a result, EIGRP Hellos and updates will not be sent into the OSPFdomain.

In the right-hand cloud, both Ethernet interfaces have been selected to routeEIGRP because their interface addresses start with 10.1

Note The ability to specify classless networks at the interface level is a new feature first

made available in IOS release 12.0.



Neighbor ControlNeighbor Control

Permits explicit definition of neighbors

Provides supports non-broadcast media(Classical IP on ATM)

(config-router)#

eigrp neighbor auto-discovery [ interface ]

(config-router)#

neighbor ip-address

Defines how neighbors are discovered

Neighbor ControlIn the past, EIGRP would allow you to define neighbor statements; they just didn’tactually do anything! Now you will be able to define explicit neighbors for testingand security, and will now allow you to run EIGRP over networks that don’tsupport broadcasts/multicasts, such as Classical IP over ATM.

Also, by being able to select neighbors on multiaccess interfaces, this commandprovides additional security and screening from external routes.



Neighbor ControlConfiguration

Neighbor ControlConfiguration

router eigrp 1

no eigrp neighbor auto-discovery e0

neighbor 10.4.17.7

DCB

A

OSPFDomain

10.4.17.1

10.4.17.11 10.4.17.3 10.4.17.7

E0

EIGRP neighbor relationship will only be formed with router D

Neighbor Control ConfigurationIn the example above, the automatic neighbor discovery mechanism using themulticast hellos has been disabled on interface Ethernet 0. The neighbor statementrequires EIGRP to use unicast addressing to establish a neighbor relationship withrouter D whose address is also part of the neighbor statement.

In this topology, disabling automatic neighbor discovery helps to enforce thesecurity policy of keeping the two routing domains (EIGRP and OSPF) separateand distinct.



Defines how router participates in routeadvertisements

Defined on remote routers

Restricts route advertisement to connected,static, summary, or none

Queries are not propagated to stub routers

Stub RoutersStub Routers

(config-router)#

stub [connected] [static] [summary] [receive-only]

Stub RoutersEIGRP stub support will allow you simply define your remote routers toadvertised only as connected, static, summary, or none (depending on theconfiguration) back to the distribution layer. This will eliminate the problem withroutes “reflecting” through the remote routers as if they were intended to be transit.This problem is especially prevalent in redundant topologies.

This would take the place of defining the “distribute-list out” on the remote routersadvertising only local routes.

Additionally, the distribution layer router will see in the received hello that theremote is a stub, so it will not send a query to the remote about any route loss inthe remainder of the network. This is a major improvement, since there has notbeen any way up to now to stop queries from flowing to the remotes!



QueriesReplies

Normal Query OperationNormal Query Operation

10.1.80/24

XXRemote SitesDistribution Layer

B

C

D

E

A

Normal Query OperationThe graphic above indicates normal query operation in a redundant, two-layerdesign model. When a link fails at the distribution layer and no feasible successoris available, router B send queries out all interfaces except the link that failed.Upon receipt of the query, the remotes generate queries of their own because theyhave no route to the failed link. These queries are reflected back up to thedistribution layer by the redundant topology. The result is similar to a broadcaststorm reported in bridged topologies, but at least there is a limit to this flurry ofquery activity.



Remote Sites10.1.80/24

Distribution Layer

X

Remote Routers (Router C, D, and E)Are All Defined as Stub Routers

QueriesReplies

Reduced Query Traffic -Stub Router Configuration

Reduced Query Traffic -Stub Router Configuration

B

C

D

E

A

router eigrp 1

stub connected

Reduced Query Traffic – Stub Router ConfigurationWhen the stub command is applied to the remotes, excessive query activity isterminated. The announcement of stub configuration is carried in the Hello packetsgenerated by the remotes. Because the remotes have no transit function whendefined as a stub, the distribution routers suppress queries to the remotes whensearching for an alternate to the lost route. Notice from the arrows on the graphicthat the query activity is limited to the distribution layer which represents aconsiderable bandwidth savings.


Using Enhanced IGRP in Scalable Internetworks


Using EnhancedIGRP in Scalable

Internetworks

Using Enhanced IGRP in Scalable Internetworks



Factors That InfluenceEIGRP Scalability

Factors That InfluenceEIGRP Scalability

EIGRP is not plug and play for largenetworks

Limit EIGRP query range!

Quantity of routing informationexchanged between peersAdvertise major network or default route to

regions or remotes

Factors That Influence EIGRP ScalablilityThe following factors (and others) impact how scalable a network is:

• The amount of information being exchanged between neighbors. If moreinformation is passed than necessary for routing to function correctly, EIGRPwill have to work harder at neighbor startup and reacting to changes in thenetwork.

• When a change occurs in the network, the amount of resources consumed byEIGRP will be directly related to the number of routers that must be involvedin the change.

• The depth of the topology is also a factor in how scalable a network is. Thisdescribes the situation where you have to propagate the information throughmany hops (depth) for convergence. A Multinational network withoutsummarization is an example of this type of condition.

• The number of alternative paths through the network can also impactscalability in a network. A network should provide alternative paths in order toavoid single points of failure. Too much complexity (alternative paths),however, can also create problems with EIGRP converging.



EIGRP Query ProcessEIGRP Query Process

Queries are sent out when a route is lost andno feasible successor is available

The lost route is now in active state

Queries are sent out to all of its neighbors onall interfaces except the interface tothe successor

If the neighbor does not have the lost routeinformation, queries are sent out to theirneighbors

EIGRP Query ProcessEIGRP is Advanced Distant Vector. It relies on its neighbor(s) to provide routinginformation If a route is lost and no feasible successor is available, EIGRP needsto converge fast, its only mechanism for fast convergence is to actively query forthe lost route to its neighbors.

Whenever a router loses a route and does not have a feasible successor in itstopology table it will look for an alternative path to the destination. This is knownas going active on a route. It will query its neighbors to determine if they have analternate path. It will not however, send queries out the interface that it had theoriginal route through. If any of the queried neighbors have an alternative path,they will reply that they do. If not, then they will query each of their neighbors foran alternative path. The queries will then propagate out through the network. If arouter has an alternate route it will answer the query and not propagate it further.This will stop the spread of the query through that branch of the network. Thequery may still spread through other portions of the network.



EIGRP Query Process (cont.)EIGRP Query Process (cont.)

The router will have to get ALL of the repliesfrom the neighbors before the router calculatesthe successor information

If any neighbor fails to reply the query in threeminutes, this route is stuck in active and therouter resets the neighbor that fails to reply

Solution for stuck in active is to:Limit query range, also known asquery scoping

EIGRP Query Process (cont.)Due to the reliable multicast approach used by EIGRP when searching for analternate to a lost route, it is imperative that a reply be received for each querygenerated in the network.

If after a route goes active and the query sequence are initiated, the only way theroute can come out of the active state is receive a reply for every generated query.If any neighbor fails to reply to a query, the route stays active at the queryingrouter. This condition is known as ‘stuck in active’ and it can be difficult to isolatethe actual cause of why the replies were not received. A Supplement is provided inAppendix A to assist in troubleshooting ‘stuck in active’ conditions.

One way to help avoid the ‘stuck in active’ condition is to limit the scope ofqueries propagation through the network. By keeping the query packets close tothe source, we are reducing the chance of an isolated failure in another part of thenetwork from restricting the convergence process on the local router.



AS 1AS 2

Network X

Query for XQuery for XReply for XReply for XQuery for XQuery for X

EIGRP Query RangeEIGRP Query Range

Autonomous System Boundaries• Contrary to popular belief, queries are not

bounded by AS boundaries. Queries from AS 1 willbe propagated to AS 2

XXA CB

13 2

EIGRP Query RangeMany networks have been implemented using multiple EIGRP AS’ to sort ofsimulate OSPF areas. With mutual redistribution between the different AS’ Ciscoused to recommend this design a number of years ago. While this approach doeschange the way the network behaves, it is not doing what most think it does.

Many think that using multiple EIGRP AS’ will bound the query range, decreasingthe chances of a stuck-in-active route. This is only sort of true. If a query reachesthe edge of the AS (where routes are redistributed into another AS), the originalquery will indeed be answered. A new query will be initiated in the other AS.However, we haven’t really stopped the query process. We’ve just changed whowill be affected if something bad happens and we get stuck on the route. Instead ofthe AS where the route went active, the SIA would occur in the other AS.

However, if things are bad enough that an SIA was going to happen if it were allone AS, it’s not likely that the multiple AS’ will change the timing enough to stopit. Another misconception is that having multiple AS’ protects one AS from routeflaps in another AS. If components are passed between AS’, this isn’t true.Transitions in routes from one AS will be felt in the other AS’, as well.



130.130.1.0/24

B Summarizes 130.0.0.0/8 to A

130.x.x.x

Reply with Infinity and theQuery Stops Here!

Query for130.130.1.0/24

EIGRP Query Range (cont.)EIGRP Query Range (cont.)

Summarization point•Auto or manual summarization is the best way tobound queries

•Requires a good address allocation scheme

XX129.x.x.x

Query for130.130.1.0/24

A CB

13

2

EIGRP Query Range (cont.)The best solution to control queries is to reduce the range of queries. This is doneby summarization. The query range by itself, however, is not a common reason forstuck in active routes being reported. The most common reason for stuck in activeroutes is that some router on the network cannot answer a query for some reason,such as:

• The router is too busy to answer the query (generally high cpu utilization)

• The router is having memory problems, and cannot allocate the memory toprocess the query or build the reply packet the circuit between the two routers isnot good

• A lot of packets are being lost between the routers, but enough packets aregetting through to keep the neighbor relationship up, and some queries or repliesare not

• Unidirectional links (a link on which traffic can only flow in one direction due toa failure)



Limiting Size/Scope ofUpdates/Queries

Limiting Size/Scope ofUpdates/Queries

Evaluate routing requirementsWhat routes are needed where?

Once needs are determined• Use summary address

• Use distribute lists

Limiting Size/Scope of Updates/QueriesVery seldom do remote routers need to know all of the routes being advertised inthe entire network. The network manager needs to look at what information isnecessary to properly route user traffic to where it needs to go.

There are trade-offs between how much information is supplied to the remoterouters to provide the desired level of path selection. In other words, maximumstability/scalability is felt when the remote routers only use a default route to reachthe core. If some component knowledge needs to be allowed so that optimum pathselection can take place for those targets, then a business decision needs to bemade.

Once the minimum requirements are determined, either “summary-address”statements need to be added on the outbound interfaces of the routers or“distribute-list” statements need to be added to the router process. Thesemechanisms are used to limit what information is provided to the end system.



10.1.8.0/24

Distribution Layer Remote Sites

XQueriesQueriesRepliesReplies

LimitingUpdates/Queries—Example

LimitingUpdates/Queries—Example

B

A

E

D

C

Limiting Updates/Queries - ExampleIn the sample network above, each dual-homed remote router would be seen as avalid alternative path to 10.1.8.0 from router A unless information-hidingtechniques are used. Once the query process starts, each path receives duplicateconvergence traffic due to the redundancy designed into the topology.

This topology and the reflective nature of the query traffic was described in detailin an earlier section of this chapter.



LimitingUpdates/Queries—Reality

LimitingUpdates/Queries—Reality

Remote routers are fully involvedin convergence• Most remotes are never intended

to be transit

• Convergence complicated throughlack of information hiding

Limiting Updates/Queries - RealityIn the example on the previous page, not only are the remote routers required torespond to questions (queries) from the distribution layer, they also continue thesearch by “reflecting” the queries back toward the distribution layer. Thissignificantly complicates the convergence process on the network.

With our example of only two distributions and three remotes, it’s not all thatsignificant. On a real network with possibly hundreds of remotes, it can be brutal.

In most networks the designer put dual legs to remotes in order to improve theiruptime reaching the remainder of the network. Rarely if ever does a designerdesire for traffic to go from the distribution layer to the remote and back, so why isconvergence acting as if this is a valid alternative path? We didn’t tell it anydifferent, that's why.

The design of this sample network is sound, but due to the nature of the selectedrouting protocol’s behavior, it involves the remote routers in the convergencedecision. The remote routers have too much information in their topology tables.Several ways to solve this condition are presented on the following pages.



10.1.8.0/24

Distribution Layer Remote Sites

XQueriesQueriesRepliesReplies

ip summary-address eigrp 1 10.0.0.0 255.0.0.0on all outbound interfaces to remotes

LimitingUpdates/Queries—Better

LimitingUpdates/Queries—Better

B

A

E

D

C

Limiting Updates/Queries - BetterWith the “summary-address” commands on the outbound interfaces of router Aand router B, some route components are not sent to the remote routers at all, sothey will not reflect the routes back to the distribution layer. This approach reducesthe convergence traffic by absorbing the reflective aspects caused by the redundanttopology.

Likewise, if the “distribute-list out” commands were installed at the remote routerstheir advertisements would be limited to only those networks that exist at thatremote site. Therefore, they won’t even reflect the summary route from router Aback to router B, nor will they reflect the summary route from router B back torouter A. This will minimize the part the remote routers play in the update andquery process and will increase the stability and scalability of this network.



Remote Sites10.1.80/24

Distribution Layer

X

Remote Routers (Router C, D, and E)Are All Defined as Stub Routers

QueriesReplies

LimitingUpdates/Queries—Best

LimitingUpdates/Queries—Best

B

C

D

E

A

router eigrp 1

stub connected

Limiting Updates/Queries - BestIn the previous example, we’ve decreased the role of the remotes so that they don’tpropagate the queries back to the distribution layer, so convergence is significantlysimplified. It can still create problems is a massive number of queries are sent tothe remotes at once, however.

A new feature (stub routers) will decrease the remote’s role even farther, byremoving the remote routers from the query path entirely! As described earlier inthis section, the “stub” command was created to handle situations and topologiessimilar to this example. The distribution layer routers (A and B), once neighborrelationships are formed with the remote routers, would suppress routecomponents (also known as information hiding) advertisements to routers C, D,and E. This approach eliminates the remote routers from the convergence process,speeds convergence and increases overall network stability.

Note The “stub” command is only available on IOS release 12.0 and later.



Limiting Updates/Queries—Summary

Limiting Updates/Queries—Summary

Convergence simplified by adding thesummary-address statements Remote routers just reply when queried, do

not forward queries

In recent IOS releases, use the stubcommand on remote routers

Limiting Updates/Queries - SummaryAs seen by the preceding examples, even sound network designs can requireadditional configuration commands to optimize bandwidth utilization and toreduce convergence time.

In earlier releases of the IOS, the most effective method to restrict the scope ofqueries was the establishment of route summarization boundaries. In more recentreleases of the IOS the “stub” router command, severely limits the bandwidthconsumed by the query process, especially in redundant topologies.



EIGRP Scalability RulesEIGRP Scalability Rules

EIGRP is a very scalable routing protocolif proper design methods are used:• Good allocation of address space

–Each region should have an uniqueaddress space so route summarization ispossible

• Have a tiered network design model (Core,Distribution, Access)

EIGRP Scalability RulesEIGRP possesses many features that allow the creation of large to very largeinternetworks. As with any large network, good, solid design principles are thefoundation upon which the infrastructure rests.

Address allocation is critical to any design effort because, irregardless of theadvanced routing protocol selected, logical blocks of addresses are a requirementfor route summarization to occur. Having a two- or three-layered hierarchy withrouters positioned by function rather than by geography greatly assists traffic flowand route distribution.



Core

TokenRing

TokenRing

3.3.4.01.1.1.0

3.3.4.0

1.1.4.0

3.3.3.0

2.2.1.0

1.1.3.0

3.3.1.0

1.1.2.02.2.3.0

2.2.2.0

TokenRing

TokenRing

TokenRing

TokenRing

1.1.1.01.1.2.02.2.3.03.3.4.0

2.2.1.03.3.2.03.3.3.01.1.4.0

3.3.1.02.2.2.01.1.3.0

NonscalableNetwork—Example

NonscalableNetwork—Example

Bad addressing scheme•Subnets are everywhere throughout entire network

Queries not bounded

Nonscalable Network - ExampleThe graphic indicates a topology where addresses (subnets) are randomly assignedor at least assigned by historical requirements. In this example, multiple subnetsfrom different major networks are located in each cloud. The number of routesinjected into the core is far greater than necessary because route summarization isnot possible. In addition, due to the random assignment of addresses, query trafficcannot be localized to any portion of the network and that fact delay convergencetime.



Core

3.0.0.0

2.0.0.0

TokenRing

TokenRing

1.1.4.01.1.1.0

3.3.4.0

3.3.4.0

3.3.3.0

3.3.1.0

2.2.3.0

2.2.1.0

1.1.2.01.1.3.0

2.2.2.0

1.0.0.0

TokenRing

TokenRing

TokenRing

TokenRing

Scalable Network—ExampleScalable Network—Example

Readdress the network•Each region has its own block of addresses

Queries bounded by using “ip summary-address eigrp” command

Scalable Network - ExampleThis graphic illustrates a more well-designed network. Subnet addresses formindividual major networks are localized with each of the clouds. This allows forthe creation of summary routes to be injected into the core. As an added benefit,the summary routes act a boundary for the queries generated by a topology change.



Distribution Layer

Access Layer

Summarized RoutesSummarized Routes

Summarized RoutesSummarized RoutesSummarized RoutesSummarized Routes

Summarized RoutesSummarized Routes

Summarized RoutesSummarized Routes Summarized RoutesSummarized Routes

Tiered Network DesignTiered Network Design

OtherRegions

OtherRegions

OtherRegions

OtherRegions

Core

Tiered Network DesignA tiered network model provides benefits at all layers of the hierarchical model.

At the core:

Summarized routes reduce the size of the routing table in the core routers.These smaller tables make for efficient lookups that speed user traffic on its way toits final destination. This reinforces the concept of a high-speed switching core.

At the distribution layer:

Summarized routes at the distribution layer help select the most efficient pathfor user traffic from different regions by reducing the number of entries that needto be checked.

At the access layer:

Proper allocation of blocks of addresses to remote offices enables local trafficto remain local and not to unnecessarily burden other portions of the network.



More EIGRP Scalability RulesMore EIGRP Scalability Rules

Proper network resources• Sufficient memory on the router

• Sufficient bandwidth on WAN interfaces

Proper configuration of the “bandwidth”statement over WAN interfaces, especially overFrame Relay

Avoid ‘blind’ mutual redistribution between tworouting protocols or two EIGRP processes

More EIGRP Scalability RulesEnhanced IGRP will operate more efficiently is some common network designprinciples are followed. Routers located at convergence points within the networkmust be equipped to sufficient memory to buffer a large number of packets and tosupport numerous processes related to routing large volumes of traffic.

Especially in hub and spoke topologies, adequate bandwidth is required on WANlinks. There should be enough bandwidth to allow necessary router overheadtraffic from interfering with or competing with normal user generated traffic. Ifreliable EIGRP packets are lost due to contention for bandwidth, a lack ofconvergence is a far greater problem than application delays experienced by someusers.

Multiple autonomous systems or routing domains can share route informationthrough the redistribution process. Proper implementation of redistributionrequires route filters to prevent feedback loops from forming. It is stronglyrecommended that redistribution between multiple ASs or multiple routingprotocols be accompanied by route filters.


Verifying Enhanced IGRP Operation


VerifyingEnhanced IGRP

Operation

Verifying Enhanced IGRP Operation



Verifying Enhanced IGRPOperation

show ip protocols

Router#

show ip route eigrpRouter#

show ip eigrp traffic Router#

show ip eigrp neighbors

Router#

show ip eigrp topologyRouter#

• Displays the neighborsdiscovered by IP EnhancedIGRP

• Displays the IP Enhanced IGRPtopology table

• Displays current EnhancedIGRP entries in the routing table

• Displays the parameters andcurrent state of the activerouting protocol process

• Displays the number of IPEnhanced IGRP packets sentand received

Verifying Enhanced IGRP OperationThe following show commands can be used to verify EIGRP operation:

Command Description

show ip eigrp neighbors Displays neighbors discovered by EIGRP.

show ip eigrp topology Displays the EIGRP topology table. Thiscommand shows the topology table, theactive/passive state of routes, the number ofsuccessors, and the feasible distance to thedestination.

show ip route eigrp Displays the current EIGRP entries in the routingtable.

show ip protocols Displays the parameters and current state of theactive routing protocol process. This commandshows the EIGRP autonomous system number. Italso displays filtering and redistribution numbersas well as neighbors and distance information.

show ip eigrp traffic Displays the number of EIGRP packets sent andreceived. This command displays statistics onhello, updates, queries, replies, andacknowledgments.

The lab exercise “Configuring EIGRP” enables you to practice using some of thesecommands.


Summary


Summary

Enhanced IGRP is an advanced routingprotocol that uses the DUAL algorithm

Enhanced IGRP has the following features:• Converges rapidly

• Incremental updates

• Routes IP, IPX, and AppleTalk

• Summarizes routes

Summary


Case Study – Configuring EIGRP


Case Study

Case Study - Enhanced IGRP



Case Study - Enhanced IGRPCase Study - Enhanced IGRP

Class C

Class B

AutonomousSystem 400


Frame RelayNetwork

RedundantPVCs to each

Case Study – Enhanced IGRPThe case study illustrates some key features within Enhance IGRP, such as:

■ Only routers within the same AS exchange route information

■ Support for VLSM and discontiguous subnets

■ Automatic route summarization at major network boundaries

■ Manual route summarization at arbitrary network boundaries

■ Support for various WAN topologies, including NBMA

■ Efficient bandwidth utilization for overhead routing operations

■ Support for hierarchical designs


Lab Exercise: Configuring EIGRP


Lab Exercise

Exercise: Configuring EIGRP



Answers toExercises


.

9

Configuring BasicBorder GatewayProtocol (BGP)

OverviewThis chapter introduces the Border Gateway Protocol (BGP), including thefundamentals of BGP operation


■ Objectives

■ BGP Overview

■ When Not To Use BGP

■ BGP Terminology

■ BGP Operation

■ Written Exercise: BGP Operation

■ Configuring BGP

■ Verifying BGP

■ Summary

■ Review questions




Objectives

Upon completion of this chapter, you willbe able to perform the following tasks:• Describe BGP features and operation• Describe how to connect to another AS using an

alternative to BGP, static routes• Explain how BGP policy-based routing functions

within an AS• Explain how BGP peering functions• Describe and configure External and Internal BGP• Describe BGP synchronization• Given a set of network requirements, configure a BGP

environment and verify proper operation (withindescribed guidelines) of your routers


■ Describe BGP features and operation

■ Describe how to connect to another Autonomous System (AS) using analternative to BGP, static routes

■ Explain how BGP policy-based routing functions within an AutonomousSystem

■ Explain how BGP peering functions

■ Describe and configure External and Internal BGP

■ Describe BGP synchronization

■ Given a set of network requirements, configure a BGP environment and verifyproper operation (within described guidelines) of your routers

Note Notes to reviewers: Compared to the Design Document, topics in this chapter have been significantly re-ordered

and new topics have been added, in order that for all of the concepts required be explained, and the contents flow better.The objective and contents from chapter 10 on static routes was moved to this chapter as it fits better here.

Copyright 1999, Cisco Systems, Inc. Configuring Basic Border Gateway Protocol 9-3

BGP OverviewThis section provides an overview of BGP. Understanding BGP first requires anunderstanding of autonomous systems.


Autonomous Systems

Autonomous System 100 Autonomous System 200

IGPs: RIP, IGRP, OSPF, EIGRP

EGPs: BGP

• An autonomous system (AS) is a collection ofnetworks under a a single technical administration

• IGPs operate within an autonomous system

• EGPs connect different autonomous systems

One way to categorize routing protocols is by whether they are interior or exterior:

■ Interior gateway protocols (IGPs)—Routing protocols used to exchangerouting information within an autonomous system. RIP, IGRP, OSPF andEIGRP are examples of IGPs.

■ Exterior gateway protocols (EGPs)—used to connect between autonomoussystems. Border Gateway Protocol (BGP) is an example of an EGP.

BGP is an inter-domain routing protocol, also known as an EGP. All of the routingprotocols we have seen so far in this course are interior routing protocols, alsoknown as IGPs.

BGP version 4, BGP-4, is the latest version of BGP and is defined in RFC 1771.As noted in this RFC, the classic definition of an autonomous system is “a set ofrouters under a single technical administration, using an interior gateway protocoland common metrics to route packets within the AS, and using an exterior gatewayprotocol to route packets to other ASs.”

Nowadays, ASs may use more than one IGP, with potentially several sets ofmetrics. The important characteristic of an AS from the BGP point of view is thatthe AS appears to other ASs to have a single coherent interior routing plan andpresents a consistent picture of what destinations are reachable through it. All partsof the AS must be connected to each other.

The Internet Assigned Numbers Authority (IANA) is the umbrella responsible forallocating autonomous system numbers. Specifically, the American Registry for


Internet Numbers (ARIN) has the jurisdiction for assigning numbers for theAmericas, Caribbean, and Africa. Reseaux IP Europeennes-Network InformationCenter (RIPE-NIC) administers the numbers for Europe, and the Asia Pacific-NIC(AP-NIC) administers the autonomous system numbers for the Asia-Pacificregion.

This autonomous system designator is a 16-bit number, with a range of 1 to655535. RFC 1930 provides guidelines for the use of AS numbers. A range of ASnumbers, 64512 through 65530, is reserved for private use, much like the privateIP addresses discussed in chapter 4.

Note Using the IANA-assigned autonomous system number rather than some other

number is only needed if your organization plans to use an EGP such as BGP.



BGP Is Used Between ASs

• BGP is used between autonomous systems

• Guarantees exchange of loop-free routinginformation

BGP B

BGP

AS400

AS300

BGPA

B C

F

ED

AS100

AS200

The main goal of BGP is to provide an inter-domain routing system thatguarantees the loop-free exchange of routing information between autonomoussystems. Routers exchange information about paths to destination networks.

BGP is a successor of EGP, the Exterior Gateway Protocol. (Note the reuse of theEGP acronym). The EGP protocol was developed to isolate networks from eachother, as the beginnings of the Internet grew.

There are many RFCs relating to BGP-4, including: 1771, 1772, 1773, 1774, 1863,1930, 1965, 1966, 1997, 1998, 2042, 2283, 2385, and 2439.

BGP-4 has many enhancements over earlier protocols. It is used extensively in theInternet today to connect ISPs and to connect enterprises to ISPs.



When To Use BGPWhen To Use BGP

BGP is most appropriate when at least one ofthe following conditions exist:zAn AS allows packets to transit through it to reach other

ASs.

zAn AS has multiple connections to other ASs

zThe flow of traffic entering and leaving your AS must bemanipulated.

zThe effects of BGP are well understood.

BGP was designed to allow Internet Service Providers (ISPs) to communicate andexchange packets. These ISPs have multiple connections to one another, and haveagreements to exchange updates. BGP is the protocol that is used to implementthese agreements between two or more ASs.

BGP, if not properly controlled and filtered, has the potential to allow an outsideAS to affect your routing decisions. This chapter and the next will focus on howBGP operates and how to configure it properly, so you can prevent this fromhappening.


When Not To Use BGPThis section discusses when BGP is not appropriate and the use of the alternative,static routes.


When NOT To USE BGPWhen NOT To USE BGP

BGP is not always appropriate, don’t use BGPif you have one of the following conditions:zA single connection to the Internet or other AS

zRouting policy and route selection are not a concern foryour AS

zLack of memory or processor power on BGP routers tohandle constant updates

zLimited understanding of route filtering and BGP pathselection process

zLow bandwidth between ASs

Use static routes instead

BGP is not always the appropriate solution to interconnect ASs. For example, ifonly one path exists, a default route would be appropriate. Using BGP would notaccomplish anything except to use router CPU resources and memory. If therouting policy that will be implemented in an AS is consistent with policyimplemented in the ISP AS, it is not necessary or even desirable to configure BGPin that AS.

The use of static routes to connect to another AS is reviewed in the next few pages.



Static Route Command ReviewStatic Route Command Review

• Creates a static route

• Can establish a “floating” route

Router(config)#

ip route prefix mask {address | interface } [ distance ]

Use the ip route command to define a static route entry in the IP routing table.

ip route Command Description

prefix mask IP route prefix and mask for the destination to beentered into the IP routing table.

address IP address of the next hop that can be used to reachthe destination network.

interface Identifies the local router outbound interface to beused to reach the destination network.

distance Administrative distance.

As discussed in an earlier chapter, if there is more than one route to a destination,the administrative distance determines which one will be put in the routing table,with the lower administrative distance preferred. By default, the administrativedistance of a static route specified with the address parameter is set to 1. Thedefault administrative distance of a static route specified with the interfaceparameter is set to 0.

You can establish a “floating static route” by using an administrative distancelarger than the default distance used by the dynamic routing protocol. A floatingstatic route is a statically configured route that can be overridden by dynamicallylearned routing information. Thus, a floating static route can be used to create a“path of last resort” that is used only when no dynamic information is available.



RIP Static Route ExampleRIP Static Route Example

ip route 0.0.0.0 0.0.0.0 S0!router ripnetwork 172.16.0.0

10.1.1.0

ServiceProviderRunning

BGP

ISPRIPA AS20010.1.1.1

10.1.1.2

SO

172.16.0.0

The route 0.0.0.0 is a default route in the IP routing table. If there is no matchingroute for the destination IP address in the routing table, then the 0.0.0.0 will matchthe address and cause the packet to be routed out interface serial 0.



OSPF ExampleOSPF Example

• OSPF default configuration using a static route

ip route 0.0.0.0 0.0.0.0 S0!router ospf 111 network 172.16.0.0 0.0.255.255 area 0default-information originate always

ServiceProviderRunning

BGP

10.1.1.0ISPOSPF

A AS20010.1.1.110.1.1.2

SO

172.16.0.0

The default-information originate always command in OSPF propagates adefault route into the OSPF routing domain. The configuration in this example hasan effect similar to the previous RIP example. The always keyword causes thedefault route to always be advertised, whether or not the router has a default route.This ensures that the default route will get advertised into OSPF.


BGP TerminologyBGP has a lot of concepts that become clearer if you understand the terminology.This section discusses BGP characteristics, the concepts of BGP neighbors,internal and external BGP, policy-based routing, and BGP attributes.


BGP Characteristics

BGP is a distance-vector protocol withenhancements:• Reliable updates - BGP runs on top of TCP (port

179)

• Incremental, triggered updates only

• Periodic keepalives to verify TCP connectivity

• Rich metrics (called path vectors or attributes)

• Designed to scale to huge internetworks

What type of protocol is BGP? In an earlier chapter we discussed thecharacteristics of distance vector, link state and hybrid routing protocols. BGP is adistance vector protocol, but is has many differences to the likes of RIP.

BGP uses TCP as its transport protocol, which provides connection-orientedreliable delivery. In this way, BGP assumes that its communication is reliable andtherefore it doesn’t have to implement any retransmission or error recoverymechanisms. BGP uses TCP port 179. Two routers speaking BGP form a TCPconnection with one another and exchange messages to open and confirm theconnection parameters. These two routers are called peer routers or neighbors.

Once the connection is made, full routing tables are exchanged. However since theconnection is reliable, BGP routers need only send changes (incremental updates)after that. Periodic routing updates are also not required on a reliable link, sotriggered updates are used. BGP sends “keepalive” messages, similar to the “hello”messages sent by OSPF and EIGRP.

BGP routers exchange network reachability information, called path vectors, madeup of path attributes, including a list of the full path (of BGP AS numbers) that aroute should take in order to reach a destination network. This path information isused in constructing a graph of ASs that is loop free and where routing policies canbe applied in order to enforce some restrictions on the routing behavior. The pathis loop free because a router running BGP will not accept a routing update thatalready includes it’s AS number in the path list, since this would mean that the


update has already passed through its AS, and accepting it again would result in arouting loop.



TablesTables

IGPRoutingProtocol

BGPRoutingProtocol IP BGP

• BGP has it’s own table, in addition to the IGPRouting Table

• Information can be exchanged between the twotables

BGP keeps it’s own table, for storing BGP information received from and sent toother routers. This table is separate from the IP routing table in the router. Therouter can be configured to share information between the two tables.



Any two routers that have formed a TCPconnection in order to exchange BGProuting information are called peers orneighbors.

Peers = NeighborsPeers = Neighbors

AS 100

neighbors

AS 200 B

A

C

neighbors

As mentioned, BGP peers are routers with which a router has established a BGPconnection. BGP peers are also known as neighbors and can be either internal tothe AS or external to the AS.



Internal BGP (IBGP)

• When BGP neighbors belong to the same AS• Neighbors do not have to be directly

connected

AS 100

neighbors

AS 200 B

A

C

IBGP neighbors

When BGP is running between routers within one AS it is termed internal BGP(IBGP). IBGP is run within an AS in order to exchange BGP information withinthe AS, so that it can be passed to other autonomous systems.

Routers running IBGP do not have to be directly connected to each other, so longas they can reach each other (usually because an IGP is running within the AS).



External BGP (EBGP)

• When BGP neighbors belong to different ASs• Neighbors should be directly connected

AS 100

EBGP neighbors

AS 200 B

A

C

IBGP neighbors

When BGP is running between routers in different ASs it is termed external BGP(EBGP). Routers running EBGP are usually directly connected to each other.



Policy-Based RoutingPolicy-Based Routing

BGP allows administrators to definepolicies, or rules, for how data will flowthrough the ASs

BGP and associated tools cannot express allrouting policies

• BGP does not enable one AS to send traffic to aneighbor AS intending that the traffic take adifferent route from that taken by trafficoriginating in the neighbor AS

However, BGP can support any policyconforming to (i.e. implementable by) the“ hop-by-hop” routing paradigm

BGP allows policy decisions at the AS level to be enforced. This setting ofpolicies, or rules, for routing is known as policy-based routing.

BGP specifies that a BGP router can advertise to its peers in neighboring ASs onlythose routes that it itself uses. This rule reflects the "hop-by-hop" routingparadigm generally used throughout the current Internet.

Some policies cannot be supported by the "hop-by-hop" routing paradigm and thusrequire techniques such as source routing to enforce. For example, BGP does notenable one AS to send traffic to a neighboring AS, intending that the traffic take adifferent route from that taken by traffic originating in the neighboring AS. On theother hand, BGP can support any policy conforming to the "hop-by-hop" routingparadigm.

Since the current Internet uses only the "hop-by-hop" routing paradigm and sinceBGP can support any policy that conforms to that paradigm, BGP is highlyapplicable as an inter-AS routing protocol for the current Internet.



BGP Attributes

BGP metrics are called path attributes.Characteristics of attributes include:

• “Well-known” versus “optional”

• “Mandatory” versus “discretionary”

• “Transitive” versus “non-transitive”

• “Partial”

Routers send BGP update messages about destination networks. These updatemessages include information called attributes. Some terms define how theseattributes are implemented:

An attribute is either “well-known” or “optional”, “mandatory” or “discretionary”,“transitive” or “non-transitive”. An attribute may also be “partial”.

Not all combinations of these characteristics are valid. In fact, path attributes fallinto four separate categories:

1. Well-known mandatory

2. Well-known discretionary

3. Optional transitive

4. Optional non-transitive

Only optional transitive attributes may be marked as partial.

These characteristics are described on the following pages.



HQ

Well-known attributes• must be recognized by all compliant BGP

implementations

• are propagated to other neighbors

Well-known mandatory attributes• must be present in all update messages

Well-known discretionary attributes• could be present in update messages

Well-known AttributesWell-known Attributes

A well-known attribute is one that all BGP implementations must recognize. Theseattributes are propagated to BGP neighbors.

A mandatory attribute must appear in the description of a route. A discretionaryattribute does not need to appear.



Optional attributes• recognized by some implementations (could

be private), expected not to be recognized byeveryone

• recognized optional attributes are propagatedto other neighbors based on their meaning

Optional transitive attributes• if not recognized, marked as “partial” and

propagated to other neighbors

Optional non-transitive attributes• discarded if not recognized

Optional AttributesOptional Attributes

An optional attribute need not be supported by all BGP implementations. If it issupported it may be propagated to BGP neighbors.

A transitive attribute that is not implemented in a router can be passed to otherBGP routers untouched. In this case, the attribute is marked as partial. A non-transitive attribute must be deleted by a router that has not implemented theattribute.



BGP AttributesBGP Attributes

BGP Attributes include:• AS-path• Next-hop• Local preference• MED• Origin

The attributes defined by BGP include:

Well-known mandatory attributes:

— AS-path

— Next-hop

— Origin

Well-known discretionary attributes:

— Local preference

— Atomic aggregate

Optional transitive attributes:

— Aggregator

— Communities

Optional non-transitive attribute:

— Multi-Exit-Discriminator (MED)

In addition, Cisco has defined a Weight attribute for BGP.

Each of the attributes shown on the graphic is expanded upon in the followingpages. The other attributes are explained in later sections in this chapter or in thefollowing chapter.



AS-Path AttributeAS-Path Attribute

AS 300192.168.3.0

AS 200192.168.2.0

AS 100192.168.1.0

A list of AS’s that a route has traversed•For example, on Router B the path to 192.168.1.0is the AS sequence 300 200

AB

C

The AS-path attribute is a well-known mandatory attribute. Whenever a routeupdate passes through an AS, the AS number is prepended to that update. The AS-path attribute is actually the list of AS numbers that a route has traversed in orderto reach a destination. The components of this list can be AS-SEQUENCEs, whichare ordered lists, or AS-SETs, which are unordered sets.

An AS-SEQUENCE is an ordered mathematical set of all the ASs that have beentraversed. The need for AS-SETs is discussed in the CIDR and AggregateAddresses section later in this chapter.

In the graphic, network 192.168.1.0 is advertised by Router A in AS 100. Whenthat route traverses AS 300, Router C will prepend its own AS number to it. Sowhen 192.168.1.0 reaches Router B, it will have two AS numbers attached to it.From Router B’s perspective the path to reach 192.168.1.0 is (300,100).

The same applies for 192.168.2.0 and 192.168.3.0. Router A’s path to 192.168.2.0will be (300,200) i.e. traverse AS 300 and then AS 200. Router C will have totraverse path (200) in order to reach 192.168.2.0 and path (100) in order to reach192.168.1.0.



Next-Hop AttributeNext-Hop Attribute

Next-Hop to reach a network•Router A will advertise network 172.16.0.0 toRouter B in EBGP, with a next hop of 10.10.10.2•Router B advertises 172.16.0.0 in IBGP to RouterC keeping 10.10.10.2 as the next hop address

AS 100

172.20.0.0

172.16.0.0

AS 20010.10.10.1

10.10.10.2

B

A

C

172.20.10.1172.20.10.2

The BGP next-hop attribute is a well-known mandatory attribute that indicates thenext hop IP address that is to be used to reach a destination.

For EBGP, the next hop is the IP address of the neighbor specified who sent theupdate. In the graphic, Router A will advertise 172.16.0.0 to Router B, with a nexthop of 10.10.10.2 and Router B will advertise 172.20.0.0 to Router A with a nexthop of 10.10.10.1.

For IBGP, the protocol states that the next hop advertised by EBGP should becarried into IBGP. Because of that rule, Router B will advertise 172.16.0.0 to itsIBGP peer Router C, with a next hop of 10.10.10.2 (Router A’s address).Therefore Router C knows the next hop to reach 172.16.0.0 is 10.10.10.2, not172.20.10.1 as you might expect.

It is therefore very important that Router C knows how to reach the 10.10.10.0subnet, either via an IGP or a static route; otherwise it will drop packets destinedto 172.16.0.0 because it would not be able to get to the next hop address for thatnetwork.



Next-Hop on Multi-AccessNetwork

Next-Hop on Multi-AccessNetwork

AS 100

172.20.0.0

172.16.0.0

AS 200

10.10.10.3

B

A

C

10.10.10.1

10.10.10.2

In a multi-access network•Router B will advertise network 172.30.0.0 toRouter A in EBGP, with a next hop of 10.10.10.2,not 10.10.10.1•This avoids an unnecessary hop

172.30.0.0

EBGP

When running BGP over a multi-access network such as ethernet, a BGP routerwill use the appropriate address as the next-hop address, to avoid insertingadditional hops into the network. This feature is sometimes called “third partynext-hop”.

For example, in the graphic, assume that Router B and C in AS 200 are running anIGP. Router B can reach network 172.30.0.0 via 10.10.10.2. Router B is runningBGP with Router A. When Router B sends a BGP update to Router A regarding172.30.0.0 it will use as the next hop 10.10.10.2 and not its own IP address(10.10.10.1). This is because the network between the three routers is a multi-access network and it makes more sense for Router A to use Router C as a nexthop to reach 172.30.0.0 rather than making an extra hop via Router B.



Next-Hop on NBMA NetworkNext-Hop on NBMA Network

AS 100

172.20.0.0

172.16.0.0

AS 200

10.10.10.3

B

A

C

10.10.10.1

10.10.10.2

172.30.0.0

EBGP FR

In an NBMA network•By default, Router B will advertise network172.30.0.0 to Router A in EBGP, with a next hop of10.10.10.2, not 10.10.10.1.•Can be overridden

If the common media between routers is a NBMA (Non Broadcast Media Access)media, then complications may occur.

For example, in the graphic we change the last example so that the three routersare connected by Frame Relay. Router B can still reach network 172.30.0.0 via10.10.10.2. When Router B sends a BGP update to Router A regarding 172.30.0.0it will use as the next hop 10.10.10.2 and not its own IP address (10.10.10.1). Aproblem will arise if Router A and Router C do not know how to communicatedirectly; i.e. if Routers A and C do not have a map to each other. Router A will notknow how to reach the next hop address on Router C.

This behavior can be overridden in Router B by configuring it to advertise itself asthe next hop address for routes sent to Router A.



Local Preference AttributeLocal Preference Attribute

Paths with highest preference value aremost desirable•Preference configured on routers•Preference sent to internal BGP neighbors only

Needs to go to 690

AS 1755 AS 1880

AS 666

AS 690

A

B AS 200

172.16.0.0

Local pref = 200

Local pref = 150

Local preference is a well-known discretionary attribute that provides an indicationto routers in the AS about which path is preferred to exit the AS. A path with ahigher local preference is more preferred.

The local preference is an attribute that is configured on a router and exchangedonly among routers within the same AS. The default value for local preference ona Cisco router is 100.

For example, in the graphic AS 200 is receiving updates about network 172.16.0.0from two directions. Assume the local preference on Router A is set to 200 and thelocal preference on Router B is set to 150. Since the local preference informationis exchanged within AS 200, all traffic in AS 200 addressed to network 172.16.0.0will be sent to Router A as an exit point from AS 200.



MED AttributeMED Attribute

AS 100

172.20.0.0

172.16.0.0

AS 200

B

A

C

Paths with lowest MED (also called the metric)value are most desirable•MED configured on routers•MED sent to external BGP neighbors only

MED = 150

MED = 200

The Multi-exit-discriminator (MED) attribute, also called the metric, is an optionalnon-transitive attribute. The MED was known as the Inter-AS attribute in BGP-3.

The MED is an indication to external neighbors about the preferred path into anAS. This is a dynamic way to influence another AS on which way it should choosein order to reach a certain route, if there are multiple entry points into an AS.

A lower value of a metric is more preferred.

Unlike local preference, the MED is exchanged between ASs. The MED is carriedinto an AS and used there, but is not passed onto the next AS. When the sameupdate is passed on to another AS, the metric will be set back to it’s default of 0.

By default a router will compare the MED attribute only for paths from neighborsin the same AS.

For example, in the graphic, Router B has set the MED attribute to 150 and RouterC has set the MED attribute to 200. When Router A receives updates from RoutersB and C, it will pick Router B as the best next hop because 150 is less than 200.



Origin AttributeOrigin Attribute

IGP (i)•“Network” command

EGP (e)•Redistributed from EGP

Incomplete (?)•Redistributed from IGP or static

The origin is a well-known mandatory attribute that defines the origin of the pathinformation. The origin attribute can be one of three values:

■ IGP: The route is interior to the originating AS. This normally happens whenthe network command (discussed later in this chapter) is used to advertise theroute via BGP. An origin of IGP is indicated with an "i" in the BGP table.

■ EGP: The route is learned via the EGP (Exterior Gateway Protocol). This isindicated with an "e" in the BGP table.

■ Incomplete: The origin of the route is unknown or is learned via some othermeans. This usually occurs when a route is redistributed into BGP. Anincomplete origin is indicated with a "?" in the BGP table.



Weight Attribute (Cisco only)Weight Attribute (Cisco only)

AS 100

AS 200

B

A

C

Weight = 200 Weight = 150

AS 300172.20.0.0

AS 400

D

Paths with highest Weight value are most desirable•Weight configured on routers, on a per neighbor basis•Weight not sent to any BGP neighbors

The weight attribute is a Cisco defined attribute, used for the path selectionprocess. The weight is configured locally to a router and is not propagated to anyother routers. The weight can have a value from 0 to 65535. Paths that the routeroriginates have a weight of 32768 by default and other paths have a weight of zeroby default.

Routes with a higher weight are preferred when multiple routes exist to the samedestination.

In the graphic, Router B and Router C learn about network 172.20.0.0 from AS400 and will propagate the update to Router A. Router A has two ways to reach172.20.0.0 and has to decide which way to go. In the example, Router A sets theweight of updates coming from Router B to 200 and the weight of those comingfrom Router C to 150. Since the weight for Router B is higher than the weight forRouter C, we will force Router A to use Router B as a next hop to reach172.20.0.0.



BGP SynchronizationBGP Synchronization

• Ensures consistency of informationthroughout the AS

• Avoids black holes within the AS• Safe to turn off when there is a full

IBGP mesh

Synchronization Rule:Do not advertise a route to an externalDo not advertise a route to an externalneighbor until a matching route has beenneighbor until a matching route has beenlearnt from an IGPlearnt from an IGP

The BGP synchronization rule states that a BGP router should not advertise a routeto an external neighbor unless that route is local or is learnt from the IGP. If yourautonomous system is passing traffic from one AS to another AS, BGP should notadvertise a route before all routers in your AS have learned about the route viaIGP.

BGP will wait until IGP has propagated the route within the AS and then willadvertise it to external peers. This is done so that all routers in the AS aresynchronized and will be able to route traffic that the AS advertises to other ASsthat it is able to route.

BGP synchronization is on by default. If all routers in the AS were running BGP,only then would it be safe to turn it off.



BGP Synchronization (cont’d)BGP Synchronization (cont’d)

AS 10 A

BD

C

AS 2

AS 1

IBGP

EBGP

EBGP

If synchronization is on (the default) then• Router A would not use or advertise the route to 172.16.0.0, until it

receives the matching route via an IGP

• Router E would not hear about 172.16.0.0

If synchronization is off then• Router A would use and advertise the route it receives via BGP. Router

E would hear about 172.16.0.0

• If Router E sends traffic for 172.16.0.0, Router C would drop the packetssince it has no route to 172.16.0.0

172.16.0.0

EAssume BGP info isnot redistributedinto AS 10; RoutersC and D are notrunning BGP.

The synchronization rule also results in other behavior on BGP routers.

In the example in the graphic, assume that Routers C and D are not running BGPand do not receive any of the routes that Routers A and B learn from BGP.(Sharing information between routing protocols is called “redistribution” and iscovered in chapter 13). Specifically, they do not know about the network172.16.0.0 that Router B learns from AS 2.

Router B will advertise the route to 172.16.0.0 to Router A using IBGP. By defaultRouter A will not use the route to 172.16.0.0, nor will it advertise that route toRouter E in AS 1. Note that Router B will use the route to 172.16.0.0 and willinstall it in its routing table.

If synchronization is turned off in AS 10, Router A can use the route to 172.16.0.0,will install the route in its routing table, and will advertise it to Router E. This iswhere the problem occurs. Router E now may send traffic destined for network172.16.0.0. Router E will send the packets to Router A; Router A will forwardthem to Router C. Router C has not learnt a route to 172.16.0.0 and therefore willdrop the packets.

If all of the routers in AS 10 were running IBGP, turning off synchronizationwould not create this problem.


BGP OperationThis section describes the operation of the BGP protocol.


BGP Defines the following message types:• OPEN

– includes hold time and BGP Router ID

• KEEPALIVE

• UPDATE– information for one single path only (could be

to multiple networks)

– includes path attributes and networks

• NOTIFICATION– when error detected

– BGP connection closed after sent

BGP Packet TypesBGP Packet Types

BGP peers will initially exchange their full BGP routing tables. From then onincremental updates are sent as the routing table changes. Keepalive packets aresent to ensure that the connection is alive between the BGP peers, and notificationpackets are sent in response to errors or special conditions.

After a TCP connection is established, the first message sent by each side is anOPEN message. If the OPEN message is acceptable, a KEEPALIVE messageconfirming the OPEN is sent back. Once the OPEN is confirmed, the BGPconnection is established and UPDATE, KEEPALIVE, and NOTIFICATIONmessages may be exchanged.

An OPEN Message includes the following information:

■ Hold time: maximum number of seconds that may elapse between the receiptof successive KEEPALIVE and/or UPDATE messages by the sender. Uponreceipt of an OPEN message, the router calculates the value of the Hold Timerto use by using the smaller of its configured Hold Time and the Hold Timereceived in the OPEN message.

■ BGP Router Identifier (Router ID): This 32-bit field indicates the BGPIdentifier of the sender. The BGP Identifier is an IP address assigned to thatrouter and is determined on startup. The BGP router ID is chosen the sameway that the OSPF router ID is chosen – it is highest active IP address on therouter, unless a loopback interface with an IP address exists, in which case it isthe highest such loopback IP address.


BGP does not use any transport protocol-based keep-alive mechanism todetermine if peers are reachable. Instead, KEEPALIVE messages are exchangedbetween peers often enough as not to cause the Hold Timer to expire. If thenegotiated Hold Time interval is zero, then periodic KEEPALIVE messages willnot be sent. KEEPALIVE message consists of only message header.

An UPDATE message has information on one single path only; multiple pathsrequire multiple messages. All of the attributes in the message refer to that path,and the networks are those that can be reached through it. An UPDATE messagemay include the following fields:

■ Withdrawn Routes: A list of IP address prefixes for routes that are beingwithdrawn from service, if any.

■ Path Attributes: These path attributes are the AS-Path, origin, local preference,etc. discussed earlier in this chapter. Each path attribute includes the attributetype, attribute length, attribute value. The attribute type consists of theattribute flags followed by the attribute type code.

■ Network Layer Reachability Information: This field contains a list of IPaddress prefixes that can be reached by this path.

A NOTIFICATION message is sent when an error condition is detected. The BGPconnection is closed immediately after sending it. Notification messages includean error code, an error subcode, and data related to the error.



Route Selection DecisionProcess

Route Selection DecisionProcess

Consider only (synchronized) routes with no AS loops and avalid next-hop, then :

Prefer highest weight (local to router)

Prefer highest local preference (global within AS)

Prefer route originated by the local router

Prefer shortest AS path

Prefer lowest origin code (IGP < EGP < incomplete)

Prefer lowest MED (from other AS)

Prefer EBGP path over IBGP path

Prefer the path through the closest IGP neighbor

Prefer the path with the lowest neighbor BGP router id

After BGP receives updates about different destinations from differentautonomous systems, the protocol decides which path to choose in order to reach aspecific destination. BGP will choose only a single path to reach a specificdestination.

The decision process is based on the attributes discussed earlier in this chapter.When faced with multiple routes to the same destination, BGP chooses the bestroute for routing traffic toward the destination. The following process summarizeshow BGP on a Cisco router chooses the best route.

1. If the path is internal, synchronization is on and route is not synchronized, donot consider it.

2. If the Next-Hop address of a route is not reachable do not consider it.

3. Prefer the route with the highest Weight. (Recall that the weight is Ciscoproprietary and is local to the router only).

4. If multiple routes have the same Weight, prefer the route with the highestLocal Preference. (Recall that the local preference is used within an AS).

5. If multiple routes have the same Local Preference, prefer the route that wasoriginated by the local router.

6. If multiple routes have the same Local Preference, or if no route wasoriginated by the local router, prefer the route with the shortest AS path.

7. If the AS path length is the same, prefer the lowest origin code(IGP<EGP<Incomplete).

8. If all origin codes are the same, prefer the path with the lowest MED. (Recallthat the MED is sent from other ASs).

The MED comparison is only done if the neighboring autonomous system isthe same for all routes considered, unless the bgp always-compare-medcommand is enabled.


Note The most recent IETF decision regarding BGP MED assigns a value of infinity to

the missing MED, making the route lacking the MED variable the least preferred. Thedefault behavior of BGP routers running Cisco IOS software is to treat routes without the

MED attribute as having a MED of 0, making the route lacking the MED variable the mostpreferred. To configure the router to conform to the IETF standard, use the bgp bestpathmissing-as-worst command.

9. If the routes have the same MED, prefer external paths (EBGP) over internalpaths (IBGP).

10. If IGP synchronization is disabled and only internal paths remain, prefer thepath through the closest IGP neighbor. This means the router will prefer theshortest internal path within the AS to reach the destination (the shortest pathto the BGP next-hop).

11. Prefer the route with the lowest neighbor BGP Router ID value.

The path is put in the routing table and propagated to the router’s BGP neighbors.



CIDR and AggregateAddresses

CIDR and AggregateAddresses

AS 100

AS 200

B

A

C

AS 300192.168.1.0/24

AS 400

D

192.168.2.0/24

192.168.0.0/16

Routes can be aggregated when passing throughan AS

As discussed in chapter 4, Classless Inter-domain Routing (CIDR) is a mechanismdeveloped to help alleviate the problem of exhaustion of IP addresses and growthof routing tables. The idea behind CIDR is that blocks of multiple Class Caddresses can be combined, or aggregated, to create a larger classless set of IPaddresses. These multiple Class C addresses can then be summarized in routingtables, resulting in fewer route advertisements.

Earlier versions of BGP did not support CIDR; BGP-4 does. Support includes:

■ The BGP UPDATE message includes both the prefix and the prefix length;previous versions only included the prefix, the length was assumed from theaddress class.

■ Addresses can be aggregated when advertised by a BGP router.

■ The AS-path attribute can include AS-SEQUENCEs, which are ordered lists,and AS-SETs, which are unordered sets. An AS-SEQUENCE is an orderedmathematical set of the ASs that have been traversed. The AS_SET is anunordered set of other ASs, not included in the AS-SEQUENCE, that any ofthe non-aggregated routes would transverse. The combination of the ASs listedin the both components should be considered to ensure that the route is loop-free.

As an example, in the graphic Router C is advertising network 192.168.2.0/24 andRouter D is advertising network 192.168.1.0/24. Router A could pass thoseadvertisements to Router B; however, Router A could reduce the size of therouting tables by aggregating the two routes into one, for example 192.168.0.0/16.

There are two BGP attributes related to aggregate addressing. The well-knowndiscretionary attribute atomic aggregate informs the neighbor AS that theoriginating router has aggregated the routes. The optional transitive attributeaggregator specifies the BGP Router ID and AS number of the router thatperformed the route aggregation.


By default the aggregate route will be advertised as coming from the autonomoussystem that did the aggregation and will have the atomic aggregate attribute set toshow that information might be missing; the AS numbers in the non-aggregatedroutes are not listed. The router can be configured to include the AS-SET, the listof all AS’s contained in all paths that are being summarized.

In the example in the graphic, by default the aggregated route 192.168.0.0/16would have an AS-path attribute of (100). If Router A was configured to includethe AS-SET, it would include the AS-SET of {300, 400} as well as (100) in theAS-path attribute.

Note In the example, the aggregate route that Router A is sending covers more that the

two routes from Routers C and D. The example assumes that Router A also has jurisdictionover all of the other routes covered by this aggregate route.


Written Exercise: BGP Terminology and OperationObjectives:

■ Describe BGP features and operation.

■ Explain how BGP policy-based routing functions within an AutonomousSystem.

■ Explain how BGP peering functions.

■ Describe External and Internal BGP.

■ Describe BGP synchronization.


1. What protocol does BGP us as its transport protocol? What port number doesBGP use?

_________________________________________________________________

2. Any two routers that have formed a BGP connection are called BGP ________or BGP _________.

3. Write a brief description of the following:

Internal BGP _______________________________________

External BGP ______________________________________

Well-known attributes _______________________________

Transitive attributes __________________________________

BGP synchronization _____________________________________

4. For an external update advertised by IBGP, where does the value for the next-hop attribute of an update come from?

_________________________________________________________________

5. Describe the complication that an NBMA network can cause for the next-hopattribute of an update.

_________________________________________________________________

_________________________________________________________________

_________________________________________________________________

_________________________________________________________________

6. Complete the table to answer the following questions about these BGPattributes:

— Which order are the attributes preferred in (1, 2 or 3)?

— For the attribute, is the highest or lowest value preferred?

— Which other routers if any is the attribute sent to?

Attribute OrderPreferred

Highest orLowest value

Sent to which other routers?


in preferred?

LocalPreference

MED

Weight

7. How is the BGP Router ID chosen?

_________________________________________________________________

_________________________________________________________________


Configuring BGPThis section covers the commands used to configure the BGP features discussed inthis chapter.


Basic BGP CommandsBasic BGP Commands

• Enables the BGP routing protocol

Router(config)#

router bgp autonomous-system

The syntax of these commands is similar to the syntax for configuring internalrouting protocols; however, there are significant differences in the way that anexternal protocol functions.

Use the router bgp command to activate the BGP protocol and identify the localautonomous system.

router bgp Command Description

autonomous-system Identifies the local autonomous system.



Basic BGP Commands(Cont’d)

Basic BGP Commands(Cont’d)

• Activates a BGP session with another router,used for either IBGP or EBGP


neighbor { ip-address|peer-group-name} remote-as autonomous-system


network network-number mask network-mask

• Allows BGP to advertise an IGP route if it isalready in the IP table

• Does not activate the protocol on an interface

Use the neighbor remote-as command to identify a peer router with which thelocal router will establish a session.

neighbor remote-as CommandDescription

ip address Identifies the peer router.

peer-group-name Name of a BGP peer group (peer groups arecovered in the next chapter).

autonomous-system Identifies the autonomous system of the peerrouter.

The value placed in the autonomous system field of the neighbor commanddetermines whether the communication with the neighbor is an EBGP or an IBGPsession. If the autonomous system field configured in the router bgp command isidentical to the field in the neighbor remote-as command, then BGP will initiatean internal session. If the field values are different, then BGP will initiate anexternal session.

Use the network command to permit BGP to advertise a network if it is present inthe IP routing table.

network Command Description

network-number Identifies an IP network to be advertised by BGP.

network-mask Identifies the subnet mask to be advertised by BGP

The network command controls which networks are originated by this router. Thisis a different concept from what you are used to when configuring IGPs. Thenetwork command does not start up BGP on certain interfaces; rather it indicatesto BGP which networks it should originate from this router. The mask portion isused because BGP-4 can handle subnetting and supernetting. The list of networkcommands must include all networks in your AS that you want to advertise, notjust those locally connected to your router.


Prior to Cisco IOS Release 12.0, there was a limit of 200 network commands perBGP router; this limit has now been removed. The router’s resources, such as theconfigured NVRAM or RAM determine the maximum number of networkcommands you can now use.



BGP Example #1BGP Example #1

AS 109 AS 110

A

B10.1.1.1

10.1.1.2

172.16.0.0

172.17.0.0

RtrA(config)#router bgp 109

RtrA(config-router)# neighbor 10.1.1.1 remote-as 110

RtrA(config-router)# network 172.16.0.0

RtrB(config)#router bgp 110

RtrB(config-router)# neighbor 10.1.1.2 remote-as 109

RtrB(config-router)# network 172.17.0.0

The graphic shows an example of BGP configuration.

Routers A and B define each other as BGP neighbors, and will start an EBGPsession. Router A will advertise the network 172.16.0.0/16 while Router B willadvertise the network 172.17.0.0/16.



Next-hop-selfNext-hop-self


neighbor { ip-address|peer-group-name} next-hop-self

• Forces all updates for this neighbor to beadvertised with this router as the next hop

As mentioned earlier, it is sometimes necessary, for example in an NBMAenvironment, to override the default behavior of a router and force it to advertiseitself as the next hop address for routes sent to a neighbor.

The neighbor next-hop-self command is used to force BGP to use it’s own IPaddress as the next hop rather than letting the protocol choose the next hop addressto use.

neighbor next-hop-self Command Description

ip address Identifies the peer router to whichadvertisements will be sent with thisrouter identified as the next hop.

peer-group-name Name of a BGP peer group (peergroups are covered in the nextchapter).



Disabling BGPSynchronizationDisabling BGP

Synchronization


no synchronization

• Disables BGP synchronization so that a routerwill advertise routes in BGP before learningthem in IGP

As discussed earlier, there are some cases when you do not need BGPsynchronization. If you will not be passing traffic from a different autonomoussystem through your AS, or if all routers in your AS will be running BGP, you candisable synchronization. Disabling this feature can allow you to carry fewer routesin your IGP and allow BGP to converge more quickly. Use synchronization ifthere are routers in the AS that are not running BGP.

Synchronization is on by default. Use the no synchronization command to disableit.



Configuring BGP forAggregate AddressingConfiguring BGP for

Aggregate Addressing

• Creates an aggregate (summary) entry in theBGP table

• Use the summary-only option to only advertisethe summary and not the specific routes

• Add the as-set option to include an AS-SETattribute that aggregates the ASs in all of thepaths


aggregate-address ip-address mask

The aggregate-address command is used to create an aggregate, or summary,entry in the BGP table.

aggregate-address Command Description

ip address The aggregate address to be created.

mask The mask of the aggregate address to becreated.

The aggregate-address command has some optional parameters, including

summary-only Causes the router to advertise only theaggregated route; the default is to advertiseboth the aggregate and the more specificroutes

as-set Generates AS-SET path information with theaggregate route to include all of the ASnumbers listed in all of the paths of the morespecific routes. The default for the aggregateroute is to list only the AS number of therouter that generated the aggregate route.

When you use this command, the aggregate route will be advertised as comingfrom your autonomous system and will have the atomic aggregate attribute set toshow that information might be missing. (By default, the atomic aggregateattribute is set unless you specify the as-set keyword.)



Resetting BGPResetting BGP

Router#

clear ip bgp { * | address } [soft [in | out]]

• Resets BGP connections

• Use after changing BGP configuration

Use the clear ip bgp command to remove entries from the BGP routing table andreset BGP sessions. Use this command after every configuration change to ensurethat the change is activated and that peer routers are informed.

clear ip bgp Command Description

* Clear all.

address Identifies a specific network to be removedfrom the BGP table.

soft Soft reconfiguration.

in | out Triggers inbound or outbound softreconfiguration. If the in or out option is notspecified, both inbound and outbound softreconfiguration are triggered.

If you specify BGP soft reconfiguration, by including the soft keyword, thesessions are not reset and the router sends all routing updates again. To generatenew inbound updates without resetting the BGP session, the local BGP speakerwould have to store all received updates without modification regardless ofwhether it is accepted by the inbound policy, using the neighbor soft-reconfiguration command. This process is memory intensive and should beavoided if possible. Outbound BGP soft configuration does not have any memoryoverhead. You can trigger an outbound reconfiguration on the other side of theBGP session to make the new inbound policy take effect.



BGP Example #2BGP Example #2

172.16.10.0AS 200

B

A

C

172.16.20.0

192.168.2.0

10.1.1.1

10.1.1.2

172.16.0.0/16AS 100

192.168.1.49

192.168.1.50

The graphic shows another BGP example. The configuration for Router B isshown on the next page.



BGP Example #2 (cont’d)BGP Example #2 (cont’d)

1. RtrB(config)#router bgp 200

2. RtrB(config-router)# neighbor 10.1.1.2 remote-as 100

3. RtrB(config-router)# neighbor 192.168.1.50 remote-as 200

4. RtrB(config-router)# network 172.16.10.0 mask 255.255.255.0

5. RtrB(config-router)# network 192.168.1.0 mask 255.255.255.0

6. RtrB(config-router)# no synchronization

7. RtrB(config-router)# neighbor 192.168.1.50 next-hop-self

8. RtrB(config-router)# aggregate-address 172.16.0.0 255.255.0.0 summary-only

The first three commands establish that Router B has two BGP neighbors – RouterA in AS 100 and Router C in AS 200. The next two commands allow Router B toadvertise networks 172.16.10.0 and 192.168.1.0 to its BGP neighbors.

Assuming Router C is advertising 172.16.20.0 in BGP, Router B would get thatroute but would not pass it to Router A until the no synchronization command(the sixth command) is added to both Router B and C, since we are not running anIGP in this example. This command can be used here since all of the routers in theAS are running BGP. The clear ip bgp * command would be required on RoutersB and C in order to reset the BGP sessions after the synchronization has beenturned off.

By default Router B will pass the BGP advertisement from Router A aboutnetwork 192.168.2.0 to Router C with the next hop address left as 10.1.1.2. RouterC does not know how to get to 10.1.1.2 though, so it will not install the route. Theneighbor 192.168.1.50 next-hop-self command will force Router B to sendadvertisements to Router C with it’s own (Router B) address as the next hopaddress. Router C will then be able to reach 192.168.2.0.

Router A will learn about both subnets 172.16.10.0 and 172.16.20.0. Howeveronce the aggregate-address 172.16.0.0 255.255.0.0 summary-only command isadded to Router B, Router B will summarize the subnets and send only the172.16.0.0/16 route to Router A.


Verifying BGP


Verifying BGPVerifying BGP

• show ip bgp

• show ip bgp summary

• show ip bgp neighbors

• debug ip bgp

Verifying BGP operation can be accomplished using the following showcommands:

■ show ip bgp—Displays entries in the BGP routing table. Specify a networknumber to get more specific information about a particular network.

■ show ip bgp summary—Displays the status on all BGP connections.

■ show ip bgp neighbors—Displays information about the TCP and BGPconnections to neighbors.

Other BGP show commands can be found in the BGP documentation on Cisco’sweb site or on the Documentation CD-ROM.

Debug commands display events as they are happening on the router. For BGP, thedebug ip bgp command has the following options:

■ dampening BGP dampening

■ events BGP events

■ keepalives BGP keepalives

■ updates BGP updates



Show ip bgpShow ip bgp

RTRA#show ip bgpBGP table version is 5, local router ID is 192.168.2.1Status codes:s suppressed,d damped,h history,* valid,> best,i - internalOrigin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path*> 172.16.0.0 10.1.1.1 0 200 i*> 192.168.1.0 10.1.1.1 0 0 200 i*> 192.168.2.0 0.0.0.0 0 32768 i

This example output is taken from Router A in BGP Example #2.

The status codes are shown at the beginning of each line of output and the origincodes are shown at the end of each line of output. From the example output, wecan see that Router A learnt about two networks from 10.1.1.1. The path it will useto get to these networks is via AS 200, and the routes have origin codes of IGP.



Show ip bgp summaryShow ip bgp summary

RTRA#show ip bgp sumBGP table version is 5, main routing table version 53 network entries and 3 paths using 363 bytes of memory3 BGP path attribute entries using 372 bytes of memoryBGP activity 3/0 prefixes, 3/0 paths0 prefixes revised.

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd

10.1.1.1 4 200 14 13 5 0 0 00:08:03 2


Router A has one neighbor, 10.1.1.1. It speaks BGP version 4 with that neighbor,who is in AS 200. Router A has received 14 messages from and sent 13 messagesto 10.1.1.1. The TblVer is the last version of the BGP database that was sent tothat neighbor. There are no messages in either the input or output queue. The BGPsession has been established for 8 minutes and 3 seconds. Router A has receivedtwo prefixes from neighbor 10.1.1.1.



Show ip bgp neighborsShow ip bgp neighbors

RTRA#sh ip bgp neiBGP neighbor is 10.1.1.1, remote AS 200, external link Index 1, Offset 0, Mask 0x2 BGP version 4, remote router ID 172.16.10.1 BGP state = Established , table version = 5, up for 00:10:47 Last read 00:00:48, hold time is 180, keepalive interval is 60 seconds Minimum time between advertisement runs is 30 seconds Received 16 messages, 0 notifications, 0 in queue Sent 15 messages, 1 notifications, 0 in queue Prefix advertised 1, suppressed 0, withdrawn 0 Connections established 1; dropped 0 Last reset 00:16:35, due to Peer closed the session 2 accepted prefixes consume 64 bytes 0 history paths consume 0 bytes

--More--

This example output is taken from Router A in BGP Example #2. This commandis used to display information about the BGP connections to neighbors. In theexample, the BGP state is “Established” which means that the neighbors haveestablished a TCP connection and the two peers have agreed speak BGP with eachother.



Debug ip bgpDebug ip bgp

RTRA#debug ip bgp updatesBGP updates debugging is onRTRA#clear ip bgp *3w5d: BGP: 10.1.1.1 computing updates, neighbor version 0, table version 1, starting at 0.0.0.03w5d: BGP: 10.1.1.1 update run completed, ran for 0ms, neighbor version 0, start version 1, throttled to 1, check point net 0.0.0.03w5d: BGP: 10.1.1.1 rcv UPDATE w/ attr: nexthop 10.1.1.1, origin i, aggregated by 200 172.16.10.1, path 2003w5d: BGP: 10.1.1.1 rcv UPDATE about 172.16.0.0/163w5d: BGP: nettable_walker 172.16.0.0/16 calling revise_route3w5d: BGP: revise route installing 172.16.0.0/16 -> 10.1.1.13w5d: BGP: 10.1.1.1 rcv UPDATE w/ attr: nexthop 10.1.1.1, origin i, metric 0, path 2003w5d: BGP: 10.1.1.1 rcv UPDATE about 192.168.1.0/243w5d: BGP: nettable_walker 192.168.1.0/24 calling revise_route3w5d: BGP: revise route installing 192.168.1.0/24 -> 10.1.1.1


The output in the graphic shows update messages being received from neighbor10.1.1.1. Further output after that displayed in the graphic is provided below,showing Router A sending updates to its neighbor.

RTRA#3w5d: BGP: 10.1.1.1 computing updates, neighbor version 1, tableversion 3, starting at 0.0.0.03w5d: BGP: 10.1.1.1 update run completed, ran for 0ms, neighborversion 1, start version 3, throttled to 3, check point net0.0.0.03w5d: BGP: nettable_walker 192.168.2.0/24 route sourced locally3w5d: BGP: 10.1.1.1 computing updates, neighbor version 3, tableversion 4, starting at 0.0.0.03w5d: BGP: 10.1.1.1 send UPDATE 192.168.2.0/24, next 10.1.1.2,metric 0, path 1003w5d: BGP: 10.1.1.1 1 updates enqueued (average=52, maximum=52)3w5d: BGP: 10.1.1.1 update run completed, ran for 0ms, neighborversion 3, start version 4, throttled to 4, check point net0.0.0.0




Summary

After completing this chapter, youshould be able to perform thefollowing tasks:

•Describe BGP features and operation•Describe how to connect to another ASusing an alternative to BGP, static routes•Explain how BGP policy-based routingfunctions within an Autonomous System•Explain how BGP peering functions



Summary (cont’d)


•Describe BGP synchronization•Given a set of network requirements,configure a BGP environment and verifyproper operation (within describedguidelines) of your routers




Review Questions

1. Describe the BGP synchronization rule.What command disables synchronization?

2. What are the four BGP message types?

3. How does BGP-4 support CIDR?

4. What command is used to activate a BGPsession with another router?

5. What command is used to displayinformation about the BGP connections toneighbors?

.

10

Implementing BGP inScalable ISP Networks

OverviewThis chapter starts with a discussion of problems that may occur when scalingIBGP. Various solutions, including route reflectors, policy control using prefixlists, communities, and Cisco’s peer groups are explained. Connecting an AS withmore than one BGP connection is known as multi-homing, and different ways toaccomplish this are explored. Configuration of all of these BGP features isincluded in this chapter.


■ Objectives

■ Scalability problems with IBGP

■ Route Reflectors

■ Policy Control

■ Written Exercise: BGP Route Reflectors and Policy Control

■ Route Maps

■ Communities

■ Peer groups

■ Multi-homing

■ Redistribution with IGPs

■ Case Study: Multi-homed BGP

■ Summary


■ Review questions

Copyright 1999, Cisco Systems, Inc. Implementing BGP in Scalable ISP Networks 10-3



Objectives

Upon completion of this chapter, you willbe able to perform the following tasks:• Describe the scalability problems associated with

Internal BGP• Explain and configure BGP Route Reflectors• Describe and configure policy control in BGP

using prefix lists• Describe and configure BGP Communities and

Peer Groups


■ Describe the scalability problems associated with Internal BGP

■ Explain and configure BGP Route Reflectors

■ Describe and configure policy control in BGP using prefix lists

■ Describe and configure BGP Communities and Peer Groups

■ Describe methods to connect to multiple ISPs using routes BGP

■ Explain the use of redistribution between BGP and Interior Gateway Protocols(IGPs)

■ Given a set of network requirements, configure a multi-homed BGPenvironment and verify proper operation (within described guidelines) of yourrouters

Note Note to reviewers: Compared to the design document, the 5th objective was changed; static routes moved to

chapter 9. Route Maps topic moved to this chapter from later chapter (needed for Communities discussion).



Objectives (cont’d)Objectives (cont’d)

•Describe methods to connect to multiple ISPsusing BGP•Explain the use of redistribution between BGP andInterior Gateway Protocols (IGPs)•Given a set of network requirements, configure amulti-homed BGP environment and verify properoperation (within described guidelines) of yourrouters


Scalability Problems with IBGPThis section discusses scalability problems with IBGP.


BGP split horizon:• Routes learned via IBGP are never

propagated to other IBGP peers

Therefore need full mesh IBGP

BGP Split HorizonBGP Split Horizon

AS 100

AA

CCBB

X

Chapter 9 discussed many BGP concepts, including IBGP and EBGP. Another rulegoverning IBGP behavior is the BGP split horizon rule. This BGP rule specifiesthat routes learned via IBGP are never propagated to other IBGP peers.

Similar to the distance vector routing protocol split horizon rule, BGP split horizonis necessary to ensure that routing loops are not started within the AS. The result isthat a full mesh of IBGP peers is required within an AS.



Full Mesh IBGP ProblemFull Mesh IBGP Problem

13 Routers =>78 IBGP Sessions!

# IBGP sessions = n(n-1)/2

1000 routers means nearlyhalf a million IBGP sessions!

As the graphic illustrates though, a full mesh of IBGP is not scalable. With only 13routers, 78 IBGP sessions would need to be maintained. As the number of routersincreases, so does the number of sessions required, governed by the formula:

n(n-1)/2

where n= the number of routers.



Full Mesh IBGPFull Mesh IBGP

Full Mesh IBGP:• Avoids routing information loops• Does not scale

–many TCP sessions–duplicate routing traffic

Solutions include:• Route Reflectors

As well as the number of BGP TCP sessions that must be created and maintained,the routing traffic may also be a problem. Depending on the AS topology, trafficmay be duplicated many times on some links as it travels to each IBGP peer. Forexample, if the physical topology of a large AS includes some WAN links, theIBGP sessions running over those links may be consuming a significant amount ofbandwidth.

A solution to this problem is the use of route reflectors, discussed in the nextsection.


Route ReflectorsThis section describes what a route reflector is, how it works, and how to configureit.


Modifies BGP split horizon rule

Route ReflectorsRoute Reflectors

Route Reflector

AS 100

CCBB

AA

Route reflectors modify the BGP split horizon rule by allowing the routerconfigured as the route reflector to propagate routes learned by IBGP to otherIBGP peers.

This saves on the number of BGP TCP sessions that must be maintained, and alsoreduces the BGP routing traffic.



Route Reflector BenefitsRoute Reflector Benefits

• Solves the IBGP full mesh problem–used mainly by ISPs when number of

internal neighbor statements becomesexcessive

• Packet forwarding is not affected• Can have multiple route reflectors for

redundancy• Can have multiple levels of route reflectors• Normal BGP peers can co-exist

• Easy migration

With a BGP route reflector configured, full mesh of IBGP peers is no longerrequired. The route reflector is allowed to propagate IBGP routes to other IBGPpeers. Route reflectors are used mainly by ISPs when the number of internalneighbor statements becomes excessive. Route reflectors reduce the number ofBGP neighbor relationships in an AS by having key routers duplicate updates totheir route reflector clients.

Route reflectors do not affect the paths that IP packets follow; only how therouting information is distributed is affected.

Within an AS there can be multiple route reflectors, both for redundancy and forgrouping to further reduce the number of IBGP sessions required.

Migrating to route reflectors involves a minimal configuration, and does not haveto be done all at once since non-route-reflector routers can co-exist with routereflectors within an AS.



Route Reflector TerminologyRoute Reflector Terminology

Terminology• Route reflector• Client• Cluster• Non-client• Originator ID• Cluster ID

A route reflector is a router that is configured to be the router that is allowed toadvertise (or reflect) routes that it learnt via IBGP to other IBGP peers. The routereflector will have a partial IBGP peering with other routers, which are calledclients. Peering between the clients is not needed because the route reflector willpass advertisements between the clients.

The combination of the route reflector and its clients is called a cluster.

Other IBGP peers of the route reflector that are not clients are called non-clients.

Two techniques prevent routing loops in route reflector configurations. Theoriginator-ID is an optional, non transitive BGP attribute that is created by theroute reflector. This attribute carries the router ID of the originator of the route inthe local AS. If, because of poor configuration, the update comes back to theoriginator, the originator ignores it.

Usually a cluster has a single route reflector, in which case the cluster is identifiedby the router ID of the route reflector. To increase redundancy and avoid singlepoints of failure, a cluster might have more than one route reflector. When acluster has more than one route reflector, all of the route reflectors in the clusterneed to be configured with a cluster ID. The cluster ID allows route reflectors torecognize updates from other route reflectors in the same cluster.



Route Reflector DesignRoute Reflector Design

• Divide AS into multiple clusters–At least one route reflector and few clients

per cluster• Route reflectors are fully meshed with IBGP

• Use single IGP, to carry next hop and localroutes

The AS can be divided into multiple clusters, each having at least one routereflector and a few clients. Multiple route reflectors can exist in one cluster forredundancy.

The route reflectors must be fully meshed with BGP to ensure that all routes learntwill be propagated throughout the AS.

An IGP is still used, just as it was before route reflectors were introduced, in orderto carry local routes and next hop addresses.



Route Reflector DesignExample

Route Reflector DesignExample

AS 100 AA

BB CC

IBGP connectionsEBGP connections

DDEE

FF GG HH

X

The graphic provides an example of a BGP route reflector design.

Note The physical connections within AS 100 are not shown in the graphic.

Routers B, D, E and F form one cluster. Routers C, G and H form another cluster.Router A forms a third cluster. Routers A, B and C are all route reflectors and arefully meshed with BGP. Note that the routers within a cluster are not fully meshed.



Route Reflector OperationRoute Reflector Operation

Route Reflector Operation• Reflector receives updates from clients and

non-clients

• Reflector selects best path

• If best path is from client — reflect to non-clients

• If best path is from non-client — reflect to clients

When a route reflector receives an update, it takes the following actions,depending on the type of peer that sent the update:

■ If the update is from a non-client peer, it sends the update to all clients in thecluster.

■ If the update is from a client peer, it sends the update to all non-client peersand to all client peers.

■ If the update is from an EBGP peer, it sends the update to all non-client peersand to all client peers.

For example, in the graphic on the previous page, if Router C

■ receives an update from Router A (a non-client), it will send it to Routers Gand H.

■ receives an update from Router H (a client), it will send it to Router G as wellas to Routers A and B.

■ receives an update from Router X (via EBGP), it will send it to Routers G andH as well as to Routers A and B.



Route Reflector Migration TipsRoute Reflector Migration Tips

Where to place the route reflectors?• Follow the physical topology!

• This will guarantee that the packetforwarding won’t be affected

Configure one route reflector at a time• Eliminate redundant IBGP sessions

• Place one route reflector per cluster

When migrating to using route reflectors, the first consideration is which routersshould be the reflectors and which should be the clients. Following the physicaltopology in this design decision will ensure that the packet forwarding paths willnot be affected. Not following the physical topology (for example configuringroute reflector clients that are not physically connected to the route reflector) mayresult in routing loops.

Configure one route reflector at a time, and then delete the redundant IBGPsessions between the clients.



Route Reflector ConfigurationRoute Reflector Configuration


neighbor ip-address route-reflector-client

• Configures the router as a BGP route reflectorand configures the specified neighbor as itsclient

The neighbor route-reflector-client command is used to configure the router as aBGP route reflector and configure the specified neighbor as its client.

neighbor route-reflector-client Command Description

ip address IP address of the BGPneighbor being identified asa client.



Route Reflector ExampleRoute Reflector Example

RTRA(config)# router bgp 2RTRA(config-router)# neighbor 172.16.12.1 remote-as 2RTRA(config-router)# neighbor 172.16.12.1 route-reflector-clientRTRA(config-router)# neighbor 172.16.17.2 remote-as 2RTRA(config-router)# neighbor 172.16.17.2 route-reflector-client

AS3

AS1AS 2

172.16.12.1B C

A

Route Reflector

172.16.17.2

In the graphic Router A is configured as a route reflector in AS 2. The neighborroute-reflector-client commands are used to configure which neighbors will beroute reflector clients. In this example, both Routers B and C will be route reflectorclients.



Verifying Route ReflectorsVerifying Route ReflectorsRTRA#sh ip bgp neigh

BGP neighbor is 172.16.12.1 , remote AS 2, internal link

Index 1, Offset 0, Mask 0x2

Route-Reflector Client

BGP version 4, remote router ID 192.168.101.101

BGP state = Established, table version = 1, up for 00:05:42

Last read 00:00:42, hold time is 180, keepalive interval is 60seconds

Minimum time between advertisement runs is 5 seconds

Received 14 messages, 0 notifications, 0 in queue

Sent 12 messages, 0 notifications, 0 in queue

Prefix advertised 0, suppressed 0, withdrawn 0

Connections established 2; dropped 1

Last reset 00:05:44, due to User reset

1 accepted prefixes consume 32 bytes

0 history paths consume 0 bytes

--More--

The show ip bgp neighbor command indicates that a particular neighbor is a routereflector client. The example output in the graphic is from Router A in theprevious example and shows that 172.16.12.1 (Router B) is a route reflector clientof Router A.


Policy ControlThis section describes how a routing policy is applied to a BGP network, usingdistribute lists and prefix lists.


To restrict routing informationto/from neighbors use• Distribute lists (using access lists)

or

• Prefix lists

Policy ControlPolicy Control

Note Note to reviewers: this section assumes the student knows how access lists work (which they should know fromICND) but chapters 11 and 12 are on access lists. Should those chapters be done before this one?

If you want to restrict the routing information that the Cisco IOS software learns oradvertises, you can filter BGP routing updates to and from particular neighbors. Todo this, you can either define an access list or a prefix list, and apply it to theupdates.



Router A can prevent updates about172.30.0.0 from going to AS 200

Distribute ListsDistribute Lists

AS 100

192.168.2.0

192.168.1.0

AS 200

10.10.10.1

B

A

C10.10.10.2

10.10.20.2

172.30.0.0

AS 300

10.10.20.1

X

172.30.0.0172.30.0.0

In the example in the graphic, Router C is advertising network 172.30.0.0 toRouter A. If we wanted to stop those updates from propagating to AS 200, anaccess-list could be applied on Router A to filter those updates when Router A istalking to Router B.



Configuring Distribute ListsConfiguring Distribute Lists


neighbor { ip-address|peer-group-name} distribute-listaccess-list-number in|out

• Configures the router to distribute BGP neighborinformation as specified in an access list

• Can use standard or extended access lists

The neighbor distribute-list command is used to distribute BGP neighborinformation as specified in an access list.

neighbor distribute-list Command Description

ip address IP address of the BGP neighbor forwhich routes will be filtered.

peer-group-name Name of a BGP peer group (peergroups are covered later in thischapter).

access-list-number Number of a standard or extendedaccess list. It can be an integer from1 to 199. (A named access-list canalso be referenced).

in Indicates that the access list isapplied to incoming advertisementsfrom the neighbor.

out Indicates that the access list isapplied to outgoing advertisementsto the neighbor.



Distribute List ExampleDistribute List Example

RtrA(config)#router bgp 100

RtrA(config-router)# network 192.168.1.0RtrA(config-router)# neighbor 10.10.10.2 remote-as 200


RtrA(config-router)# neighbor 10.10.10.2 distribute-list 1 out

RtrA(config-router)# exit

RtrA(config)# access-list 1 deny 172.30.0.0 0.0.255.255

RtrA(config)# access-list 1 permit 0.0.0.0 255.255.255.255

Note The configuration in this example is for Router A in the graphic two pages

previously.

Router A has two neighbors, Router B (10.10.10.2 in AS 200) and Router C(10.10.20.2 in AS 300). When Router A sends updates to neighbor Router B, theneighbor distribute-list statement specifies that it will use the access-list 1 todetermine which updates are to be sent.

Access-list 1 specifies that any route starting with 172.30, i.e. the route to172.30.0.0, should not be sent (it is denied in the access-list). All other routes willbe sent to Router B. (Recall that since access-lists have an “implicit deny any” atthe end, the permit statement is required in the access-list in order for the otherroutes to be sent).



IP ACL Usage in Distribute-listIP ACL Usage in Distribute-list

• Standard IP access list matches a route’snetwork number

• Extended access list is used to filter out morespecific routes

• Extended IP access list matches the route’snetwork number (source IP address) and subnetmask (destination IP address)

–allows for filtering of more specific routes

– this is different interpretation than in otheruses of extended access lists!

As shown in the previous example, a standard IP access-list can be used to controlthe sending of updates about a specific network number. If, however, a routerwants to control updates about subnets and supernets of a network with adistribute-list, extended access-lists would be required.

Note When an IP extended access-list is used with a distribute-list, the parameters

have different meanings than when the extended access-list is used in other ways. The nextpage explains the differences.



IP Extended ACL Usage inDistribute-list

IP Extended ACL Usage inDistribute-list

•Meaning of arguments in extended accesslist in distribute-list:access-list <ACL#> permit ip <source address> <source wildcard>means:<network address> <wildcard bits> <destination address> <dest.wildcard>means:<subnet mask> <wildcard bits>

•Example:

access-list 101 ip permit 172.0.0.0 0.255.255.255255.0.0.0 0.0.0.0

means: permit only 172.0.0.0/8

The syntax of the IP extended access-list is the same as usual, with a sourceaddress and wildcard, and a destination address and wildcard. However, themeanings of these parameters are different.

The source parameters are used to indicate the address of the network whoseupdates are to be permitted or denied. The destination parameters are used toindicate the subnet mask of that network.

The wildcard parameters indicate, for the network and subnet mask, which bits arerelevant. Network/subnet mask bits corresponding to wildcard bits set to 1 areignored during comparisons, and network/subnet mask bits corresponding towildcard bits set to 0 are used in comparisons.

If the example access-list shown was used with a neighbor distribute-listcommand, it would allow only the supernet 172.0.0.0/8 to be advertised. Forexample, assume that Router A had routes to networks 172.20.0.0/16 and172.30.0.0/16, and also had an aggregated route to 172.0.0.0/8. The use of thisaccess list would allow only the supernet 172.0.0.0/8 to be advertised; networks172.20.0.0/16 and 172.30.0.0/16 would not be advertised.



Prefix ListsPrefix Lists

New in IOS Release 12.0

Prefix lists can be used as an alternative toaccess lists in many BGP route filteringcommands. Advantages are:• Significant performance improvement

• Support for incremental modifications

• More user-friendly command-line interface

• Greater flexibility

As discussed, distribute lists make use of access lists in order to do route filtering.However, access-lists were originally designed to do packet filtering.

Prefix lists, introduced in Release 12.0 of the Cisco IOS, can be used as analternative to access lists in many BGP route filtering commands. The advantagesof using prefix lists include:

■ A significant performance improvement over access-lists in loading and routelookup of large lists.

■ Support for incremental modifications. Compared to the normal access-listwhere one “no” command will erase the whole access-list, a prefix-list can bemodified incrementally.

■ More user-friendly command-line interface. As we just saw, the command-lineinterface for using extended access lists to filter BGP updates is difficult tounderstand and use.

■ Greater flexibility.



Filtering With Prefix ListsFiltering With Prefix Lists

Match prefix of routes with prefix in list• Empty prefix list permits all routes

• Permit = use route

• Router begins the search at the statement at thetop of the prefix list, with the lowest sequencenumber

• When there is a match, rest of list ignored

• Implicit deny is assumed at end of a prefix list

Filtering by prefix list involves matching the prefixes of routes with those listed inthe prefix list, similar to using access lists.

Whether a prefix is permitted or denied is based upon the following rules:

■ An empty prefix list permits all prefixes.

■ If a prefix is permitted, the route is used. If a prefix is denied, the route is notused.

■ Prefix lists consist of statements with sequence numbers. The router will beginthe search for a match at the “top” of the prefix list, which is the statementwith the lowest sequence number.

■ Once a match occurs, the router does not need to go through the rest of theprefix list. For efficiency, you may want to put the most common matches(permits or denies) near the top of the list by specifying the sequence number.

■ An implicit deny is assumed if a given prefix does not match any entries of aprefix list.



Configuring Prefix ListsConfiguring Prefix Lists

Router(config)#

ip prefix-list list-name [seq seq-value ] deny|permit network/len [ge ge-value ] [le le-value ]


neighbor { ip-address|peer-group-name} prefix-list prefix-listname in|out

• Configures the router to distribute BGP neighborinformation as specified in a prefix list

• Creates a prefix-list

The ip prefix-list command is used to create a prefix-list.

ip prefix-list Command Description

list-name Name of the prefix list that will be created.

seq-value Sequence number of the prefix-list statement,used to determine the order in which thestatements are processed when filtering.

deny|permit The action taken once a match is found.

network/len The prefix to be matched and the length ofthe prefix. The network is a 32-bit address;the length is a decimal number.

ge-value Used to specify the range of the prefix lengthto be matched, for prefixes that are morespecific than network/len. The range isassumed to be from ge-value to 32 if only thege attribute is specified.

le-value Used to specify the range of the prefix lengthto be matched, for prefixes that are morespecific than network/len. The range isassumed to be from len to le-value if only thele attribute is specified.

Both ge and le are optional. They can be used to specify the range of the prefixlength to be matched for prefixes that are more specific than network/len. Thevalue range is:

len < ge-value < le-value <= 32

An exact match is assumed when neither ge nor le is specified.


A prefix-list can be re-configured incrementally, that is, an entry can be deleted oradded individually.

The neighbor prefix-list command is used to distribute BGP neighbor informationas specified in a prefix list.

neighbor prefix-list Command Description

ip address IP address of the BGP neighbor for whichroutes will be filtered.

peer-group-name Name of a BGP peer group (peer groups arecovered later in this chapter).

prefix-listname Name of the prefix list that will be used tofilter the routes.

in Prefix list is applied to incomingadvertisements from the neighbor.

out Prefix list is applied to outgoingadvertisements to the neighbor.

Note The neighbor prefix-list command can be used as an alternative to the

neighbor distribute-list command, but you cannot use both commands forconfiguring the same BGP peer.

The no ip prefix-list list-name command, where list-name is the string identifierof a prefix-list, is used to delete (i.e., destroy) a prefix-list.

The [no] ip prefix-list list-name description text command can be used toadd/delete a text description for a prefix-list.



Prefix-list Sequence NumbersPrefix-list Sequence Numbers

Sequence Numbers

• Generated automatically by default

• Use to insert entry in specific order

• Use to delete individual entry

Prefix list sequence numbers are generated automatically, unless you disable thisautomatic generation. If you disable the automatic generation of sequencenumbers, you must specify the sequence number for each entry using the seq-valueargument of the ip prefix-list command.

Regardless of whether the default sequence numbers are used in configuring aprefix list, a sequence number does not need to be specified when removing aconfiguration entry.

By default, the entries of a prefix list will have sequence values of 5, 10, 15 and soon. In the absence of a specified sequence value, a new entry will be assigned witha sequence number equal to the current maximum sequence number + 5.

A prefix-list is an ordered list. The sequence number is significant when a givenprefix is matched by multiple entries of a prefix list, in which case the one with thesmallest sequence number is considered as the real match.

Show commands include the sequence numbers in their output.

The no ip prefix-list sequence-number command is used to disable the automaticgeneration of sequence numbers of prefix-list entries. Use the ip prefix-listsequence-number command to re-enable the automatic generation of sequencenumbers.



Prefix List ExamplePrefix List Example

AS 100 192.168.1.0

AS 200

10.10.10.1

B

A

C10.10.10.2

10.10.20.2

172.30.0.0

AS 300

10.10.20.1

172.0.0.0/8172.30.0.0/16

Router A can send only 172.0.0.0/8 update toAS 200, not 172.30.0.0/16

In this example we want Router A to only send the supernet 172.0.0.0/8 to AS200; the route to the network 172.30.0.0/16 should not be sent.



Prefix List Example (cont’d)Prefix List Example (cont’d)

RtrA(config)# router bgp 100

RtrA(config-router)# network 192.168.1.0RtrA(config-router)# neighbor 10.10.10.2 remote-as 200


RtrA(config-router)# aggregate-address 172.0.0.0 255.0.0.0

RtrA(config-router)# neighbor 10.10.10.2 prefix-list superonly out

RtrA(config-router)# exit

RtrA(config)# ip prefix-list superonly permit 172.0.0.0/8

RtrA(config)# ip prefix-list superonly description only permit supernet

Router A has two neighbors, Router B (10.10.10.2 in AS 200) and Router C(10.10.20.2 in AS 300). When Router A sends updates to neighbor Router B, theneighbor prefix-list statement specifies that it will use the prefix-list called“superonly” to determine which updates are to be sent.

The ip prefix-list superonly specifies that only the route 172.0.0.0/8, should besent (it is permitted in the prefix-list). No other routes will be sent to Router B,since prefix-lists have an “implicit deny any” at the end.



Verifying Prefix ListsVerifying Prefix Lists

To display prefix lists

• show ip prefix-list

To clear the hit count of prefix list entries

• clear ip prefix-list

The commands related to prefix-lists are described below:

Show ip prefix-list [detail|summary] Displays information of all prefix-lists. Specifying the detail keywordincludes the description and the “hitcount” in the display.

Show ip prefix-list [detail|summary]name

Display a table showing the entriesin a specific prefix-list

show ip prefix-list name [network/len] Display the policy associated withthe node in a prefix-list.

show ip prefix-list name [seq seq-num] Display the prefix-list entry with agiven sequence number.

show ip prefix-list name [network/len]longer

Display all entries of a prefix-listthat are more specific than the givennetwork and length.

show ip prefix-list name [network/len]first-match

Display the entry of a prefix-listthat matches the given prefix(network and length of prefix).

clear ip prefix-list name [network/len] Resets the “hit count” shown onprefix-list entries



Verifying Prefix Lists ExampleVerifying Prefix Lists Example

RtrA # show ip prefix-list detailPrefix-list with the last deletion/insertion: superonlyip prefix-list superonly: Description: only permit supernet count: 1, range entries: 0, sequences: 5 - 5, refcount: 1 seq 5 permit 172.0.0.0/8 ( hit count: 0 , refcount: 1)

The output shown in the graphic is from Router A in the last example. It has aprefix-list called “superonly”, with only one entry (sequence number 5).


Written Exercise: BGP Route Reflectors and PolicyControl

Objectives:

■ Describe the scalability problems associated with Internal BGP

■ Explain and configure BGP Route Reflectors

■ Describe and configure policy control in BGP using prefix lists


1. Describe the BGP split horizon rule.

_________________________________________________________________

_________________________________________________________________

_________________________________________________________________

2. What effect do route reflectors have on the BGP split horizon rule?

_________________________________________________________________


Route reflector _______________________________________

Route reflector client ______________________________________

4. Routers configured as route reflectors do not have to be fully meshed withIBGP, true or false? _________________

5. When a route reflector receives an update from a client, it sends it to_____________________________________________________________

6. What is the command used to configure a router as a BGP route reflector?

_________________________________________________________________

7. When an extended access-list is used in a distribute-list, what is the meaningof the parameters of the access-list?

_________________________________________________________________

_________________________________________________________________

_________________________________________________________________

8. Describe the advantages of using prefix lists rather than access lists for BGProute filtering.

_________________________________________________________________

_________________________________________________________________

_________________________________________________________________

9. In a prefix list, what is the sequence number used for?

_________________________________________________________________

_________________________________________________________________


_________________________________________________________________

10. What command is used to clear the hit count of the prefix list entries?

_________________________________________________________________


Route MapsRoute maps can be used in many places. They are introduced here since they areused in communities discussed in the next section. Route maps will also be used inlater chapters.


Route MapsRoute Maps

• Filters for network advertisements

• Offer detailed control over advertisements

• Complex conditional advertisement via matchcommand

• Changes routing table parameters via setcommand

For BGP, a route map is a method used to control and modify routing information.This is done by defining conditions for redistributing routes from one routingprotocol to another or controlling routing information when injected in and out ofBGP. (Redistribution between routing protocols is covered in a later chapter.)

Route maps are complex access lists that allow some conditions to be testedagainst the route in question, and if the conditions match then some actions can betaken to modify the route. These actions are specified by set commands.




Route maps are complex access lists:• lines in access-lists ÖÖÖÖ statements in route maps

• access-list number ÖÖÖÖ route-map name

• addresses and masks in access-lists ÖÖÖÖ matchstatements in route maps

• statements in route-maps are numbered– can insert and delete statements in a route-map

– can edit match conditions in a statement

• route-map statement can modify matched routewith set command

A collection of route-map statements that have the same route-map name areconsidered one route-map. Within a route-map, each route-map statement isnumbered, and can therefore be edited individually.

The statements in a route-map correspond to the lines of an access-list. Specifyingthe match conditions in a route-map is similar to specifying the source anddestination address and masks in an access-list.

One big difference between route maps and access-lists is that route maps canmodify the route, by using set commands.



Route Maps ConfigurationRoute Maps ConfigurationRouter(config)#

route-map map-tag [permit | deny] [ sequence-number ]

• Defines the conditions for policy routing

Router(config-route-map)#

match { conditions }


set { actions }

• Defines the conditions to match

• Defines the action to be taken on a match

The route-map command is used to define the conditions for policy routing.

route-map Command Description

map-tag Name of the route-map.

permit|deny Defines the action to be taken if the route-map match conditions are met.

sequence-number Sequence number that indicates the positiona new route map is to have in the list of routemaps already configured with the samename.

The route-map statements compose a route list. The list is processed top-down likean access list. The first match found for a route is applied. The sequence number isused for inserting or deleting specific route-map statements.

The match route-map configuration commands are used to define the conditions tobe checked. The set route-map configuration commands are used to define theactions to be followed if there is a match.

The single match statement may contain multiple references. A route must bepermitted by at least one reference in the match statement to be considered amatch. A route must be permitted by all match statements in the route-map list tobe considered a match for the route-map list.

The sequence-number specifies the order in which conditions are checked. Forexample, if there are two instances of a route-map named MYMAP, one withsequence 10 and the other with sequence 20, sequence 10 will be checked first. Ifthe match conditions in sequence 10 are not met then sequence 20 will bechecked.

Like an access-list, there is an implicit deny any at the end of a route-map.




• Match ing routes modified by set commands

• Matching routes permitted or denied by the associatedroute-map statement.

• If match criteria met and route-map specified permit

– control routes as specified by the set action; ignore restof the route-map list

• If match criteria met and route-map specified deny

– do not control routes; ignore rest of the route-map list

• If all sequences in the list checked and no matches

– do not accept or forward route

If the match criteria are met and the route-map specified permit, then the routeswill be controlled as specified by the set action(s), and the rest of the route-maplist will be ignored.

If the match criteria are met and the route-map specified deny, then the routes willnot be controlled and the rest of the route-map list will be ignored.

If all sequences in the list are checked without a match, then the route will not beaccepted nor forwarded (this is the “implicit deny any” at the end of the route-map).

Match commands include:

■ match as-path

■ match community

■ match clns

■ match interface

■ match ip address

■ match ip next-hop

■ match ip route-source

■ match metric

■ match route-type

■ match tag

Set commands include:

■ set as-path

■ set clns


■ set automatic-tag

■ set community

■ set interface

■ set default interface

■ set ip default next-hop

■ set level

■ set local-preference

■ set metric

■ set metric-type

■ set next-hop

■ set origin

■ set tag

■ set weight

Note A prefix-list can be used as an alternative to an access-list in the command

match {ip address|next-hop|route-source} access-list of a route-map. The configurationof prefix-lists and access-lists are mutually exclusive within the same sequence of a route-map.



Route Maps with BGPNeighbor

Route Maps with BGPNeighbor


neighbor { ip-address|peer-group-name} route-map map-name {in|out}

• Apply a route map to incoming or outgoing routes

The neighbor route-map command is used to apply a route map to incoming oroutgoing routes.

neighbor route-map Command Description

ip-address Neighbor’s IP address.

peer-group-name Name of a BGP peer group (peer groups arecovered later in this chapter).

map-name Name of route map to apply

in Apply route map to incoming routes from theneighbor.

out Apply route map to outgoing routes to theneighbor.

Note When used for filtering BGP updates, route maps can not be used to filter

inbound updates when using a "match" on the ip address. Filtering outbound updates ispermitted.

.



Route Map ExampleRoute Map Example

RtrA(config)# router bgp 100

RtrA(config-router)# neighbor 172.20.1.1 route-map changemetric out

…..

RtrA(config)# route-map changemetric permit 10

RtrA(config-route-map)# match ip address 1

RtrA(config-route-map)# set metric 2

RtrA(config-route-map)# exit

RtrA(config)# route-map changemetric permit 20

RtrA(config-route-map)# set metric 5

RtrA(config-route-map)# exit

RtrA(config)# access-list 1 permit 172.16.0.0 0.0.255.255

In the example shown, BGP is running on the router, and a route-map named“changemetric” is being used when routes are sent out to neighbor 172.20.1.1.

Note Other router bgp configuration commands have been omitted from the example

in the graphic.

Two instances of “changemetric” have been defined. Sequence number 10 will bechecked first. If a route’s IP address matches access-list 1, in other words if the IPaddress starts with 172.16, the route will have its metric (MED) set to 2, and therest of the list will be ignored. If there is no match, then sequence number 20 willbe checked. Since there is no match statements in this instance, the metric (MED)on all other routes will be set to 5.

It is always very important to plan what will happen to routes that do not matchany of the route-map instances, because they will be dropped by default.


CommunitiesThis section discusses BGP communities and how to configure them.


BGP CommunitiesBGP Communities

• Communities are a means of tagging routes toensure consistent filtering or route-selection policy

• Any BGP router can tag routes in incoming andoutgoing routing updates or when doingredistribution

• Any BGP router can filter routes in incoming oroutgoing updates or select preferred routes basedon communities

• By default, communities are stripped in outgoingBGP updates

BGP communities are another way to filter incoming or outgoing routes. Thedistribute-lists and prefix-lists discussed in the previous section would becumbersome to configure for a large network with a complex routing policy. Forexample, individual neighbor statements and access-lists or prefix-lists would needto be configured for each neighbor on each router that was involved in the policy.The BGP communities function allows routers to tag routes with an indicator (thecommunity) and allows other routers to make decisions based upon that tag. BGPcommunities are used for destinations (routes) that share some common propertiesand that therefore share common policies; routers therefore act on the communityrather than on individual routes. Communities are not restricted to one network orone AS, and have no physical boundaries.

If a router does not understand the concept of communities it will pass it on to thenext router. However, if the router does understand the concept, then it must beconfigured to propagate the community, otherwise communities are dropped bydefault.



Community AttributeCommunity Attribute

Community Attribute• Represented as an integer• Carried across ASs (transitive)• Each network can be member of multiple

communities

The community attribute is an optional transitive attribute that can be in the range0 to 4,294,967,200. Each network can be a member of more than one community.

Route maps can be used to set the community attributes.



Community Attribute ValuesCommunity Attribute Values

Community value• 32 bits

–upper 16 bits: AS # of AS that definedcommunity

– lower 16 bits: local significance

The community attribute is a 32 bit number, with the upper 16 bits indicating theAS number of the AS that defined the community. The lower 16 bits are thecommunity number and have local significance. The community value can beentered as one decimal number or in the format AS:nn (where AS is the AS numberand nn is the lower 16-bit local number). The community value is displayed as onedecimal number by default.



Communities ConfigurationCommunities ConfigurationRouter(config-route-map)#

set community { community-number [additive]}|none

• Sets BGP communities attribute of a route

• Done in route-map

• Use with neighbor route-map command toapply to updates

The set community command is used within a route-map to set the BGPcommunities attribute.

set community Command Description

community-number The community number; values are 1 to4294967200.

additive Specifies that the community is to be addedto the already existing communities.

none Removes the community attribute from theprefixes that pass the route-map

Predefined well known community-numbers that can be used in this command are:

■ no-export (do not advertise to EBGP peers)

■ no-advertise (do not advertise this route to any peer)

■ local-AS (do not send outside local AS)



Community PropagationConfiguration

Community PropagationConfiguration


neighbor { ip-address|peer-group-name} send-community

• Specify that the BGP communities attributeshould be sent to a BGP neighbor

• By default, communities are stripped inoutgoing BGP updates

The neighbor send-community command is used to specify that the BGPcommunities attribute should be sent to a BGP neighbor.

neighbor send-community Command Description

ip-address Neighbor’s IP address.

peer-group-name Name of a BGP peer group (peergroups are covered later in thischapter).

By default the communities attribute is not sent to any neighbor.



Communities Example 1Communities Example 1

AS 100 192.168.1.0

AS 200

10.10.10.1

B

A

C10.10.10.2

10.10.20.2

172.30.0.0

AS 300

10.10.20.1

172.30.0.0/16

172.30.0.0/16X

• Router C sends BGP routes to Router A but doesnot want Router A to propagate these routes toRouter B

In the example in the graphic, Router C is sending BGP updates to Router A, but itdoes not want Router A to propagate these routes to Router B.

Router C will set the community attribute in the BGP routes it is advertising toRouter A. The no-export community attribute will be used, to indicate that RouterA should not send the routes to it’s external BGP peers.



Communities Example 1(cont’d)


router bgp 300

network 172.30.0.0

neighbor 10.10.20.1 remote-as 100

neighbor 10.10.20.1 send-community

neighbor 10.10.20.1 route-map SETCOMM out

!

route-map SETCOMM permit 10

match ip address 1

set community no-export

!

access-list 1 permit 0.0.0.0 255.255.255.255

Router C

The configuration for Router C is shown in the graphic. Router C has oneneighbor, 10.10.20.1 (Router A). The route-map SETCOMM is used when sendingroutes to Router A.

The route-map SETCOMM is used to set the community attribute. Any route thatmatches access-list 1 will have the community attribute set to no-export. Access-list 1 permits any routes; therefore all routes will have the community attribute setto no-export.

When communicating with Router A, the community attribute is sent, as specifiedby the neighbor send-community command.

Router A will receive all of Router C’s routes, but will not pass them on to RouterB.



Using CommunitiesUsing Communities


match community community-list-number [exact]

• Match the community attribute to a value in thecommunity-list

Router(config)#

ip community-list community-list-number permit|deny community-number

• Create a community-list

The ip community-list configuration command is used to create a community listfor BGP and control access to it.

ip community-list Command Description

community-list-number Community list number, in the range1 to 99.

community-number Community number, configured by aset community command.

Some predefined well known community-numbers that can be used with the ipcommunity-list command are:

■ no-export (do not advertise to EBGP peers)

■ no-advertise (do not advertise this route to any peer)

■ local-AS (do not send outside local AS)

■ internet (advertise this route to the internet community, any router belongs toit)

The match community route-map configuration command is used to match aBGP community attribute to a value in a community-list.

match community Command Description

community-list-number Community list number, in the range 1 to 99,that will be used to compare the communityattribute with.

exact Indicates an exact match is required. All ofthe communities and only those communitiesin the community list must be present in thecommunity attribute.


Note The match community command appears in the documentation as the matchcommunity-list command; however only match community actually works on the routers.



Communities Example 2Communities Example 2

AS 100 192.168.1.0

AS 200

10.10.10.1

B

A

C10.10.10.2

10.10.20.2

172.30.0.0

AS 300

10.10.20.1

172.30.0.0/16

172.30.0.0/16

• Router C sends BGP routes to Router A, and RouterA sets the weight of these routes based on thecommunity

In the example in the graphic, Router C is sending BGP updates to Router A.Router A will set the weight of these routes based on the community value set byRouter C.





router bgp 300

network 172.30.0.0


neighbor 10.10.20.1 send-community

neighbor 10.10.20.1 route-map SETCOMM out

!

route-map SETCOMM permit 10

match ip address 1

set community 100 additive

!


Router C

The configuration for Router C is shown in the graphic. Router C has oneneighbor, 10.10.20.1 (Router A). The route-map SETCOMM is used when sendingroutes to Router A.

The route-map SETCOMM is used to set the community attribute. Any route thatmatches access-list 1 will have 100 added to the existing communities in thecommunity attribute of the route. In this example access-list 1 permits any routes;therefore all routes will have 100 added to the list communities.

If the additive keyword is not set, 100 will replace any old community that alreadyexits; if the keyword additive is used then the 100 will be added to the list ofcommunities that the route is part of.

When communicating with Router A, the community attribute will be sent, asspecified by the neighbor send-community command.

The configuration for Router A is shown on the next page.





router bgp 100


neighbor 10.10.20.2 route-map CHKCOMM in

...

route-map CHKCOMM permit 10

match community 1

set weight 20

route-map CHKCOMM permit 20

match community 2

!

ip community-list 1 permit 100

ip community-list 2 permit internet

Router A

The configuration for Router A is shown in the graphic. Router A has a neighbor,10.10.20.2 (Router C). The route-map CHKCOMM is used when receiving routesfrom Router C.

Note Other router bgp configuration commands for Router A are not shown in the

graphic.

The route-map CHKCOMM is used to check the community attribute. Any routewhose community attribute matches community-list 1 will have its weight attributeset to 20. Community-list 1 permits routes with a community attribute of 100;therefore all routes from Router C (which all have 100 in their list of communities)will have their weight set to 20.

Any route that did not match community-list 1 would be checked againstcommunity-list 2. Any route matching community-list 2 would be permitted, butwould not have any of its attributes changed. Community-list 2 specifies theinternet keyword, which means all routes.





RtrA # sh ip bgp 172.30.0.0/16BGP routing table entry for 172.30.0.0/16, version 2Paths: (1 available, best #1) Advertised to non peer-group peers: 10.10.10.2 300 10.10.20.2 from 10.10.20.2 (172.30.0.1) Origin IGP, metric 0, localpref 100, weight 20 , valid, external, best, ref 2 Community: 100

The example output shown in the graphic is from Router A. The output shows thedetails about the route 172.30.0.0 from Router C, including that its communityattribute is 100 and its weight attribute is now 20.


Peer GroupsThis section discusses peer groups and how to configure them.


Peer GroupsPeer Groups

Peer Groups• Define “template” with parameters set for

group of neighbors instead of individually

• Useful when many neighbors with sameoutbound policies

• Members can have different inbound policy

• Updates generated once per peer-group

• Simplifies configuration

Often, in BGP many neighbors are configured with the same update policies (thatis, the same outbound route maps, distribute lists, filter lists, update source, and soon). On Cisco routers neighbors with the same update policies can be grouped intopeer groups to simplify configuration and, more importantly, to make updatingmore efficient. When you have many peers, this approach is highly recommended.

A BGP peer group is a group of BGP neighbors with the same update policies.Instead of separately defining the same policies for each neighbor, a peer groupcan be defined with these policies assigned to the peer group. Individual neighborsare then made members of the peer group.

Members of the peer group inherit all of the configuration options of the peergroup. Members can also be configured to override these options if these optionsdo not affect outbound updates; in other words only options that affect the inboundupdates can be overridden.

Peer groups are useful to simplify configurations when many neighbors have thesame policy. They are also more efficient since updates are generated only onceper peer group rather than once for each neighbor.

The peer group name is only local to the router it is configured on, it is not passedto any other router.



Configuring Peer GroupsConfiguring Peer Groups


neighbor peer-group-name peer-group

• Create a BGP peer group


neighbor ip-address peer-group peer-group-name

• Configure a BGP neighbor to be a member of apeer group

The neighbor peer-group command is used to create a BGP peer group andassign neighbors as part of the group.

The parameters of the first syntax of the command shown in the graphic have thefollowing meaning:

neighbor peer-group Command Description

peer-group-name Name of the BGP peer group to becreated.

The parameters of the second syntax of the command shown in the graphic havethe following meaning:

neighbor peer-group Command Description

ip-address IP address of neighbor that is to beassigned as a member of the peergroup.

peer-group-name Name of the BGP peer group.

Peer group parameters can be set with other neighbor commands.



Clearing a Peer GroupClearing a Peer Group

Router#

clear ip bgp peer-group peer-group-name

• Clear BGP connections of a BGP peer group

The clear ip bgp peer-group command is used to clear the BGP connections forall members of a BGP peer group.

clear ip bgp peer-group Command Description


Note The documentation says that the clear ip bgp peer-group command is used to

remove all the members of a BGP peer group; however it actually clears the connections.



Peer Groups ExamplePeer Groups Example

AS 100

AS 200

10.10.10.1

B

A

C10.10.10.2

10.10.20.2

172.30.0.0

AS 300

10.10.20.1

D

E

192.168.1.1

192.168.1.2

192.168.3.1

192.168.3.2

192.168.2.1

192.168.2.2

In the example in the graphic, Router A has 2 internal neighbors, Routers D and E,and two external neighbors, Routers B and C. The routing policies for Routers Dand E are the same, and the routing policy for Routers B and C are the same.Router A will be configured with two peer groups, one for internal neighbors, andone for external neighbors, rather than individual neighbor configurations.



Peer Groups Example (cont’d)Peer Groups Example (cont’d)

router bgp 100

neighbor INTERNALMAP peer-group

neighbor INTERNALMAP remote-as 100

neighbor INTERNALMAP prefix-list PREINTIN in

neighbor INTERNALMAP prefix-list PREINTOUT out

neighbor INTERNALMAP route-map SETINTERNAL out

neighbor 192.168.2.2 peer-group INTERNALMAP

neighbor 192.168.1.2 peer-group INTERNALMAP

neighbor 192.168.2.2 prefix-list JUST2 in

Router A - configuration for internal neighbors

Part of the configuration for Router A is shown in the graphic. This configurationcreates a peer group called INTERNALMAP. All members of this peer group arein AS 100. A prefix-list called PREINTIN will be applied to all routes frommembers of this peer group and a prefix-list called PREINTOUT will be applied toall routes going to members of this peer group. A route-map calledSETINTERNAL will be applied to all routes going to members of this peer group.

Router E (192.168.2.2) and Router D (192.168.1.2) are members of the peer groupINTERNALMAP.

A prefix list called JUST2 will be applied to all routes from Router E(192.168.2.2). Recall that you can only override peer group options that affectinbound updates.

Note Router bgp configuration commands for Router A not related to peer groups are

not shown in the graphic. The configuration for Router A’s external peer group is shown onthe next page.



Peer Groups Example (cont’d)Peer Groups Example (cont’d)

router bgp 100

neighbor EXTERNALMAP peer-group

neighbor EXTERNALMAP prefix-list PREEXTIN in

neighbor EXTERNALMAP prefix-list PREEXTOUT out

neighbor EXTERNALMAP route-map SETEXTERNAL out


neighbor 10.10.10.2 peer-group EXTERNALMAP

neighbor 10.10.10.2 prefix-list JUSTEXT2 in


neighbor 10.10.20.2 peer-group EXTERNALMAP

Router A - configuration for external neighbors

Part of the configuration for Router A is shown in the graphic. This configurationcreates a peer group called EXTERNALMAP. A prefix-list called PREEXTIN willbe applied to all routes from members of this peer group and a prefix-list calledPREEXTOUT will be applied to all routes going to members of this peer group. Aroute-map called SETEXTERNAL will be applied to all routes going to membersof this peer group.

Router B (10.10.10.2) is in AS 200 and is a member of the peer groupEXTERNALMAP. Router C (10.10.20.2) is in AS 300 and is a member of thepeer group EXTERNALMAP.

A prefix list called JUSTEXT2 will be applied to all routes from Router B(10.10.10.2). Recall that you can only override peer group options that affectinbound updates.

Note Router bgp configuration commands for Router A not related to peer groups are

not shown in the graphic.


Multi-homingThis section describes multi-homing and provides some examples of configuringit.


What is Multi-homing?What is Multi-homing?

Connecting to two or more ISPs toincrease:• Reliability—if one ISP fails, still connected

• Performance—better paths to commonInternet destinations

Multi-homing is the term used to describe when an AS is connected to more thanone ISP. This is usually done for two reasons:

■ To increase the reliability of the connection to the Internet, so that if oneconnection fails another will still be available.

■ To increase the performance, so that “better” paths can be used to certaindestinations.



Types of Multi-homingTypes of Multi-homing

Three common types:• Default routes from all providers

• Customer routes and default routes from allproviders

• Full routes from all providers

The configuration of the multiple connections to the ISPs can be classifieddepending on the routes that are provided to the AS from the ISPs. Three commonways of the configuring the connections are:

■ All ISPs pass only default routes to the AS.

■ All ISPs pass default routes, and selected specific routes (for example, fromcustomers with who the AS exchanges a lot of traffic) to the AS.

■ All ISPs pass all routes to the AS.

Each of these scenarios is examined in the following pages.



Default Routes From AllProviders

Default Routes From AllProviders

• Low memory and CPU solution

• Provider sends BGP default route

–choice of provider decided by IGP metricsto reach default route

• AS sends all of its routes to provider

– inbound path decided by Internet

The first scenario is when all ISPs pass only default routes to the AS. This requiresthe minimum resources within the AS, since only default routes will have to beprocessed. The AS will send all of its routes to the ISPs, who will process themand pass them on to other ASs as appropriate.

The ISP that a specific router within the AS uses to reach the Internet will bedecided by the IGP metric used to reach the default route within the AS.

The route that inbound packets take to get to the AS will be decided outside of theAS (within the ISPs and other ASs).



Default Routes From AllProviders Example

Default Routes From AllProviders Example

AS 400

ISP

AS 200

AS 100172.16.0.0/16

ISP

AS 300

EE

BB

CC

AA

DD0.0.0.0 0.0.0.0

C Chooses LowestIGP Metric to Default

In the example in the graphic, As 200 and AS 300 send default routes into AS 400.The ISP that a specific router within AS 400 uses to reach any external addresswill be decided by the IGP metric used to reach the default route within the AS.For example if RIP is used within AS 400, Router C will select the route with thelowest hop count to the default route when it wants to send packets to network172.16.0.0.



Customer and Default RoutesFrom All Providers

Customer and Default RoutesFrom All Providers

• Medium memory and CPU solution

• “Best” path is usually shortest AS-path

• Can override path choice

• IGP metric to default route used for all otherdestinations

The second scenario is when all ISPs pass default routes, and selected specificroutes (for example, from customers with who the AS exchanges a lot of traffic) tothe AS.

This requires the more resources within the AS, since default routes and someexternal routes will have to be processed. The AS will send all of its routes to theISPs, who will process them and pass them on to other ASs as appropriate.

The ISP that a specific router within the AS uses to reach the customer networkswill usually be the shortest AS-path. However this can be overridden using themethods discussed earlier in this chapter, including distribute-lists, prefix-lists andcommunities. The path to all other external destinations will be decided by the IGPmetric used to reach the default route within the AS.




Customer and Default RoutesFrom All Providers - 1


AS 400

ISPAS 200

Customer

AS 100172.16.0.0/16

ISPAS 300

EE

BBAA

DD

C ChoosesShortest AS Path

CC

In the example in the graphic, As 200 and AS 300 send default routes, as well asspecific routes to the customer’s (AS 100) network 172.16.0.0, into AS 400. TheISP that a specific router within AS 400 uses to reach the customer networks willusually be the shortest AS-path. The shortest AS-path to AS 100 is via AS 200(versus via AS 300, then AS 200) through Router A. Router C will select this routewhen it wants to send packets to network 172.16.0.0.

The routes to other external addresses that are not specifically advertised to AS400 will be decided by the IGP metric used to reach the default route within theAS.





ISP

AS 300

AS 400

ISPAS 200

DD

Customer

AS 100172.16.0.0/16

BBAA

AS 400

EE

C Chooses HighestLocal-Preference

CC

Local preference = 800 for 172.16.0.0/16

In this example, As 200 and AS 300 send default routes, as well as specific routesto the customer’s (AS 100) network 172.16.0.0, into AS 400. The ISP that aspecific router within AS 400 uses to reach the customer networks will usually bethe shortest AS-path. However, Router B is configured to change the localpreference of routes to 172.16.0.0/16 to 800 from its default of 100. Router C willtherefore take the path through Router B to get to 172.16.0.0.

The routes to other external addresses that are not specifically advertised to AS400 will be decided by the IGP metric used to reach the default route within theAS.



Full Routes From All ProvidersFull Routes From All Providers

• Higher memory and CPU solution

• Reach all destinations by “best” path

–usually shortest AS path

• Can still manually tune path choice

The third scenario is when all ISPs pass all routes to the AS.

This requires a lot of resources within the AS, since all external routes will have tobe processed. The AS will send all of its routes to the ISPs, who will process themand pass them on to other ASs as appropriate.

The ISP that a specific router within the AS uses to reach the external networkswill usually be the shortest AS-path. However this can still be overridden using themethods discussed earlier in this chapter, including distribute-lists, prefix-lists andcommunities.




Full Routes From All ProvidersFull Routes From All Providers

AS 400

ISP

AS 200

AS 100

ISP

AS 300

BB

CC

AA

EEDD

AS 500

C ChoosesShortest AS Path

In this example, As 200 and AS 300 send all routes into AS 400. The ISP that aspecific router within AS 400 uses to reach the external networks will usually bethe shortest AS-path. However, the routers in AS 400 could be configured toinfluence the path that routes to certain networks take.



Configuring Weight and LocalPreference

Configuring Weight and LocalPreference


neighbor { ip-address |peer-group-name} weight weight

• Assign a weight to a neighbor connectionRouter(config-router)#

bgp default local-preference value

• Change the default local preference valueRouter(config-route-map)#

set local-preference value

• Change the local preference value

These commands are some of the ones that can be used to influence the path takento external routes.

The neighbor weight command is used to assign a weight to a neighborconnection.

neighbor weight Command Description

ip-address IP address of neighbor that is to beassigned as a member of the peergroup.


weight Weight to assign. Acceptable valuesare 0 to 65535.

The bgp default local-preference command is used to change the default localpreference value.

bgp default local-preference Command Description

value Local preference value from 0 to4294967295. Higher is morepreferred.

The set local-preference command is used to specify a preference value for theautonomous system path.

set local-preference Command Description

value Local preference value from 0 to4294967295. Higher is morepreferred.



Configuring ConditionalAdvertisement

Configuring ConditionalAdvertisement


neighbor ip-address advertise-map route-map non-exist-map route-map

• Conditionally advertise prefixes

• non-exist-map is periodically checked; if satisfied(i.e. if routes are not in the BGP table), theprefixes matched by the advertise-map areadvertised to the neighbor

The neighbor advertise-map command is used to conditionally advertiseprefixes.

neighbor advertise-map Command Description

ip-address IP address of neighbor to whichadvertisements will be sent.

advertise-map route-map Route-map to be used to advertiseprefixes.

non-exist-map route-map Route-map that will be periodicallychecked. If routes specified are not inthe BGP table then the prefixesmatched by the advertise-map route-map are advertised to the neighbor.



Multi-homing ExampleMulti-homing Example

AS 100

ISP

AS 200

10.10.10.1

B

A

C10.10.10.2

10.10.20.1

172.30.0.0 ISP

AS 300

10.10.20.2

E

172.20.0.0

AS 250

172.25.0.0

In the example in the graphic, AS 100 is connected to two ISPs, AS 200 and AS300. Assume that both ISPs are sending full routes to AS 100.

The following pages show some configurations and results for Router A.



Example 1 Configuration - noTuning

Example 1 Configuration - noTuning

RtrA(config)# router bgp 100RtrA(config-router)# network 10.10.10.0 mask 255.255.255.0RtrA(config-router)# network 10.10.20.0 mask 255.255.255.0RtrA(config-router)# neighbor 10.10.10.2 remote-as 200RtrA(config-router)# neighbor 10.10.20.1 remote-as 300

In this first example configuration, Router A is configured with two EBGPneighbors, Router B (10.10.10.2) and Router C (10.10.20.1). No special tuning isdone to influence the way that AS 100 gets to the other ASs.



Results 1 - No TuningResults 1 - No Tuning

RtrA#show ip bgp

BGP table version is 7, local router ID is 172.16.10.1

Status codes: s suppressed, d damped, h history, * valid, > best, i -internal

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

*> 10.10.10.0/24 0.0.0.0 0 32768 i

*> 10.10.20.0/24 0.0.0.0 0 32768 i

* 172.20.0.0 10.10.20.1 0 300 200 i

*> 10.10.10.2 0 0 200 i

*> 172.25.0.0 10.10.10.2 0 200 250 i

* 10.10.20.1 0 300 250 i

* 172.30.0.0 10.10.10.2 0 200 300 i

*> 10.10.20.1 0 0 300 i

In this example, Router A will select the route via 10.10.10.2 (Router B) to get to172.20.0.0 and the route via 10.10.20.1 (Router C) to get to 172.30.0.0, since thesepaths have the shortest AS-path length (of one AS).

Router A has 2 paths to 172.25.0.0, and they both have the same AS-path length(there are two ASs in each path). In this case, with all other attributes being equal,Router A will select the path that has the lowest BGP Router ID value. Router Atherefore chooses the path through 10.10.10.2 (Router B) to get to 172.25.0.0 inAS 250.



Example 2 Configuration -Change Weights

Example 2 Configuration -Change Weights

RtrA(config)# router bgp 100RtrA(config-router)# network 10.10.10.0 mask 255.255.255.0RtrA(config-router)# network 10.10.20.0 mask 255.255.255.0RtrA(config-router)# neighbor 10.10.10.2 remote-as 200RtrA(config-router)# neighbor 10.10.10.2 weight 100RtrA(config-router)# neighbor 10.10.20.1 remote-as 300RtrA(config-router)# neighbor 10.10.20.1 weight 150

In this example configuration, Router A is configured with two EBGP neighbors,Router B (10.10.10.2) and Router C (10.10.20.1). The weights used for routesfrom each neighbor have been changed from their default of zero; routes receivedfrom 10.10.10.2 (Router B) will have a weight of 100 while routes received from10.10.20.1 (Router C) will have a weight of 150.



Results 2 - Change WeightsResults 2 - Change Weights

RtrA#sh ip bgp

BGP table version is 9, local router ID is 172.16.10.1

Status codes: s suppressed, d damped, h history, * valid, > best, i -internal

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

*> 10.10.10.0/24 0.0.0.0 0 32768 i

*> 10.10.20.0/24 0.0.0.0 0 32768 i

*> 172.20.0.0 10.10.20.1 150 300 200 i

* 10.10.10.2 0 100 200 i

*> 172.25.0.0 10.10.20.1 150 300 250 i

* 10.10.10.2 100 200 250 i

*> 172.30.0.0 10.10.20.1 0 150 300 i

* 10.10.10.2 100 200 300 i

In this example, since the weight for Router C is higher than the weight for RouterB, we will force Router A to use Router C as a next hop to reach all externalroutes. Recall that the weight attribute is looked at before the AS-path length, sothe AS-path length will be ignored in this case.


Redistribution with IGPsChapter 13 discusses route redistribution and how it is configured. Here weexamine specifics of when redistribution between BGP and IGPs is appropriate.


BGP and IGPsBGP and IGPs

IGPRoutingProtocol

BGPRoutingProtocol IP BGP

• BGP has it’s own table, in addition to the IGPRouting Table

• Information can be exchanged between the twotables

As noted earlier, a router running BGP keeps a table of BGP information, separatefrom the IP routing table. Information in the tables can be exchanged between theBGP protocol and the IGP protocol running in the routers



Advertising Networks IntoBGP

Advertising Networks IntoBGP

Three ways:• Using the network command

• Redistributing static routes

–use null 0• Redistributing dynamic IGP routes

–Redistribution from the IGP is NOTrecommended as it may causeinstability

Route information is sent from an Autonomous System into BGP in one of threeways:

■ Using the network command. As already discussed, for BGP the networkcommand allows BGP to advertise a network that is already in the IP table.The list of network commands must include all of the networks in the AS thatyou want to advertise.

■ Redistributing static routes into BGP. Redistribution is when a router runningdifferent protocols advertises routing information received between theprotocols. Static routes in this case are considered to be a “protocol”, and staticinformation is advertised to BGP.

■ Redistributing dynamic IGP routes into BGP. This solution is notrecommended as it may cause instability.

The following pages examine the last two bullets in more detail.



Redistributing Static RoutesInto BGP

Redistributing Static RoutesInto BGP

Aggregate static routes point to null0•Example:

router bgp 100

redistribute static

!

ip route 192.168.0.0 255.255.0.0 null 0

Use aggregate-address instead

Redistribution of static routes configured to the null 0 interface into BGP is doneto advertise aggregate routes rather than specific routes from the IP table.

Any route redistributed into BGP must already be known in the IP table. Using thestatic route to null 0 is a way of fooling the process into believing that a routeactually exists for the aggregate. A static route to null 0 is not necessary if you areusing a network command with a non-aggregated network, i.e. a network thatexists in the IP table.

The use of null 0 may seem to be strange, since a static route to null 0 meansdiscard any information for this network. This will usually not be a problem sincethe router doing the redistribution has a more specific route to the destinationnetworks, and these will be used to route any traffic that comes into the router. Aproblem with using this method of aggregation is that if the router looses access tothe more specific routes, it would still be advertising the static aggregate, thuscreating a “black hole”.

The preferred method is to use the aggregate-address command. With thiscommand as long as a more specific route exists in the BGP table, then theaggregate gets sent. If the aggregating router looses connection to the networksbeing aggregated, then they disappear from the BGP table and hence the BGPaggregate does not get sent.



Redistributing Dynamic IGPRoutes Into BGP

Redistributing Dynamic IGPRoutes Into BGP

Redistributing into BGP from IGP•Not recommended, unstable routes•Include only local routes•Filter out other routes

–can be complex

Redistributing from an IGP into BGP is not recommended because any change inthe IGP routes, for example if a link goes down, may cause a BGP update. Thismethod could result in unstable BGP tables.

If redistribution is used, care must be taken that only local routes are redistributed.For example, routes learned from other ASs (that were learnt by redistributingBGP into the IGP) must not be sent out again from the IGP, or routing loops couldresult. Configuring this filtering can be complex.



Advertising From BGP IntoIGP

Advertising From BGP IntoIGP

Done with redistribution, if necessary

For ISP ASs•redistribution not done

For other ASs•redistribution can be done, but filter

•use default routes instead

Route information is sent from BGP into an Autonomous System by redistributionof the IGP routes into BGP.

Since BGP is an external routing protocol, care must be taken when exchanginginformation with internal protocols due to the amount of information in BGPtables.

For ISP autonomous systems, redistributing into BGP is not normally required.Other ASs may use redistribution, but the number of routes will mean that filteringwill normally be required.

Each of these situations is examined on the next two pages.



ISP - No Redistribution FromBGP Into IGP

ISP - No Redistribution FromBGP Into IGP

Redistribution into IGP not required•All routers run BGP; IBGP full mesh

•IBGP carries exterior routes

•IGP carries local information only, andnext-hop information

•Use no synchronization

Advantages•Carry fewer routes in IGP

•BGP converges faster

An ISP typically has all routers in the AS running BGP. This would of course be afull mesh IBGP environment, and IBGP would be used to carry the EBGP routesacross the AS. All of the routers in the AS would be configured with the nosynchronization command, so that synchronization between IGP and BGP is notrequired. The BGP information would then not need to be redistributed into theIGP. The IGP would only need to route information local to the AS, and routes tothe next-hop addresses of the BGP routes.

One advantage of this approach is that the IGP protocol does not have to beconcerned with all of the BGP routes, BGP will take care of them. BGP will alsoconverge faster in this environment since it doesn’t have to wait for the IGP toadvertise the routes.



Non-ISP - Redistribution FromBGP Into IGP

Non-ISP - Redistribution FromBGP Into IGP

Redistribution into IGP required if•Not all routers run BGP

•Require external route knowledge

Many routes - filtering likely required

Alternatives•Default routes

A non-ISP AS typically would not have all routers in the AS running BGP, andmay not have a full mesh IBGP environment. If this is the case, and knowledge ofexternal routes is required inside the AS, then redistribution of BGP into the IGPwould be necessary. However, due to the number of routes that would be in theBGP tables, filtering will normally be required.

As discussed in the multi-homing section, an alternative to receiving full routesfrom BGP is that the ISP could send only default routes, or default routes andsome external routes to the AS.


Case Study: Multi-homed BGPRecall that throughout this course we have been using a case study of JKLCorporation to discuss various aspects of scalable routing. The case studies areused to review key concepts, to discuss critical issues surrounding networkoperation, and to provide a focus for the lab exercises.


Case Study - Multi-homedBGP

Case Study - Multi-homedBGP



Enterprise - Corporation JKL

ISP #2ISP #1

Internet

IBGP

EBGPEBGP

IBGP

Ethernet (within AS4304 only)Serial (all other links)


In this case study, we will look at how JKL will connect to the Internet. As shownin the graphic, JKL has two ISP connections, to AS 4304 and AS 1673.

The following topics are some considerations to discuss with the class during thecase study:

■ The hierarchical topology within JKL, including scaling issues:

■ Which routers will be running BGP?

■ Where in the hierarchy will the ISP connections be made?

■ How does JKL’s topology approach differ from an ISP approach?

■ Exchange of route information

■ Recall that JKL is using OSPF, VLSM and route summarization. JKL hasa class B public address. How will JKL’s routes be advertised to theInternet?

■ How will JKL learn routes of external ASs?

■ Synchronization issues

■ Should JKL use synchronization between BGP and OSPF, or can it beturned off?


■ Implementing policy controls

■ What policies might JKL have and why?

■ How would these policies be implemented?

■ Ease of configuration

■ How difficult would the policies be to implement?

■ Are there alternatives – how easy would they be to implement?




Summary


•Describe the scalability problemsassociated with Internal BGP•Explain and configure BGP RouteReflectors•Describe and configure policy control inBGP using prefix lists•Describe and configure BGPCommunities and Peer Groups



Summary (cont’d)


•Describe methods to connect to multipleISPs using static routes, default routes,and BGP•Explain the use of redistribution betweenBGP and Interior Gateway Protocols (IGPs)•Given a set of network requirements,configure a multi-homed BGP environmentand verify proper operation (withindescribed guidelines) of your routers




Review Questions

1. What is the command used to configure arouter to distribute BGP information asspecified in an access-list?

2. What is a route reflector cluster?

3. Route maps use ________ commands totest conditions and _______ commands tomodify routes.

4. What is the command used to specify thatthe BGP communities attribute should besent to a neighbor?



Review Questions (cont’d)Review Questions (cont’d)

5. When would peer groups be useful?

6. What is BGP multi-homing?

7. What command is used to assign a weightto a neighbor connection?

8. What is the preferred method to use toadvertise an aggregated route from an ASinto BGP?

11

Managing Traffic andAccess



Objectives


• Describe the functions of access lists

• Describe how routing updates can beoptimized

ObjectivesThis chapter discusses network congestion causes and presents ways to controlnetwork congestion. Sections:

■ Objectives

■ Congestion Overview

■ Managing Traffic Congestion

■ IP Access List Usage

■ Optimizing Routing Updates

■ Summary

■ Written Exercise: Managing Traffic and Access

■ Answers to Exercise

Copyright © 1999, Cisco Systems, Inc. Managing Traffic and Access 11-3


Congestion Overview

• Congestion occurs when the datatraffic exceeds the data-carryingcapacity of the link

• Congestion anywhere in the pathresults in delays for user applications

NetworkTraffic

Bandwidth

of the Link

Congestion OverviewCongestion can occur when the amount of network traffic transmitted on a particularmedium exceeds the bandwidth of that medium. The users of the network perceivethe network to be “slow,” but may not understand the cause of the “slowness.”

Temporary congestion can be expected in every network. Periodic congestion oftenoccurs because of the bursty nature of today’s network applications. Causes ofchronic congestion should be identified and remedied.

Serial lines are generally where congestion is experienced.



Sources of data and overhead traffic:

• User applications

• Routing protocol updates

• Domain name server (DNS) requests

• Encapsulated protocol transport

Traffic in an IP Network

IP Network IP Network

Traffic in an IP NetworkAn IP network has many sources of data traffic and overhead traffic:

■ User applications—Data traffic is usually generated by user applications. Theseapplications initiate file transfers using the File Transfer Protocol (FTP) andTrivial File Transfer Protocol (TFTP). Electronic mail is another commonsource of data traffic; it uses the Simple Mail Transfer Protocol (SMTP).

■ Routing protocol updates—Routing protocols send updates periodically or whenrouting information changes.

■ Domain Name System (DNS) requests—Overhead traffic is generated when thetraffic is not directly related to user applications. Examples of overhead trafficare routing updates and broadcast requests, such as for a DNS.

■ Encapsulated protocol transport—Noncontiguous networks can be joined byencapsulating the network traffic in IP packets and sending that traffic acrossthe IP network. If the two noncontiguous networks generate large amounts oftraffic, slow links in the IP network could become congested.



Other Traffic in a MultiprotocolNetwork

Sources of data and overhead traffic:• All user applications• All routing protocol updates• All overhead broadcasts and multicasts• All data link/physical-layer signaling

Bandwidth

of the Link

DNS FTP WatchdogZIP IGRP SDLCSNMP GNS SAPARP NBP Telnet

IP Network

IPX Network

AppleTalkNetwork

IP Network

IPX Network

AppleTalkNetwork

Other Traffic in a Multiprotocol NetworkA multiprotocol network has several different protocol suites active at the sametime.

All user data traffic for the different protocols is active at the same time, and manyconcurrent data transfers are taking place. In addition, the overhead traffic for eachprotocol requires a portion of the bandwidth of the medium.

Although it was not mentioned earlier, there is some underlying traffic on the mediaassociated with the lower layers of the OSI reference model.

All of the following require some portion of the medium’s data-carrying capacity:

■ Address Resolution Protocol (ARP) to resolve logical-to-physical addressingissues

■ Keepalives to maintain connectivity

■ Tokens for accessibility

■ Time To Live updates



Control network congestion by:

• Filtering user and application traffic

• Filtering broadcast traffic

• Adjusting timers on periodic announcements

• Providing static entries in tables

• Controlling routing overhead traffic

Managing Traffic Congestion

Managing Traffic CongestionNetwork congestion results from too much traffic at one time. To resolvecongestion, the traffic either must be reduced or rescheduled.

■ Filtering user and application traffic—You can use access lists to filter user andapplication traffic. Traffic filters can keep some traffic from reaching criticallinks.

■ Filtering broadcast traffic—Some periodic broadcasts, such as SAP packets,have configurable transmission timers to lengthen the interval betweenbroadcasts.

■ Adjusting timers on periodic announcements—Lengthening the timers reducesthe overall traffic load on the link. For example, you can adjust the timebetween SAP updates.

■ Providing static entries in tables—Using static entries in a routing table caneliminate the need to dynamically advertise network routes across that link. Thistechnique is very effective for serial lines.

■ Controlling routing overhead traffic—Traffic that is required to support therouting process can be reduced. Converting from a distance vector protocol to alink-state protocol will almost eliminate the periodic announcements made bydistance vector protocols such as RIP.



Filtering Traffic withAccess Lists

Filtering Traffic withAccess Lists

Proper placement of access lists is key tocontrolling traffic flow• Understand application requirements

– Centralized server or distributed tasks

• Understand ACL processing requirements– Adequate resources

• CPU and memory

– Location• Access/distribution layer

• Validate traffic where it enters network

Filtering Traffic with Access ListsAccess lists, as supported in the Cisco IOS, were originally designed as a securityfeature and have the additional benefit of providing traffic filtering capability.Proper placement of traffic filters is one of the key factors in effectively controllingtraffic flow in a network.

Before access lists can be implemented as effective traffic filters, you must study therequirements of the supported applications. Different applications have differentneeds and generate differing amounts of traffic, sometimes in a unidirectionalfashion.

Access control lists (ACLs) are a form of list processing and can require significantamounts of CPU processing cycles. The order of search criteria is critical becausethe top-down processing terminates when a matching condition occurs. Therecommended approach is to place the most commonly occurring search criteria atthe top of the list.

In addition to knowing the direction of traffic flow, it is equally critical to applytraffic filters to the correct device or portion of the network. Traffic should bevalidated at the point where it enters the network. If a hierarchical model is in place,traffic validation should take place at either the access or distribution layer devices.Unwanted traffic needs to be removed from the network before it can reach thehigh-speed switching core because core devices can’t tolerate delays associated withlong table lookups. Also, ACLs should assigned to devices that have sufficient CPUand memory resources to handle the repeated, potentially lengthy table searches.



When to Use Access ListsWhen to Use Access Lists

Access lists provide critical security atInternet access points

CorporateNetwork

Internet

Unsolicited requests

Solicited repliesto prior requests

from within

Place trafficfilter here

AccessList

When to Use Access ListsAs mentioned earlier, it is important to validate traffic at the point where it entersthe corporate network. For many companies, that entry point is traffic coming fromthe Internet. One of the challenges for an ACL (and the administrator that creates theACL) is to block unwanted inbound traffic and at the same time to allow inrequested data files.

If a reliable file transfer mechanism, such as FTP, is in place, access lists can detectthe difference between unsolicited requests and responses to requests that werepreviously generated from within the corporate network. If the arriving data is theresult of a previously “established” session, then it falls in a category that the ACLcan test for. Access lists also provide a logging capability to record the types ofactivity that the ACL rejected. Sometimes it is more important to know whatinformation was rejected rather than what was accepted, especially when dealingwith hackers.

Using an access list on a perimeter router should only be a part of the corporatesecurity policy. Several components, such as firewalls and proxy servers, should beconcurrently implemented to help protect the corporate network from unwantedexternal access.



When to Use Access Lists(cont.)


Access lists guard secure subnets

R & D

Marketing

HR

Finance

Sales

AccessList

Secure Subnet

When to Use Access Lists (cont.)Access list can perform a function much like that of a security guard. Each packetcan be checked before it is cleared to access a given subnet, such as the research anddevelopment (R & D) area shown in the graphic. Most access of this type is basedupon the source address (where did this packet come from?) of the packet. Someareas of the network are more ‘trusted’ than others and only traffic generated by thedevices on the trusted subnets will allowed to pass into the secure area.Administrators need to take great care to allow traffic generated from within thesecure subnet to return to that area, as well. See the discussion on the previous pageabout “established” connections.





Access lists restrict application traffic ondesignated media segments

AccessList

E-mailOnly allow FTPand E-mail trafficon this segment

FTP

When to Use Access Lists (cont.)Extended IP access lists can detect the application used to generate the ‘payload’being carried by the packet. This functionality is critical to the attempts to limit onlyFTP and E-mail traffic access to the upper subnet displayed in the graphic. Mostsearch mechanisms like this use “well-known” ports to identify key applications.For example, TCP port 25 supports E-mail using SMTP and FTP uses ports 20 and21 to accomplish its data transfers.



Other Access List Uses

QueueList

Priority and custom queuing

Dial-on-demand routing

Route filteringRouting

Table

• Access lists are multipurpose

Other Access List UsesYou can use IP access lists to establish a finer granularity of control whendifferentiating traffic into priority and custom queues. An access list can also beused to identify “interesting” traffic that serves to trigger dialing in dial-on-demandrouting (DDR). When acting as a distribute list, an access list can be used to controlthe contents of a routing update. Access lists are also a fundamental component ofroute maps, which filter and in some cases alter the attributes within a routingprotocol update. Distribute lists and route maps provide different approaches todetermining the information contained in a routing update.



Reducing Routing UpdateTraffic

Reducing Routing UpdateTraffic

Routing update traffic can be reduced by:• Replacing periodic updates with incremental

–Switch from distance vector to link-state

• Creating summary routes

–Shrinks size of routing table

• Configuring static and default routes

–Reduces number of routes propagated

• Filtering content of updates

–Reduces number of routes propagated

Reducing Routing Update TrafficRouting update traffic can be radically reduced by configuring a link-state protocol,such as OSPF, rather than a distance vector protocol, such as RIP. Distance vectorprotocols sent periodic updates that contain the entire routing table whereas link-state protocols only sent incremental updates about a single route. The savings inbandwidth consumption will be realized on all links where the link-state protocol isconfigured.

Normally, all subnets are included in the routing table and that information would beshared with peer routers in a link-state implementation. Summary routesrepresenting a group of routes with a common prefix can be created to reduce thesize of the routing table in area zero of a hierarchical designed OSPF network. Routefilters can be applied to arriving updates and this mechanism can result in smallerrouting tables. Smaller routing tables equate to less route information carried inperiodic routing updates.

Several mechanisms, including route maps and distribute lists, can be used tocontrol the amount of information included in a routing update. Another way toreduce the size of a routing update is to create static route entries for the local router.The manually configured entries are significant only to the local device and are notpropagated to neighboring devices in the periodic announcements.



Optimizing Routing UpdatesOptimizing Routing Updates

Routing updates can be optimized by:• Outbound route filter

• Summary route

• Passive interface

• Static route

Degree of optimization controlled bynetwork policy on route awareness

Optimizing Routing UpdatesIn those cases when routing updates are sent, the size of the update stream can bereduced by the following methods:

■ Apply route filter outbound—an outbound route filter will selectively remove(according to the distribute-list statements) routes from the transmitted routingupdate. The routing table will indicate more routes than are actually transmittedto the neighboring router. The distribute-list can be applied to one or moretransmitting interfaces.

■ Create summary route—this action has no effect on the routing table of therouter where the configuration was applied, but it does affect the content of therouting update. Summary routes reduce the update size by removing some of thesubnet detail normally included in routing updates.

■ Configure passive interface—prevents the interface from generating regularlyscheduled routing updates for the routing processes to which the interface islinked. Arriving routing updates will be accepted by this interface.

■ Create static route—manually entered routes have significance on the routerwhere the static entry was created. These route entries are not propagated toneighboring routers unless explicit redistribution statements are applied. As aresult of not sending all entries in the routing table, the routing update becomessmaller.



Optimizing Routing Updates(cont.)

Optimizing Routing Updates(cont.)

Routing table content can be reduced by:• Inbound route filter

• Default route

Requires administrative control ofneighboring routers

Optimizing Routing Updates (cont.)There are several ways to shrink the size of the routing table on a router:

■ Apply route filter inbound—an inbound route filter will selectively remove(according to the distribute-list statements) routes from the arriving routingupdate. The distribute-list can be applied to an arriving interface or if routeredistribution is occurring, at the input to the routing process receiving theroutes.

■ Create a default route—using a default route allows much of the subnet detail tobe removed from the local routing table. Most often, a distribute-list is placed onthe neighboring router’s outbound interface to suppress subnet details fromarriving at the router that relies heavily on the default route.



Traffic congestion is caused by:• Bursts of user application traffic• Multicast and broadcast traffic• Too much traffic on low-bandwidth links• Network design issues

Traffic congestion can be overcome by:• Filtering unwanted traffic• Reducing the amount of overhead and

broadcast traffic• Controlling routing update traffic

Summary

Summary


Written Exercise: Managing Traffic and AccessObjective: Describe causes of network congestion.

Task: In the space below, briefly describe each cause of network congestion.

User services

Router updates

DNS traffic

Novell SAP broadcasts

Objective: List solutions for controlling network congestion.

Task: List five ways to control network congestion:

1.__________________________________

2. __________________________________

3. __________________________________

4. __________________________________

5.__________________________________

Note: Answers will vary for these exercises.



Answers toExercise

Answers to Exercise


Written Exercise: Managing Traffic and AccessAnswers will vary.

12

Configuring IP AccessLists



• Configure IP standard and extended accesslists

• Limit virtual terminal, HTTP and SNMPaccess

• Verify access list operation

• Configure an alternative to using access lists

Objectives


ObjectivesThis chapter discusses the following Cisco IOS software features useful in reducingunwanted traffic or controlling access in an IP environment: access lists, null interfaces,and helper addresses. Sections include:

■ Objectives

■ Managing IP Traffic Overview

■ Configuring IP Standard Access Lists

■ Configuring IP Extended Access Lists

■ Restricting Virtual Terminal, HTTP and SNMP Access

■ Verifying Access List Configuration

■ Written Exercise: Restricting Access

■ Using an Alternative to Access Lists

■ Written Exercise: Alternative to Access Lists

■ Summary

■ Case Study – Filtering Traffic


Copyright © 1999, Cisco Systems, Inc. IP Access Lists 12-3


Managing IP Traffic Overview

Broadcast

FTP

XX

XX• Limit traffic and restrict network use

Managing IP Traffic OverviewIntegral to the task of managing IP traffic is eliminating unwanted traffic while stillallowing appropriate user-access to necessary services. For many protocols,broadcasting is the primary method for locating services. Because routers inherently donot forward broadcasts, it is frequently necessary to help these broadcasts get forwardedonto the appropriate subnet where the server is located.

The Cisco IOS software provides mechanisms for reducing unwanted traffic, forrestricting network use to only authorized users, and for enabling broadcasts to beforwarded beyond the local router to the desired server. Access lists limit traffic andrestrict network use, and helper addressing enables broadcast forwarding. Both accesslists and helper addressing are covered in this chapter.



Access List Applications

• Access lists control packet movementthrough a network

Virtual terminal line access (IP)

Transmission of packets on an interface

Access List ApplicationsPacket filtering helps control packet movement through the network. Such control canhelp limit network traffic and restrict network use by certain users or devices. To permitor deny packets from crossing specified router interfaces, Cisco provides access lists.An IP access list is a sequential collection of permit and deny conditions that apply toIP addresses or upper-layer IP protocols.

The following table shows the types of access lists and the available list numbers for IP:

Type of Access List Range

IP standard 1 - 99

IP extended 100 - 199

Bridge type-code 200 - 299

IPX standard 800 - 899

IPX extended 900 - 999

IPX SAP 1000 - 1099


Configuring IP Standard Access Lists


Configuring IPStandard Access

Lists

Configuring IP Standard Access Lists

Caution The Cisco IOS Release 10.3 introduced substantial additions to IP access lists.These extensions are backward compatible. Migrating from existing releases to the Release 10.3

or later image will convert your access lists automatically. However, previous releases are notupwardly compatible with these changes. Thus, if you save an access list with the Release 10.3or later image and then use older software, the resulting access list will not be interpreted

correctly. This incompatibility can cause security problems. Save your old configuration file before

booting Release 10.3 (or later) images in case you need to revert to an earlier version.



IP Standard Access ListsOverview

• Use source address only

• Access list range: 1 to 99

172.16.5.0

10.0.0.3

Destination Address Source Address

172.16.5.17

XX

IP Standard Access Lists OverviewStandard access lists permit or deny packets based only on the source IP address of thepacket. The access list number range for defining standard access lists is 1 to 99.Standard access lists are easier to configure than their more robust counterparts,extended access lists.



For Standard IP Access Lists

Inbound Access ListProcessing

Incoming packetAccess liston interface?

Next entry in list Does sourceaddress match?

More entries?

Apply condition

Deny Permit

Yes No Yes

No

ICMP Message Process Packet

Yes

No

Do routetable lookup

Route tointerface

Inbound Access List ProcessingAn access list is a sequential collection of permit and deny conditions that apply to IPaddresses. The router tests addresses against the conditions in an access list one by one.The first match determines whether the router accepts or rejects the packet. Because therouter stops testing conditions after the first match, the order of the conditions iscritical. If no conditions match, the router rejects the packet.

For inbound standard access lists, after receiving a packet, the router checks the sourceaddress of the packet against the access list. If the access list permits the address, therouter exits the access list and continues to process the packet. If the access list rejectsthe address, the router discards the packet and returns an ICMP Host Unreachablemessage.

Note that the action taken if no more entries are found in the access list is to deny thepacket, which illustrates an important concept to remember when creating access lists.The last entry in an access list is what is known as an “implicit deny any.” All trafficnot explicitly permitted will be implicitly denied.

Note When configuring access lists, order is important. Make sure that you list the entries in

order from specific to general. For example, if you want to filter a specific host address, thenpermit all other addresses, make sure your entry about the specific host appears first.



Forward Packet


ICMP Message

Outgoing packet

Does sourceaddress match?

More entries?

Permit

YesNo Yes

No

Do routetable lookup

Yes

No

Next entry in list

Apply condition

Access list on interface?

Deny

Outbound Access ListProcessing

Outbound Access List ProcessingFor outbound standard IP access lists, after receiving and routing a packet to acontrolled interface, the router checks the source address of the packet against theaccess list. If the access list permits the address, the router transmits the packet. If theaccess list denies the address, the router discards the packet and returns an ICMP HostUnreachable message.

The primary difference between a standard access list and an extended access list is thatthe latter may continue to check other information in the packet against the access listafter the source address has been found to match.

Note When configuring access lists, order is important. Make sure that you list the entries in

order from specific to general. For example, if you want to filter a specific host address, thenpermit all other addresses, make sure your entry about the specific host appears first.



Class B subnets

Class Csubnets

High-Order Bits First Octet Class Standard Mask010110

1-126128-191192-223

ABC

255.0.0.0255.255.0.0255.255.255.0

0123456789101112131415

255.255.0.0255.255.128.0255.255.192.0255.255.224.0255.255.240.0255.255.248.0255.255.252.0255.255.254.0255.255.255.0255.255.255.128255.255.255.192255.255.255.224255.255.255.240255.255.255.248255.255.255.252255.255.255.254

01234567

IP Addressing Review

IP Addressing ReviewThe IP address is 32 bits in length and is made up of two parts:

■ Network number

■ Host number

The address format is known as dotted-decimal notation. An example address is131.108.122.204. Each bit in an octet has a binary weight, such as (128,...4,2,1). Theminimum value for an octet is 0; it contains all zeros. The maximum value for an octetis 255; it contains all ones.

The allocation of addresses is managed by a central authority. Network numbers areadministered by the Internet Network Information Center (InterNIC). The NIC is alsothe main Request For Comments (RFCs) repository.



exactly host 131.104.7.11

Address Mask Matches

0.0.0.0 255.255.255.255 any address

131.108.0.0/16 0.0.255.255 network 131.108.0.0

host or subnet address

255.255.255.255 0.0.0.0 local broadcast

131.104.7.11/16 0.0.0.0

* Assuming subnet mask of 255.255.248.0

Access Lists Use WildcardMask

131.111.8.0 0.0.7.255 only subnet 131.111.8.0 *

• 0 bit = must match bits in addresses

• 1 bit = no need to match bits in addresses

Access Lists Use Wildcard MaskBoth standard and extended IP access lists use a wildcard mask. Like an IP address, awildcard mask is a 32-bit quantity written in dotted-decimal format. Address bitscorresponding to wildcard mask bits set to 1 are ignored in comparisons; address bitscorresponding to wildcard mask bits set to 0 are used in comparisons.

An alternative way to think of the wildcard mask is as follows: If a 0 bit appears in themask, then the corresponding bit location in the access list address and the samelocation in the packet address must match (either both 0 or both 1). If a 1 bit appears inthe mask, then the bit location in the packet will match whether it is 0 or 1, and the bitlocation in the access list address is ignored. For this reason, 1 bits in the mask aresometimes called “don’t care” bits.

An access list can contain an indefinite number of actual and wildcard addresses. Awildcard address has a non-zero address mask and thus potentially matches more thanone actual address. Remember that the order of the access list statements is important,because the access list is not processed further after a match has been found.



To create an access list,perform the following tasks:• Define an access list

• Apply the list to an interface

Access List ConfigurationTasks

Access List Configuration TasksWhether you are creating a standard or extended access list, you will need to completetwo tasks:

Step 1 Create an access list in global configuration mode by specifying an access listnumber and access conditions.

Define a standard IP access list using a source address and wildcard.

Define an extended access list using source and destination addresses, as wellas optional protocol-type information for finer granularity of control.

Step 2 Apply the access list in interface configuration mode to interfaces or terminallines.

After an access list is created, you can apply it to one or more interfaces.Access lists can be applied on either outbound or inbound interfaces.



• Defines a standard access list (numbered 1-99)

• Applies an access list to a specific interface

Router(config)#

access-list access-list-number { permit | deny } { source [ source-wildcard ] | any }

Router(config-if)#

ip access-group access-list-number { in | out }

Standard Access ListCommands

Standard Access List CommandsUse the access-list command to create an entry in a standard traffic filter list.

access-list Command Description

access-list-number Identifies the list to which the entry belongs; a numberfrom 1 to 99.

permit | deny Indicates whether this entry allows or blocks traffic fromthe specified address.

source Identifies source IP address.

source-wildcard (Optional) Identifies which bits in the address field arematched. It has a 1 in positions indicating “don’t care”bits, and a 0 in any position that is to be strictly followed.If this field is omitted, the mask 0.0.0.0 is assumed.

any Uses address 0.0.0.0 and source wildcard 255.255.255.255to match any address.

Use the ip access-group command to link an existing access list to an interface. Eachinterface may have both an inbound and an outbound access list (provided they are bothstandard or extended).

ip access-group Command Description

access-list-number Indicates the number of the access list to be linked to thisinterface.

in | out Process packets arriving on/leaving from (default) thisinterface.

Eliminate the entire list by typing no access-list access-list number. Deapply the accesslist with the no ip access-group access-list-number command.



correct

commonerrors

access-list 1 permit 131.108.5.17

!



access-list 1 deny any

access-list 1 deny 0.0.0.0 255.255.255.255


not needed

Implicit Masks

• Omitted mask assumed to be 0.0.0.0

• Last two lines unnecessary (implicit deny any)

Implicit MasksImplicit masks reduce typing and simplify configuration.

Shown are three examples of implicit masks.The first line is an example of a specifichost configuration. For standard access lists, if no mask is specified, the mask isassumed to be 0.0.0.0. The implicit mask makes it easier to enter a large number ofindividual addresses. When the symbolic name any is used, the mask 255.255.255.255is implied.

When a packet does not match any of the configured lines in an access list, the packet isdenied by default because there is an invisible line at the end of the access list that isequivalent to deny any. Denying any is the same as configuring 0.0.0.0255.255.255.255, so the last two lines are not needed.

Common errors are found in the other access list lines:

■ The second line—permit 0.0.0.0 would exactly match the address 0.0.0.0 and thenpermit it. In most cases, this address is illegal so this list would prevent all trafficfrom getting through (the implicit deny any).

■ The third line—permit 131.108.0.0 is probably a configuration error. The intentionis probably 131.108.0.0 0.0.255.255. The exact address 131.108.0.0 is reserved torefer to the network and would never be assigned to a host. Network and subnetsare represented by explicit masks. As a result, nothing would get through with thislist, again due to the implicit deny any.

■ The fourth and fifth lines—deny any and deny 0.0.0.0 255.255.255.255 areunnecessary to configure because they duplicate the function of the default denythat occurs when a packet fails to match all of the configured lines in an access list.

Although not necessary, you may want to add one of these entries for record-keepingpurposes.



Configuration Principles

• Top-down processing– Place more specific references first

• Implicit deny any– Unless access list ends with explicit permit any

• New lines added to the end– Cannot selectively add/remove lines

• Undefined access list = permit any– Need to create access list lines for implicit

deny any

Configuration PrinciplesFollowing these general principles helps ensure the access lists you create have theintended results:

■ Top-down processing

– Organize your access list so that more specific references in a network orsubnet appear before more general ones.

– Place more frequently occurring conditions before less frequent conditions.

■ Implicit deny any

– Unless you end your access list with an explicit permit any, it will deny bydefault all traffic that fails to match any of the access list lines.

■ New lines added to the end

– Subsequent additions are always added to the end of the access list.

– You cannot selectively add or remove lines when using numbered access lists,but you can when using IP named access lists (a Cisco IOS Release 11.2feature).

■ Undefined access list = permit any

– If you apply an access list with the access-group command to an interfacebefore any access list lines have been created, the result will be permit any.The list is “live,” so if you enter only one line, it goes from a permit any to a“deny most” (because of the implicit deny any) as soon as you press Return.For this reason, create your access list before you apply it to an interface.



Router(config)# access-list 2 permit 36.48.0.3Router(config)# access-list 2 deny 36.48.0.0 0.0.255.255Router(config)# access-list 2 permit 36.0.0.0 0.255.255.255Router(config)#!(Note: all other access implicitly denied)Router(config)# interface ethernet 0Router(config-if)# ip access-group 2 in

Standard Access List Example

E0

36.48.0.036.0.0.0

36.48.0.3 Internet

36.51.0.0

A B C D

Who can connect to A?

Standard Access List ExampleCan host B communicate with host A? Yes. Permitted by the first line, which uses animplicit host mask.

Can host C communicate with host A? No. Host C is in the subnet denied by the secondline.

Can host D communicate with host A? Yes. Host D is on a subnet that is explicitlypermitted by the third line.

Can users on the Internet communicate with host A? No. Users outside of this networkare not explicitly permitted, so they are denied by default (implicit deny any).



access-list 3 deny 10.30.0.1access-list 3 permit any

BA

10.3.0.1

E0 E0 E0 E0 E1E1E1E1C D

W

A

X Y Z

B C D

Location of Standard AccessLists

• On which router should the access list be configured todeny host Z access to network 10.20.0.0?

• How does location of a standard access list change thepolicy implemented?

10.20.0.0

Location of Standard Access ListsAccess list location can be more of an art than a science, but there are some generalguidelines that we can discover by looking at this simple example.

If the policy goal is to deny host Z access to a host on another network (called host V),and not to change any other access policy, on which router should the access list shownbe configured and on which interface of that router? The access list would be placed onrouter A. The reason is that the standard access list can only specify the source address.Wherever in the path the traffic is denied, no hosts beyond can connect.

The access list could be configured as an outbound list on E0, but it would most likelybe configured as an inbound list on E1 so that packets to be denied would not have tobe routed first.

What would be the effect of placing the access list on other routers?

■ Router B—Host Z could not connect with host W (and host V on another network).

■ Router C—Host Z could not connect with hosts W and X (and host V on anothernetwork).

■ Router D—Host Z could not connect with hosts W, X, and Y (and host V onanother network).

For standard access lists, place them as close to the destination router as possible toexercise the most control.


Configuring Extended Access Lists


Configuring IPExtended Access

Lists

Configuring Extended Access Lists



FTP

Manufacturing

Accounting

SMTP

Telnet

SalesInternet

IP Extended Access ListOverview

• Control traffic by application, not just address

IP Extended Access List OverviewStandard access lists offer quick configuration and low overhead in limiting trafficbased on source address within a network. Extended access lists provide a higherdegree of control by enabling filtering based on the session-layer protocol, destinationaddress, and application port number. These features make it possible to limit trafficbased on the uses of the network.



* If present in access list

Forward PacketICMP Message

Access list?

Next entry in list

Apply condition

Deny Permit

Match

Yes

No

Destination address

Protocol? *

Protocol options? *

Source address

Match

Match

Match

Does not match

Extended Access ListProcessing

Extended Access List ProcessingEvery condition tested must match in order for the line of the access list to match andthe permit or deny condition to be applied. As soon as one parameter or condition fails,the next line in the access list is compared.

The extended access list checks source address, protocol, and destination address.Depending on the protocol configured, there may be more protocol-dependent optionstested. For example, a TCP port may be checked, which allows routers to filter at theapplication layer.



{ source source -wildcard | any }

Router(config)#

access-list access-list-number { permit | deny }

{ destination destination-wildcard | any } [ protocol-specific options ] [ log ]

Extended IP Access ListCommand

• Defines an extended access list(numbered 100 to 199)

• Protocol keywords icmp, tcp, and udpdefine alternate syntax with protocol-specific options

{ protocol | protocol-keyword }

Extended IP Access List CommandUse the access-list command to create an entry in a complex traffic filter list.

access-list Command Description

access-list-number A number from 100 to 199.

permit | deny Whether this entry is used to allow or block the specifiedaddress(es).

protocol ip, tcp, udp, icmp, igmp, gre, igrp, eigrp, ospf, nos, or anumber in the range of 0 through 255. To match anyInternet protocol, use the keyword ip. Some protocols havemore options that are supported by an alternate syntax forthis command.

source and destination IP addresses.

source-wildcard and Wildcard masks of address bits that must match. 0sdestination-wildcard indicate bits that must match, 1s are “don’t care.”

any Use this keyword as an abbreviation for a source andsource-wildcard, and destination and destination-wildcardof 0.0.0.0 255.255.255.255.

log (Optional) Causes informational logging messages aboutthe packet that matches the entry to be sent to the console.Exercise caution when using this keyword because itconsumes CPU cycles.



• The keyword any can be used in place of the address0.0.0.0. with mask 255.255.255.255

• The keyword host preceding an ip-address can be usedin place of the mask 0.0.0.0

Extended Mask Keywords

access-list 101 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255! (alternate configuration)access-list 101 permit ip any any

access-list 101 permit ip 0.0.0.0 255.255.255.255 131.108.5.17 0.0.0.0! (alternate configuration)access-list 101 permit ip any host 131.108.5.17

Extended Mask KeywordsThe keyword any in either the source or destination position matches any address and isequivalent to configuring 0.0.0.0 255.255.255.255.

The keyword host in either the source or destination position causes the address thatimmediately follows it to be treated as if it were specified with a mask of 0.0.0.0.

host 131.108.5.17 = 131.108.5.17 0.0.0.0



ICMP Command Syntax

Router(config)#

access-list access-list-number { permit | deny } icmp

{ source source-wildcard | any }

{ destination destination-wildcard | any }

[ icmp-type [ icmp-code ] | icmp-message ]

• Filters based on ICMP messages

ICMP Command SyntaxUse the access-list icmp command to create an entry in a complex traffic filter list. Theprotocol keyword icmp indicates that an alternate syntax is being used for thiscommand and that protocol-specific options are available.

access-list icmp Command Description


permit | deny Whether this entry is used to allow or block thespecified address(es).


source-wildcard and Wildcard masks of address bits that must match. 0sdestination-wildcard indicate bits that must match, 1s are “don’t care.” The

keyword any used in place of either the source anddestination, or wildcard masks can be used as a shortcutto typing 0.0.0.0 255.255.255.255.

icmp-type (Optional) Packets can be filtered by ICMP messagetype. The type is a number from 0 to 255.

icmp-code (Optional) Packets that have been filtered by ICMPmessage type can also be filtered by ICMP messagecode. The code is a number from 0 to 255.

icmp-message (Optional) Packets can be filtered by a symbolic namerepresenting an ICMP message type or a combination ofICMP message type and ICMP message code. A list ofthese names is provided on the following graphic.



administratively-prohibited information reply port unreachablealternate-address mask-reply reassembly-timeoutconversion-error mask-request redirectdod-host-prohibited mobile-redirect router-advertisementdod-net-prohibited net-redirect router-solicitationecho net-tos-redirect source-quenchecho-reply net-tos-unreachable source-route-failedgeneral-parameter-problem net-unreachable time-exceededhost-isolated network-unknown traceroutehost-tos-redirect no-room-for-option ttl-exceededhost-tos-unreachable option-missing unreachablehost-unknown packet-too-bighost-unreachable parameter-problem

ICMP Message and TypeNames

• Names simplify configuration

ICMP Message and Type NamesCisco IOS Release 10.3 and later versions provide symbolic names that makeconfiguration and reading of complex access lists easier. With symbolic names it is nolonger critical to understand the meaning of message 8 and message 0 in order to filterthe ping command. Instead, the configuration would use echo and echo-reply.

Use the context-sensitive help feature by entering “?” in the Cisco IOS user interface toverify available names and proper command syntax.



TCP Syntax

• Filters based on tcp/tcp port number or name

Router(config)#

access-list access-list-number { permit | deny } tcp

{ source source-wildcard | any }

[ operator source-port | source-port ]

{ destination destination-wildcard | any }

[ operator destination-port | destination-port ]

[ established ]

TCP SyntaxUse the access-list tcp command to create an entry in a complex traffic filter list. Theprotocol keyword tcp indicates that an alternate syntax is being used for this commandand that protocol-specific options are available.

access-list tcp Command Description




source-wildcard anddestination-wildcard

Wildcard masks of address bits that must match.0s indicate bits that must match, 1s are “don’tcare.”

operator (Optional) A qualifying condition. Can be: lt, gt,eq, neq.

source-port anddestination-port

(Optional) A decimal number from 0 to 65535 ora name that represents a TCP port number.

established (Optional) A match occurs if the TCP datagramhas the ACK or RST bits set. Use this if you wanta Telnet or another activity to be established inone direction only.



bgp gopher sunrpcchargen hostname syslogdaytime irc tacacs-dsdiscard klogin talkdomain kshell telnetecho lpd timefinger nntp uucpftp control pop2 whoisftp-data pop3 www

TCP Port Names

• Type ? to get port numbers corresponding to names

• Other port numbers found in Assigned Numbers RFC

TCP Port NamesUse the “?” in place of the port number when entering the command in order to verifythe port numbers associated with these protocol names.

The current Assigned Numbers RFCs are 1700 and 1799.


Reserved TCP Port NumbersDecimal Keyword Description

0 Reserved

1-4 Unassigned

5 RJE Remote job entry

7 ECHO Echo

9 DISCARD Discard

11 USERS Active users

13 DAYTIME Daytime

15 NETSTAT Who is up or NETSTAT

17 QUOTE Quote of the day

19 CHARGEN Character generator

20 FTP-DATA File Transfer Protocol (data)

21 FTP File Transfer Protocol

23 TELNET Terminal connection

25 SMTP Simple Mail Transfer Protocol

37 TIME Time of day

39 RLP Resource Location Protocol

42 NAMESERVER Host name server

43 NICNAME Who is

53 DOMAIN Domain name server

67 BOOTPS Bootstrap protocol server

68 BOOTPC Bootstrap protocol client

69 TFTP Trivial File Transfer Protocol

75 Any private dial-out service

77 Any private RJE service

79 FINGER Finger

95 SUPDUP SUPDUP Protocol

101 HOSTNAME NIC host name server

102 ISO-TSAP ISO-TSAP

113 AUTH Authentication service

117 UUCP-PATH UUCP path service

123 NTP Network Time Protocol

133-138 Unassigned

139 NetBios Session Service

140-159 Unassigned

160-223 Reserved

224-255 Unassigned



UDP Syntax

• Filters based on udp protocol or udp portnumber or name

Router(config)#

access-list access-list-number { permit | deny } udp{ source source-wildcard | any }[ operator source-port | source-port ]{ destination destination-wildcard | any }[ operator destination-port | destination-port ]

UDP SyntaxThe access-list udp command creates an entry in a complex traffic filter list. Theprotocol keyword udp indicates that an alternate syntax is being used for this commandand that protocol-specific options are available.

access-list udp Command Description




source-wildcard and destination-wildcard

Wildcard masks of address bits that mustmatch. 0s indicate bits that must match, 1s are“don't care.”

any Use this keyword as an abbreviation for asource and source-wildcard, and destinationand destination-wildcard of 0.0.0.0255.255.255.255.

source-port anddestination-port

(Optional) A decimal number from 0 to 65535or a name that represents a UDP port number.

operator (Optional) A qualifying condition. Can be: lt,gt, eq, neq.



biff nameserver syslogbootpc netbios-dgm tacasds-dsbootps netbios-ns talkdiscard ntp tftpdns rip timednsix snmp whoisecho snmptrap xdmcpmobile-ip sunrpc

• Type ? to get port numbers corresponding to the name

• Other port numbers found in Assigned Numbers RFC

UDP Port Names

UDP Port NamesUse the “?” in place of the port number when entering the command in order to verifythe port numbers associated with these protocol names.


Reserved UDP Port NumbersDecimal Keyword Description

0 Reserved

1–4 Unassigned

5 RJE Remote job entry

7 ECHO Echo

9 DISCARD Discard

11 USERS Active users

13 DAYTIME Daytime

15 NETSTAT Who is up or NETSTAT

17 QUOTE Quote of the day

19 CHARGEN Character generator

20 FTP-DATA File Transfer Protocol (data)

21 FTP File Transfer Protocol

23 TELNET Terminal connection

25 SMTP Simple Mail Transfer Protocol

37 TIME Time of day

39 RLP Resource Location Protocol

42 NAMESERVER Host name server

43 NICNAME Who is

53 DOMAIN Domain name server

67 BOOTPS Bootstrap protocol server

68 BOOTPC Bootstrap protocol client

69 TFTP Trivial File Transfer Protocol

75 Any private dial-out service

77 Any private RJE service

79 FINGER Finger

123 NTP Network Time Protocol

133-136 Unassigned

137 NetBios Name Service

138 NetBios Datagrams Service

139-159 Unassigned

160-223 Reserved

160 SNMP

161 SNMP Trap

224-255 Unassigned

520 RIP



access-list 103 permit tcpany128.88.0.0 0.0.255.255 establishedaccess-list 103 permit tcp any host 128.88.1.2 eq smtp

!interface ethernet 1ip access-group 103 in

Providing Internet Mail 128.88.1.2

E1

128.88.1.0 128.88.3.0

A

Internet

Extended Access ListExample 1

Extended Access List Example 1In this example, Ethernet interface 1 is part of a Class B network with the address128.88.0.0, and the mail host’s address is 128.88.1.2. The keyword established is usedonly for the TCP protocol to indicate an established connection. A match occurs if theTCP datagram has the ACK or RST bits set, which indicate that the packet belongs toan existing connection. If the ACK is not set, and the SYN is set, then someone on theInternet is initializing the session, in which case, the packet is denied.



E1E0

128.88.1.2

S0

128.88.1.0 128.88.3.0

Also Providing DNS and Ping

InternetA B


access-list 104 permit tcp any 128.88.0.0 0.0.255.255 establishedaccess-list 104 permit tcp any host 128.88.1.2 eq smtpaccess-list 104 permit udp any any eq dnsaccess-list 104 permit icmp any any echoaccess-list 104 permit icmp any any echo-reply!interface serial 0ip access-group 104 in

Extended Access List Example 2This example also permits name/domain server packets and ICMP echo and echo-replypackets.



• Minimize distance traveled by traffic that will bedenied (and ICMP unreachable messages)

• Keep denied traffic off the backbone

• Select router to receive CPU overhead fromaccess lists

• Consider number of interfaces affected

• Consider access list management and security

• Consider network growth impacts on access listmaintenance

Location of Extended AccessLists

Location of Extended Access ListsBecause extended access lists can filter on more than source address, location is nolonger a constraint. Frequently, policy decisions and goals are the driving force behindextended access list placement.

If your goal is to minimize traffic congestion and maximize performance, you mightwant to push the access lists close to the source to minimize cross traffic and hostunreachable messages. If your goal is to maintain tight control over access lists as partof your network security strategy, you might want to have them more centrally located.Notice how changing network goals will affect access list configuration.


Restricting Virtual Terminal, HTTP and SNMP Access


RestrictingVirtual Terminal,HTTP and SNMP

Access

Restricting Virtual Terminal, HTTP and SNMP Access



XX XX

Virtual Terminal AccessOverview

• Standard and extended access lists will notblock access from the router

• For security, virtual terminal (vty) access canbe blocked to or from the router

Router# Router

#

Virtual Terminal Access OverviewStandard and extended access lists will block packets from going through the router.They are not designed to block packets that originate within the router. An outboundTelnet extended access lists does not prevent router-initiated Telnet sessions, bydefault.

For security purposes, users can be denied virtual terminal (vty) access to the router, orusers can be permitted vty access to the router but denied access to destinations fromthat router. Restricting virtual terminal access is less a traffic control mechanism thanone technique for increasing network security.

vty access is accomplished using the Telnet protocol. As a result, there is only one typeof vty access list.



Physical port (E0)

Virtual ports (vty 0 through 4)

01 2 3

4

How to Control vty Access

• Five virtual terminal lines (0 through 4)

• Set identical restrictions on all the virtualterminal lines

Router#

Router#

How to Control vty AccessJust as there are physical ports or interfaces such as E0 and E1, there are also virtualports. These virtual ports are called virtual terminal lines. There are five such virtualterminal lines, numbered vty 0 through 4

because you cannot control on which virtual terminal line a user will connect.

Note Some experts recommend that you configure one of the vty terminal lines differently

than the others. This way you will have a “back door” into the router.



• Enters configuration mode for a terminalline or a range of lines

• Restricts incoming and outgoingconnections between a particular virtualterminal line (into a device) and theaddresses in an access list

Router(config)#

line vty { vty-number | vty-range }

Router(config-line)#

access-class access-list-number { in | out }

Virtual Terminal LineCommands

Virtual Terminal Line CommandsUse the line vty command to place the router in line configuration mode.

line vty Command Description

vty-number Indicates the number of the line to be configured.

vty-range Indicates the lines to which the configuration will apply.

Use the access-class command to link an existing access list to a terminal line or rangeof lines.

access-class Command Description

access-list-number Indicates the number of the access list to be linked to aterminal line. This is a decimal number from 1 to 99.

in Prevents the router from receiving incoming connections fromthe addresses in the access list.

out Prevents someone from initiating a Telnet to addresses definedin the access list.




!

line vty 0 4

access-class 12 in

Controlling Inbound Access

Virtual Terminal AccessExample

• Permits only hosts in network 192.89.55.0 toconnect to the virtual terminal ports on therouter

Virtual Terminal Access ExampleIn this example, we are permitting any device on network 192.89.55.0 to establish avirtual terminal (Telnet) session with the router. Of course, the user must know theappropriate passwords to enter user mode and privileged mode.

Notice that identical restrictions have been set on all virtual terminal lines (0-4) becauseyou cannot control on which virtual terminal line a user will connect.

The implicit deny any still applies in an alternate application such as limiting virtualterminal access.





E1E0

128.88.1.2

S0

128.88.1.0 128.88.3.0

Internet

B

access-list 118 permit tcp any 128.88.0.0 0.0.255.255 eq www establishedaccess-list 118 permit tcp any host 128.88.1.2 eq smtp

access-list 118 permit udp any any eq dnsaccess-list 118 permit udp 128.8.3.0 0.0.0.255 128.8.1.0 0.0.0.255 eq snmp

access-list 118 deny icmp any 128.8.0.0 0.0.255.255 echoaccess-list 118 permit icmp any any echo-reply!interface ethernet 0ip access-group 118 out

NOC

A

128.88.2.0

DNS FTP E-mailBrowser

Provides Web Accessand Network Management

Extended Access List Example 3In the graphic, replies to queries from the client A’s browser will be allowed back intothe corporate network. Browser queries from external sources are not explicitly allowedand will be discarded by the access list.

Access list 118 allows mail to be delivered exclusively to the mail server and the nameserver resolves DNS requests. The right-hand subnet is controlled by the networkmanagement group and network management queries (SNMP) will be allowed to reachdevices in the server farm.

Attempts to ping the corporate network from outside will fail because the access listblocks the echo requests. However, the replies to echo requests generated from withinthe corporate network will be allowed to re-enter the network.


Verifying Access List Configuration


Verifying AccessList Configuration

Verifying Access List Configuration



• Displays access lists from all protocols

• Displays a specific IP access list

• Clears packet counts

• Displays line configuration

Access List show Commands

Router#

show ip access-list [ access-list-number ]

Router#

show access-list

Router#

show line

Router#

clear access-list counters [ access-list-number ]

Access List show CommandsUse the show access-list command to display access lists from all protocols.

Use the show ip access-list command to display IP access lists.

show ip access-list Command Description

access-list-number (Optional) Shows a specific list. If this option isnot specified, then all IP access lists are displayed.

The system counts how many packets pass each line of an access list; the counters aredisplayed by the show access-list command. Use the clear access-list counterscommand in EXEC mode to clear the counters of an access list.

Use the show line command to display information about terminal lines.



show ip access-listsCommand

• Matches are shown for extended access lists

p1r1#show access-lists

Extended IP access list 100

deny tcp host 10.1.1.2 host 10.1.1.1 eq telnet (3 matches)

deny tcp host 10.1.2.2 host 10.1.2.1 eq telnet

permit ip any any (629 matches)

show ip access-lists CommandThe output from the show ip access-lists command displays the contents of previouslydefined IP access lists.


Written Exercise


Written Exercise

Written Exercise



S0E0 E1

172.16.1.0 172.16.2.0 172.16.3.0

172.16.4.0

172.16.1.3 172.16.3.3

E0 E1

E2

W X

Z

A

Outside World

Written Exercise: IP ExtendedAccess Lists

DNS FTP WWW

4.54.44.34.2

Client

Written Exercise: IP Extended Access ListsObjective: Configure IP extended access lists., y , www.cisco.comCreate an access list and place it in the proper location to satisfy the followingrequirements:

■ Prevents all hosts on subnet 172.16.1.0/24 except host 172.16.1.3 from accessingthe Web server on subnet 172.16.4.0

■ Prevents the outside world from ping’ing subnet 172.16.4.0

■ Allows all other hosts on all other subnets of network 172.16.0.0 (subnet mask255.255.0.0) to queries to the DNS server on subnet 172.16.4.0

■ Prevents only host 172.16.3.3 from accessing subnet 172.16.4.0

Write your configuration in the space below. Be sure to include the router name (A orB), interface name (E0, E1, or E2), and access list direction (in or out).


Using an Alternative to Access Lists


Using anAlternative toAccess Lists

Using an Alternative to Access Lists



S1

S0

E0

T0

Routingtable

Null 0

Access list

access-list ip permit 1.0.0.0 ...access-list ip deny 2.0.0.0 ...access-list ip permit 3.0.0.0 ...access-list ip deny 4.0.0.0 ...access-list ip permit 5.0.0.0 ...

Packet

arrives

Null Interface

• Route to nowhere saves valuable CPU cycles

Null InterfaceAccess lists are processor-intensive. The router processes every line of an access listuntil a match is found. There is an alternative to using access lists if the policy is forunwanted traffic to be discarded every time. The alternative is to configure a nullinterface. A null interface saves CPU cycles.

The null interface is a software-only interface that functions similarly to a “null” deviceused by operating systems. Message traffic that is not required (to be displayed) isdirected to the null interface using a static route, where it is effectively “dropped.”

Note It is important to consider the location of the null interface because anytime a packet

comes into the router to the defined destination, it will be dropped.



Router(config)#

ip route address mask null 0

Null Interface Command

• Creates a static route to filter unwantedtraffic

• Interface name is always null 0

Null Interface CommandUse the ip route command to establish static routes and specify the null interface(always null 0).


address IP address of the target network, subnet, or host.

mask Network mask that lets you mask network, subnetwork, orhost bits.



Null Interface Example

• Eliminates traffic for 201.222.5.0 from WAN

131.108.4.0

131.108.5.0 131.108.7.0

201.222.5.0

131.108.1.0 131.108.6.1 131.108.6.2

ip route 201.222.5.0 255.255.255.0 null 0

TokenRing

Null Interface ExampleThe graphic shows:

ip route 201.222.5.0 255.255.255.0 null 0 Description

Command

201.222.5.0. 255.255.255.0 The destination IP address and the mask.

null 0 The null interface to which traffic is “forwarded.”

The static route forwards traffic for network 201.222.5.0 to the null interface, whichdrops it.



Written Exercise: Alternativeto Access Lists

172.16.16.0

192.168.2.0255.255.255.0

172.16.12.0172.16.20.0

TokenRing

Fill in the Blank

Written Exercise: Alternative to Access ListsObjective: Configure an alternative to using access lists.

Write the configuration statement in the box above that sends all traffic bound for192.168.2.0 to the null interface.



• You can manage IP traffic by:–Controlling packet transmission on each

medium–Using a static route to the null interface in

place ofan access list to minimize processingoverhead

–Configuring helper addresses to forwardbroadcasts

• Standard access lists are easy to configure andrequire lower processing overhead

• Extended access lists provide greater control

Summary

Summary


Case Study – Traffic Filters


Case Study -Traffic Filters

Case Study – Traffic Filters



Case Study - Traffic FiltersCase Study - Traffic Filters

ISPInternet

PIX

DNS

Web

E-mail

Private Address SpaceNetwork 10.0.0.0

Secure R & D HR, Accounting

Browser

Filter PrivateAddresses

Restrict Access

EnableWeb

Access

Enable NetworkMangmnt

NOC

Enterprise -Corporation JKL

Gig EnetFast EnetEthernetSerial

Case Study – Traffic FiltersThe graphic highlights several key concepts:

■ Before filters can be applied, you must understand traffic flow in your network

■ What steps are involved in implementing the corporate security policy

■ How to control network functionality with access control lists



Case Study - Traffic Filters(cont.)

Case Study - Traffic Filters(cont.)

PIX

DNS

Web

E-mail

Browser

EnableWeb

Access

Enable NetworkMangmnt

NOC

Secure R & D Public Area

FuturePlans

Case Study – Traffic Filters (cont.)Key points related to the graphic:

■ Secure areas must be protected

■ Network management requires access to all areas of the network

■ Security policy involves several platforms and operating systems

■ Web access complicates the security policy



Answers toExercises


.

13

Optimizing RoutingUpdate Operation

OverviewThis chapter discusses different ways to control routing update information. Routeredistribution to interconnect networks that use multiple routing protocols isexplained. Controlling information between the protocols can be accomplishedusing filters, changing of administrative distance, and configuring metrics. Theconfiguration of each of these techniques is provided. Policy-based routing usingroute-maps is explained and configured.


■ Objectives

Note Note to reviewers: Route summarization (review) was a topic that was included in the design document for this

chapter; however this topic has been covered many times already in the course so I didn’t cover it again here.

■ Redistribution Between Multiple Routing protocols

■ Configuring Redistribution

■ Controlling Routing Update Traffic

■ Verifying Redistribution Operation

■ Written Exercise: Redistribution and Controlling Routing Update Traffic

■ Policy-based Routing Using Route-Maps

■ Verifying Policy-Based Routing

■ Case Study: Redistribution


■ Summary


Copyright 1999, Cisco Systems, Inc. Optimizing Routing Update Operation 13-3



Objectives

Upon completion of this chapter, you willbe able to perform the following tasks:• Select and configure the different ways to control

route update traffic• Configure route redistribution in a network that does

not have redundant paths between dissimilar routingprocesses

• Configure route redistribution in a network that hasredundant paths between dissimilar routingprocesses


■ Select and configure the different ways to control routing update traffic

■ Configure route redistribution in a network that does not have redundant pathsbetween dissimilar routing processes

■ Configure route redistribution in a network that has redundant paths betweendissimilar routing processes

■ Resolve path selection problems that result in a redistributed network

■ Verify route redistribution

■ Configure policy-based routing using route-maps

■ Given a set of network requirements, configure redistribution betweendifferent routing domains and verify proper operation (within describedguidelines) of your routers

■ Given a set of network requirements, configure policy-based routing withinyour pod and verify proper operation (within described guidelines) of yourrouters



Objectives (cont’d)Objectives (cont’d)

• Resolve path selection problems that result in aredistributed network

• Verify route redistribution• Configure policy-based routing using route-maps• Given a set of network requirements, configure

redistribution between different routing domains andverify proper operation (within described guidelines)of your routers

• Given a set of network requirements, configurepolicy-based routing within your pod and verifyproper operation (within described guidelines) ofyour routers


Redistribution Between Multiple Routing ProtocolsThis section explains when multiple protocols may be needed in a network, anddiscusses how redistribution works between the protocols. How to plan and designredistribution solutions for your network is beyond the scope of this coursebecause creating a design is very dependent on your network topology and trafficpatterns.


• Interim during conversion

• Application-specific protocols–One size does not always fit all

• Political boundaries

–Groups that do not work and play nicelywith others

• Mismatch between devices–Multivendor interoperability

–Host-based routers

When Do You Use MultipleRouting Protocols?

Thus far, we have looked at networks that use a single routing protocol. There aretimes, however, when you will need to use multiple routing protocols. Somereasons why you may need multiple protocols are as follows:

■ When you are migrating from an older IGP to a new IGP, multipleredistribution boundaries may exist until the new protocol has displaced theold protocol completely. Dual existence of protocols is effectively the same asa long-term coexistence design.

■ When you want to use another protocol but need to keep the old protocol dueto the needs of host systems.

■ Different departments might not want to upgrade their routers or they mightnot implement a sufficiently strict filtering policy. In these cases you canprotect yourself by terminating the other routing protocol on one of yourrouters.

■ If you have a mixed router vendor environment, you can use a Cisco-specificprotocol in the Cisco portion of the network and then use a common protocolto communicate with non-Cisco devices.



• Routes are learned from another routing protocolwhen a router redistributes the informationbetween the protocols

IP Routing TableI 192.168.5.0I 172.16.1.0I 172.16.2.0I 172.16.3.0

IP Routing Table

D EX 172.16.0.0D 192.168.5.8D 192.168.5.16D 192.168.5.24

S1 advertises routes from EIGRP to IGRP

S0 advertises routes from IGRP to EIGRP

AS 200IGRP172.16.0.0

S0S1 AS 300EIGRP192.168.5.0

What Is Redistribution?

ASBR

ABC

When any of these situations arises, Cisco routers allow internetworks usingdifferent routing protocols (referred to as autonomous systems) to exchangerouting information through a feature called route redistribution. Redistribution isdefined as the ability for boundary routers connecting different autonomoussystems to exchange and advertise routing information received from oneautonomous system to the other autonomous system.

Note The term autonomous system as used here denotes internetworks using different

routing protocols. These routing protocols may be IGPs and/or EGPs. This is a different useof the term Autonomous System than is used when discussing BGP.

Within each autonomous system the internal routers have complete knowledgeabout their network. The router interconnecting autonomous systems is called anautonomous system boundary router (ASBR).

In the example shown in the graphic, AS 200 is running IGRP and AS 300 isrunning EIGRP, and the internal routers within each autonomous system havecomplete knowledge about their networks. Router A is the ASBR. Router A hasboth IGRP and Enhanced IGRP processes active and is responsible for advertisingroutes learned from one autonomous system into the other autonomous system.

In this example, Router A learns about network 192.168.5.0 from Router B via theEIGRP protocol running on its S0 interface. It passes that information to Router Con its S1 interface via IGRP. Routing information is also passed the other way,from IGRP into EIGRP.

Router B's routing table shows that it has learnt about network 172.16.0.0 viaEIGRP (as indicated by the “D” in the routing table) and that the route is externalto this autonomous system (as indicated by the “EX” in the routing table). Router


C’s routing table shows that it has learnt about network 192.168.5.0 via IGRP (asindicated by the “I” in the routing table). Note that there is no indication in IGRP ifthe route is external to the autonomous system.

Note that in this case the routes that are exchanged are summarized on the networkclass boundary. Recall from the route summarization discussion in chapters 3 and4 that EIGRP and IGRP automatically summarize routes on the network classboundary.



Redistribution ImplementationConsiderations

172.16

RIP

172.16

EIGRP

RIP

172.16.0.0

AS 300EIGRPASBR

ASBR

172.16

RIP

172.16

EIGRP

• Routing feedback– Suboptimal path selection– Routing loops

• Incompatible routing information• Inconsistent convergence time

Redistribution, although powerful, increases the complexity and potential forrouting confusion, so it should only be used when absolutely necessary. The keyissues that arise when using redistribution are as follows:

■ Routing feedback (loops)—Depending on how you employ redistribution,routers can send routing information received from one autonomous systemback into that same autonomous system. The feedback is similar to the routingloop problem that occurs in distance vector technologies.

■ Incompatible routing information—Because each routing protocol usesdifferent metrics to determine the best path, for example RIP uses hops andOSPF uses cost, path selection using the redistributed route information maynot be optimal. Because the metric information about a route cannot betranslated exactly into a different protocol, the path a router chooses may notbe the best.

■ Inconsistent convergence time—Different routing protocols converge atdifferent rates. For example, RIP converges slower that EIGRP, so if a linkgoes down, the EIGRP network will learn about it before the RIP network.

To understand why some of these problems may occur, you must first understandhow Cisco routers select the best path when more than one routing protocol isrunning, and how they convert the metrics used when importing routes from oneautonomous system into another. These topics are discussed in the followingpages.



• Different protocols use differentmetrics

• Metrics are difficult to comparealgorithmically

• Therefore, need a selection process:1—Which protocol do you believe the most?

Use the administrative distance

2—Then decide which metric is the best

Selecting the Best Route

Most routing protocols have metric structures and algorithms that are notcompatible with other protocols. In a network where multiple routing protocols arepresent, the exchange of route information and the ability to select the best pathacross the multiple protocols is critical. In order for routers to select the best pathwhen they learn two or more routes to the same destination from different routingprotocols, Cisco uses two parameters:

■ Administrative distance—As we saw in chapter 3, administrative distance isused to rate the believability of a routing protocol. Each routing protocol isprioritized in order of most to least believable (reliable) using a value calledadministrative distance. This criterion is the first a router uses to determinewhich routing protocol to believe if more than one protocol provides routeinformation for the same destination.

■ A routing metric—The metric is a value representing the path between thelocal router and the destination network. The metric is usually a hop or costvalue, depending on the protocol being used.

The following pages discuss these two path selection tools in more detail.



Which Protocol to Believe?

Connected Interface Connected Interface 00Static RouteStatic Route 11Enhanced IGRP Summary RouteEnhanced IGRP Summary Route 55External BGPExternal BGP 2020Internal Enhanced IGRPInternal Enhanced IGRP 9090IGRPIGRP 100100OSPFOSPF 110110IS-IS IS-IS 115115RIP RIP 120120EGPEGP 140140External Enhanced IGRPExternal Enhanced IGRP 170170Internal BGPInternal BGP 200200UnknownUnknown 255255

Route SourceRoute Source Default DistanceDefault Distance

The table in the graphic lists the default believability (administrative distance) ofthe protocols that Cisco supports. For example, if a router received a route tonetwork 10.0.0.0 from IGRP and then received a route to the same network fromOSPF, the router would use the administrative distance to determine that IGRP ismore believable, and would add the IGRP version of the route to the routing table.

When using route redistribution, there may occasionally be a need to modify theadministrative distance of a protocol so that it will be preferred. For example, ifyou want the router to select RIP-learned routers rather than IGRP-learned routesto the same destination, then you must increase the administrative distance forIGRP or decrease the administrative distance for RIP.

Modifying the administrative distance is discussed in the “Controlling RoutingUpdate Traffic” section later in this chapter.



Seed Metric

The first, or seed, metric for a route isderived from being directly connected to arouter interfaceBut redistributed routes are not physicallyconnected• Use default-metric command to establish the seed

metric for the route• Once a compatible metric is established, the

metric will increment just like any other route• Set default metric larger than the largest

native metric

Once the most believable protocol is determined for each destination and theroutes are added to the routing table, a router may advertise the routinginformation to other protocols if configured to do so. If the router was advertisinga link directly connected to one of its interfaces, the initial or seed metric usedwould be derived from the characteristics of that interface and the metric wouldincrement as the routing information passed to other routers.

However, redistributed routes are not physically connected to a router; they arelearnt from other protocols. If an ASBR wants to redistribute information betweenrouting protocols, it must be able to translate the metric of the received route fromthe source routing protocol into the other routing protocol. For example, if anASBR receives a RIP route, the route will have hop count as a metric. Toredistribute the route into OSPF, the router must translate the hop count into a costmetric that will be understood by other OSPF routers. This cost metric, referred toas the seed or default metric, is defined during configuration.

Once the seed metric for a redistributed route is established, the metric willincrement normally within the autonomous system. (The exception to this is OSPFE2 routes, as discussed previously, which hold their default metric regardless ofhow far they are propagated across an autonomous system.)

When configuring a default metric for redistributed routes, the metric should be setto a value larger than the largest metric within the receiving autonomous system,to help prevent routing loops.

Configuring default metrics is discussed distance is discussed in the “ControllingRouting Update Traffic” section later in this chapter.



Redistribution Supports AllProtocols

RtrA(config-router)#redistribute ? bgp Border Gateway Protocol (BGP) connected Connected egp Exterior Gateway Protocol (EGP) eigrp Enhanced Interior Gateway Routing Protocol (EIGRP) igrp Interior Gateway Routing Protocol (IGRP) isis ISO IS-IS iso-igrp IGRP for OSI networks mobile Mobile routes odr On Demand stub Routes ospf Open Shortest Path First (OSPF) rip Routing Information Protocol (RIP) static Static routes

As the graphic shows for IP, all protocols are supported by redistribution. Beforeimplementing redistribution, consider the following points:

■ You can only redistribute protocols that support the same protocol stack. Forexample, you can redistribute between IP RIP and OSPF because they bothsupport the TCP/IP stack. But you cannot redistribute between IPX RIP andOSPF because IPX RIP supports the IPX/SPX stack and OSPF does not.

■ How you configure redistribution varies among protocols and amongcombinations of protocols. For example, redistribution occurs automaticallybetween IGRP and EIGRP when they have the same autonomous systemnumber, but it must be configured between EIGRP and RIP.



• IPX RIP redistribution with Enhanced IGRPis enabled by default

• AppleTalk RTMP redistribution is enabled by default

• Redistribution of IGRP in the same autonomous systemis automatic; manual if different autonomous system

• Other protocols require manual redistribution

IPX

Enhanced IGRP

IPX

AppleTalk

IP

AppleTalk

IP

Redistribution and EIGRP

EIGRP, because it supports multiple routing protocols, can be used to redistributewith IP, IPX, and AppleTalk routing protocols (within the same protocol stack).Consider the following when redistributing EIGRP with these protocols:

■ In the IP environment, IGRP and EIGRP have a similar metric structure andtherefore redistribution is straightforward. For migration purposes, when IGRPand Enhanced IGRP are both running in the same autonomous system,redistribution is automatic. When redistributing between different autonomoussystems, redistribution must be configured for Enhanced IGRP, just as it isrequired for IGRP.

■ All other IP routing protocols, both internal and external, require thatredistribution be configured in order to communicate with EIGRP.

■ By design, EIGRP automatically redistributes route information with NovellRIP. Beginning with Cisco IOS Release 11.1, EIGRP can be configured toredistribute route information with NLSP.

■ EIGRP for AppleTalk understands RTMP updates, and redistribution isenabled by default.


Configuring RedistributionThis section describes how to configure redistribution between multiple protocols.


Configuring Redistribution

What do I need to determinebefore configuring redistribution?

• Identify the ASBRs, where theprotocols will run

• Determine which protocol isthe “core” and which is the“edge”

• Determine the directions youwant to redistribute theprotocols

Configuring route redistribution can be very simple or very complex, dependingon the mix of protocols that you want to redistribute. The commands used toenable redistribution and assign metrics vary slightly depending on the protocolsbeing redistributed. The following steps are generic enough to apply to virtually allprotocol combinations. However, the commands used to implement the steps mayvary. It is highly recommended that you review the Cisco IOS documentation forthe configuration commands that apply to the specific protocols that you want toredistribute.

Note In this section the terms “core” and “edge” are generic terms used to simplify thediscussion about redistribution.

Step 1 Locate the ASBR that redistribution needs to be configured on.

Step 2 Determine which routing protocol is the “core” or “backbone” protocol.Usually this is OSPF or EIGRP.

Step 3 Determine which routing protocol is the “edge” or “short-term” (if youare migrating) protocol.

Step 4 Access the routing process into which you want routes redistributed.Typically, you start with the backbone routing process. For example, toaccess OSPF, do the following:

router(config)# router ospf process-id



Configuring Redistribution intoOSPF

RtrA(config-router)#router ospf 1RtrA(config-router)#redistribute eigrp ? <1-65535> Autonomous system numberRtrA(config-router)#redistribute eigrp 100 ? metric Metric for redistributed routes metric-type OSPF/IS-IS exterior metric type for redistributed routes route-map Route map reference subnets Consider subnets for redistribution into OSPF tag Set tag for routes redistributed into OSPF <cr>

Step 5 Configure the router to redistribute routing updates from the “edge”protocol into the backbone protocol. This command varies, depending onthe protocols.

The command shown here is for redistributing updates into OSPF:

router(config-router)# redistribute protocol [ process-id ] [ metric metric-value ] [ metric-type type-value ] [ route-map map-tag ] [ subnets ] [ tag tag-value ]

redistribute Command Description

protocol Source protocol from which routes are beingredistributed. It can be one of the followingkeywords: connected, bgp, eigrp, egp, igrp,isis, iso-igrp, mobile, odr, ospf, static, or rip .

process-id For bgp, egp, eigrp or igrp, this is anautonomous system number For ospf, this is anOSPF process ID.

metric-value An optional parameter used to specify themetric used for the redistributed route. Whenredistributing into protocols other than OSPF,if this value is not specified and no value isspecified using the default-metric routerconfiguration command, the default metric is 0and routes may not be redistributed. WithOSPF, the default metric is 20. Use a valueconsistent with the destination protocol, in thiscase OSPF cost.

type-value An optional OSPF parameter that specifies theexternal link type associated with the defaultroute advertised into the OSPF routing domain.


This value can be 1 for type-1 external routesor 2 for type-2 external routes. The default is atype-2 external route.

map-tag Optional identifier of a configured route-mapto be interrogated to filter the importation ofroutes from this source routing protocol to thecurrent routing protocol.

subnets An optional OSPF parameter that specifies thatsubnetted routes should also be redistributed.Only routes that are not subnetted areredistributed if the subnets keyword is notspecified.

tag-value Optional 32-bit decimal value attached to eachexternal route. This is not used by the OSPFprotocol itself. It may be used to communicateinformation between Autonomous SystemBoundary Routers.



Configuring Redistributioninto EIGRP

Configuring Redistributioninto EIGRP

RtrA(config-router)#router eigrp 100RtrA(config-router)#redistribute ospf ? <1-65535> Process ID

RtrA(config-router)#redistribute ospf 1 ? match Redistribution of OSPF routes metric Metric for redistributed routes route-map Route map reference <cr>

The command shown here is for redistributing updates into EIGRP:

router(config-router)# redistribute protocol [ process-id ] [ match { internal |

external1 | external2 } [ metric metric-value ] [ route-map map-tag ]

redistribute Command Description

protocol Source protocol from which routes are beingredistributed. It can be one of the followingkeywords: connected, bgp, eigrp, egp, igrp,isis, iso-igrp, mobile, odr, ospf, static, or rip .

process-id For bgp, egp, eigrp or igrp, this is anautonomous system number For ospf, this is anOSPF process ID.

match Optional, for OSPF, the criteria by whichOSPF routes are redistributed into other routingdomains. It can be one of the following:internal : redistribute routes that are internal toa specific autonomous system.

external 1: redistribute routes that are externalto the autonomous system, but are importedinto OSPF as type 1 external route.

external 2: redistribute routes that are externalto the autonomous system, but are importedinto OSPF as type 2 external route.

metric-value An optional parameter used to specify themetric used for the redistributed route. Whenredistributing into protocols other than OSPF,if this value is not specified and no value isspecified using the default-metric routerconfiguration command, the default metric is 0and routes may not be redistributed. Use a


value consistent with the destination protocol(see the description of the default metriccommand in this section for a description of theEIGRP metric).

map-tag Optional identifier of a configured route-mapto be interrogated to filter the importation ofroutes from this source routing protocol to thecurrent routing protocol.



• Used for redistributing into OSPF, RIP, EGP,or BGP

Configuring Default Metric


default-metric bandwidth delay reliability loading mtu


default-metric number

• Used for redistributing into IGRP orEnhanced IGRP

Step 6 Define the default seed metric that the router uses when redistributingroutes into a routing protocol.

■ When redistributing into IGRP or EIGRP use the top commandshown in the graphic.

default-metric Command Description

bandwidth Minimum bandwidth of the route in kilobits persecond.

delay Route delay in tens of microseconds.

reliability Likelihood of successful packet transmissionexpressed in a number from 0 to 255, where 255means the route is 100% reliable.

loading Effective loading of the route expressed in anumber from 1 to 255, where 255 means theroute is 100% loaded.

mtu Maximum transmission unit (MTU)—themaximum packet size along the route in bytes,an integer greater than or equal to 1.

■ When redistributing into OSPF, RIP, EGP, and BGP use the lowercommand shown in the graphic.

default-metric Command Description

number The value of the metric, such as the number ofhops for RIP.

Step 7 Exit the routing process.



Configuring Redistribution

Edge Protocol

Core Protocol

Redistribute

Default or Static

Redistribute and Change Administrative Distance

Redistribute and Filter

Step 8 Enter configuration mode for the other routing process, usually the“edge” or “short-term” process.

Step 9 Depending on your network, this configuration will vary because youwant to employ some techniques to reduce routing loops. For example,you may do any of the following:

■ Redistribute a default route about the core autonomous system intothe edge autonomous system.

■ Redistribute multiple static routes about the core autonomous systeminto the edge autonomous system.

■ Redistribute all routes from the core autonomous system into the edgeautonomous system, then assign a distribution filter to filter outinappropriate routes.

■ Redistribute all routes from the core autonomous system into the edgeautonomous system, then modify the administrative distanceassociated with the received routes so that they are not the selectedroutes when multiple routes exist for the same destination. In somecases, the route learned by the native protocol is better, but may havea less believable administrative distance. Refer to the “RedistributionExample Using distance” later in this chapter for an example of thisscenario.

Redistribution of static and default information are discussed in the followingpages. Filtering and changing the administrative distance are discussed in the“Controlling Routing Update Traffic” section later in this chapter.



Router(config)#

ip route prefix mask address [ distance ] [tag tag] [permanent]

Router(config)#

ip route prefix mask interface [ distance ] [tag tag] [permanent]

Using and Configuring StaticRoutes

• Defines a path using an interface

• Use if do not have a route to the next hop address

• Automatically redistributed in some cases

• Defines a path using a next hop address

• Use if have a route to the defined address

• Requires redistribution

Static routes are routes that you can manually configure on the router. Static routesare used most often to:

■ Define specific routes to use when two autonomous systems must exchangerouting information, rather than having entire routing tables exchanged.

■ Define routes to destinations over a WAN link to eliminate the need for adynamic routing protocol. That is, when you do not want routing updates toenable or cross the link.

The commands to configure static routes for IP are shown in the graphic and theiruse is discussed in the following steps:

Step 1 Determine which networks you want defined as static. For example, ifyou are configuring static routes on a WAN router that is connecting to abranch office, you probably want to select the networks at the branchoffice.

Step 2 Determine the next-hop router to the destination networks or the localrouter’s interface that connects to the remote router.

Step 3 Configure the static route on each router. For IP, use the ip routecommand.


prefix The route prefix for the destination

mask The prefix mask for the destination.

address The IP address of the next-hop router that can beused to reach that network.

interface The network interface to use to get to the destinationnetwork.


distance Optional administrative distance to assign to thisroute. (Recall that administrative distance refers tohow believable the routing protocol is).

tag Optional value that can be used as a match value inroute-maps.

permanent Specifies that the route will not be removed even ifthe interface associated with the route goes down.

Note Static routes pointing to an interface should only be used on point-to-point

interfaces since on other interfaces the router will not know which specific address to send

the information to. On point-to-point interfaces the information will be sent to the only otherdevice on the network.



router rip passive-interface Serial1 network 10.0.0.0!ip route 172.16.0.0 255.255.0.0 Serial1

p1r2#sh ip rout<Output Omitted>Gateway of last resort is not set

10.0.0.0 255.255.255.0 is subnetted, 2 subnetsC 10.1.3.0 is directly connected, Serial1C 10.1.1.0 is directly connected, Serial0S 172.16.0.0 is directly connected, Serial1<Output Omitted>

172.16.0.0

10.1.0.0

p2r2

p1r2

Static Route Example

The example in the graphic shows a static route configured on Router p1r2. P1r2will use its interface serial 1 to get to network 172.16.0.0/16. As shown in therouting table for p1r2, static routes pointing to an interface are treated as directlyconnected networks.

When configuring static routes, keep in mind the following considerations:

■ When using static routes, all participating routers must have static routesdefined so that they can advertise the remote networks. This requirement isnecessary because static routes replace routing updates.

If you want a router to advertise a static route in a routing protocol, you mayneed to redistribute it.

■ Static route entries must be defined for all routes that a router is responsiblefor. To reduce the number of static route entries, you can define a default staticroute, for example ip route 0.0.0.0 0.0.0.0 s1. When using RIP, default staticroutes are advertised (redistributed) automatically.



Using and ConfiguringDefault-Network

172.68.0.0/2410.1.0.0/24 p2r2p1r3

10.64.0.1/24

10.64.0.2/24

p1r3#show ip route<Output Omitted>Gateway of last resort is 10.64.0.2 to network 0.0.0.0 10.0.0.0/8 is variably subnetted, 7 subnets, 2 masks<Output Omitted>R 10.2.3.0/24 [120/1] via 10.64.0.2, 00:00:05, Ethernet0C 10.64.0.0/24 is directly connected, Ethernet0R 172.68.0.0/16 [120/1] via 10.64.0.2, 00:00:16, Serial0R* 0.0.0.0/0 [120/1] via 10.64.0.2, 00:00:05, Ethernet0

p2r2:router rip network 10.0.0.0 network 172.68.0.0!ip classlessip default-network 172.68.0.0

Cisco lets you configure default routes for other protocols. For example, when youcreate a default route on a router running RIP, the router advertises an address of0.0.0.0. When a router receives this default route, it will forward any packetsdestined to a destination that does not appear in its routing table to the defaultroute you configured.

When running RIP, you can create the default route by using the ip default-network command. If the router has a directly connected interface onto thenetwork specified in the ip default-network command, RIP will generate (orsource) a default route to its RIP neighbor routers.

The ip default-network command is used as a method of distributing default routeinformation to other routers. This command provides no functionality for therouter on which it is configured.

ip default-network Command Description

network-number The number of the destination network

Note Other protocols behave differently than RIP with the ip route 0.0.0.0 0.0.0.0 and

ip default-network commands. For example, EIGRP will not redistribute default routes bydefault. However, if the network 0.0.0.0 command is added to the EIGRP configuration, it

will redistribute a default route as the result of the ip route 0.0.0.0 0.0.0.0 command, but notas the result of the ip default-network command. Refer to Cisco IOS documentation forfurther information.



Redistribution Example Usingip default-network

��

��

��

P1R1

P1R2 P1R3

S0:10.1.1.2/24

S1:10.1.1.1/24

S1:10.1.3.1/24S0:10.1.3.2/24

S0:10.1.2.1/24 S1:10.1.2.2/24

E0:172.6.31.5/24

E0:172.6.31.6/24

RIP

S1:10.2.1.1/24

S0:10.2.2.1/24

S1:10.2.2.2/24OSPF

P2R1

S0:10.2.1.2/24

S1:10.2.3.1/24 S0:10.2.3.2/24

P2R2 P2R3

RIP

This example demonstrates how you can redistribute in one direction and use adefault route in the other direction, instead of redistributing in both directions.

The graphic illustrates an internetwork that uses three autonomous systems. In thiscase, OSPF is the “core” protocol and RIP is the “edge” protocol. The followingpages illustrate how to:

■ Allow the OSPF backbone to know all the routes in each autonomoussystem—This is done by configuring redistribution on the ASBRs so that allRIP routes are redistributed into OSPF.

■ Allow the RIP autonomous systems to know only about their internal routes,and use a default route to networks that are not in the autonomous system—This is done by configuring a default route on the ASBRs. The default route isadvertised by the ASBRs into the RIP autonomous systems.

Note This redistribution example shows one way to configure redistribution. Many other

ways exist, so you must understand your network topology and requirements in order tochoose the best solution.



Redistribution Example Usingip default-network (cont’d)

P1R3-ASBRP1R1-Internal

interface Serial0 ip address 10.1.2.1 255.255.255.0 bandwidth 64!interface Serial1 ip address 10.1.1.1 255.255.255.0 clockrate 56000!<Output Omitted>!router rip network 10.0.0.0!ip classless<Output Omitted>

<Output Omitted>!router ospf 200 redistribute rip metric 10 subnets network 172.6.31.5 0.0.0.0 area 0!router rip network 10.0.0.0!no ip classlessip default-network 10.0.0.0!<Output Omitted>

Must be on all RIP/IGRP routers if want to use default route to get tounknown subnets of directly connected networks

Must be enabled for subnets.

The graphic illustrates the configurations for one of the ASBRs and a router in oneof the RIP networks. Points about each configuration are as follows:

■ Internal RIP router (P1R1)

— No redistribution configuration is necessary because the intent is not tohave this router learn about external routes.

— The ip classless command is required on all RIP/IGRP routers that mustuse a default route to get to other subnets of network 10.0.0.0 (forexample the 10.2.x.0 subnets). This command allows the software toforward packets that are destined for unrecognized subnets of directlyconnected networks. The packets are forwarded to the best supernet route,which may be the default route. When this feature is disabled, thesoftware discards the packets when the router receives packets for asubnet that numerically falls within its subnetwork addressing scheme, ifthere is no such subnet number in the routing table

Note ip classless is on by default in Cisco IOS Release 12.0; it is off by default inearlier releases.

■ ASBR (P1R3)

— When redistributing into OSPF, you need the subnets keyword so thatsubnetted networks will be redistributed.

— Define the default network to be advertised to the edge protocols.

Note Comprehensive examples of this configuration and outputs appear in Appendix A,

Supplement B, “One-Way Redistribution Configuration Examples.”



Redistribution Example Usingip default-network (cont'd)

ASBR IP routing table

P1R3#show ip route

* 10.0.0.0/24 is subnetted, 6 subnetsC 10.1.3.0 is directly connected, Serial0O E2 10.2.1.0 [110/10] via 172.6.31.6, 00:44:56, Ethernet0C 10.1.2.0 is directly connected, Serial1R 10.1.1.0 [120/1] via 10.1.3.1, 00:00:05, Serial0 [120/1] via 10.1.2.1, 00:00:17, Serial1O E2 10.2.2.0 [110/10] via 172.6.31.6, 00:44:56, Ethernet0O E2 10.2.3.0 [110/10] via 172.6.31.6, 00:44:56, Ethernet0 172.6.0.0/24 is subnetted, 1 subnetsC 172.6.31.0 is directly connected, Ethernet0

P1R3P1R3RIP OSPF

The graphic illustrates one of the ASBR routing tables after redistribution wasenabled on both ASBRs.

For comparison, an example of the routing table prior to redistribution is asfollows:

P1R3#show ip route

<Output Omitted>

10.0.0.0/24 is subnetted, 3 subnets

C 10.1.3.0 is directly connected, Serial0


R 10.1.1.0 [120/1] via 10.1.3.1, 00:00:16, Serial0

[120/1] via 10.1.2.1, 00:00:28, Serial1


C 172.6.31.0 is directly connected, Ethernet0

Notice that in the “before” output the 10.2.0.0/24 networks do not appear. Theyappear once redistribution is configured on P2R2.



Redistribution Example Usingip default-network (cont'd)

Internal router IP routing table

P1R1#show ip route<Output Omitted>

10.0.0.0/24 is subnetted, 3 subnetsR 10.1.3.0 [120/1] via 10.1.1.2, 00:00:24, Serial1 [120/1] via 10.1.2.2, 00:00:10, Serial0C 10.1.2.0 is directly connected, Serial0C 10.1.1.0 is directly connected, Serial1R* 0.0.0.0/0 [120/1] via 10.1.2.2, 00:00:10, Serial0

P1R1P1R1

RIP

• Router forwards packets destined to 10.2.0.0/24networks using the default route

The graphic illustrates one of the internal routing tables after the default route wasconfigured on the ASBR. Using this routing table, P1R1 can successfully ping anynetwork in the other RIP autonomous system, for example:

P1R1#ping 10.2.2.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.2.2.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 68/68/68 ms

P1R1#


Controlling Routing Update TrafficThis section discusses why redistributed routing protocol traffic should becontrolled, and the mechanisms used to control it.


RedistributionImplementation Guidelines

IGRP/OSPF

IGRP OSPFRedistribute

Default or Static


Redistribute and Filter or ChangeAdministrative Distance

At a high level, Cisco recommends you consider employing the followingguidelines when using redistribution:

■ The overriding recommendation is to be familiar with your network and yournetwork traffic. There are many ways to implement redistribution, so knowingyour network will enable you to make the best decision.

■ Do not overlap routing protocols—Do not run two different protocols in thesame internetwork. Rather, have distinct boundaries between networks that usedifferent protocols.

■ One-way redistribution—To avoid routing loops, and problems with varyingconvergence time, only allow routes to be exchanged in one direction, not bothdirections. In the other direction, you should consider using a default route.

■ Two-way redistribution—If you must allow two-way redistribution, enable amechanism to reduce the chances of routing loops. Examples of mechanismscovered in this chapter are default routes, route filters, and modification of themetrics advertised. With these types of mechanisms, you can reduce thechances of routes imported from one autonomous system being re-injected intothe same autonomous system as new route information.



Controlling Routing UpdateTraffic

How can we preventrouting update trafficfrom crossing someof these links?

172.16.7.1

172.16.7.2

172.16.6.1172.16.6.2

172.16.5.2

172.16.5.1172.16.4.1

172.16.4.2

172.16.1.1 172.16.1.2

172.16.3.1

172.16.3.2172.16.2.2

172.16.2.1

172.16.9.1 172.16.10.1

172.16.11.1

TransTrans

R200R200 CenCen

R300R300 R100R100

RemRem

172.16.12.1

64Kb

64Kb

T-1

T-1Frame Relay

Thus far, we have discussed a variety of routing protocols and how they propagaterouting information throughout an internetwork. There are times, however, whenyou do not want routing information propagated, for example:

■ When using an on-demand WAN link—You may want to minimize, or stopentirely, the exchange of routing update information across this type of link,otherwise the link will remain up constantly.

■ When you want to prevent routing loops—Many companies have large enoughnetworks where redundant paths are prominent. In some cases, for example,when a path is learned to the same destination by two different routingprotocols, you may want to filter the propagation of one of the paths.

This section discusses several ways you can control or prevent routing updateexchange and propagation:

■ Passive interface—Prevents all routing updates from being sent through aninterface. For EIGRP and OSPF, this method includes Hello protocol packets.

■ Route update filtering—Use access lists to filter route update traffic aboutspecific networks.

■ Changing administrative distance—Change the administrative distance toaffect which protocol the router believes.

Two other methods of controlling traffic were presented earlier:

■ Default routes—Instructs the router that if it does not have a route for a givendestination, send the packet to the default route.

■ Static routes—A route to a destination that you configured in the router.




• Prevents routing protocol updates from beinggenerated on the interface

passive-interface type number

Using and Configuringpassive-interface

The passive-interface command prevents all routing updates for a given routingprotocol from being sent into a network, but does not prevent the specifiedinterface from receiving updates.

When using the passive-interface command in a network using a link-staterouting protocol, the command prevents the router from establishing a neighboradjacency with other routers connected to the same link as the one specified in thecommand. An adjacency cannot be established because the Hello protocol is usedto verify bi-directional communication between routers. If a router is configured tonot send updates, then it cannot participate in bi-directional communication.

To configure a passive interface, regardless of the routing protocol, do thefollowing:

Step 1 Select the router and routing protocol that requires the passive interface.

Step 2 Determine which interface(s) you do not want routing update traffic to besent through.

Step 3 Configure using the passive interface command.

passive-interface Command Description

type number Type of interface and interface number thatwill not send routing updates.

Note This capability is typically used in conjunction with other capabilities, as you willsee in this chapter.



Using Route Filters

��

��

��

Yes

No

Process packet normally.

Determineinterface.

Process entry according to filter

configuration.

��

Is there a filter for thisinterface?

End

End

��

Is there anentry for this

address?

No

RoutingUpdate

Yes

��Drop packet

The Cisco IOS software can filter incoming and outgoing routing updates by usingaccess lists. In general, the process the router uses is as follows:

1. The router receives a routing update or is getting ready to send an updateabout one or more networks.

2. The router looks at the interface involved with the action.

For example, if it is an incoming update, then the interface on which it arrivedis checked. If it is an update that must be advertised, the interface out ofwhich it should be advertised is checked.

3. The router determines if a filter is associated with the interface.

4. If a filter is associated with the interface, the router views the access list tolearn if there is a match for the given routing update.

If a filter is not associated with the interface, the packet is processed asnormal.

5 If there is a match, then the route entry is processed as configured.

If no match is found in the access list, the implicit deny any at the end of theaccess list will cause the update to be dropped.

Note Filtering routing updates was also discussed in chapter 10 for BGP. The ideas

here are the same, although the commands used are different than those used for BGP, asshown on the next page.



• Use a standard access list to permit or deny routes

• Access list can be applied to transmitted (outbound) orreceived (inbound) routing updates


distribute-list access-list-number | name out [ interface-name l routing-process | autonomous-system number ]

Configuring Route Filtering


distribute-list access-list-number | name in [ type number ]

For Outbound Updates

For Inbound Updates

You can filter routing update traffic for any protocol by defining an access list andapplying it to specific routing protocol. To configure a filter, do the following:

Step 1 Identify the network addresses you want to filter and create an accesslist.

Step 2 Determine if you want to filter them on an incoming or outgoinginterface.

Step 3 To assign the access list to filter outgoing routing updates, use thedistribute-list out command.

distribute-list out Command Description

access-list-number | name Standard access list number or name.

out Applies the access list to outgoing routingupdates.

interface-name Optional interface name out which updates willbe filtered.

routing-process Optional name of the routing process, or thekeyword static or connected, from whichupdates will be filtered.

autonomous-system-number Optional autonomous system number ofrouting process.

Or, to assign the access list to filter incoming routing updates, use thedistribute-list in command:

distribute-list in Command Description

access-list-number | name Standard access list number or name.


in Applies the access list to incoming routingupdates.

type number Optional interface type and number from whichupdates will be filtered.



• Hides network 10.0.0.0 using interface filtering

IP Route FilteringConfiguration Example

S0 192.168.5.0

172.16.0.0

10.0.0.0

router eigrp 1network 172.16.0.0network 192.168.5.0distribute-list 7 out s0!access-list 7 permit 172.16.0.0 0.0.255.255

A

B

The following describes some of the commands shown in the example in thegraphic:

Command Description

distribute-list 7 out s0 Applies access list 7 as a route redistributionfilter on EIGRP routing updates sent oninterface serial 0.


7 Access list number.

permit Routes matching the parameters can beforwarded.

172.16.0.0 0.0.255.255 Network number and wildcard mask used toqualify source addresses. The first two addressoctets must match and the rest are masked.

The distribute-list out command applies access list 7 to outbound packets. Theaccess list only allows routing information about network 172.16.0.0 to bedistributed out the S0 interface. As a result, network 10.0.0.0 is hidden.



D E

IP Static Route FilteringConfiguration Example

D E

ip route 10.0.0.0 255.0.0.0 192.168.7.18ip route 172.16.0.0 255.255.0.0 192.168.7.10!router eigrp 1 network 192.168.7.0 default-metric 10000 100 255 1 1500 redistribute static distribute-list 3 out static!access-list 3 permit 10.0.0.0 0.255.255.255

passive-interface s0

192.168.7.10

S0

192.168.7.18

BA BC

10.0.0.0172.16.0.0

passive-interface s0

The example in the graphic shows a static route being redistributed and filteredinto EIGRP. The following describes some of the commands shown in theexample in the graphic:

Command Description

ip route 10.0.0.0 255.0.0.0 192.168.7.18

10.0.0.0 255.0.0.0 Defines the IP address and subnet mask of thedestination network.

192.168.7.18 Defines the next-hop address to use to reach thedestination.

redistribute static Assigns routes learned from static entries in therouting table to be redistributed into EnhancedIGRP.

distribute-list 3 out static Filters routes learned from static entries by usingaccess list 3, before those routes are passed to theEnhanced IGRP process.


3 The access list is list number 3.

permit Routes that match the parameters will beadvertised.

10.0.0.0 0.255.255.255 Packets about IP addresses that match the firstoctet of 10.0.0.0 will be forwarded.

Note Configure static route redistribution on one router only to eliminate the possibility

of routing loops created by static route redistribution on routers with parallel routes betweennetworks.


In this example, the 10.0.0.0 route is passed to routers D and E. The static route to172.16.0.0 is filtered (denied by the implicit deny at the end of the access list).



• Used for all protocols except EIGRP andBGP redistribution

• Used for EIGRP redistribution

Modifying AdministrativeDistance


distance weight [ address mask [ access-list-number | name ] [ ip ]


distance eigrp internal-distance external-distance

In some cases, you will find that a router will select a suboptimal path because itbelieves a routing protocol that, although it has a better administrative distance,has a poorer route. One way to make sure that routes from the desired routingprotocol are selected is to give the undesired routing protocol a largeradministrative distance. Use the commands shown in the graphic to change thedefault administrative distances.

For all protocols except EIGRP and BGP, use the distance command:

distance Command Description

weight Administrative distance, an integer from 10 to 255(the values 0 to 9 are reserved for internal use.)

address Optional IP address. Allows filtering of networksaccording to the IP address of the router supplyingthe routing information

mask Optional wildcard mask for IP address. A bit set to1 in the mask argument instructs the software toignore the corresponding bit in the address value.

access-list-number | name Number or name of standard access list to beapplied to the incoming routing updates. Allowsfiltering of the networks being advertised.

ip Optional, specifies IP-derived routes for IS-IS.

For EIGRP use the distance eigrp command.

distance eigrp Command Description

internal-distance Administrative distance for Enhanced IGRPinternal routes. Internal routes are those that are


learned from another entity within the sameautonomous system.

external-distance Administrative distance for Enhanced IGRPexternal routes. External routes are those for whichthe best path is learned from a neighbor externalto the autonomous system.



Redistribution Example Usingdistance

172.16.7.1

172.16.7.2

172.16.6.1172.16.6.2

172.16.5.2

172.16.5.1172.16.4.1

172.16.4.2

172.16.1.1 172.16.1.2

172.16.3.1

172.16.3.2 172.16.2.2

172.16.2.1

172.16.9.1 172.16.10.1

172.16.11.1

TransTrans

R200R200 CenCen

R300R300 R100R100

RemRem

172.16.12.1

64 kbps

64 kbps

T1

T1Frame Relay

S0.1S0.2

This example uses RIP and IGRP to illustrate how a router can make a poor pathselection due to the default administrative distance values given to RIP and IGRPin a redundant network. The example also illustrates one possible way ofcorrecting the problem.

The graphic illustrates the network prior to using multiple routing protocols. TheR200 and Cen routers are the primary focus of this example, as are networks172.16.6.0, 172.16.9.0, and 172.16.10.0. The configuration output and routingtables appear on the following pages.

Note This example uses RIP and IGRP for simplicity. These and other protocol

combinations can have the same problems occur, depending on the network topology,which is one reason Cisco highly recommends that you study your network topology prior toimplementing redistribution, and to monitor it after it is enabled.

Note There are a number of ways to correct path selection problems in a redistribution

environment. The purpose of this example is to show how a problem can occur, where itappears, and one possible way of resolving it.



Redistribution Example Usingdistance (cont'd)

AdministrativeDistance

Metric

Cen#show ip route<Output Omitted>

172.16.0.0/24 is subnetted, 11 subnetsI 172.16.9.0 [100/158813] via 172.16.1.1, 00:00:02, TokenRing1I 172.16.10.0 [100/8976] via 172.16.5.2, 00:00:02, Serial0.1I 172.16.11.0 [100/8976] via 172.16.4.2, 00:00:02, Serial0.2C 172.16.4.0 is directly connected, Serial0.2C 172.16.5.0 is directly connected, Serial0.1I 172.16.6.0 [100/160250] via 172.16.5.2, 00:00:02, Serial0.1I 172.16.3.0 [100/8539] via 172.16.2.2, 00:00:02, TokenRing0 [100/8539] via 172.16.1.1, 00:00:03, TokenRing1

CenCen

IGRP

With only IGRP running everywhere:

First, we have only IGRP running in all of the routers in the network. The graphicshows a portion of the routing table on the Cen router. Following is the completeIP routing table for the Cen router:

Cen#show ip route

<Output Omitted>


I 172.16.12.0 [100/1188] via 172.16.2.2, 00:00:02, TokenRing0

I 172.16.9.0 [100/158813] via 172.16.1.1, 00:00:02, TokenRing1

I 172.16.10.0 [100/8976] via 172.16.5.2, 00:00:02, Serial0.1

I 172.16.11.0 [100/8976] via 172.16.4.2, 00:00:02, Serial0.2

C 172.16.4.0 is directly connected, Serial0.2

C 172.16.5.0 is directly connected, Serial0.1

I 172.16.6.0 [100/160250] via 172.16.5.2, 00:00:02, Serial0.1

I 172.16.7.0 [100/158313] via 172.16.1.1, 00:00:02, TokenRing1

C 172.16.1.0 is directly connected, TokenRing1

C 172.16.2.0 is directly connected, TokenRing0

I 172.16.3.0 [100/8539] via 172.16.2.2, 00:00:02, TokenRing0

[100/8539] via 172.16.1.1, 00:00:03, TokenRing1

Note the administrative distance and the composite metrics for each learned link.Administrative distance refers to how believable the routing protocol is, and thecomposite metric is the value assigned to the link.

Now consider that you want to split the network into two autonomous systems—IGRP and RIP. Note that IGRP is more believable than RIP because it has anadministrative distance of 100 and RIP has an administrative distance of 120.




172.16.11.1172.16.7.1

172.16.7.2

172.16.6.1172.16.6.2

172.16.5.2

172.16.5.1

172.16.4.1

172.16.4.2

172.16.1.1 172.16.1.2172.16.3.1

172.16.3.2 172.16.2.2

172.16.2.1

172.16.9.1 172.16.10.1

TransTrans

R200R200 CenCen

R300R300 R100R100

RemRem

172.16.12.1

64 kbps

64 kbps

T1

T1 FrameRelay

RIPRIP

IGRPIGRP

S0.1

S0.2

The graphic shows the network with RIP and IGRP autonomous systems. Theconfigurations for two of the routers are shown on the next graphic.



router rip redistribute igrp 1 passive-interface Serial0 passive-interface TokenRing0 network 172.16.0.0 default-metric 3!router igrp 1 redistribute rip passive-interface Serial1 network 172.16.0.0 default-metric 10 100 255 1 1500


router rip redistribute igrp 1 passive-interface Serial0.2 passive-interface TokenRing0 passive-interface TokenRing1 network 172.16.0.0 default-metric 3!router igrp 1 redistribute rip passive-interface Serial0.1 network 172.16.0.0 default-metric 10 100 255 1 1500

Router Cen Router R200

The configurations for the Cen and R200 routers are shown in the graphic.

The passive interface commands are used to prevent routes from a particularrouting protocol from being forwarded needlessly on links when the remote routercannot understand or is not using that protocol.

Note in these configurations that RIP is being redistributed into IGRP and IGRP isbeing redistributed into RIP, on both routers.




• “Cen” has RIP and IGRP routes

Cen#show ip route<Output Omitted>

172.16.0.0/24 is subnetted, 11 subnetsR 172.16.9.0 [120/2] via 172.16.5.2, 00:00:01, Serial0.1R 172.16.10.0 [120/1] via 172.16.5.2, 00:00:02, Serial0.1I 172.16.11.0 [100/8976] via 172.16.4.2, 00:00:02, Serial0.2C 172.16.4.0 is directly connected, Serial0.2C 172.16.5.0 is directly connected, Serial0.1R 172.16.6.0 [120/1] via 172.16.5.2, 00:00:02, Serial0.1I 172.16.3.0 [100/8539] via 172.16.2.2, 00:00:02, TokenRing0 [100/8539] via 172.16.1.1, 00:00:02, TokenRing1

CenCenRIP IGRP

With IGRP and RIP running :

The graphic shows the resulting routing table on the Cen router. The table lists theroutes that are relevant to the discussion in this section. Notice that the Cen routerlearned RIP and IGRP routes. You can use the following graphic to trace some ofthe routes (this is a copy of the previous figure repeated here for yourconvenience):



172.16.11.1172.16.7.1

172.16.7.2

172.16.6.1172.16.6.2

172.16.5.2

172.16.5.1

172.16.4.1

172.16.4.2

172.16.1.1 172.16.1.2172.16.3.1

172.16.3.2 172.16.2.2

172.16.2.1

172.16.9.1 172.16.10.1

TransTrans

R200R200 CenCen

R300R300 R100R100

RemRem

172.16.12.1

64 kbps

64 kbps

T1

T1 FrameRelay

RIPRIP

IGRPIGRP

S0.1

S0.2



R200#show ip route<Output Omitted>

Gateway of last resort is not set

172.16.0.0/24 is subnetted, 11 subnetsI 172.16.9.0 [100/1000163] via 172.16.1.2, 00:00:37, TokenRing0I 172.16.10.0 [100/1000163] via 172.16.1.2, 00:00:37, TokenRing0I 172.16.11.0 [100/9039] via 172.16.1.2, 00:00:37, TokenRing0I 172.16.4.0 [100/8539] via 172.16.1.2, 00:00:37, TokenRing0I 172.16.5.0 [100/8539] via 172.16.1.2, 00:00:37, TokenRing0I 172.16.6.0 [100/1000163] via 172.16.1.2, 00:00:37, TokenRing0C 172.16.3.0 is directly connected, Serial0


• R200 includes suboptimal paths

R200R200RIP IGRP

With IGRP and RIP running :

The graphic shows the resulting routing table on the R200 router. The route tablelists the routes that are relevant to the discussion in this section. Notice that all theroutes are learned from IGRP, even though R200 is also connected to a RIPnetwork. Notice too that if you trace some of the routes, such as to network172.16.9.0, the router uses the long way via router Cen rather than via router R300.




Router R200router rip redistribute igrp 1<Output Omitted> network 172.16.0.0 default-metric 3!router igrp 1 redistribute rip <Output Omitted> network 172.16.0.0 default-metric 10 100 255 1 1500 distance 130 0.0.0.0 255.255.255.255 1!access-list 1 permit 172.16.9.0access-list 1 permit 172.16.10.0access-list 1 permit 172.16.6.0

Router Cenrouter rip redistribute igrp 1<Output Omitted> network 172.16.0.0 default-metric 3!router igrp 1 redistribute rip <Output Omitted> network 172.16.0.0 default-metric 10 100 255 1 1500 distance 130 0.0.0.0 255.255.255.255 1!access-list 1 permit 172.16.9.0access-list 1 permit 172.16.10.0access-list 1 permit 172.16.6.0

Router R200 selected the poor paths because IGRP has a better administrativedistance than RIP. To make sure that R200 selects the RIP routes, you can changethe administrative distance, as shown in the graphic.

The following describes some of the commands shown in the example in thegraphic:

Command Description

distance 130 0.0.0.0 255.255.255.255 1

130 Defines the administrative distance that specifiedroutes will be assigned.

0.0.0.0 255.255.255.255 Defines the source address of the router supplyingthe routing information, in this case any router.

1 Defines the access-list to be used to filter incomingrouting updates to determine which will have theiradministrative distance changed.


1 The access-list number.

permit Allows all networks that match the address to bepermitted, in this case to have their administrativedistance changed.

172.16.9.0 A network to be permitted, in this case to have it’sadministrative distance changed.

Router R200, for example, is configured to assign an administrative distance of130 to IGRP routes to networks 172.16.9.0, 172.16.10.0, and 172.16.6.0. In thisway, when the router learns about these networks from RIP, the RIP-learned routes(with a lower administrative distance of 120) will be selected and put in the


routing table. Note that the distance command is for IGRP-learned routes becauseit is part of the IGRP routing process configuration.




• R200 learns some RIP routes

R200#show ip route<Output Omitted>

172.16.0.0/24 is subnetted, 11 subnetsR 172.16.9.0 [120/1] via 172.16.7.1, 00:00:19, Serial1R 172.16.10.0 [120/2] via 172.16.7.1, 00:00:19, Serial1I 172.16.11.0 [100/9039] via 172.16.1.2, 00:00:49, TokenRing0I 172.16.4.0 [100/8539] via 172.16.1.2, 00:00:49, TokenRing0I 172.16.5.0 [100/8539] via 172.16.1.2, 00:00:49, TokenRing0R 172.16.6.0 [120/1] via 172.16.7.1, 00:00:19, Serial1C 172.16.3.0 is directly connected, Serial0

R200R200RIP IGRP

With IGRP and RIP runningand filtering :

The output in the graphic shows that Router R200 now has retained the betterroute to some of the networks by learning them from RIP.

With this configuration, however, note the loss of routing information. Forexample, given the actual bandwidths involved, the IGRP path would have beenbetter for the 172.16.10.0 network, so it may have made sense to not include172.16.10.0 in the access-list.

This example illustrates the importance of not only knowing your network prior toimplementing redistribution, but also that you should view which routes therouters are selecting after redistribution is enabled. You should pay particularattention to routers that can select from a number of possible redundant paths to anetwork because they are more likely to select suboptimal paths.


Verifying Redistribution OperationThis section discusses commands used to verify route redistribution.


• Displays the contents of the IP routingtable

• Traces the path a packet takes

show ip routeRouter#

Verifying RedistributionOperation

traceRouter#

The best way to verify redistribution operation is to:

■ Know your network topology, particularly where redundant routes exist.

■ Show the routing table of the appropriate routing protocol on a variety ofrouters in the internetwork. For example, check the routing table on the ASBRas well as some of the internal routers in each autonomous system.

■ Perform a trace on some of the routes that go across the autonomous systemsto verify that the shortest path is being used for routing. Make sure that youespecially run traces to networks for which redundant routes exist.

■ If you do encounter routing problems, use trace and debug commands toobserve the routing update traffic on the ASBRs and internal routers.

Note Running debug requires extra processing by the router, so if the router is already

overloaded, initiating debug is not recommended.


Written Exercise: Redistribution and ControllingRouting Update Traffic

Objectives:

■ Select and configure the different ways to control route update traffic.

■ Configure route redistribution in a network that does not have redundant pathsbetween dissimilar routing processes

■ Configure route redistribution in a network that has redundant paths betweendissimilar routing processes

■ Resolve path selection problems that result in a redistributed network

■ Verify route redistribution

Task: Answer the following questions about redistribution and controlling routingupdate traffic.

1 List three reasons why you may use multiple routing protocols in a network.

_____________________________________________________________

_____________________________________________________________

_____________________________________________________________

2 What two parameters are used by routers to select the best path when theylearn two or more routes to the same destination from different routingprotocols?

_____________________________________________________________

_____________________________________________________________

3 What are the components of the EIGRP routing metric?

_____________________________________________________________

_____________________________________________________________

_____________________________________________________________

4 Consider that you have a dialup WAN connection between site A and site B.What can you do to prevent excess routing update traffic from crossing thelist, but still have the boundary routers know the networks that are at theremote sites?

_____________________________________________________________

_____________________________________________________________

5 What command is used to cause RIP to source a default route?

_____________________________________________________________

6 If there is no filter associated with an interface, what happens to packetsdestined for that interface?

_____________________________________________________________


7 What command can be used to discover the path that a packet takes through anetwork?

_____________________________________________________________

8 How can a routing loop result in a network that has redundant paths betweentwo routing processes?

_____________________________________________________________

_____________________________________________________________

_____________________________________________________________


Policy-Based Routing Using Route-MapsThis section describes what policy-based routing is and how to configure it usingroute-maps.



Policy-based routing

• Allows you to implement policies thatselectively cause packets to take differentpaths

• Can also mark traffic with different TOS

• Since IOS Release 11.0

In today's high performance internetworks, organizations need the freedom toimplement packet forwarding and routing according to their own defined policiesin a way that goes beyond traditional routing protocol concerns. By using policy-based routing, introduced in Cisco IOS Release 11.0, policies that selectivelycause packets to take different paths can be implemented.

Policy-based routing also provides a mechanism to mark packets with differenttypes of service (TOS). This feature can be used in conjunction with IOS queuingtechniques so that certain kinds of traffic can receive preferential service.



Policy-Based RoutingBenefits

Policy-Based RoutingBenefits

Benefits of Policy-Based Routing• Source-Based Transit Provider Selection

– different users go different ways

• Quality of Service (QoS)– set precedence or TOS, used with queueing

• Cost Savings– use high cost links only when necessary

• Load Sharing– use multiple paths based on traffic characteristics

The benefits that can be achieved by implementing policy-based routing in thenetworks include:

■ Source-Based Transit Provider Selection—Internet service providers and otherorganizations can use policy-based routing to route traffic originating fromdifferent sets of users through different Internet connections, across the policyrouters.

■ Quality of Service (QoS)—Organizations can provide QoS to differentiatedtraffic by setting the precedence or type of service (TOS) values in the IPpacket headers in routers at the periphery of the network and leveragingqueuing mechanisms to prioritize traffic in the core or backbone of thenetwork. This setup improves network performance by eliminating the need toclassify the traffic explicitly at each WAN interface in the core or backbone ofthe network.

■ Cost Savings— An organization can direct the bulk traffic associated with aspecific activity to use a higher bandwidth, high-cost link for a short time, andcontinue basic connectivity over a lower bandwidth, low-cost link forinteractive traffic. For example, a dial-on-demand Integrated Services DigitalNetwork (ISDN) line could be brought up in response to traffic to a financeserver for file transfers selected by policy routing.

■ Load Sharing—In addition to the dynamic load-sharing capabilities offered bydestination-based routing that the Cisco IOS software has always supported,network managers can now implement policies to distribute traffic amongmultiple paths based on the traffic characteristics.



PoliciesPolicies

Applied to incoming packets

Implemented using route-maps• Match ing routes modified by set commands

• If match criteria met and route-map specified permit

– control routing as specified by the set action

• If match criteria met and route-map specified deny

– normal (destination based) routing

• If all sequences in the list checked and no matches

– normal (destination based) routing

Policy-based routing is applied to incoming packets. All packets received on aninterface with policy-based routing enabled are considered for policy-basedrouting. The router passes the packets through a route-map. Based on the criteriadefined in the route-map, packets are forwarded to the appropriate next hop.

Routers normally forward packets to the destination addresses based oninformation in their routing tables. Instead of routing by the destination address,policy-based routing allows network administrators to determine and implementrouting policies to allow or deny paths based on:

■ The identity of a particular end system

■ The application being run

■ The protocol in use

■ The size of packets

As discussed in chapter 10, route-maps are complex access-lists. Each entry in aroute-map statement contains a combination of match and set statements. Thematch statements define the criteria for whether appropriate packets meet theparticular policy (that is, the conditions to be met). The set clauses define how thepackets should be routed once they have met the match criteria.

For each combination of match and set commands in a route-map statement, allsequential match statements must be met simultaneously by the packet for the setstatements to be applied. There may be multiple sets of combinations of match andset commands in a full route-map statement.

The route-map statements can also be marked as permit or deny. If the statement ismarked as a deny, a packet meeting the match criteria is sent back through thenormal forwarding channels (in other words, destination-based routing isperformed). Only if the statement is marked as permit and the packet meets the


match criteria are all the set commands applied. If no match is found in the route-map then the packet is forwarded through the normal routing channel.

If it is desired not to revert to normal forwarding and to drop a packet that does notmatch the specified criteria, then a set statement to route the packets to interfacenull 0 should be specified as the last entry in the route-map.



Route-Map ConfigurationReview

Route-Map ConfigurationReview

Router(config)#

route-map map-tag [permit | deny] [ sequence-number ]

• Defines the conditions for policy routing


match { conditions }


set { actions }

• Defines the conditions to match

• Defines the action to be taken on a match

The graphic is a review of the route-map configuration commands from chapter10. The specific match and set commands for policy-based routing are discussed inthe following pages.



Policy Routing matchCommands

Policy Routing matchCommands


match ip address {access-list-number | name} [...access-list-number | name]


match length min max

• Matches IP addresses for policy routing

• Matches layer 3 length of packet for policy routing

IP standard or extended access lists can be used to establish policy-based routingmatch criteria using the match ip address command. A standard IP access list canbe used to specify the match criteria for source address of a packet; extendedaccess lists can be used to specify the match criteria based on source anddestination address, application, protocol type, TOS, and precedence.

match ip address Command Description

access-list-number | name Number or name of a standard or extendedaccess list to be used to test incomingpackets. If multiple access-lists are specified,matching any one will result in a match.

The match length command can be used to establish criteria based on the packetlength, between specified minimum and maximum values. For example, a networkadministrator could use the match length as the criterion that distinguishes betweeninteractive and file transfer traffic, since file transfer traffic usually has largerpacket sizes.

match length Command Description

min Minimum layer 3 length of the packet,inclusive, allowed for a match.

max Maximum layer 3 length of the packet,inclusive, allowed for a match.



Policy Routing setCommands

Policy Routing setCommands


set interface type number [...type number]

• Defines interface to output packets to


set ip next-hop ip-address [...ip-address]

• Defines next hop to output packets to

If the match statements are satisfied, one of the following set statements can beused to specify the criteria for forwarding packets through the router; they areevaluated in the order listed here. Once a destination address or interface has beenchosen, other set commands for changing the destination address or interface areignored.

1. The set ip next-hop command provides a list of specified IP addresses used tospecify the adjacent next hop router in the path toward the destination to whichthe packets should be forwarded. The first IP address associated with acurrently up connected interface will be used to route the packets.

set ip next-hop Command Description

ip-address IP address of the next hop to which packetsare output. It must be the address of anadjacent router.

2. The set interface command provides a list of interfaces through which thepackets can be routed. If more than one interface is specified, then the firstinterface that is found to be up will be used for forwarding the packets.

set interface Command Description

type number Interface type and number, to which packetsare output.

Note If there is no explicit route for the destination address of the packet in the routing

table, the set interface command is not followed.



Policy Routing setCommands (cont’d)Policy Routing set

Commands (cont’d)


set default interface type number [...type number]

• Defines interface to output packets that have no explicitroute to the destination


set ip default next-hop ip-address [...ip-address]

• Defines next hop to output packets that have no explicitroute to the destination

3. The set ip default next-hop command provides a list of default next hop IPaddresses. The packet is routed to the next hop specified by this set clause onlyif there is no explicit route for the destination address in the packet in therouting table. The first next hop specified that appears to be adjacent to therouter is used. The optional specified IP addresses are tried in turn.

set ip default next-hop Command Description

ip-address IP address of the next hop to which packetsare output. It must be the address of anadjacent router

4. The set default interface command provides a list of default interfaces. Ifthere is no explicit route available to the destination address of the packetbeing considered for policy routing, then it will be routed to the first upinterface in the list of specified default interfaces.

set default interface Command Description

type number Interface type and number, to which packetsare output.

5. The set ip tos command is used to set the IP TOS value in the IP packets.

6. The set ip precedence command is used to set the IP precedence in the IPpackets.

The set commands can be used in conjunction with each other.



Configuring Policy-BasedRouting

Configuring Policy-BasedRouting

Router(config-if)#

ip policy route-map map-tag

• Specify a route-map to use for policy routingon an interface

Router(config-if)#

ip route-cache policy

• Enable fast switched policy routing

To identify a route-map to use for policy routing on an interface, use the ip policyroute-map interface configuration command.

ip policy route-map Command Description

map-tag Name of the route-map to use for policyrouting. Must match a map-tag specified by aroute-map command.

Note Policy-based routing is specified on the interface that receives the packets, not on

the interface from which the packets are sent.

IP policy routing can now be fast-switched. Prior to this feature, policy routingcould only be process switched, which meant that on most platforms, the switchingrate was approximately 1,000 to 10,000 packets per second. This was not fastenough for many applications. Users who need policy routing to occur at fasterspeeds can now implement policy routing without slowing down the router.

Policy routing must be configured before you configure fast-switched policyrouting. Fast switching of policy routing is disabled by default. To have policyrouting be fast-switched, use the ip route-cache policy command in interfaceconfiguration mode.

Fast-switched policy routing supports all of the match commands and most of theset commands, except for the following restrictions:

■ The set ip default command is not supported.

■ The set interface command is supported only over point-to-point links, unlessa route-cache entry exists using the same interface specified in the set interfacecommand in the route-map. Also, at the process level, the routing table is


consulted to determine if the interface is on a reasonable path to thedestination. During fast switching, the software does not make this check.Instead, if the packet matches, the software blindly forwards the packet to thespecified interface.



Policy-Based RoutingExample

Policy-Based RoutingExample

S3:10.1.1.1

C

A

B

192.168.2.0

S1:172.17.1.1

S0:10.1.1.100S1:172.17.1.2

S2:172.16.1.2

S0:172.16.1.1

192.168.1.0

Router A has a policy that packets from192.168.2.1 go to Router C’s interface S1

In the graphic Router A has a policy that packets from 192.168.2.1 should go outto Router C’s interface serial 1. All other packets should be routed according totheir destination.



Policy-Based RoutingExample (cont’d)

Policy-Based RoutingExample (cont’d)

RouterA(config)# interface Serial2RouterA(config-if)# ip address 172.16.1.2 255.255.255.0RouterA(config-if)# ip policy route-map testRouterA(config)#route-map test permit 10RouterA(config-route-map)#match ip address 1RouterA(config-route-map)#set ip next-hop 172.17.1.2RouterA(config-route-map)#exitRouterA(config)#access-list 1 permit 192.168.2.1 0.0.0.0

Router A’s serial 2 interface, where packets from 192.168.2.1 go into Router A, isconfigured to do policy routing with the ip policy route-map command. Theroute-map test is used for this policy routing. It tests the IP addresses in packetsagainst access-list 1 to determine which packets will be policy routed.

Access-list 1 specifies that packets with a source address of 192.168.2.1 will bepolicy routed. Packets that match access-list 1 will be sent to the next-hop address172.17.1.2, which is Router C’s serial 1 interface. All other packets will beforwarded normally, according to their destination. (Recall that access-lists havean “implicit deny any” at the end, so no other packets will be permitted by access-list 1).


Verifying Policy-Based RoutingThis section discusses commands used to verify policy-based routing.


Verifying Policy-BasedRouting

Verifying Policy-BasedRouting

Router#

show ip policy

• Display route-maps configured on interfaces

Router#

show route-map [ map-name ]

• Display a route-map

To display the route-maps used for policy routing on the router’s interfaces, usethe show ip policy EXEC command.

To display configured route-maps, use the show route-map EXEC command.

show route-map Command Description

map-name Optional name of a specific route-map.



Verifying Policy-BasedRouting (cont’d)

Verifying Policy-BasedRouting (cont’d)

Router#

debug ip policy

• Enable display of IP policy routing eventsRouter#

trace

• Extended trace allows specification ofsource address

Router#

ping

• Extended ping allows specification of sourceaddress

Use the debug ip policy EXEC command to display IP policy routing packetactivity. This command helps you determine what policy routing is doing. Itdisplays information about whether a packet matches the criteria, and if so, theresulting routing information for the packet.

Note Because the debug ip policy command generates a significant amount of output,

use it only when traffic on the IP network is low, so other activity on the system is notadversely affected.

To discover the routes the packets follow when traveling to their destination fromthe router, use the trace privileged EXEC command. To change the defaultparameters and invoke an extended trace test, enter the command without adestination argument. You will be stepped through a dialog to select the desiredparameters.

To check host reachability and network connectivity, use the ping (IP packetinternet groper function) privileged EXEC command. You can use the extendedcommand mode of the ping command to specify the supported header options, byentering the command without any arguments.



Verifying Policy-BasedRouting Examples


RouterA# show ip policyInterface Route mapSerial2 test

RouterA# show route-maproute-map test, permit, sequence 10 Match clauses: ip address (access-lists): 1 Set clauses: ip next-hop 172.17.1.2 Policy routing matches: 3 packets, 168 bytes

Note The output shown in the graphic is from Router A in the last example.

The graphic provides examples of two show commands. The show ip policycommand indicates that the route-map called test is used for policy routing on therouter’s interface serial 2. The show route-map command indicates that threepackets have matched sequence 10 of the test route-map.





RouterA# debug ip policyPolicy routing debugging is on

RouterA# show logging...11:50:51: IP: s=172.16.1.1 (Serial2), d=192.168.1.1(Serial3), len 100, policy rejected -- normal forwarding...11:51:25: IP: s=192.168.2.1 (Serial2), d=192.168.1.1, len100, policy match11:51:25: IP: route map test, item 10, permit11:51:25: IP: s=192.168.2.1 (Serial2), d=192.168.1.1(Serial1), len 100, policyrouted11:51:25: IP: Serial2 to Serial1 172.17.1.2

Note The output shown in the graphic is from Router A in the last example.

The graphic provides an example of the output of the debug ip policy command.The show logging command shows the logging buffer including the output of thedebug command. The output indicates that a packet from 172.16.1.1 destined for192.168.1.1 was received on interface serial 2 and that it was rejected by the policyon that interface. The packet is routed normally (i.e. by destination).

Another packet, from 192.168.2.1 destined for 192.168.1.1, was later received onthe same interface serial 2. This packet matched the policy on that interface andwas therefore policy routed and sent out interface serial 1 to 172.17.1.2.


Case Study: RedistributionRecall that throughout this course we have been using a case study of JKLCorporation to discuss various aspects of scalable routing. The case studies areused to review key concepts, to discuss critical issues surrounding networkoperation, and to provide a focus for the lab exercises.


RIP Domain, Metric = Hops1 Class C Supports Unix W/S, Servers

OSPF Domain, Metric = Cost1 Class C Supports Acquisition Policy

IGRP Domain, Metric = Composite1 Private Class A Supports

Regional Campus Topology

Private Address SpaceNetwork 10.0.0.0

T-3

Fast EthernetEthernetSerial

Case Study - RedistributionJKL’s Acquisition A

A’s new acquisition

To JKL

1

2

3

In this case study, we will look at how JKL’s Acquisition A will implement it’srouting protocols. Recall that Acquisition A is running a mixture of protocols,IGRP, RIP and OSPF. It has two class C public addresses and uses a class Aprivate address. As shown in the graphic, each of the three protocol domains isconnected to the other two.


■ Routing domains, including scaling issues:

■ Within each of the protocol domains (RIP, IGRP, OSPF) what are thelimitations?

■ What implications do these limitations have when redistributinginformation between the domains?


■ What issues may arise when configuring redistribution in this network?

■ Sub-optimal routes in routing tables

■ Which routing protocol will be selected as the most believable?


■ Is there a potential for routing loops in this network?

■ Exchange of route information

■ Will any of the interfaces have to be configured as passive interfaces?

■ When would it be more appropriate to use a distribute-list filter on aninterface versus for a process?

■ Is there anywhere in the network where policy-based routing would beappropriate?

■ Synchronization/metric issues

■ How do each of the protocols in use ensure that the routers running themare synchronized?

■ When a router in the RIP domain learns of a network within the OSPFdomain, what meaning does the metric have?

■ Ease of configuration

■ How difficult would it be to configure each of the individual routingdomains?

■ How much more complicated is it to implement redistribution between therouting domains?

■ Are there any alternatives? How easy would they be to implement?


Summary


Summary

After completing this chapter, you should beable to perform the following tasks:• Select and configure the different ways to control

route update traffic• Configure route redistribution in a network that does

not have redundant paths between dissimilar routingprocesses

• Configure route redistribution in a network that hasredundant paths between dissimilar routingprocesses



Summary (cont’d)Summary (cont’d)

• Resolve path selection problems that result in aredistributed network

• Verify route redistribution• Configure policy-based routing using route-maps• Given a set of network requirements, configure

redistribution between different routing domains andverify proper operation (within described guidelines)of your routers

• Given a set of network requirements, configurepolicy-based routing within your pod and verifyproper operation (within described guidelines) ofyour routers




Review Questions

1. What is redistribution?

2. What is the default administrative distancefor IGRP? For RIP? For OSPF?

3. When configuring a default metric forredistributed routes, the metric should beset to a value ________ than the largestmetric within the AS.

4. What command is used for policy-basedrouting to establish criteria based on thepacket length?



Review Questions (cont’d)Review Questions (cont’d)

5. What command is used to configurefiltering of the routing update traffic froman interface? What command mode is thiscommand entered in?

6. What does the following command do?distance 150 0.0.0.0 255.255.255.255 3

7. What are the benefits of policy-basedrouting?

8. Policy-based routing is applied to ________packets?

.

14

ImplementingScalability Features inYour Internetwork

OverviewThis chapter is a review of the contents in the course, and culminates with a largesummary lab that allows the students to configure many of the features discussed.


Note Note to reviewers: The Chapter 14 listed in the design document has been deleted and this chapter now becomes

chapter 14. Compared to the design document, some topics have been renamed and reordered, to improve the flow of thischapter.

■ Objective

■ Routing Principles

■ Extending IP Addressing Space

■ Connecting to ISPs

■ Controlling Overhead Traffic

■ Route Redistribution

■ Written Exercise: Using Scalable Strategies

■ Case Study: Summary (Optional)


■ Summary


Copyright 1999, Cisco Systems, Inc. Implementing Scalability Features in Your Internetwork 14-3

ObjectiveThis section lists the chapter’s objective.


Objective

Upon completion of this chapter, you willbe able to perform the following task:• Given a set of network requirements, configure

many of the features discussed in class and verifyproper operation (within described guidelines) ofyour routers

Upon completion of this chapter, you will be able to perform the following task:

■ Given a set of network requirements, configure many of the features discussedin class and verify proper operation (within described guidelines) of yourrouters


Routing PrinciplesThis section reviews the principles of routing.


What is Routing?What is Routing?

Routing is the process of forwarding an itemfrom one location to another

Routers forward traffic to a logical destinationin a computer network

Routers perform two major functions:• Routing

Learning the logical topology of the network

• SwitchingForwarding packets from an inbound interface to anoutbound interface

Routing is a relay system by which items are forwarded from one location toanother, from a logical source to a logical destination. Each device in the networkhas a logical address so it can be reached individually or in some cases as part of alarger group of devices.

For a router to act as an effective relay device, it must be able to understand thelogical topology of the network and to communicate with its neighboring devices.The router understands several different logical addressing schemes and regularlyexchanges topology information with other devices in the network. Themechanism of learning and maintaining awareness of the network topology isconsidered to be the routing function. The actual movement of transient trafficthrough the router is a separate function and is considered to be the switchingfunction. Routing devices must perform both a routing and a switching function tobe an effective relay device.



Classful RoutingClassful Routing

Classful routing protocols are a consequenceof the distance vector method of routecalculation

• RIPv1

• IGRP

Subnet masks are not carried within theroutine, periodic routing updates

Summary routes are automatically created atmajor network boundaries

Classful routing is a consequence of the fact that subnet masks are not advertisedin the periodic, routine, routing advertisements generated by distance vectorrouting protocols.

In a classful environment, the receiving device must know the mask associatedwith any advertised subnets. There are two ways this information can be gained:

■ The receiving device shares the same mask as the advertising device.

■ If the mask does not match, the receiving device must use the default routingmask.

Classful routing protocols, such as RIPv1 and IGRP, exchange routes to allsubnetworks within the same network. This is possible because all of thesubnetworks in the major network must have the same routing mask.

When routes are exchanged with foreign networks (networks whose networkportion does not match ours), subnetwork information from this network cannot beincluded because the mask of the network will not be known. As a result, thesubnetwork information from this network must be summarized to a classfulboundary using a default routing mask prior to inclusion in the routing update. Thecreation of a classful summary route at major network boundaries is handledautomatically by classful routing protocols. Summarization at other points withinthe major network address is not allowed by classful routing protocols.



Classless RoutingClassless Routing

Classless routing protocols include the routingmask with the route advertisement• Open Shortest Path First (OSPF)

• Enhanced IGRP

• RIPv2

• IS-IS

• BGP

Routing updates triggered by topology changes

Summary routes manually controlled at anypoint within the network

Classless routing protocols can be considered as second generation protocolsbecause they are designed to deal with some of the limitations of the earlierclassful protocols.

One of the most serious limitations in a classful network environment is that thesubnet mask is not exchanged during the routing update process. This originalapproach required the same mask be used on all subnetworks. The classlessapproach advertises the mask for each route and therefore a more precise lookupcan be performed in the routing table.

Once the initial topology learning phase is complete, updates about network routesare triggered by changes in topology. The event-driven approach reduces theperiodic bandwidth consumption associated with full table updates.

Classless routing protocols also address another limitation of the classfulapproach: the need to summarize to a classful network with a default routing maskat major network boundaries. In the classless environment, the summarizationprocess is manually controlled and can be invoked at any point within the network.Since subnet routes are propagated throughout the routing domain, summarizationis required to keep the size of the routing tables at a manageable size.


Extending IP Addressing SpaceThis section reviews some of the features available to extend the IP addressingspace.


IP Addressing Solutions

• Subnet Masking, RFC 1812• Address Allocation for Private Internets, RFC

1918

• Network Address Translation, RFC 1631

• Hierarchical Addressing

• Variable-Length Subnet Masks, RFC 1812

• Route Summarization, RFC 1518

• Classless Inter-Domain Routing, RFCs 1518,

1519

Since the 1980s, solutions have been developed to slow the depletion of IPaddresses and to reduce the number of Internet route table entries by enablingmore hierarchical layers in an IP address. These solutions include:

■ Subnet Masking—RFCs 950 (1985), 1812 (1995)—Developed to add anotherlevel of hierarchy to an IP address. This additional level allows for extendingthe number of network addresses derived from a single IP address.

■ Address Allocation for Private Internets—RFC 1918 (1996)—Developed fororganizations that do not need much access to the Internet. The only reason tohave a NIC-assigned IP address is to interconnect to the Internet. Any and allcompanies can use the privately assigned IP addresses within theirorganization, rather than using a NIC-assigned IP address unnecessarily.

■ Network Address Translation (NAT)—RFC 1631 (1994)—Developed forthose companies that use private addressing or use non-NIC-assigned IPaddresses. This strategy enables an organization to access the Internet with aNIC-assigned address, without having to reassign the private or “illegal”addresses that are already in place.

■ Hierarchical Addressing— Applying a structure to addressing such thatmultiple addresses share the same leftmost bits.

■ Variable-Length Subnet Masks (VLSMs)—RFC 1812 (1995)—Developed toallow multiple levels of subnetworked IP addresses within a single network.This strategy can only be used when it is supported by the routing protocol inuse, such as OSPF and EIGRP.


■ Route Summarization—RFC 1518 (1993)—A way of having a single IPaddress represent a collection of IP addresses when you employ a hierarchicaladdressing plan.

■ Classless Inter-Domain Routing (CIDR)—RFCs 1518, 1519 (1993), 2050(1996)—Developed for ISPs. This strategy suggests that the remaining IPaddresses be allocated to ISPs in contiguous blocks, with geography being aconsideration.



What Is a Variable-LengthSubnet Mask?

HQ

C

B

172.16.14.32/27

172.16.14.64/27

172.16.14.96/27

172.16.14.132/30172.16.14.136/30

172.16.14.140/30

• Subnet 172.16.14.0/24 is divided into smaller subnets:– Subnet with one mask at first (/27)

– Further subnet one of these subnets not used elsewhere(/30)

A

172.16.1.0/24

172.16.0.0/16

172.16.2.0/24

VLSMs provide the ability to include more than one subnet mask within anetwork, and the ability to subnet an already subnetted network address. Thebenefits of VLSMs include:

■ Even more efficient use of IP addresses—Without the use of VLSMs,companies are locked into implementing a single subnet mask within an entireclass A, B or C network number.

For example, consider the 172.16.0.0/16 network address divided into subnetsusing /24 masking, and one of the subnetworks in this range, 172.16.14.0/24,further divided into smaller subnets with the /27 masking, as shown in thegraphic. These smaller subnets range from 172.16.14.0/27 to172.16.14.224/27. In the graphic, one of these smaller subnets, 172.16.14.128,is further divided with the /30 prefix, creating subnets with only two hosts, tobe used on the WAN links.

■ Greater capability to use route summarization—VLSMs allow for morehierarchical levels within your addressing plan, and thus allow for better routesummarization within routing tables. For example, in the graphic, subnet172.16.14.0/24 summarizes all of the addresses that are further subnets of172.16.14.0, including those from subnet 172.16.14.0/27 and from172.16.14.128/30.



What Is Route Summarization?

• Routing protocols can summarize addresses of severalnetworks into one address

I can route to the 172.16.0.0/16 network.

Routing Table172.16.0.0/16Routing Table

172.16.25.0/24172.16.26.0/24172.16.27.0/24

172.16.27.0/24

172.16.26.0/24

172.16.25.0/24

A B

In large internetworks hundreds or even thousands of network addresses can exist.In these environments, it is often not desirable for routers to maintain all theseroutes in their routing table. Route summarization, also called route aggregation orsupernetting, can reduce the number of routes that a router must maintain becauseit is a method of representing a series of network numbers in a single summaryaddress. For example, as the graphic shows, the router can either send three routingupdate entries, or summarize the addresses into a single network number.

Note The router in the graphic is saying that it can route to the network 172.16.0.0/16,

including all subnets of that network. However, if there were other subnets of 172.16.0.0elsewhere in the network (for example, if 172.16.0.0 was discontiguous), summarizing inthis way may not be valid.



What is CIDR?

HQ

H

B

192.168.8.0/24

192.168.9.0/24

192.168.15.0/24

• Networks 192.168.8.0/24 through 192.168.15.0/24 aresummarized by HQ in one advertisement 192.168.8.0/21

A

.

.

.

192.168.8.0/21

192.168.15.0/24

192.168.9.0/24

192.168.8.0/24

.

.

.

CIDR is a mechanism developed to help alleviate the problem of exhaustion of IPaddresses and growth of routing tables. The idea behind CIDR is that blocks ofmultiple Class C addresses can be combined, or aggregated, to create a larger (thatis, more hosts allowed) classless set of IP addresses. Blocks of Class C networknumbers are allocated to each network service provider. Organizations using thenetwork service provider for Internet connectivity are allocated subsets of theservice provider's address space as required.

These multiple Class C addresses can then be summarized in routing tables,resulting in fewer route advertisements

CIDR is described further in RFCs 1518 and 1519. RFC 2050, the InternetRegistry IP Allocation Guidelines, specifies guidelines for the allocation of IPaddresses.

The graphic shows an example of CIDR and route summarization. The class Cnetwork addresses 192.168.8.0/24 through 192.168.15.0/24 are being used and arebeing advertised to the HQ router. When the HQ router advertises the networksavailable, instead of separately advertising the eight class C networks, it cansummarize these into one route. By advertising 192.168.8.0/21, the HQ router issaying: “I can get to all destination addresses that have the first 21 bits the same asthe first 21 bits of the address 192.168.8.0”.


Connecting to ISPsThis section reviews autonomous systems and BGP as they relate to connecting toInternet Service Providers.


Autonomous Systems

Autonomous System 100 Autonomous System 200

IGPs: RIP, IGRP, OSPF, EIGRP

EGPs: BGP

• An autonomous system (AS) is a collection ofnetworks under a a single technical administration

• IGPs operate within an autonomous system

• EGPs connect different autonomous systems

One way to categorize routing protocols is by whether they are interior or exterior:

■ Interior gateway protocols (IGPs)—Routing protocols used to exchangerouting information within an autonomous system. RIP, IGRP, OSPF andEIGRP are examples of IGPs.

■ Exterior gateway protocols (EGPs)—used to connect between autonomoussystems. Border Gateway Protocol (BGP) is an example of an EGP.

BGP version 4, BGP-4, is the latest version of BGP and is defined in RFC 1771.As noted in this RFC, the classic definition of an autonomous system is “a set ofrouters under a single technical administration, using an interior gateway protocoland common metrics to route packets within the AS, and using an exterior gatewayprotocol to route packets to other ASs.”

Nowadays, ASs may use more than one IGP, with potentially several sets ofmetrics. The important characteristic of an AS from the BGP point of view is thatthe AS appears to other ASs to have a single coherent interior routing plan andpresents a consistent picture of what destinations are reachable through it. All partsof the AS must be connected to each other.



BGP Characteristics

BGP is a distance-vector protocol withenhancements:• Reliable updates - BGP runs on top of TCP (port

179)

• Incremental, triggered updates only

• Periodic keepalives to verify TCP connectivity

• Rich metrics (called path vectors or attributes)

• Designed to scale to huge internetworks

BGP is a distance vector protocol, but is has many differences to the likes of RIP.

BGP uses TCP as its transport protocol, which provides connection-orientedreliable delivery. In this way, BGP assumes that its communication is reliable andtherefore it doesn’t have to implement any retransmission or error recoverymechanisms. BGP uses TCP port 179. Two routers speaking BGP form a TCPconnection with one another and exchange messages to open and confirm theconnection parameters. These two routers are called peer routers or neighbors.

Once the connection is made, full routing tables are exchanged. However since theconnection is reliable, BGP routers need only send changes (incremental updates)after that. Periodic routing updates are also not required on a reliable link, sotriggered updates are used. BGP sends “keepalive” messages, similar to the “hello”messages sent by OSPF and EIGRP.

BGP routers exchange network reachability information, called path vectors, madeup of path attributes, including a list of the full path (of BGP AS numbers) that aroute should take in order to reach a destination network. This path information isused in constructing a graph of ASs that is loop free and where routing policies canbe applied in order to enforce some restrictions on the routing behavior. The pathis loop free because a router running BGP will not accept a routing update thatalready includes it’s AS number in the path list, since this would mean that theupdate has already passed through its AS, and accepting it again would result in arouting loop.



BGP Route Selection DecisionProcess

BGP Route Selection DecisionProcess

Consider only (synchronized) routes with no AS loops and avalid next-hop, then :

Prefer highest weight (local to router)

Prefer highest local preference (global within AS)

Prefer route originated by the local router

Prefer shortest AS path

Prefer lowest origin code (IGP < EGP < incomplete)

Prefer lowest MED (from other AS)

Prefer EBGP path over IBGP path

Prefer the path through the closest IGP neighbor

Prefer the path with the lowest neighbor BGP router id

After BGP receives updates about different destinations from differentautonomous systems, the protocol decides which path to choose in order to reach aspecific destination. BGP will choose only a single path to reach a specificdestination.

The decision process is based on BGP path attributes. When faced with multipleroutes to the same destination, BGP chooses the best route for routing traffictoward the destination. The following process summarizes how BGP on a Ciscorouter chooses the best route.

1. If the path is internal, synchronization is on and route is not synchronized, donot consider it.

2. If the Next-Hop address of a route is not reachable do not consider it.

3. Prefer the route with the highest Weight. (Recall that the weight is Ciscoproprietary and is local to the router only).

4. If multiple routes have the same Weight, prefer the route with the highestLocal Preference. (Recall that the local preference is used within an AS).

5. If multiple routes have the same Local Preference, prefer the route that wasoriginated by the local router.

6. If multiple routes have the same Local Preference, or if no route wasoriginated by the local router, prefer the route with the shortest AS path.

7. If the AS path length is the same, prefer the lowest origin code(IGP<EGP<Incomplete).

8. If all origin codes are the same, prefer the path with the lowest MED. (Recallthat the MED is sent from other ASs).


The MED comparison is only done if the neighboring autonomous system isthe same for all routes considered, unless the bgp always-compare-medcommand is enabled.

Note The most recent IETF decision regarding BGP MED assigns a value of infinity to the

missing MED, making the route lacking the MED variable the least preferred. The default

behavior of BGP routers running Cisco IOS software is to treat routes without the MEDattribute as having a MED of 0, making the route lacking the MED variable the mostpreferred. To configure the router to conform to the IETF standard, use the bgp bestpathmissing-as-worst command.

9. If the routes have the same MED, prefer external paths (EBGP) over internalpaths (IBGP).

10. If IGP synchronization is disabled and only internal paths remain, prefer thepath through the closest IGP neighbor. This means the router will prefer theshortest internal path within the AS to reach the destination (the shortest pathto the BGP next-hop).

11. Prefer the route with the lowest neighbor BGP Router ID value.

The path is put in the routing table and propagated to the router’s BGP neighbors.



Multi-homing BGP ExampleMulti-homing BGP Example

AS 100

ISP

AS 200

10.10.10.1

B

A

C10.10.10.2

10.10.20.1

172.30.0.0 ISP

AS 300

10.10.20.2

E

172.20.0.0

AS 250

172.25.0.0

In the example in the graphic, AS 100 is connected to two ISPs, AS 200 and AS300. AS 100 is said to have a multi-homed connection to the Internet and willchose the path it takes to various destinations as detailed in the decision process onthe previous graphic.


Controlling Overhead TrafficThis section reviews some of the features available to control router overheadtraffic.


Access List Uses

QueueList

Priority and custom queuing

Dial-on-demand routing

• Access lists are multipurpose

Route filteringRouting

Table

Virtual terminal line access (IP)

Transmission of packets

on an interface

Access lists can be used in many ways, including:

■ To permit or deny packets from crossing specified router interfaces.

■ To permit or deny virtual terminal (vty) access to and from a router.

■ To establish a finer granularity of control when differentiating traffic intopriority and custom queues.

■ To identify “interesting” traffic that serves to trigger dialing in dial-on-demandrouting (DDR).

■ To filter and alter attributes within a routing update.



Route Filters with Distribute-List

��

��

��

Yes

No

Process packet normally.

Determineinterface.

Process entry according to filter

configuration.

��

Is there a filter for thisinterface?

End

End

��

Is there anentry for this

address?

No

RoutingUpdate

Yes

��Drop packet

The Cisco IOS software can filter incoming and outgoing routing updates by usingdistribute-lists that use access-lists. In general, the process the router uses is asfollows:

1. The router receives a routing update or is getting ready to send an updateabout one or more networks.

2. The router looks at the interface involved with the action.

For example, if it is an incoming update, then the interface on which it arrivedis checked. If it is an update that must be advertised, the interface out ofwhich it should be advertised is checked.

3. The router determines if a filter is associated with the interface.

4. If a filter is associated with the interface, the router views the access list tolearn if there is a match for the given routing update.

If a filter is not associated with the interface, the packet is processed asnormal.

5. If there is a match, then the route entry is processed as configured.

If no match is found in the access list, the implicit deny any at the end of theaccess list will cause the update to be dropped.



Route-MapsRoute-Maps

Route-maps• Filters for network advertisements

• Offer detailed control over advertisements

• Complex access-lists

–Complex conditional advertisement viamatch command

–Changes routing table parameters via setcommand

A route map is a method used to control and modify routing information. This isdone by defining conditions for redistributing routes from one routing protocol toanother or controlling routing information when injected in and out of BGP.

Route maps are complex access lists that allow some conditions to be testedagainst the route in question, and if the conditions match then some actions can betaken to modify the route. These actions are specified by set commands.




Policy-based routing

• Allows you to implement policies that selectivelycause packets to take different paths

• Can also mark traffic with different TOS

• Since IOS Release 11.0

• Applied to incoming packets

• Implemented using route-maps

In today's high performance internetworks, organizations need the freedom toimplement packet forwarding and routing according to their own defined policiesin a way that goes beyond traditional routing protocol concerns. By using policy-based routing, introduced in Cisco IOS Release 11.0, policies that selectivelycause packets to take different paths can be implemented.

Policy-based routing also provides a mechanism to mark packets with differenttypes of service (TOS). This feature can be used in conjunction with IOS queuingtechniques so that certain kinds of traffic can receive preferential service.

Policy-based routing is applied to incoming packets. All packets received on aninterface with policy-based routing enabled are considered for policy-basedrouting. The router passes the packets through a route-map. Based on the criteriadefined in a route-map, packets are forwarded to the appropriate next hop.



To restrict routing informationto/from BGP neighbors use• Distribute lists (using access lists)

or

• Prefix lists

BGP Policy ControlBGP Policy Control

BGP has additional features for controlling update traffic. If you want to restrictthe BGP routing information that the Cisco IOS software learns or advertises, youcan filter BGP routing updates to and from particular neighbors. To do this, youcan either define an access list or a prefix list, and apply it to the updates. Accesslists are applied using distribute lists.


Route RedistributionThis section reviews route redistribution.


• Interim during conversion

• Application-specific protocols

–One size does not always fit all

• Political boundaries

–Groups that do not work and play nicelywith others

• Mismatch between devices

–Multivendor interoperability

–Host-based routers

When Do You Use MultipleRouting Protocols?

There are times when you may need to use multiple routing protocols. Somereasons why you may need multiple protocols are as follows:

■ When you are migrating from an older IGP to a new IGP, multipleredistribution boundaries may exist until the new protocol has displaced theold protocol completely. Dual existence of protocols is effectively the same asa long-term coexistence design.

■ When you want to use another protocol but need to keep the old protocol dueto the needs of host systems.

■ Different departments might not want to upgrade their routers or they mightnot implement a sufficiently strict filtering policy. In these cases you canprotect yourself by terminating the other routing protocol on one of yourrouters.

■ If you have a mixed router vendor environment, you can use a Cisco-specificprotocol in the Cisco portion of the network and then use a common protocolto communicate with non-Cisco devices.



• Routes are learned from another routingprotocol when a router redistributes theinformation between the protocols

IP Routing TableI 192.168.5.0I 172.16.1.0I 172.16.2.0I 172.16.3.0

IP Routing Table

D EX 172.16.0.0D 192.168.5.8D 192.168.5.16D 192.168.5.24

S1 advertises routes from EIGRP to IGRP

S0 advertises routes from IGRP to EIGRP

AS 200IGRP172.16.0.0

S0S1 AS 300EIGRP192.168.5.0

What Is Redistribution?

ASBR

ABC

When any of these situations arises, Cisco routers allow internetworks usingdifferent routing protocols (referred to as autonomous systems) to exchangerouting information through a feature called route redistribution. Redistribution isdefined as the ability for boundary routers connecting different autonomoussystems to exchange and advertise routing information received from oneautonomous system to the other autonomous system.

Note The term autonomous system as used here denotes internetworks using different

routing protocols. These routing protocols may be IGPs and/or EGPs. This is a different useof the term Autonomous System than is used when discussing BGP.

Within each autonomous system the internal routers have complete knowledgeabout their network. The router interconnecting autonomous systems is called anautonomous system boundary router (ASBR).

In the example shown in the graphic, AS 200 is running IGRP and AS 300 isrunning EIGRP, and the internal routers within each autonomous system havecomplete knowledge about their networks. Router A is the ASBR. Router A hasboth IGRP and Enhanced IGRP processes active and is responsible for advertisingroutes learned from one autonomous system into the other autonomous system.

In this example, Router A learns about network 192.168.5.0 from Router B via theEIGRP protocol running on its S0 interface. It passes that information to Router Con its S1 interface via IGRP. Routing information is also passed the other way,from IGRP into EIGRP.

Router B's routing table shows that it has learnt about network 172.16.0.0 viaEIGRP (as indicated by the “D” in the routing table) and that the route is externalto this autonomous system (as indicated by the “EX” in the routing table). RouterC’s routing table shows that it has learnt about network 192.168.5.0 via IGRP (as


indicated by the “I” in the routing table). Note that there is no indication in IGRP ifthe route is external to the autonomous system.



Redistribution ImplementationGuidelines

IGRP/OSPF


Default or Static


Redistribute and Filter or ChangeAdministrative Distance

At a high level, Cisco recommends you consider employing the followingguidelines when using redistribution:

■ The overriding recommendation is to be familiar with your network and yournetwork traffic. There are many ways to implement redistribution, so knowingyour network will enable you to make the best decision.

■ Do not overlap routing protocols—Do not run two different protocols in thesame internetwork. Rather, have distinct boundaries between networks that usedifferent protocols.

■ One-way redistribution—To avoid routing loops, and problems with varyingconvergence time, only allow routes to be exchanged in one direction, not bothdirections. In the other direction, you should consider using a default route.

■ Two-way redistribution—If you must allow two-way redistribution, enable amechanism to reduce the chances of routing loops. Examples of mechanismscovered in this chapter are default routes, route filters, and modification of themetrics advertised. With these types of mechanisms, you can reduce thechances of routes imported from one autonomous system being re-injected intothe same autonomous system as new route information.


Written Exercise: Using Scalable StrategiesObjective: Given a set of network requirements, configure many of the featuresdiscussed in class and verify proper operation (within described guidelines) ofyour routers


1. Name the two major functions performed by routers.

_________________________________________________________________

_________________________________________________________________

2. What are the benefits of VLSMs?

_________________________________________________________________

_________________________________________________________________

3. If the subnet 172.17.2.32/28 was further subnetted with a /30 prefix, howmany more subnets would be created? How many hosts would be available oneach of these new subnets?

_________________________________________________________________

4. Define the following terms:

IGP_______________________________________

EGP______________________________________

Autonomous System____________________________________________

_____________________________________________________________

Redistribution__________________________________________________

5. Describe some of the characteristics of BGP.

_________________________________________________________________

_________________________________________________________________

_________________________________________________________________

_________________________________________________________________

6. Describe some of the ways in which access-lists can be used.

_________________________________________________________________

_________________________________________________________________

_________________________________________________________________

_________________________________________________________________

7. Policy-based routing is applied to ______________ packets on an interface.


Case Study: Summary (Optional)This case study acts as a summary of all of the topics covered in earlier chapters. Itreinforces the quantity of the information that has been discussed earlier.


Case Study: Summary

Internet

Acquisition B

JKL Corporation

3 Class C - PublicIP RIP Only500 Devices, out of addr.6 Hops

1 Class B - PublicRecently re-designed, optimalOSPF Area 0 - Small, RedundantOSPF Multi-Area, HierarchicalVLSM with Route Summarization

JKL’s Problem: How to integrate Acquisitions A - D?

Acquisition A

1 Class A - Private2 Class C - PublicIGRP AS 350, RIPOSPF Area 0 - Small

Acquisition D

Acquisition C

1 Class B - PublicOSPF Area 0 - AllMulti-vendor EquipmentNo Summarization

1 Class B - Public1 Class C - PrivateEnhanced IGRP AS 400Discontig. Subnets

Throughout the course we have been using a Case Study of JKL Corporation todiscuss various aspects of scalable routing. The case studies were used to reviewkey concepts, to discuss critical issues surrounding network operation, and toprovide a focus for the lab exercises.

JKL is an enterprise that is making four acquisitions A, B, C and D. JKL’sultimate goal is to integrate the acquisitions’ networks with it’s own network.

We have seen the multi-area OSPF design used within JKL, including VLSM androute summarization. JKL has a class B public address. Recall that JKL has twoISP connections.

We have seen that Acquisition A is using a mixture of routing protocols—RIP,IGRP and OSPF. It has two class C public addresses and uses a class A privateaddress. We have discussed how Acquisition A will redistribute routinginformation between the three routing domains.

We have seen that Acquisition B is using three class C public addresses and isusing only IP RIP as it’s routing protocol. It has run out of IP addresses.

Recall that Acquisition C has a multi-vendor environment and is using OSPF andone class B public address. It is not using summarization.

We have also seen that Acquisition D is using EIGRP, has one class B and oneclass C public address and discontiguous subnets.


Now we will look at how JKL can integrate these acquisitions into it’s ownnetwork. What would be the most appropriate way for each of the Acquisition’snetworks to be incorporated into JKL’s network?


■ Routing domains, including scaling issues:

■ Are there any parts of the acquisition’s networks that do not scale? Howshould these be incorporated into JKL’s network?

■ Should the routing protocols in any of the acquisitions be changed toanother protocol? What issues would be involved in selecting those thatshould be changed?

■ Where in JKL’s network should the other networks be integrated? Shouldthey be part of area 0, or should new areas be added in some cases?


■ If the resulting JKL network has more than one routing protocol how willredistribution be handled?

■ What issues may arise when configuring redistribution in this network?

■ Will any filtering be necessary?

■ Addressing

■ How will all of the current addresses be incorporated into the integratednetwork?

■ If private addresses are kept, what will be required in order to access theInternet?

■ Internet Access

■ In the integrated network, where will access to the Internet beimplemented?

■ Will BGP be used for the Internet connections?


SummaryThis section summaries the tasks you learned to complete in this chapter.


Summary

After completing this chapter, youshould be able to perform thefollowing task:

•Given a set of network requirements,configure many of the features discussedin class and verify proper operation (withindescribed guidelines) of your routers




Review Questions

1. What distinguishes classful routingprotocols from classless routingprotocols?

2. A router has the networks 192.168.160.0/24through 192.168.175.0/24 in its routingtable. How could it summarize thesenetworks into one route?

3. In the BGP selection process, whichattribute is checked first, AS-path, weight,or local preference?

.

A

Job Aids andSupplements

OverviewThis chapter contains Job Aids and Supplements for the following topics:

■ Extending IP Addressing

■ OSPF

■ EIGRP

■ BGP

■ Route Optimization

Note Note to reviewers: In the design document, the Route Optimization supplements were in a separate appendix;

they have been moved to this appendix for consistency.

A-2 Building Scalable Cisco Networks Copyright 1999, Cisco Systems, Inc.

Extending IP Addressing

Note Note to reviewers: In the design document, this section had some job aids and supplements that were redundant;

these have been cleaned up and the section reordered.

Job Aid: IP Addresses and Subnetting

© 1999, Cisco Systems, Inc. www.cisco.com BSCN—A-2

IP Addresses and SubnettingIP Addresses and Subnetting

SubnetBits

SubnetMask

#Subnets

#Hosts

234567891011121314

255.255.192.0255.255.224.0255.255.240.0255.255.248.0255.255.252.0255.255.254.0255.255.255.0255.255.255.128255.255.255.192255.255.255.224255.255.255.240255.255.255.248255.255.255.252

48163264128256512102420484096819216384

16382819040942046102251025412662301462

23456

255.255.255.192255.255.255.224255.255.255.240255.255.255.248255.255.255.252

48163264

62301462

Class

NetHost

FirstOctet

Standard MaskBinary

ABC

N.H.H.HN.N.H.HN.N.N.H

1—126128—191192—223

1111 1111 0000 0000 0000 0000 0000 00001111 1111 1111 1111 0000 0000 0000 00001111 1111 1111 1111 1111 1111 0000 0000

Address 131.108.5.72 1000 0011 0110 1100 0000 0101 0100 1000

Subnet Mask 255.255.255.192 1111 1111 1111 1111 1111 1111 1100 0000

Network

Subnet

Host

1000 0011 0110 1100 0000 0101 0100 1000

1111 1111 1111 1111 1111 1111 1100 0000

0000 0101 0100 1000

1111 1111 1100 0000

00 1000

00 0000

SUBNETTING

First octet(131 – Class B)defines networkportion.

Of the part thatremains, the subnetmask bits define thesubnet portion.

Whatever bitsremain define thehost portion.

Class B

Class C

Copyright 1999, Cisco Systems, Inc. Job Aids and Supplements A-3

Job Aid: Binary - Decimal Conversion ChartDecimal Binary Decimal Binary Decimal Binary Decimal Binary

0 00000000 64 01000000 128 10000000 192 110000001 00000001 65 01000001 129 10000001 193 110000012 00000010 66 01000010 130 10000010 194 110000103 00000011 67 01000011 131 10000011 195 110000114 00000100 68 01000100 132 10000100 196 110001005 00000101 69 01000101 133 10000101 197 110001016 00000110 70 01000110 134 10000110 198 110001107 00000111 71 01000111 135 10000111 199 110001118 00001000 72 01001000 136 10001000 200 110010009 00001001 73 01001001 137 10001001 201 11001001

10 00001010 74 01001010 138 10001010 202 1100101011 00001011 75 01001011 139 10001011 203 1100101112 00001100 76 01001100 140 10001100 204 1100110013 00001101 77 01001101 141 10001101 205 1100110114 00001110 78 01001110 142 10001110 206 1100111015 00001111 79 01001111 143 10001111 207 1100111116 00010000 80 01010000 144 10010000 208 1101000017 00010001 81 01010001 145 10010001 209 1101000118 00010010 82 01010010 146 10010010 210 1101001019 00010011 83 01010011 147 10010011 211 1101001120 00010100 84 01010100 148 10010100 212 1101010021 00010101 85 01010101 149 10010101 213 1101010122 00010110 86 01010110 150 10010110 214 1101011023 00010111 87 01010111 151 10010111 215 1101011124 00011000 88 01011000 152 10011000 216 1101100025 00011001 89 01011001 153 10011001 217 1101100126 00011010 90 01011010 154 10011010 218 1101101027 00011011 91 01011011 155 10011011 219 1101101128 00011100 92 01011100 156 10011100 220 1101110029 00011101 93 01011101 157 10011101 221 1101110130 00011110 94 01011110 158 10011110 222 1101111031 00011111 95 01011111 159 10011111 223 1101111132 00100000 96 01100000 160 10100000 224 1110000033 00100001 97 01100001 161 10100001 225 1110000134 00100010 98 01100010 162 10100010 226 1110001035 00100011 99 01100011 163 10100011 227 1110001136 00100100 100 01100100 164 10100100 228 1110010037 00100101 101 01100101 165 10100101 229 1110010138 00100110 102 01100110 166 10100110 230 1110011039 00100111 103 01100111 167 10100111 231 1110011140 00101000 104 01101000 168 10101000 232 1110100041 00101001 105 01101001 169 10101001 233 1110100142 00101010 106 01101010 170 10101010 234 1110101043 00101011 107 01101011 171 10101011 235 1110101144 00101100 108 01101100 172 10101100 236 1110110045 00101101 109 01101101 173 10101101 237 1110110146 00101110 110 01101110 174 10101110 238 1110111047 00101111 111 01101111 175 10101111 239 1110111148 00110000 112 01110000 176 10110000 240 1111000049 00110001 113 01110001 177 10110001 241 1111000150 00110010 114 01110010 178 10110010 242 1111001051 00110011 115 01110011 179 10110011 243 1111001152 00110100 116 01110100 180 10110100 244 1111010053 00110101 117 01110101 181 10110101 245 1111010154 00110110 118 01110110 182 10110110 246 1111011055 00110111 119 01110111 183 10110111 247 1111011156 00111000 120 01111000 184 10111000 248 1111100057 00111001 121 01111001 185 10111001 249 1111100158 00111010 122 01111010 186 10111010 250 1111101059 00111011 123 01111011 187 10111011 251 1111101160 00111100 124 01111100 188 10111100 252 1111110061 00111101 125 01111101 189 10111101 253 1111110162 00111110 126 01111110 190 10111110 254 1111111063 00111111 127 01111111 191 10111111 255 11111111


Supplement A—IP Addressing Review

This supplement reviews the basics of IP addresses, including:

■ Converting IP Addresses Between Decimal and Binary

■ Determining an IP Address Class

■ Extending an IP Classful Address Using Subnet Masks

■ Calculating a Subnet Mask

■ Calculating the Networks for a Subnet Mask

■ Using Prefixes to Represent a Subnet Mask


Converting IP Addresses Between Decimal and Binary


Converting IP AddressesBetween Decimal and Binary

Converting from binary to decimal

1 1 1 1 1 1 1 1128 64 32 16 8 4 2 1 = 255

0 1 0 0 0 0 0 1 128 64 32 16 8 4 2 1

Value for Each Bit

0 +64 +0 +0 +0 +0 +0 +1 = 65

An IP address is a 32-bit, two-level hierarchical number. It is hierarchical becausethe first portion of the address represents the network and the second portion of theaddress represents the node (host).

The 32 bits are grouped into 4 octets with 8 bits per octet. The value of each octetranges from 0 to 255 decimal, or 00000000 to 11111111 binary. The graphicillustrates how you convert an IP address in dotted-decimal notation into binary.

It is important that you understand how this conversion is done for calculatingsubnet masks, which are discussed later in this section.



BinaryAddress:

Examples: Converting Binary -Decimal

00001010.00000001.00010111.00010011DecimalAddress:

172 . 18 . 65 . 170

DecimalAddress:

BinaryAddress:

11000000.01001101.00001110.00000110

DecimalAddress:

BinaryAddress:

. . .

. . .

. . . 10 1 23 19

10101100 00010010 01000001 10101010

192 77 14 6

The graphic shows three examples of converting between binary and decimal.


Determining an IP Address Class


Determining an IP AddressClass

32 bits

network Host

network Host

network Host

Class A

Class B

Class C

0

10

110

To accommodate large and small networks, the NIC segregated the 32-bit IPaddress into classes A through E. Each address class allows for a certain number ofnetwork addresses and a certain number of host addresses within a network, asshown in the following table.

Class Address Range Number of Networks Number of Hosts

Class A 1.0.0.0 to126.0.0.0

128 (27 ) 16,777,214

Class B 128.0.0.0 to191.255.0.0

16,386 (214) 65,532

Class C 192.0.0.0 to223.255.255.0

Approximately 2 million(221)

254

Class D 224.0.0.0 to239.255.255.254

Reserved for multicastaddresses

Class E 240.0.0.0 to255.255.255.255

Reserved for research

Using classes to denote which portion of the address represents the networknumber and which portion is the node or host address is referred to as classfuladdressing. There are several issues with classful addressing, however. Thenumber of available Class A, B, and C addresses is finite. Another problem is thatnot all classes are useful for a midsize organization, as illustrated in the table. Ascan be expected, the Class B range is the most accommodating to a majority oftoday’s organizational network topologies. To maximize the use of the IPaddress(es) received by an organization regardless of the class, subnet masks wereintroduced.


Extending an IP Classful Address Using Subnet Masks


Extending an IP AddressUsing Subnet Masks

32 bits

Network Host

HostNetwork Subnet

Based on value in first octet.

Based on subnet mask.

Mask

RFC 950 was written to address the problem of IP address shortage. It proposed aprocedure, called subnet masking, for dividing Class A, B, and C addresses intosmaller pieces, thus increasing the amount of possible networks. A subnet mask isa 32-bit value that identifies which bits in an address represent network bits andwhich represent host bits. In other words, rather than the router determining thenetwork portion of the address by looking at the value of the first octet, it looks atthe subnet mask associated with the address. In this way, subnet masks allow youto extend the usage of an IP address. It is a way of making an IP address a three-level hierarchy, as shown in the graphic.

To use a subnet mask, put a 1 for each bit that you want to represent a network orsubnet portion of the address and a 0 for each bit that you want to represent a nodeportion of the address. Note that the 1s in the mask are contiguous. For example,the default subnet masks for Class A, B, and C addresses are as follows:

Class Default Mask— Decimal Default Mask—Binary

Class A 255.0.0.0 11111111.00000000.00000000.00000000

Class B 255.255.0.0 11111111.11111111.00000000.00000000

Class C 255.255.255.0 11111111.11111111.11111111.00000000


Calculating a Subnet Mask


Calculating a Subnet Mask

IP Address=172.16.0.0

1

2

15

1

2

15

1 2 15

1 2 15 1 2 15

A

D

CB

E

Because subnet masks extend the number of network addresses you can use byusing additional bits in the host portion, you do not want to randomly decide howmany additional bits to use for the network portion. Rather, you want to do someresearch to determine how many network addresses you need to derive from yourNIC-given IP address. For example, consider that the NIC has given you IPaddress 172.16.0.0. The process for establishing your subnet mask would be asfollows:

1. Determine the number of networks (subnets) needed. In the graphic, forexample, there are five networks.

2. Determine how many nodes per subnet must be defined. The graphic, forexample, has 5 nodes on each subnet.

3. Determine future network and node requirements. For example, assume 100percent growth.

4. Given the information gathered from questions 1 through 3, determine the totalnumber of networks required. For the example, it would be ten networks. Referto the “Job Aid: IP Addressing and Subnetting” and select the appropriatesubnet mask value that can accommodate ten networks.

There is no mask that exactly accommodates ten networks. Depending on yournetwork growth trends, you may select four subnet bits, resulting in a subnetmask of 255.255.240.0. The binary representation of this subnet mask is:

11111111.11111111.11110000.00000000

The number of additional subnetworks given by n additional bits is 2n. Forexample, the additional four subnet bits would give you sixteen subnetworks.


Calculating the Networks For a Subnet Mask


1st Subnet 10101100 . 00010000 .0000 0000.00000000 =172.16.0.02nd Subnet: 172 . 16 .0001 0000.00000000 =172.16.16.03rd Subnet: 172 . 16 .0010 0000.00000000 =172.16.32.04th Subnet: 172 . 16 .0011 0000.00000000 =172.16.48.0..10th Subnet: 172 . 16 .1001 0000.00000000 =172.16.144.0

Network Subnet Host

Assigned Address: 172.16.0.0/16In Binary 10101100.00010000.00000000.00000000

Calculating the Networks for aSubnet Mask

Subnetted Address: 172.16.0.0/20In Binary 10101100.00010000.xxxx 0000.00000000

Once you identify your subnetwork, you must calculate the ten subnetted networkaddresses to use with 172.16.0.0 255.255.240.0. One way to do this is as follows:

1. Write the subnetted address in binary format, as shown in the graphic. Use the“Job Aid: Binary to Decimal Conversion Chart” as necessary.

2. On the binary address, draw a line between the 16th and the 17th bits, as showin the graphic. Then draw a line between the 20th and 21st bits. Now you canfocus on the target bits.

3. Go to the “Job Aid: Binary to Decimal Conversion Chart” and locate the firstsubnetwork number. Because your subnetwork bits are 0000, and the rest of theoctet is 0000, the first number would be 00000000, or subnet 0.

Historically, it was recommended that you begin choosing networks fromhighest (from the left-most bit) to lowest so you could have available networkaddresses. But this strategy does not allow you to adequately summarizenetwork addresses, therefore the present recommendation is to choose networksfrom lowest to highest (right to left).

4. (Optional) It is recommended that you list each subnetwork in binary form toreduce the number of errors. In this way, you will not forget where you left offin your network address selection.

5. Locate the second lowest subnetwork number. In this case, it would be 0001.When combined with the next four bits this is subnet 16.

6. Continue locating subnetwork numbers until you have what you need, in thiscase 10 subnets.


Using Prefixes to Represent a Subnet Mask


Using Prefixes to Represent aSubnet Mask

p1r3#show interface ethernet0Ethernet0 is administratively down, line protocol is down Hardware is Lance, address is 00e0.b05a.d504 (bia 00e0.b05a.d504) Internet address is 10.64.4.1/24

<Output Omitted>

p1r3#show interface serial0Serial0 is down, line protocol is down Hardware is HD64570 Internet address is 10.1.3.2/24<Output Omitted>

p1r3#show run<Output Omitted>interface Ethernet0 ip address 10.64.4.1 255.255.255.0!interface Serial0 ip address 10.1.3.2 255.255.255.0

As already discussed, subnet masks are used to identify the number of bits in anaddress that represent the network, subnet and host portions of the address.Another way of indicating this is to use a prefix. A prefix is a slash (/), and anumerical value that is the sum of the bits that represent the network and subnetportion of the address. For example, if you were using a subnet mask of255.255.255.0, the prefix would be /24 for 24 bits.

The following table shows some examples of the different ways that you canrepresent a prefix and subnet mask.

IP Address/Prefix Subnet Mask Subnet Mask—Binary

192.168.112.0/21 255.255.248.0 11111111.11111111.11111000.00000000

172.16.0.0/16 255.255.0.0 11111111.11111111.00000000.00000000

10.1.1.0/27 255.255.255.224 11111111.11111111.11111111.11100000

It is important to know how to write subnet masks and prefixes because the Ciscorouter uses both as shown in the graphic. You will typically be asked to input asubnet mask when configuring an IP address, but the output generated using showcommands typically show an IP address with a prefix.


Written Exercise: Calculating Subnet MasksObjective: Given an IP address, extend the use of the IP address using subnetmasking.

Task: Complete the following IP address plan.

1 You need to design an IP network for your organization. Your organization’sIP address is 172.16.0.0. Your assessment indicates that the organizationneeds at least 130 networks of no more than 100 nodes in each network. As aresult, you have decided to use a classful subnetting scheme based on the172.16.0.0/24 scheme. In the space below write any four IP addresses that arepart of the range of subnetwork numbers. Also, write the network address andsubnet mask for these addresses. One address is provided as an example.

172.16.1.0/24 172.16.1.0 255.255.255.0

2 Your network has the address 172.16.168.0/21. Write eight IP addresses inthis network:

3 Write the four IP addresses in the range described by the 192.168.99.16/30address:

4 Of these four host addresses, which two could you use as host addresses in apoint-to-point connection?

_____________________________________________________


OSPF

Supplement A—OSPF Single Area Configuration Examples


Example Single Area OSPFConfiguration

P1R1

P1R2P1R3

10.1.1.2/24

10.1.1.1/24

10.1.3.1/24 10.1.3.2/24

10.1.2.1/24

10.1.2.2/24Area 0

This section includes configuration and show command output examples thatresult from configuring the network shown in the graphic.


Example of P1R3 Configuration for Single Area OSPFThe following is configuration of P1R3:

P1R3#show run

Building configuration...

Current configuration:

!

version 11.2

no service password-encryption

no service udp-small-servers

no service tcp-small-servers

!

hostname P1R3

!

interface Ethernet0

no ip address

shutdown

!

interface Ethernet1

no ip address

shutdown

!

interface Serial0

ip address 10.1.3.2 255.255.255.0

no fair-queue

clockrate 64000

!

interface Serial1

ip address 10.1.2.2 255.255.255.0

!

router ospf 1

network 10.1.2.0 0.0.0.255 area 0

network 10.1.3.0 0.0.0.255 area 0

!

no ip classless

!

!

line con 0

exec-timeout 0 0

line aux 0

line vty 0 4

login

!

end

P1R3#

Run OSPF onboth interfaces


Example of P1R3 Show output for Single Area OSPFThe following is the output of some show commands on P1R3:

P1R3#show ip route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default

U - per-user static route, o - ODR





O 10.1.1.0 [110/128] via 10.1.3.1, 00:01:56, Serial0

[110/128] via 10.1.2.1, 00:01:56, Serial1

P1R3#show ip ospf neighbor detail

Neighbor 10.1.3.1, interface address 10.1.3.1

In the area 0 via interface Serial0

Neighbor priority is 1, State is FULL

Options 2

Dead timer due in 00:00:34

Neighbor 10.1.2.1, interface address 10.1.2.1

In the area 0 via interface Serial1

Neighbor priority is 1, State is FULL

Options 2

Dead timer due in 00:00:36

P1R3#show ip ospf database



Link ID ADV Router Age Seq# Checksum Link count

10.1.2.1 10.1.2.1 301 0x80000004 0x4A49 4

10.1.3.1 10.1.3.1 292 0x80000004 0x1778 4

10.1.3.2 10.1.3.2 288 0x80000004 0x5D2E 4

P1R3#

Routes learnt byOSPF

Note state ofneighbors is FULL

Type 1 LSAs

No type 2 LSAsbecause allconnections arepoint-to-point


Supplement B—OSPF Multi-area Configuration Examples


Example Multi-Area OSPFConfiguration

Area 1

P1R1

P1R2 P1R3

10.1.1.2/24

10.1.1.1/24

10.1.3.1/24 10.1.3.2/24

10.1.2.1/24

10.1.2.2/24

P2R1

P2R2 P2R3

10.2.1.2/24

10.2.1.1/24

10.64.0.1/24

10.2.3.1/24 10.2.3.2/24

10.2.2.1/24

10.2.2.2/24

10.64.0.2/24

Area 0Area 2



Example of ABR Configured for Route Summarization and StubThe following is configuration output for P1R3, a router that is an ABR for a stubarea, and is doing route summarization:

P1R3#show run



!

version 11.2

no service password-encryption



!

hostname P1R3

!

interface Ethernet0

ip address 10.64.0.1 255.255.255.0

!

interface Ethernet1

no ip address

shutdown

!

interface Serial0

ip address 10.1.3.2 255.255.255.0

no fair-queue

clockrate 64000

!

interface Serial1

ip address 10.1.2.2 255.255.255.0

!

router ospf 1

network 10.64.0.0 0.0.0.255 area 0

network 10.1.2.0 0.0.0.255 area 1

network 10.1.3.0 0.0.0.255 area 1

area 1 stub no-summary

area 1 range 10.1.0.0 255.255.0.0

!

no ip classless

!

!

line con 0

exec-timeout 0 0

line aux 0

line vty 0 4

login

!

end

Totally stubby configuration

Summarize area 1 routes with10.1.0.0/16 route


Example show Output Before Areas Are Configured for Stub and RouteSummarization

The following is example output from P1R3, before the network is configured withstub areas and route summarization:





10.64.0.1 10.64.0.1 84 0x80000009 0x6B87 1

10.64.0.2 10.64.0.2 85 0x8000000C 0x6389 1


Link ID ADV Router Age Seq# Checksum

10.64.0.2 10.64.0.2 85 0x80000001 0x7990

Summary Net Link States (Area 0)


10.1.1.0 10.64.0.1 128 0x80000001 0x92D2

10.1.2.0 10.64.0.1 129 0x80000001 0x59F

10.1.3.0 10.64.0.1 129 0x80000001 0xF9A9

10.2.1.2 10.64.0.2 71 0x80000001 0x716F

10.2.2.1 10.64.0.2 41 0x80000001 0x7070

10.2.3.1 10.64.0.2 51 0x80000001 0x657A



10.1.2.1 10.1.2.1 859 0x80000004 0xD681 4

10.1.3.1 10.1.3.1 868 0x80000004 0xEB68 4

10.64.0.1 10.64.0.1 133 0x80000007 0xAF61 4



10.2.1.2 10.64.0.1 74 0x80000001 0xDBFB

10.2.2.1 10.64.0.1 45 0x80000001 0xDAFC

10.2.3.1 10.64.0.1 55 0x80000001 0xCF07

10.64.0.0 10.64.0.1 80 0x80000003 0x299

P1R3#

Type 2 LSAsfor Area 0




Example show Output after Areas Are Configured for Stub and Route SummarizationThe following is example output from P1R3, after the network is configured withstub areas and route summarization:





10.64.0.1 10.64.0.1 245 0x80000009 0x6B87 1

10.64.0.2 10.64.0.2 246 0x8000000C 0x6389 1



10.64.0.2 10.64.0.2 246 0x80000001 0x7990



10.1.0.0 10.64.0.1 54 0x80000001 0x1B8B

10.2.0.0 10.64.0.2 25 0x80000001 0x9053



10.1.2.1 10.1.2.1 1016 0x80000004 0xD681 4

10.1.3.1 10.1.3.1 1026 0x80000004 0xEB68 4

10.64.0.1 10.64.0.1 71 0x80000009 0xE9FF 2



0.0.0.0 10.64.0.1 76 0x80000001 0x4FA3

P1R3#





EIGRP

Supplement A—EIGRP Configuration Output Examples


Example EIGRP Configuration

Shutdown

P1R1

P1R2 P1R3

10.1.1.2/24

10.1.1.1/24

10.1.3.1/24 10.1.3.2/24

10.1.2.1/24

10.1.2.2/24

P2R1

P2R2 P2R3

10.2.1.2/24

10.2.1.1/24

10.64.0.1/24

10.2.3.1/24 10.2.3.2/24

10.2.2.1/24

10.2.2.2/24

10.64.0.2/24



Example EIGRP ConfigurationFollowing is an example configuration output for P1R3 running EIGRP:

P1R3#show run



!

version 11.2



!

hostname P1R3

!

enable password san-fran

!

no ip domain-lookup

ipx routing 0000.0c01.3333

ipx maximum-paths 2

!

interface Loopback0

no ip address

ipx network 1013

!

interface Ethernet0

ip address 10.64.0.1 255.255.255.0

!

interface Serial0

ip address 10.1.3.2 255.255.255.0

ipx input-sap-filter 1000

ipx network 1003

!

interface Serial1

ip address 10.1.2.2 255.255.255.0


ipx network 1002

clockrate 56000

!

<Output Omitted>

!

router eigrp 200

network 10.0.0.0

!

no ip classless

!

line con 0

exec-timeout 20 0

password cisco

login

line aux 0

line vty 0 4

password cisco

login

!

end

EIGRP configured.


Example of EIGRP Configuration with bandwidth and ip summary-addressCommands

Following is an example configuration output for P1R3 running EIGRP withbandwidth and ip summary-address commands configured:

��

��

��

��

P1R3#show runBuilding configuration...Current configuration:!version 11.2no service udp-small-serversno service tcp-small-servers!hostname P1R3!enable password san-fran!no ip domain-lookup!interface Loopback0 no ip address ipx network 1013!interface Ethernet0 ip address 10.64.0.1 255.255.255.0 ip summary-address eigrp 200 10.1.0.0 255.255.0.0!interface Serial0 ip address 10.1.3.2 255.255.255.0 bandwidth 64 ipx input-sap-filter 1000 ipx network 1003!interface Serial1 ip address 10.1.2.2 255.255.255.0 ipx input-sap-filter 1000 ipx network 1002 clockrate 56000!!<Output Omitted>!router eigrp 200 network 10.0.0.0!no ip classless!line con 0 exec-timeout 20 0 password cisco loginline aux 0line vty 0 4 password cisco login!end

��

��

��

�� EIGRP route summary entry.

��

�� Modify bandwidth from the default of 1.544 Mbps to 64 kbps.


Example of Effects of modifying bandwidth CommandFollowing are before and after topology table outputs for P1R3 when modifyingbandwidth on serial 0 links on all routers:

��

��

��

��

��

��

��

��

��

��

��

P1R3#show ip eigrp topology allIP-EIGRP Topology Table for process 200IP-EIGRP Topology Table for process 200Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply, r - Reply statusP 10.1.3.0/24, 1 successors, FD is 2169856, serno 2 via Connected, Serial0P 10.1.2.0/24, 1 successors, FD is 2169856, serno 3 via Connected, Serial1P 10.1.1.0/24, 2 successors, FD is 2681856, serno 9 via 10.1.3.1 (2681856/2169856), Serial0 via 10.1.2.1 (2681856/2169856), Serial1

P1R3#show ip eigrp topologyIP-EIGRP Topology Table for process 200Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply, r - Reply statusP 10.1.3.0/24, 1 successors, FD is 2169856 via Connected, Serial0P 10.1.2.0/24, 1 successors, FD is 2169856 via Connected, Serial1P 10.1.1.0/24, 2 successors, FD is 2681856 via 10.1.3.1 (2681856/2169856), Serial0 via 10.1.2.1 (2681856/2169856), Serial1

In the case of equal cost pathsto the same network, both route sappear in the topology table assuccessors.

��

��

��

��

��

��

��

��

��

Before bandwidth is modified—All links are equal bandwidth

P1R3#show ip eigrp topologyIP-EIGRP Topology Table for process 200Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply, r - Reply statusP 10.1.3.0/24, 1 successors, FD is 40512000 via Connected, Serial0 via 10.1.2.1 (3193856/2681856), Serial1P 10.1.2.0/24, 1 successors, FD is 2169856 via Connected, Serial1P 10.1.1.0/24, 1 successors, FD is 2681856 via 10.1.2.1 (2681856/2169856), Serial1

P1R3#show ip eigrp topology allIP-EIGRP Topology Table for process 200Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply, r - Reply statusP 10.1.3.0/24, 1 successors, FD is 40512000, serno 48 via Connected, Serial0 via 10.1.2.1 (3193856/2681856), Serial1P 10.1.2.0/24, 1 successors, FD is 2169856, serno 3 via Connected, Serial1P 10.1.1.0/24, 1 successors, FD is 2681856, serno 50 via 10.1.2.1 (2681856/2169856), Serial1 via 10.1.3.1 (41024000/40512000), Serial0, serno 51P1R3#

Only one route appears

After bandwidth is modified—S0 links are lower bandwidth

��

��

��

��

All routes appear here, but one routehas a higher advertised distancethan the feasible distance of thesuccessor route, so it is not selectedas a feasible successor or successor.

as a successor.


BGP

Supplement A—BGP Configuration Output Examples


Example BGP Configuration

P1R1

P1R2 P1R3

1.2.0.2/16

1.2.0.1/16

1.3.0.1/16 1.3.0.2/16

1.1.0.2/16

1.1.0.1/16

P2R1

P2R2 P2R3

2.2.0.2/16

2.2.0.1/16

2.3.0.1/16 2.3.0.2/16

2.1.0.2/16

2.1.0.1/16

P3R1

P3R2 P3R3

3.2.0.2/16

3.2.0.1/16

3.3.0.1/16 3.3.0.2/16

3.1.0.2/16

3.1.0.1/16

P4R1

P4R2 P4R3

4.2.0.1/16

4.2.0.1/16

4.3.0.1/16 4.3.0.2/16

4.1.0.1/16

4.1.0.2/16

AS1 AS2

AS3 AS4

10.14.0.1/24 10.14.0.2/24

10.14.0.3/24 10.14.0.4/24

This section includes configuration and show command output examples thatresult from configuring the network shown in the graphic. RIP is configured as theinternal routing protocol within the autonomous systems and BGP is the externalprotocol between the autonomous systems. BGP routes are redistributed into RIP.


Example of BGP/RIP Configuration for P1R1Following is an example configuration for P1R1, running both RIP and BGP:

P1R1#show run

<output omitted>

!

interface Ethernet0

ip address 10.14.0.1 255.255.255.0

!

interface Serial0

ip address 1.1.0.2 255.255.0.0

!

interface Serial1

ip address 1.2.0.1 255.255.0.0

!

router rip

network 10.0.0.0

network 1.0.0.0

passive-interface e0

redistribute bgp 1 metric 3

!

router bgp 1

network 1.0.0.0




!

no ip classless

!

<output omitted>

RIP advertises network 10.0.0.0 so internalrouters can see network 10.0.0.0

Do not allow RIP to advertise any routes onthe backbone

Redistribute BGP information into RIP,with a hop count of 3

Advertise network 1.0.0.0 to BGPneighbors

Router has 3 external BGP neighbors


Example of RIP Configuration for P1R2Following is an example configuration for P1R2, one of the routers only runningRIP:

P1R2#show run

<output omitted>

!

interface Ethernet0

shutdown

!

interface Serial0

ip address 1.2.0.2 255.255.0.0

!

interface Serial1

ip address 1.3.0.1 255.255.0.0

!

router rip

network 1.0.0.0

!

no ip classless

!

<output omitted>

Run RIP on network 1.0.0.0 andadvertise network 1.0.0.0


Example Output of show ip route for P1R1Following is an example output of show ip route on P1R1, one of the routersrunning RIP and BGP:

P1R1#show ip route










R 1.3.0.0 [120/1] via 1.2.0.2, 00:00:25, Serial1

[120/1] via 1.1.0.1, 00:00:22, Serial0


B 2.0.0.0/8 [20/0] via 10.14.0.2, 00:03:26

B 3.0.0.0/8 [20/0] via 10.14.0.3, 00:03:26

B 4.0.0.0/8 [20/0] via 10.14.0.4, 00:03:26



P1R1#

Example Output of show ip route for P1R2Following is an example output of show ip route on P1R2, one of the routersrunning only RIP:

P1R2#show ip route









R 1.1.0.0 [120/1] via 1.2.0.1, 00:00:17, Serial0

[120/1] via 1.3.0.2, 00:00:26, Serial1



R 2.0.0.0/8 [120/3] via 1.2.0.1, 00:00:17, Serial0

R 3.0.0.0/8 [120/3] via 1.2.0.1, 00:00:17, Serial0

R 4.0.0.0/8 [120/3] via 1.2.0.1, 00:00:17, Serial0

R 10.0.0.0/8 [120/1] via 1.2.0.1, 00:00:17, Serial0

P1R2#

Routes learned bybeing redistributedinto RIP from BGP

Routes learned fromBGP


Route Optimization

Supplement A—Examples of Redistribution in a Non-RedundantConfiguration

Note Note to reviewers: The original supplement “Redistribution Configuration Output Examples” has been split into

two supplements: “Examples of Redistribution in a Non-Redundant Configuration” and “Examples of Redistribution in aRedundant Configuration”


Addressing for RedistributionConfiguration Example

10.1.1.2/24

P1R1

P1R2 P1R3

10.1.1.1/24

10.1.3.1/24 10.1.3.2/24

10.1.2.1/24

10.1.2.2/24

P2R1

P2R2 P2R3

10.2.1.2/24

10.2.1.1/24

10.64.0.1/2410.2.3.1/24 10.2.3.2/24

10.2.2.1/24

10.2.2.2/24

10.64.0.2/24

Pod 1 Pod 2

This section includes configuration and show command output examples thatresult from configuring the network shown in the graphic. The addressing for thisconfiguration is shown on this page; protocols for the example are shown on thenext page.



��

Example Non-RedundantRedistribution Configuration

��

��

EIGRPEIGRP

PxR1

PxR2PXR3

PxR1

PxR2 PxR3

Pod 1Pod 2

OSPF

E0 E0

The addressing for this configuration is shown on the previous page; protocols forthe example are shown on this page.


Example of Redistribution between EIGRP and OSPFFollowing is an example configuration output for P1R3, an ASBR supportingEIGRP and OSPF.

OSPF is configured.

EIGRP is confi gured.

P1R3#show run



!

version 11.2

!

hostname P1R3

!

enable password san-fran

!

no ip domain-lookup

ipx routing 0000.0c01.3333

ipx maximum-paths 2

!

interface Loopback0

no ip address

ipx network 1013

!

interface Ethernet0

ip address 10.64.0.1 255.255.255.0

!

interface Serial0

ip address 10.1.3.2 255.255.255.0

bandwidth 64


ipx network 1003

!

interface Serial1

ip address 10.1.2.2 255.255.255.0


ipx network 1002

clockrate 56000

!

<Output Omitted>

!

router eigrp 200

redistribute ospf 300 metric 10000 100 255 1 1500

passive-interface Ethernet0

network 10.0.0.0

!

router ospf 300

redistribute eigrp 200 subnets

network 10.64.0.0 0.0.255.255 area 0

!

no ip classless

!

line con 0

exec-timeout 20 0

password cisco

login

line aux 0

line vty 0 4

password cisco

login

!

end

EIGRP networks, including subnettednetworks to be redistributed.

Redistribute OSPF process usin g

Passive interface so EIGRP traffic will notthe defined seed metric.

OSPF area is the backbone area 0.

be advertised out E0.


Example of Redistribution between EIGRP and OSPF (cont.)Following are example outputs verifying that external routes are learned by OSPFand EIGRP, respectively, on an ASBR.



Router Link States(Area 0)

Link ID ADV Router Age Seq# Checksum Linkcount10.64.0.1 10.64.0.1 280 0x80000005 0x767F110.64.0.2 10.64.0.2 274 0x80000004 0x767D1

Net Link States( Area 0)

Link ID ADV Router Age Seq#Checksum10.64.0.2 10.64.0.2 274 0x800000020x7791

Type-5 AS External LinkStates

Link ID ADV Router Age Seq#Checksum Tag10.1.1.0 10.64.0.1 202 0x80000002 0xE95E010.1.2.0 10.64.0.1 202 0x80000002 0xDE68010.1.3.0 10.64.0.1 202 0x80000002 0xD372010.2.1.0 10.64.0.2 1686 0x80000001 0xD96D010.2.2.0 10.64.0.2 1686 0x80000001 0xCE77010.2.3.0 10.64.0.2 1686 0x80000001 0xC381010.64.0.0 10.64.0.1 204 0x80000002 0xFD0C010.64.0.0 10.64.0.2 1688 0x80000001 0xF9100P1R3#

P1R3#show ip eigrp topology

IP-EIGRP Topology Table for process 200

Codes: P - Passive, A - Active, U - Update, Q - Query, R -Reply, r - Replystatus

P 10.1.3.0/24, 1 successors, FD is 40512000

via Connected,Serial0 via 10.1.2.1 (3193856/2681856), Serial1


via Redistributed(281600/0)P 10.1.2.0/24, 1 successors, FD is 2169856

via Connected,SerialP 10.2.2.0/24, 1 successors, FD is 281600


via 10.1.2.1 (2681856/2169856), Serial1



via Connected,Eth t0

External routes learned by OSPF. Notethat subnetted networks are included.

External routes learned by EIGRP.


Supplement B—Examples of Redistribution in a RedundantConfiguration


Addressing for RedistributionConfiguration Example

10.1.1.2/24

P1R1

P1R2 P1R3

10.1.1.1/24

10.1.3.1/24 10.1.3.2/24

10.1.2.1/24

10.1.2.2/24

P2R1

P2R2 P2R3

10.2.1.2/24

10.2.1.1/24

10.64.0.1/2410.2.3.1/24 10.2.3.2/24

10.2.2.1/24

10.2.2.2/24

10.64.0.2/24

Pod 1 Pod 2

E0:10.14.0.1/24 E0:10.14.0.2/24

This section includes configuration and show command output examples thatresult from configuring the network shown in the graphic. The addressing for thisconfiguration is shown on this page; protocols for the example are shown on thenext page.



Example RedundantRedistribution Configuration

P1R1—RIP and IGRP 200; passive interface on E0 for RIP and passive interface on S0 and S1 for IGRP

P1R2—RIPP1R3—RIP and OSPF; passive interface on E0 for RIPP2R1—IGRP 200P2R2—OSPF and IGRP 200; passive interface on E0 for IGRPP2R3—IGRP 200

��

��

��

�� IGRP 200RIP

P1R1

P1R2 P1R3

P2R1

P2R2 P2R3

Pod 1Pod 2

OSPF

IGRP 200

E0 E0

The addressing for this configuration is shown on the previous page; protocols forthe example are shown on this page.


Example of Redistribution between RIP and IGRPFollowing is an example configuration output for P1R1, an ASBR supporting RIPand IGRP:

��

��

��

��

��

��

P1R1#show runBuilding configuration...

<Output Omitted>!interface Loopback0 no ip address ipx network 1011!interface Ethernet0 ip address 10.14.0.1 255.255.255.0!interface Serial0 ip address 10.1.2.1 255.255.255.0 bandwidth 64 ipx network 1002 no fair-queue!interface Serial1 ip address 10.1.1.1 255.255.255.0 ipx network 1001 clockrate 56000!<Output Omitted>!router rip redistribute igrp 200 metric 3 passive-interface Ethernet0 network 10.0.0.0!router igrp 200 redistribute rip metric 56 2000 255 1 1500 passive-interface Serial0 passive-interface Serial1 network 10.0.0.0!no ip classless!line con 0 exec-timeout 0 0 password cisco loginline aux 0line vty 0 4 exec-timeout 0 0 password cisco login!end

RIP configuration.Redistribute IGRP into RIP using a

IGRP configuration.Redistribute RIP into OSPF using the

��

��

��

��

��

��

seed metric of 3 hops.

listed seed metric.


Example of Redistribution between RIP and OSPFFollowing is an example configuration output for P1R3, an ASBR supporting RIPand OSPF:

P1R3#show run



!

version 11.2

<Output Omitted>

!

interface Loopback0

no ip address

ipx network 1013

!

interface Ethernet0

ip address 10.64.0.1 255.255.255.0

!

interface Serial0

ip address 10.1.3.2 255.255.255.0

bandwidth 64


ipx network 1003

!

interface Serial1

ip address 10.1.2.2 255.255.255.0


ipx network 1002

clockrate 56000

!

<Output Omitted>

!

router ospf 300

redistribute rip subnets

network 10.64.0.0 0.0.255.255 area 0

!

router rip

redistribute ospf 300 metric 3

passive-interface Ethernet0

network 10.0.0.0

!

no ip classless

!

line con 0

exec-timeout 20 0

password cisco

login

line aux 0

line vty 0 4

exec-timeout 0 0

password cisco

login

!

end

OSPF configured.Redistribute RIP routes, includingsubnetted networks.

RIP configured.Redistribute OSPF using a seed metric of 3.


Example of Redistribution between OSPF and IGRPFollowing is an example configuration output for P2R2, an ASBR supportingOSPF and IGRP:


Example of Resolving Suboptimal Path Selection Using Administrative DistanceFollowing is an example configuration output for P1R3 which has been configuredto use the distance command to resolve the suboptimal path selection:

��

��

��

��

��


<Output Omitted>no ip domain-lookupipx routing 0000.0c01.3333ipx maximum-paths 2!interface Loopback0 no ip address ipx network 1013!interface Ethernet0 ip address 10.64.0.1 255.255.255.0!interface Serial0 ip address 10.1.3.2 255.255.255.0 bandwidth 64 ipx input-sap-filter 1000 ipx network 1003!interface Serial1 ip address 10.1.2.2 255.255.255.0 ipx input-sap-filter 1000 ipx network 1002 clockrate 56000!<Output Omitted>!!router ospf 300 redistribute rip subnets network 10.64.0.0 0.0.255.255 area 0!router rip redistribute ospf 300 metric 3 passive-interface Ethernet0 network 10.0.0.0 distance 105 0.0.0.0 255.255.255.255 1!no ip classlessaccess-list 1 permit 10.14.0.0access-list 1 permit 10.1.1.0!line con 0 exec-timeout 20 0 password cisco loginline aux 0line vty 0 4 exec-timeout 0 0 password cisco login!end

Indicates to assign an administrative

��

��

��

��

��

��

�� Access list indicates which

networks to assign thenew administrative distance of 105.

distance of 105 to the RIP-learnedroutes for networks listed in theaccess list. In this way they willbe selected over OSPF-learned routes to these networks. OSPF hasan administrative distance of 110.


Example of Resolving Suboptimal Path Selection Using Administrative Distance(cont.)

Following is the before and after show ip route output results when P1R3 is usingthe distance command:

P1R3#show ip route

<Output Omitted>


O E2 10.14.0.0 [110/20] via 10.64.0.2, 01:31:38, Ethernet0

C 10.1.3.0 is directly connected,Serial0O E2 10.2.1.0 [110/20] via 10.64.0.2, 01:31:39, Ethernet0


O E2 10.1.1.0 [110/20] via 10.64.0.2, 01:31:39, Ethernet0

O E2 10.2.3.0 [110/20] via 10.64.0.2, 01:31:39, Ethernet0


P1R3#

These routes are kept because

RIP-learned routes to same

P1R3#show ip route

<Output Omitted>


R 10.14.0.0 [105/1] via 10.1.2.1, 00:00:00, Serial1


C 10.1.2.0 is directly connected,Seri al1O E2 10.2.2.0 [110/20] via 10.64.0.2, 00:01:36, Ethernet0

R 10.1.1.0 [105/1] via 10.1.3.1, 00:00:11, Serial0

[105/1] via 10.1.2.1, 00:00:00,Seri al1O E2 10.2.3.0 [110/20] via 10.64.0.2, 00:01:36, Ethernet0


P1R3#

Before Administrative Distance Modified

OSPF has a better administrativdistance than RIP. Note thatthey are suboptimal, if traced

After Administrative Distance Modified

following the examplegraphic.

networks are selected becausethe OSPF routes are assigneda higher administrative distancewhen they are learned by OSPF.If the RIP routes were to fail,the OSPF routes would beselected, then used.


Example of Resolving Suboptimal Path Selection Using Route FilteringFollowing is an example configuration output for P1R1 which has been configuredto use the distribute-list command to resolve the suboptimal path selection:

��

��

��

��

��


Current configuration:!version 11.2<Output Omitted>!interface Loopback0 no ip address ipx network 1011!interface Ethernet0 ip address 10.14.0.1 255.255.255.0!interface Serial0 ip address 10.1.2.1 255.255.255.0 bandwidth 64 ipx network 1002 no fair-queue!interface Serial1 ip address 10.1.1.1 255.255.255.0 ipx network 1001 clockrate 56000!<Output Omitted>!router rip redistribute igrp 200 metric 3 passive-interface Ethernet0 network 10.0.0.0!router igrp 200 redistribute rip metric 56 2000 255 1 1500 passive-interface Serial0 passive-interface Serial1 network 10.0.0.0 distribute-list 1 in Ethernet0!no ip classlessaccess-list 1 deny 10.1.3.0access-list 1 deny 10.64.0.0access-list 1 permit any!!line con 0 exec-timeout 0 0 password cisco loginline aux 0line vty 0 4 exec-timeout 0 0 password cisco login!end

Indicates to follow permit and deny��

��

�� Access list indicates which routes to allow or deny by defining

��

��

��

��

��

��

the network addresses. This listindicates to drop routes for networks10.1.3.0 and 10.64.0.0, but permit allother routes.

instructions in access list 1 on inboundIGRP packets received on E0.


Example of Resolving Suboptimal Path Selection Using Route Filtering (cont.)Following is the before and after show ip route output that results when using thedistribute-list command.

P1R1#show iproute<OutputOmitted>

Gateway of last resortis not set

10.0.0.0/24 issubnetted 8 subnetsC 10.14.0.0 is directlyconnected Ethernet0I 10.1.3.0 [100/180771] via 10.14.0.2,00:00:15 Ethernet0I 10.2.1.0 [100/180671] via 10.14.0.2,00:00:15 Ethernet0C 10.1.2.0 is directlyconnected Serial0I 10.2.2.0 [100/180671] via 10.14.0.2,00:00:15 Ethernet0C 10.1.1.0 is directlyconnected Serial1I 10.2.3.0 [100/182671] via 10.14.0.2,00:00:15 Ethernet0I 10.64.0.0 [100/180771] via 10.14.0.2,00:00:15 Ethernet0

These routes are kept because

RIP-learned routes because

P1R1#show iproute<OutputOmitted>

10.0.0.0/24 issubnetted 8 subnetsC 10.14.0.0 is directlyconnected Ethernet0R 10.1.3.0 [120/1] via 10.1.1.2,00:00:16 Serial1 [120/1] via10 1 2 2 00:00:04 Serial0I 10.2.1.0 [100/180671] via 10.14.0.2,00:01:01 Ethernet0C 10.1.2.0 is directlyconnected Serial0I 10.2.2.0 [100/180671] via 10.14.0.2,00:01:01 Ethernet0C 10.1.1.0 is directlyconnected Serial1I 10.2.3.0 [100/182671] via 10.14.0.2,00:01:01 Ethernet0R 10.64.0.0 [120/1] via 10.1.2.2,00:00:04 Serial0

Before Route Filter Is Used

IGRP has a better administrati vdistance than RIP. Note thatthey are suboptimal, if traced

After a Route Fil ter Is Used

following the examplegraphic.

IGRP routes for the samenetworks are filtered.In this case, if the RIProutes failed, the IGRProutes would not be usedbecause the y are filtered.


Supplement C—Examples of One-Way Redistribution ConfigurationThe examples in this section are additional outputs for the network topologydiscussed during the “Redistribution Example Using ip default-network” sectionin Chapter 13.

ASBR Before Redistribution Is ConfiguredFollowing is the configuration of P1R3 before redistribution is configured:

P1R3#show run<Output Omitted>!interface Ethernet0 ip address 172.6.31.5 255.255.255.0!interface Serial0 ip address 10.1.3.2 255.255.255.0 bandwidth 64 ipx input-sap-filter 1000 ipx network 1003!interface Serial1 ip address 10.1.2.2 255.255.255.0 ipx input-sap-filter 1000 ipx network 1002 clockrate 56000!<Output Omitted>!router ospf 200 network 172.6.31.5 0.0.0.0 area 0!router rip network 10.0.0.0!no ip classless<Output Omitted>end

P1R3#

Following is the show output on P1R3 before redistribution is configured:

P1R3#show ip route<Output Omitted>

10.0.0.0/24 is subnetted, 3 subnetsC 10.1.3.0 is directly connected, Serial0C 10.1.2.0 is directly connected, Serial1R 10.1.1.0 [120/1] via 10.1.3.1, 00:00:03, Serial0 [120/1] via 10.1.2.1, 00:00:03, Serial1 172.6.0.0/24 is subnetted, 1 subnetsC 172.6.31.0 is directly connected, Ethernet0

P1R3#show ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface172.6.31.6 1 FULL/DR 00:00:30 172.6.31.6 Ethernet0


P1R3#show ip protocolsRouting Protocol is "rip" Sending updates every 30 seconds, next due in 0 seconds Invalid after 180 seconds, hold down 180, flushed after 240 Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Redistributing: rip Default version control: send version 1, receive any version Interface Send Recv Key-chain BRI0 1 1 2 Serial0 1 1 2 Serial1 1 1 2 Routing for Networks: 10.0.0.0 Routing Information Sources: Gateway Distance Last Update 10.1.2.1 120 00:00:03 10.1.3.1 120 00:00:21 10.64.0.2 120 00:06:43 Distance: (default is 120)

Routing Protocol is "ospf 200" Sending updates every 0 seconds Invalid after 0 seconds, hold down 0, flushed after 0 Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Redistributing: ospf 200 Routing for Networks: 172.6.31.5/32 Routing Information Sources: Gateway Distance Last Update Distance: (default is 110)

P1R3#show ip ospf neighborNeighbor ID Pri State Dead Time AddressInterface172.6.31.6 1 FULL/DR 00:00:37 172.6.31.6Ethernet0P1R3#show ip ospf database



Link ID ADV Router Age Seq# Checksum Linkcount10.64.0.1 10.64.0.1 648 0x80000002 0x7684 110.64.0.2 10.64.0.2 648 0x80000002 0x7483 1172.6.31.5 172.6.31.5 259 0x80000003 0x8645 1172.6.31.6 172.6.31.6 260 0x80000003 0x8444 1


Link ID ADV Router Age Seq# Checksum10.64.0.2 10.64.0.2 648 0x80000001 0x7990172.6.31.6 172.6.31.6 261 0x80000001 0x8B50


ASBR After Redistribution and ip default-network Are ConfiguredFollowing is the configuration for the ASBR with redistribution and ip default-network configured:

P1R3# show run<Output Omitted>!interface Ethernet0 ip address 172.6.31.5 255.255.255.0!interface Serial0 ip address 10.1.3.2 255.255.255.0 bandwidth 64!interface Serial1 ip address 10.1.2.2 255.255.255.0clockrate 56000!<Output Omitted>!router ospf 200 redistribute rip metric 10 subnets network 172.6.31.5 0.0.0.0 area 0!router rip network 10.0.0.0!no ip classlessip default-network 10.0.0.0<Output Omitted>end

Following is the show output for the ASBR with redistribution and ip default-network configured:

P1R3#show ip protocolRouting Protocol is "rip"<Output Omitted> Redistributing: rip Default version control: send version 1, receive any version Interface Send Recv Key-chain BRI0 1 1 2 Serial0 1 1 2 Serial1 1 1 2 Routing for Networks: 10.0.0.0 Routing Information Sources: Gateway Distance Last Update 10.1.2.1 120 00:00:23 10.1.3.1 120 00:00:10 10.64.0.2 120 00:56:28 Distance: (default is 120)

Routing Protocol is "ospf 200"<Output Omitted> Redistributing: rip, ospf 200 Routing for Networks: 172.6.31.5/32 Routing Information Sources: Gateway Distance Last Update 172.6.31.6 110 00:45:28 Distance: (default is 110)

P1R3#


Supplement D—More Redistribution Configuration ExamplesThis supplement presents some more redistribution configuration examples.


IGRP Redistribution ConfigurationExample

router igrp 71 redistribute igrp 109 distribute-list 3 out igrp 109access-list 3 permit 192.168.7.0 0.0.0.255

AS 71 AS 109192.168.7.010.0.0.0

•Redistributes routes from AS 109 into AS 71

Cisco IOS software supports multiple IGRP autonomous systems. Eachautonomous system maintains its own routing database. You can redistributerouting information between these routing databases. The following describessome of commands in the example in the graphic:

Command Description

redistribute igrp109 Redistributes routes from IGRP 109 intoIGRP 71.

distribute-list 3 out igrp 109 Uses access list 3 to define which routeswill be redistributed from IGRP 109 intoIGRP 71.

3 Redistributes per access list 3.

out Applies the access list to outgoing routingupdates.

igrp 109 Identifies the IGRP routing process tofilter.

access-list 3 permit 192.168.7.0 0.0.0.255Permits routes from only network192.168.7.0.

In this example, only routing updates from the 192.168.7.0 network areredistributed into autonomous system 71. Updates from other networks are denied.



RIP/OSPF RedistributionConfiguration Example

��

��

��

RIP

172.16.9.1

172.16.8.1

OSPF Area 0

RIP

RIP

Avoiding Loops

R2"Back door" creates potential loop

router ospf 109 network 172.16.62.0 0.0.0.255 area 0 network 172.16.63.0 0.0.0.255 area 0 redistribute rip subnets metric-type 1 metric 20 distribute-list 11 out rip


R1

R2

R3

In the example in the graphic, there is an additional path connecting the RIP“clouds.” These paths, or “back doors,” frequently exist, allowing the potential forfeedback loops. You can use access lists to determine the routes that are advertisedand accepted by each router.

For example, access list 11 in the configuration file for router R1 allows OSPF toredistribute information learned from RIP only for networks 172.16.8.0 through172.16.15.0. These commands prevent router R1 from advertising networks inother RIP domains onto the OSPF backbone, thereby preventing other boundaryrouters from using false information and forming a loop. You would configuresimilar access lists on R2 and R3.



router rip network 172.16.0.0 redistribute eigrp 300 default-metric 3

router eigrp 300 network 192.168.5.0 redistribute rip default-metric 56 2000 255 1 1500


EIGRP192.168.5.0

RIP 172.16.0.0

Redistribution Example Usingdefault-metric

A

In the example in the graphic, the router is redistributing IP RIP and EnhancedIGRP routes. The 192.168.5.0 network is redistributed to the IP RIP network witha metric of three hops. Enhanced IGRP in autonomous system 300 learns routesfrom IP RIP.

The following describes some of commands in the example in the graphic:

Command Description

redistribute eigrp 300 Enables redistribution of routes learnedfrom Enhanced IGRP autonomoussystem 300 into the IP RIP network.

default-metric 3 Specifies that Enhanced IGRP learnedroutes are three hops away.

redistribute rip Enables redistribution of routes learnedfrom the IP RIP network into EnhancedIGRP autonomous system 300.

default-metric 56 2000 255 1 1500 The RIP-derived network is beingredistributed with the followingEnhanced IGRP metric values:

56 Bandwidth is 56 kilobits per second.

2000 Delay is 2000 tens of microseconds.

255 Reliability is 100 percent (255 of 255).

1 Loading is less than 1 percent (1 of255).

1500 MTU is 1500 bytes.



Redistribution FilteringExample

EIGRP10.0.0.0

EIGRP172.16.0.0

RIP192.168.5.0

router rip network 192.168.5.0 redistribute eigrp 1 default-metric 3 distribute-list 7 out eigrp 1!router eigrp 1 network 172.16.0.0 redistribute rip default-metric 56 2000 255 1 1500!access-list 7 deny 10.0.0.0 0.255.255.255access-list 7 permit 0.0.0.0 255.255.255.255

• Hides network 10.0.0.0 usingredistribution filtering

The following describes some of commands in the redistribution filtering examplein the graphic:

Command Description

redistribute eigrp 1 Enables routes learned from Enhanced IGRPautonomous system 1 to be redistributed intoIP RIP.

default-metric 3 Specifies that all routes learned fromEnhanced IGRP will be advertised by RIP asreachable in three hops.

distribute-list 7 out eigrp 1 Defines that routes defined by access-list 7leaving the Enhanced IGRP process will befiltered prior to being given to the RIPprocess.

This example filters the redistribution of routing updates between the routingprocesses IP RIP and Enhanced IGRP. The distribute-list 7 out eigrp 1 commanduses access-list 7 as the input for the RIP process. This distribute list redistributesall routing information except updates about network 10.0.0.0.



Redistribution Example Using default-metric and Route Filters

RIP

AS 109 192.168.7.0

•Redistributes RIP-based routes into IGRP

router igrp 109 network 192.168.7.0 redistribute rip default-metric 10000 100 255 1 1500 distribute-list 10 out rip


192.168.8.0172.16.0.0

The following describes some of commands in the redistribution example in thegraphic:

Command Description

redistribute rip Redistributes RIP routes.

default-metric Sets the metric for IGRP for all redistributedroutes.

10000 Sets the minimum bandwidth of the route to 10000kbps.

100 Sets the delay to 100 tens of microseconds.

255 Sets the reliability, in this case to the maximum.

1 Sets the loading to 1.

1500 Sets the MTU to 1500 bytes.

distribute-list 10 out rip Uses access list 10 to limit updates going out ofRIP into IGRP.

In this example, RIP routes are given an IGRP metric and advertised into the IGRPautonomous system.

The RIP configuration for this example is shown on the next page.



Redistribution Example Using default-metric and Route Filters (cont.)

router rip network 192.168.8.0 network 172.16.0.0 redistribute igrp 109 default-metric 4 distribute-list 11 out igrp 109access-list 11 permit 192.31.7.0 0.0.0.255

AS 109

192.31.7.0

•Redistributes IGRP routes into RIP network

RIP192.168.8.0172.16.0.0

You can also redistribute IGRP-derived routes into the RIP network. Thefollowing describes some of commands in the redistribution example in thegraphic:

Command Description

redistribute igrp 109 Redistributes IGRP routes.

default-metric 4 Sets the metric for IGRP-derived routes to fourhops.

.

B

Router PasswordRecovery

OverviewThis appendix contains the procedure for password recovery on Cisco routers.

B-2 Building Scalable Cisco Networks Copyright 1999, Cisco Systems, Inc.

Router Password Recovery ProcedureStep 1 Enter ROM Monitor mode: Power cycle the router and within 60 seconds

after the router comes up, press the break key. (On a PC the break keyis probably a combination: <control> <break>).

Step 2 Enter the o or the e/s 2000002 command in order to read theconfiguration registers original value. (The configuration register defaultvalue is 0x2102).

On some routers you must use the confreg utility to read theconfiguration register settings. When you use this utility you won’tactually see the value of the configuration register, but you will see whatsettings are enabled; note what they are.

Step 3 Set bit 6 (along with the original bit settings) in order to ignore NVRAMon boot up, using the o/r command.

For example, if the original configuration register value was 0x2102,then setting bit 6 will give a value of 0x2142 for the configurationregister. In this example, to set the configuration register, use: >o/r0x2142

On some routers you must use the confreg utility to set the configurationregister. In the utility, enter y when asked if you want to enable "ignoresystem config info"? y/n [n]. Keep all other settings the same as younoted in step 2.

Step 4 Initialize and reboot the router, using the i command, or the bootcommand on some routers.

Step 5 When the router boots it will go into setup mode. Answer no to allquestions (just say no!)

Step 6 Once you are back at the router prompt, enter privileged mode:

Router> enable

Step 7 Load the configuration in NVRAM to active memory:

Router# copy startup-config running-config (or Router# configmemory on older versions of the IOS).

Remember that this is a merge, so all interfaces will be shutdown at thispoint because they were shutdown when the router loaded without aconfiguration.

Copyright 1999, Cisco Systems, Inc. Router Password Recovery B-3

Step 8 Enable all interfaces that should be enabled:

hostname#config term

hostname(config)#interface x/y

hostname(config-if)#no shutdown

Step 9 Restore the original configuration register value:


hostname(config)#config-register 0xvalue (for examplehostname(config)#config-register 0x2102)

Step 10 Recover/record lost passwords

hostname#show startup-config (or hostname#show config on olderversions of the IOS).

Or, change passwords (you must use this method if passwords areencrypted):


hostname(config)#enable secret newpassword

hostname(config)#enable password newpassword

hostname(config)#line con 0

hostname(config-line)#login

hostname(config-line)#password newpassword

Step 11 Save your new configuration

hostname# copy running-config startup-config (or hostname#writememory on older versions of the IOS).

.

C

Answers

OverviewThis chapter contains the Answers to Exercises, Review Questions and LabExercises.

Copyright 1999, Cisco Systems, Inc. Answers C-3

Chapter 2 Exercises

Answers To Written Exercise: Overview of Scalable Internetworks


Connectivity restrictions Accessible but secure ■ Dedicated and switchedaccess technologies

■ BGP support

Single paths available to all networks Reliable and available ■ Scalable protocols

■ Dial backup

Too much broadcast traffic Efficient ■ Access lists

■ Scalable protocols

Convergence problems with metric limitations Reliable and available ■ Scalable protocols

Competition for bandwidth Efficient ■ Access lists

■ Compression over WANs

■ Generic Traffic Shaping

Illegal access to services on the internetwork Accessible but secure ■ Access lists (not anend-all solution)

■ Authentication protocols

Single WAN links available to each remote site Responsive ■ Dial backup

Expensive tariffs on WAN links that do not getmuch use

Efficient ■ Switched accesstechnologies

Very large routing tables Efficient ■ Route summarization

■ Incremental updates

Integrate networks using legacy protocols Adaptable ■ Bridging mechanisms


Chapter 3 Exercises

Written Exercise: Comparing Distance Vector Routing ProtocolsObjective: Describe the operating characteristics of different distance vectorrouting protocols.



RIPv1, RIPv2 Has a hop count limitation of 15 hops

RIPv1, IGRP Uses broadcast packets to propagate routing updates

IGRP Has an administrative distance of 100

RIPv1, RIPv2,IGRP, EIGRP


IGRP, EIGRP Uses a composite metric to determine best path

RIPv1, RIPv2 Employs a count to infinity concept to avoid routing loops

IGRP, EIGRP Can select preferred path based upon bandwidth consideration

RIPv2, EIGRP Supports variable length subnet masks (VLSM)

RIPv1 Is supported by all vendors of routing equipment




___T___ Automatic route summarization occurs at major networkboundaries




Written Exercise: Comparing Link State Routing ProtocolsObjective: Describe the operating characteristics of link-state routingprotocols



OSPF, IS-IS,EIGRP


None Uses broadcast packets to propagate topology updates

IS-IS Has an administrative distance of 115

OSPF Supports flooding of updates to avoid routing loops

OSPF, IS-IS Requires a hierarchical design to operate correctly

OSPF. IS-IS,EIGRP


OSPF, EIGRP Can select preferred path based upon bandwidth consideration

OSPF, IS-IS,EIGRP


OSPF Is supported by all vendors of routing equipment

2. Which of the following statements are true for all link-state routing protocols?Indicate your selection by placing a T in the blank area in front of eachstatement.

___T___ Routing updates contain only the affected routes in the routingtable



___T___ Length of the subnet mask is carried in the routing update



Chapter 4 Exercises

Answers To Written Exercise: Calculating VLSMs• For 5 LANs with 25 users each, 3 subnet bits and 5 host bits will be needed,

yielding a maximum of 8 subnets with 30 hosts each. A prefix of /27 willtherefore be used. The available subnets are:

• 192.168.49.0/27

• 192.168.49.32/27

• 192.168.49.64/27

• 192.168.49.96/27

• 192.168.49.128/27

• 192.168.49.160/27

• 192.168.49.192/27

• 192.168.49.224/27

• For the WAN addresses, one of the above subnets that is not used on the LANswould be further subnetted. A prefix of /30 would be used to allow for 2 hostaddresses on each WAN. This would leave 3 bits for additional subnetting,giving 8 subnets for the WANs. For example, if we further subnetted192.168.49.160/27, the available subnets for the WANs are:

• 192.168.49.160/30

• 192.168.49.164/30

• 192.168.49.168/30

• 192.168.49.172/30

• 192.168.49.176/30

• 192.168.49.180/30

• 192.168.49.184/30

• 192.168.49.188/30


Answers To Written Exercises: Using Route Summarization

Exercise 1

Router C RouteTable Entries

Routes That Can Be Advertised to Router D from Router C

172.16.1.192/28 172.16.1.192/27

Summarizes: 172.16.1.192/28, 172.16.1.208/28

172.16.1.208/28

172.16.1.64/28 172.16.1.64/26

Summarizes: 172.16.1.64/28, 172.16.1.80/28, 172.16.1.96/28,172.16.1.112/28

172.16.1.80/28

172.16.1.96/28

172.16.1.112/28

Exercise 2:

Router H Route TableEntries

Routes That Can Be Advertised to Router D fromRouter H

172.16.1.48/28 172.16.1.48/28

172.16.1.128/28 172.16.1.128/26

Summarizes:

172.16.1.128/28, 172.16.1.144/28, 172.16.1.160/28,172.16.1.176/28

172.16.1.144/28

172.16.1.160/28

172.16.1.176/28

Answers to Review Questions1. What are some of the advantages of using a hierarchical IP addressing model?

• Reduced number of routing table entries

• Efficient allocation of addresses

2. Given an address with a prefix of /20, how many additional subnets are gainedwhen subnetting with a prefix of /28?

• 28 = 256 additional subnets are gained

3. When selecting a route, the longest prefix match is used.


Chapter 5 Exercises

Answer to Written Exercises: Comparing Routing Protocols

First Written Exercise1 Destination address

2 Identify neighbors

3 Discover routes

4 Select routes

5 Maintain routing information

Second Written Exercise1 DV (Note: OSPF sends out updates every 30 minutes.)

2 LS

3 DV

4 DV

5 LS

6 LS

7 DV

8 LS


Chapter 6 Exercises

Answer to Written Exercise: OSPF OperationTask: Answer the following questions.


Refer to the list of reasons in the “What Is OSPF?” section.



— If the entry already exists and the received LSU has the sameinformation, it resets the aging timer on the LSA entry and sends anLSAck to the DR. (Recall that the DR is the central point of contactduring the flooding process.)

— If the entry already exists but the LSU includes new information, it sendsa LSR to request all the information about the entry.

— If the entry already exists but the LSU includes older information, itsends an LSU with its information.


— The exchange process is used to get neighboring routers into a Full state.To be initiated, two routers must agree on a master-slave relationship.The process enables them to synchronize their link-state databases usingDDPs. Once in a Full state the exchange process does not get done againunless the Full state is changed to a different state.

— The flooding process is used anytime there is a change in a link-state,such as the link goes down or a new link is added to the network. In thisprocess, all link-state changes are sent in LSU packets to the DR/BDR ofthe area. The DR is then responsible for forwarding the LSUs to all otherrouters in the network.


— Internal router—A router that resides within an area and routes traffic.

— LSU—A link-state update packet. This packet includes updateinformation about link-state advertisements.

— DDP—A database description packet. This packet is used during theexchange protocol and includes summary information about link-stateentries.

— Hello packet—Used during the hello process, includes information thatenables routers to establish themselves as neighbors.



___D area A) The router responsible for route synchronization.

___B Full state B) Indicates routers can route information.

___A DR C) Indicates routers can discover link state information.

___C Exchange state D) A collection of routers and networks.


Non-broadcast

Point-to-Multipoint


Broadcast

Point-to-point


Chapter 7 Exercises

Answers To Written Exercise: OSPF Operation across Multiple AreasDefine hierarchical routing and explain what internetwork problems it solves.

OSPF’s ability to separate a large internetwork into multiple areas is alsoreferred to as hierarchical routing. Hierarchical routing enables you toseparate your large internetwork (autonomous system) into smallerinternetworks that are called areas. The advantages include smaller routingtables, reduced frequency of SPF calculations, and reduced LSU overhead.


If it is an area that is NOT configured for stubby or totally stubby.


All area types are connected to the backbone.


The backbone area must always be area 0.



LSA Type Name Description

1 Router link entry (record)

(O-OSPF)

Generated by each router for each area itbelongs to. It describes the states of therouter’s link to the area. These are onlyflooded within a particular area. The linkstatus and cost are two of the descriptorsprovided.


(O-OSPF)

Generated by DRs in multiaccess networks.They describe the set of routers attached to aparticular network. Flooded within the areathat contains the network only.


(IA-OSPF interarea)

Originated by ABRs. Describes the linksbetween the ABR and the internal routers of alocal area. These entries are floodedthroughout the backbone area to the otherABRs. Type-3 describes routes to networkswithin the local area that are sent to thebackbone area. Type-4 describes routes fromthe ABR to the ASBR. These link entries arenot flooded through totally stubby areas.

5 Autonomous system externallink entry



Originated by the ASBR. Describes routes todestinations external to the autonomoussystem. Flooded throughout an OSPFautonomous system except for stub andtotally stubby areas.


The packet must go through the interarea, through the ABR, through thebackbone area, through the next ABR, and then through the internal routers toits final destination.


When the area is configured for stub or totally stubby.


Chapter 8 Exercises

Answers To Written Exercise: EIGRP Overview1 D

2 E

3 G

4 B

5 A

6 H

7 A

8 C

9 F

10 A


Chapter 9 Exercises

Answers To Written Exercise: BGP Terminology and Operation1. What protocol does BGP us as its transport protocol? What port number does

BGP use?

• BGP uses TCP as its transport protocol; port 179 has been assigned toBGP.

2. Any two routers that have formed a BGP connection are called BGP peers orBGP neighbors.


Internal BGP

• When BGP is running between routers within one AS it is termed internalBGP (IBGP).

External BGP

• When BGP is running between routers in different ASs it is termedexternal BGP (EBGP).

Well-known attributes

• A well-known attribute is one that all BGP implementations mustrecognize. Well-known attributes are propagated to BGP neighbors.

Transitive attributes

• A transitive attribute that is not implemented in a router can be passed toother BGP routers untouched

BGP synchronization

• The BGP synchronization rule states that a BGP router should notadvertise a route to an external neighbor unless that route is local or islearnt from the IGP.

4. For an external update advertised by IBGP, where does the value for the next-hop attribute of an update come from?

• For an external update advertised by IBGP, the value of the next-hopattribute is carried from the EBGP update.

5. Describe the complication that an NBMA network can cause for the next-hopattribute of an update.

• When running BGP over a multi-access network, a BGP router will usethe appropriate address as the next-hop address, to avoid insertingadditional hops into the network. The address used is the router on themulti-access network that advertised the network. On ethernet that routerwill be accessible to all other routers on the ethernet. On NBMA media allrouters on the network may not be accessible to each other, so the next-hop address used may be unreachable.


6. Complete the table to answer the following questions about these BGPattributes:

— Which order are the attributes preferred in (1, 2 or 3)?

— For the attribute, is the highest or lowest value preferred?

— Which other routers if any is the attribute sent to?

Attribute OrderPreferredin

Highest orLowest valuepreferred?

Sent to which otherrouters?

LocalPreference

2 highest Sent to internal BGPneighbors only

MED 3 lowest Sent to external BGPneighbors only

Weight 1 highest Not sent to any BGPneighbors; local to routeronly

7. How is the BGP Router ID chosen?

• The BGP Identifier is an IP address assigned to that router and is determinedon startup. The BGP router ID is chosen the same way that the OSPF router IDis chosen – it is highest active IP address on the router, unless a loopbackinterface with an IP address exists, in which case it is the highest suchloopback IP address.

Answers to Review Questions1. Describe the BGP synchronization rule. What command disables

synchronization?

• BGP synchronization rule: Do not advertise a route to an external neighboruntil a matching route has been learnt from an IGP.

• Use the no synchronization command to disable synchronization.

2. What are the four BGP message types?

• Open

• Keepalive

• Update

• Notification

3. How does BGP-4 support CIDR?

• BGP-4 support for CIDR includes:

• The BGP UPDATE message includes both the prefix and the prefixlength; previous versions only included the prefix, the length wasassumed from the address class.

• Addresses can be aggregated when advertised by a BGP router.


• The AS-path attribute can include AS-SEQUENCEs, which areordered lists, and AS-SETs, which are unordered sets. An AS-SEQUENCE is an ordered mathematical set of the ASs that have beentraversed. The AS_SET is an unordered set of other ASs, not includedin the AS-SEQUENCE, that any of the non-aggregated routes wouldtransverse. The combination of the ASs listed in the both componentsshould be considered to ensure that the route is loop-free.

4. What command is used to activate a BGP session with another router?

• The neighbor remote-as command is used to activate a BGP session withanother router.

5. What command is used to display information about the BGP connections toneighbors?

• The show ip bgp neighbor command is used to display informationabout the BGP connections to neighbors.


Chapter 10 Exercises

Answers To Written Exercise: BGP Route Reflectors and Policy Control1. Describe the BGP split horizon rule.

• The BGP split horizon rule specifies that routes learned via IBGP arenever propagated to other IBGP peers.

2. What effect do route reflectors have on the BGP split horizon rule?

• Route reflectors modify the BGP split horizon rule by allowing the routerconfigured as the route reflector to propagate routes learned by IBGP toother IBGP peers.


• Route reflector:

• A router that is configured to be the router that is allowed to advertise(or reflect) routes that it learnt via IBGP to other IBGP peers.

• Route reflector client:

• A route reflector will have a partial IBGP peering with other routers,which are called clients.

4. Routers configured as route reflectors do not have to be fully meshed withIBGP, true or false? False

5. When a route reflector receives an update from a client, it sends it to

• all non-client peers and to all client peers.

6. What is the command used to configure a router as a BGP route reflector?

• The neighbor route-reflector-client command is used to configure therouter as a BGP route reflector and configure the specified neighbor as itsclient.

7. When an extended access-list is used in a distribute-list, what is the meaningof the parameters of the access-list?

• The syntax of the IP extended access-list is the same as usual, with asource address and wildcard, and a destination address and wildcard.However, the meanings of these parameters are different.

• The source parameters are used to indicate the address of the networkwhose updates are to be permitted or denied. The destination parametersare used to indicate the subnet mask of that network.

• The wildcard parameters indicate, for the network and subnet mask, whichbits are relevant. Network/subnet mask bits corresponding to wildcard bitsset to 1 are ignored during comparisons, and network/subnet mask bitscorresponding to wildcard bits set to 0 are used in comparisons.

8. Describe the advantages of using prefix lists rather than access lists for BGProute filtering.

• The advantages of using prefix lists include:


• A significant performance improvement over access-lists in loadingand route lookup of large lists.

• Support for incremental modifications. Compared to the normalaccess-list where one “no” command will erase the whole access-list, aprefix-list can be modified incrementally.

• More user-friendly command-line interface. The command-lineinterface for using extended access lists to filter BGP updates isdifficult to understand and use.

• Greater flexibility.

9. In a prefix list, what is the sequence number used for?

• The sequence number of the prefix-list statement is used to determine theorder in which the statements are processed when filtering

10. What command is used to clear the hit count of the prefix list entries?

• The clear ip prefix-list name [network/len] command resets the “hitcount” shown on prefix-list entries.

Answers to Review Questions1. What is the command used to configure a router to distribute BGP information

as specified in an access-list?

• The neighbor distribute-list command is used to distribute BGP neighborinformation as specified in an access list.

2. What is a route reflector cluster?

• The combination of the route reflector and its clients is called a cluster.

3. Route maps use match commands to test conditions and set commands tomodify routes.

4. What is the command used to specify that the BGP communities attributeshould be sent to a neighbor?

• The neighbor send-community command is used to specify that the BGPcommunities attribute should be sent to a BGP neighbor.

5. When would peer groups be useful?

• Peer groups are useful to simplify configurations when many neighborshave the same policy. They are also more efficient since updates aregenerated only once per peer group rather than once for each neighbor.

6. What is BGP multi-homing?

• Multi-homing is the term used to describe when an AS is connected tomore than one ISP. This is usually done for two reasons:

• To increase the reliability of the connection to the Internet, so that ifone connection fails another will still be available.

• To increase the performance, so that “better” paths can be used tocertain destinations.

7. What command is used to assign a weight to a neighbor connection?


• The neighbor weight command is used to assign a weight to a neighborconnection.

8. What is the preferred method to use to advertise an aggregated route from anAS into BGP?

• The preferred method to advertise an aggregated route from an AS intoBGP is to use the aggregate-address command. With this command aslong as a more specific route exists in the BGP table, then the aggregategets sent. If the aggregating router looses connection to the networks beingaggregated, then they disappear from the BGP table and hence the BGPaggregate does not get sent.



Answers To Written Exercise: Managing Traffic and AccessAnswers will vary.

Task: In the space below, briefly describe each cause of network congestion.

User services Large volume of traffic at peak times

Multiple large file transfers

Client/server model overwhelms server with multiple,continuous requests

Router updates Periodic advertisements

Broadcast traffic affects all devices on the segment

Exchanging large tables consumes bandwidth

DNS traffic Broadcast traffic affects all devices on the segment

Name server not always local – affects multiplesegments

Name cache entries short-lived – lookup must berepeated

Novell SAP broadcasts Service advertisements are overhead

Periodic announcements even if no changes

Broadcast traffic affects all devices on the segment

Objective: List solutions for controlling network congestion.

Task: List five ways to control network congestion:

1.____Filter user application traffic___

2. ____Filter unnecessary broadcast-based traffic__

3. ____Lengthen periodic announcement interval_____

4. ____Reduce routing update size__

5.____Eliminate need for dynamic learning___

Note: Answers will vary for these exercises.



Answers To Written Exercise: Configuring IP Access Lists

Written Exercise: IP Extended Access ListsObjective: Configure IP extended access lists., y , www.cisco.comCreate an access list and place it in the proper location to satisfy the followingrequirements:

■ Prevents all hosts on subnet 172.16.1.0/24 except host 172.16.1.3 fromaccessing the Web server on subnet 172.16.4.0

■ Prevents the outside world from ping’ing subnet 172.16.4.0

■ Allows all other hosts on all other subnets of network 172.16.0.0 (subnet mask255.255.0.0) to send queries to the DNS server on subnet 172.16.4.0

■ Prevents only host 172.16.3.3 from accessing subnet 172.16.4.0

Write your configuration in the space below. Be sure to include the router name (Aor B), interface name (E0, E1, or E2), and access list direction (in or out).

access-list 104 ip permit host 172.16.3.3 172.16.4.0 0.0.0.255

access-list 104 tcp permit 172.16.1.3 0.0.0.0 172.16.4.4 0 0.0.0 eq 80

access-list 104 tcp deny 172.16.1.0 0.0.0.255 host 172.16.4.4 eq 80

access-list 104 udp permit 172.16.0.0 0.0.255.255 host 172.16.4.4 eq 53

access-list 104 icmp permit 172.16.0.0 0.0.255.255 172.16.4.0 0.0.0.255

interface e2

ip access-group 104 out


Written Exercise: Alternative to Access ListsObjective: Configure an alternative to using access lists.

Write the configuration statement in the box above that sends all traffic bound for192.168.2.0 to the null interface.

ip route 192.168.2.0 255.255.255.0 null0



Answers To Written Exercise: Redistribution and Controlling RoutingUpdate Traffic

1 List three reasons why you may use multiple routing protocols in a network.

• Some reasons why you may need multiple protocols are as follows:

• When you are migrating from an older IGP to a new IGP, multipleredistribution boundaries may exist until the new protocol hasdisplaced the old protocol completely. Dual existence of protocols iseffectively the same as a long-term coexistence design.

• When you want to use another protocol but need to keep the oldprotocol due to the needs of host systems.

• Different departments might not want to upgrade their routers or theymight not implement a sufficiently strict filtering policy. In thesecases you can protect yourself by terminating the other routingprotocol on one of your routers.

• If you have a mixed router vendor environment, you can use a Cisco-specific protocol in the Cisco portion of the network and then use acommon protocol to communicate with non-Cisco devices.

2 What two parameters are used by routers to select the best path when theylearn two or more routes to the same destination from different routingprotocols?

• In order for routers to select the best path when they learn two or moreroutes to the same destination from different routing protocols, Cisco usestwo parameters:

• Administrative distance—Administrative distance is used to rate thebelievability of a routing protocol. Each routing protocol is prioritizedin order of most to least believable (reliable) using a value calledadministrative distance. This criterion is the first a router uses todetermine which routing protocol to believe if more than one protocolprovides route information for the same destination.

• A routing metric—The metric is a value representing the path betweenthe local router and the destination network. The metric is usually ahop or cost value, depending on the protocol being used.

3 What are the components of the EIGRP routing metric?

• The components of the EIGRP routing metric are:

bandwidth Minimum bandwidth of the route in kilobits persecond.

delay Route delay in tens of microseconds.

reliability Likelihood of successful packet transmissionexpressed in a number from 0 to 255, where 255means the route is 100% reliable.


loading Effective loading of the route expressed in anumber from 1 to 255, where 255 means theroute is 100% loaded.

mtu Maximum transmission unit (MTU)—themaximum packet size along the route in bytes,an integer greater than or equal to 1.

4 Consider that you have a dialup WAN connection between site A and site B.What can you do to prevent excess routing update traffic from crossing thelink, but still have the boundary routers know the networks that are at theremote sites?

• Use static routes, possibly in combination with passive interfaces.

5 What command is used to cause RIP to source a default route?

• When running RIP, you can create the default route by using the ipdefault-network command. If the router has a directly connectedinterface onto the network specified in the ip default-network command,RIP will generate (or source) a default route to its RIP neighbor routers.

6 If there is no filter associated with an interface, what happens to packetsdestined for that interface?

• If a filter is not associated with the interface, the packets are processednormally.

7 What command can be used to discover the path that a packet takes through anetwork?

• To discover the routes a packet follows when traveling to its destinationfrom a router, use the trace privileged EXEC command.

8 How can a routing loop result in a network that has redundant paths betweentwo routing processes?

• Depending on how you employ redistribution, routers can send routinginformation received from one autonomous system back into that sameautonomous system. The feedback is similar to the routing loop problemthat occurs in distance vector technologies.

Answers To Review Questions1. What is redistribution?

• Cisco routers allow internetworks using different routing protocols(referred to as autonomous systems) to exchange routing informationthrough a feature called route redistribution. Redistribution is defined asthe ability for boundary routers connecting different autonomous systemsto exchange and advertise routing information received from oneautonomous system to the other autonomous system.

2. What is the default administrative distance for IGRP? For RIP? For OSPF?

• The default administrative distance for IGRP is 100.

• The default administrative distance for RIP is 120.

• The default administrative distance for OSPF is 110.


3. When configuring a default metric for redistributed routes, the metric shouldbe set to a value larger than the largest metric within the AS.

4. What command is used for policy-based routing to establish criteria based onthe packet length?

• The match length command can be used to establish criteria based on thepacket length, between specified minimum and maximum values.

5. What command is used to configure filtering of the routing update traffic froman interface? What command mode is this command entered in?

• To assign an access list to filter outgoing routing updates, use thedistribute-list access-list-number | name out interface-name command.This command is entered in Router(config-router)# command mode

6. What does the following command do?

distance 150 0.0.0.0 255.255.255.255 3

• The distance 150 0.0.0.0 255.255.255.255 3 command is used to changethe default administrative distance of routes, from specific sourceaddresses, that are permitted by an access-list. The parameters mean:

150 Defines the administrative distance thatspecified routes will be assigned.

0.0.0.0 255.255.255.255 Defines the source address of the routersupplying the routing information, in this caseany router.

3 Defines the access-list to be used to filterincoming routing updates to determine whichwill have their administrative distancechanged.

Routes matching access-list 3, from any router, will be assigned anadministrative distance of 150.

7. What are the benefits of policy-based routing?

• The benefits that can be achieved by implementing policy-based routing inthe networks include:

• Source-Based Transit Provider Selection

• Quality of Service (QoS)

• Cost Savings

• Load Sharing

8. Policy-based routing is applied to incoming packets?



Written Exercise: Using Scalable Strategies1. Name the two major functions performed by routers.

• Routers perform both a routing and a switching function.

2. What are the benefits of VLSMs?

• The benefits of VLSMs include:

• Even more efficient use of IP addresses

• Greater capability to use route summarization

3. If the subnet 172.17.2.32/28 was further subnetted with a /30 prefix, howmany more subnets would be created? How many hosts would be available oneach of these new subnets?

• The additional 2 subnet bits would create 22 = 4 more subnets. Therewould be 22 – 2 = 2 hosts available on each of these subnets.

4. Define the following terms:

• IGP —Interior gateway protocol—A routing protocol used to exchangerouting information within an autonomous system. RIP, IGRP, OSPF andEIGRP are examples of IGPs.

• EGP—Exterior gateway protocols—A routing protocol used to connectbetween autonomous systems. Border Gateway Protocol (BGP) is anexample of an EGP.

• Autonomous System (AS):

• BGP Autonomous System —A set of routers under a single technicaladministration, using an interior gateway protocol and commonmetrics to route packets within the AS, and using an exterior gatewayprotocol to route packets to other ASs.

• Another definition of autonomous system— internetworks usingdifferent routing protocols.

• Redistribution—The ability for boundary routers connecting differentautonomous systems to exchange and advertise routing informationreceived from one autonomous system to the other autonomous system.

5. Describe some of the characteristics of BGP.

• BGP is a distance vector protocol, but is has many differences to the likesof RIP:

• BGP uses TCP as its transport protocol, which provides connection-oriented reliable delivery. In this way, BGP assumes that itscommunication is reliable and therefore it doesn’t have to implementany retransmission or error recovery mechanisms. BGP uses TCP port179. Two routers speaking BGP form a TCP connection with oneanother and exchange messages to open and confirm the connectionparameters. These two routers are called peer routers or neighbors.


• Once the connection is made, full routing tables are exchanged.However since the connection is reliable, BGP routers need only sendchanges (incremental updates) after that. Periodic routing updates arealso not required on a reliable link, so triggered updates are used. BGPsends “keepalive” messages, similar to the “hello” messages sent byOSPF and EIGRP.

• BGP routers exchange network reachability information, called pathvectors, made up of path attributes, including a list of the full path (ofBGP AS numbers) that a route should take in order to reach adestination network. This path information is used in constructing agraph of ASs that is loop free and where routing policies can beapplied in order to enforce some restrictions on the routing behavior.The path is loop free because a router running BGP will not accept arouting update that already includes it’s AS number in the path list,since this would mean that the update has already passed through itsAS, and accepting it again would result in a routing loop.

6. Describe some of the ways in which access-lists can be used.

• Access lists can be used in many ways, including:

• To permit or deny packets from crossing specified router interfaces.

• To permit or deny virtual terminal (vty) access to and from a router.

• To establish a finer granularity of control when differentiating trafficinto priority and custom queues.

• To identify “interesting” traffic that serves to trigger dialing in dial-on-demand routing (DDR).

• To filter and alter attributes within a routing update.

7. Policy-based routing is applied to incoming packets on an interface.

Answers to Review Questions1. What distinguishes classful routing protocols from classless routing protocols?

• Classful routing protocol characteristics:

• Periodic routing advertisements.

• Subnet masks are not advertised.

• Exchange routes to all subnetworks within the same network.

• The receiving device must know the mask associated with anyadvertised subnets, therefore all of the subnetworks in the majornetwork must have the same routing mask.

• The subnetwork information from foreign networks (networks whosenetwork portion does not match ours), must be summarized to aclassful boundary using a default routing mask prior to inclusion in therouting update.

• The creation of a classful summary route at major network boundariesis handled automatically by classful routing protocols. Summarization


at other points within the major network address is not allowed byclassful routing protocols.

• Classless routing protocol characteristics:

• Once the initial topology learning phase is complete, updates aboutnetwork routes are triggered by changes in topology. The event-drivenapproach reduces the periodic bandwidth consumption associated withfull table updates.

• Advertises the subnet mask for each route.

• The summarization process is manually controlled and can be invokedat any point within the network. Since subnet routes are propagatedthroughout the routing domain, summarization is required to keep thesize of the routing tables at a manageable size.

2. A router has the networks 192.168.160.0/24 through 192.168.175.0/24 in itsrouting table. How could it summarize these networks into one route?

• The addresses in binary are:

192.168.160.0/24 11000000 10101000 10100000 00000000

192.168.161.0/24 11000000 10101000 10100001 00000000

192.168.162.0/24 11000000 10101000 10100010 00000000

192.168.163.0/24 11000000 10101000 10100011 00000000

192.168.164.0/24 11000000 10101000 10100100 00000000

192.168.165.0/24 11000000 10101000 10100101 00000000

192.168.166.0/24 11000000 10101000 10100110 00000000

192.168.167.0/24 11000000 10101000 10100111 00000000

192.168.168.0/24 11000000 10101000 10101000 00000000

192.168.169.0/24 11000000 10101000 10101001 00000000

192.168.170.0/24 11000000 10101000 10101010 00000000

192.168.171.0/24 11000000 10101000 10101011 00000000

192.168.172.0/24 11000000 10101000 10101100 00000000

192.168.173.0/24 11000000 10101000 10101101 00000000

192.168.174.0/24 11000000 10101000 10101110 00000000

192.168.175.0/24 11000000 10101000 10101111 00000000

• To determine the summary route, the router determines the number ofhighest-order number of bits that match in all of the addresses. Referringto the list of IP addresses above, 20 bits match in all of the addresses.Therefore the best summary route is 192.168.160.0/20.

3. In the BGP selection process, which attribute is checked first, AS-path, weight,or local preference?

• In the BGP selection process the weight is the first attribute checked, ofthe three listed.


Appendix A Exercises

Extending IP Addressing Written Exercise: Calculating Subnet Masks1 You need to design an IP network for your organization. Your organization’s

IP address is 172.16.0.0. Your assessment indicates that the organizationneeds at least 130 networks of no more than 100 nodes in each network. As aresult, you have decided to use a classful subnetting scheme based on the172.16.0.0/24 scheme. In the space below write any four IP host addressesthat are part of the range of subnetwork numbers. Also, write the subnetaddress and subnet mask for these addresses. One address is provided as anexample.

172.16.1.1/24 172.16.1.0 255.255.255.0

172.16.2.9/24 172.16.2.0 255.255.255.0172.16.3.11/24 172.16.3.0 255.255.255.0172.16.4.12/24 172.16.4.0 255.255.255.0172.16.255.2/24 172.16.255.0 255.255.255.0

2 Your network has the address 172.16.168.0/21. Write eight IP host addressesin this network:

172.16.168.1 172.16.168.2172.16.168.255 172.16.169.0172.16.169.1 172.16.169.2172.16.175.253 172.16.175.254

3 Write the four IP addresses in the range described by the 192.168.99.16/30address:

192.168.99.16192.168.99.17192.168.99.18192.168.99.19

4 Of these four host addresses, which two could you use as hosts addresses in apoint-to-point connection?

• 192.168.99.17 and 192.168.99.18

building scalable cisco networks introduction (bscn) - …docstore.mik.ua/cisco/pdf/bscn.pdf ·...

Documents