BSCI v2.0 (642-801)

Table of Contents The Basics........................................................................................................................................................................ 4

Request for Comments (RFC) ....................................................................................................................................... 4 Cisco Hierarchical Internetworking Model ..................................................................................................................... 4

OSI Protocols ............................................................................................................................................................. 5 Routing ............................................................................................................................................................................. 5

Internet Protocol (IP) Addressing................................................................................................................................... 5 Classfull Addressing................................................................................................................................................... 6 Classless Addressing ................................................................................................................................................. 6 Connection and Non-Connection Protocols ............................................................................................................... 6 IP Helper Addresses .................................................................................................................................................. 7 Passive-Interface........................................................................................................................................................ 7

Network Address Translation (NAT) .............................................................................................................................. 7 RED and WRED ............................................................................................................................................................ 9 Internet Protocol Version 6 (IPv6).................................................................................................................................. 9 Routing Protocol Concepts .......................................................................................................................................... 10

Distance-Vector Routing Protocols .......................................................................................................................... 10 Link State Routing Protocols.................................................................................................................................... 10

Routing Protocol Types................................................................................................................................................ 11 Open Shortest Path First (OSPF) ................................................................................................................................ 12

OSPF Area Types .................................................................................................................................................... 12 Area 0 ....................................................................................................................................................................... 12 Stub and Totally Stubby Area .................................................................................................................................. 13 Router Types............................................................................................................................................................ 13 LSA Types................................................................................................................................................................ 14 Quick Review ........................................................................................................................................................... 14 Route Table Updates ............................................................................................................................................... 14 Traffic Types............................................................................................................................................................. 14 Network Types ......................................................................................................................................................... 15 Broadcast MultiAccess Networks............................................................................................................................. 15 OSPF Operations ..................................................................................................................................................... 15 OSPF Startup ........................................................................................................................................................... 16 Special Media........................................................................................................................................................... 16 Virtual Links.............................................................................................................................................................. 16 OSPF and Redistribution.......................................................................................................................................... 17 OSPF Commands (Single Area) Setup.................................................................................................................... 17

BSCI v2.0 (642-801)

OSPF Multiple-Areas Configuration Commands Enable OSPF on the Router ....................................................... 17 OSPF Multiple-Areas Configuration Commands Enable OSPF on the Router ....................................................... 18 Commands for Stub Area Configuration .................................................................................................................. 18 Commands for Route Summarization on OSPF ...................................................................................................... 18 Commands for Troubleshooting OSPF.................................................................................................................... 18

Intermediate System-to-Intermediate System (IS-IS).................................................................................................. 19 OSI CLNP................................................................................................................................................................. 20 Hello ......................................................................................................................................................................... 20 Metrics ...................................................................................................................................................................... 21 Basic Operation........................................................................................................................................................ 21 Useful IS-IS Terms to Understand ........................................................................................................................... 21 IS-IS on NBMA ......................................................................................................................................................... 22 Areas and the Domain.............................................................................................................................................. 22 Router Types............................................................................................................................................................ 22 Addressing ............................................................................................................................................................... 23 Security..................................................................................................................................................................... 23 Other Resources ...................................................................................................................................................... 24

Enhanced Interior Gateway Routing Protocol (EIGRP)............................................................................................... 24 DUAL (Diffusing Update Algorithm) ......................................................................................................................... 24 Choosing Routes...................................................................................................................................................... 24 Protocol Dependence............................................................................................................................................... 25 Tables....................................................................................................................................................................... 25 Hello Packets and the EIGRP Discovery Process ................................................................................................... 25 Route Tagging.......................................................................................................................................................... 25 Load Balancing......................................................................................................................................................... 26 Route Age ................................................................................................................................................................ 26 EIGRP Packet Types ............................................................................................................................................... 27 FD, RD, FC, FS and Successors ............................................................................................................................. 27 EIGRP and Dropped Links....................................................................................................................................... 27 EIGRP and NBMA.................................................................................................................................................... 28 Hub and Spoke......................................................................................................................................................... 28 Stuck-in-Active ......................................................................................................................................................... 28 EIGRP Configuration................................................................................................................................................ 29 Route Summarization for EIGRP ............................................................................................................................. 29 Verifying Operations................................................................................................................................................. 30

Border Gateway Protocol (BGP).................................................................................................................................. 30 CIDR......................................................................................................................................................................... 31

BSCI v2.0 (642-801)

AS Numbers ............................................................................................................................................................. 31 Synchronization/Full Mesh ....................................................................................................................................... 31 Summarization ......................................................................................................................................................... 32 Peering ..................................................................................................................................................................... 32 BGP Attributes.......................................................................................................................................................... 32 BGP Path Selection.................................................................................................................................................. 33 Scalability Problems (and Solutions) with iBGP....................................................................................................... 34 Next-Hop-Self Command ......................................................................................................................................... 34 Filtering BGP Updates.............................................................................................................................................. 35 Policy Routing .......................................................................................................................................................... 35 Route Dampening .................................................................................................................................................... 35 Route Distribution..................................................................................................................................................... 35 Multi-Homing BGP.................................................................................................................................................... 36 BACKDOOR configurations ..................................................................................................................................... 36 Basic Configuration .................................................................................................................................................. 36 Summary Routes...................................................................................................................................................... 36 Statistic Commands ................................................................................................................................................. 37 Verifying Operations................................................................................................................................................. 37

Redistribution ................................................................................................................................................................ 37 Excellent CCO Links: ............................................................................................................................................... 37 Static Routing and Connected Ports ........................................................................................................................ 38 IGRP and EIGRP ..................................................................................................................................................... 38 OSPF........................................................................................................................................................................ 39 BGP.......................................................................................................................................................................... 40

Policy-Based Routing (PBR) ........................................................................................................................................ 40 Configuration commands for PBR............................................................................................................................ 41

BSCI v2.0 (642-801)

The Basics Request for Comments (RFC) RFCs are a series of numbered Internet informational documents and standards widely followed by commercial software and freeware in the Internet and UNIX communities. They are unusual in that they are floated by technical experts acting on their own initiative and reviewed by the Internet at large, rather than formally promulgated through an institution or standards setting organizations. For this reason, they remain known as RFCs, even once they have been adopted as official standards.

The RFC tradition of pragmatic, experience-driven, after-the-fact standards writing, done by individuals or small working groups has important advantages over the more formal, committee-driven process typical of ANSI or ISO. RFCs usually manage to avoid either the ambiguity often found in informal specifications, and the committee-perpetrated meaningless drivel that often haunts formal standards; and they define a network that has grown to truly worldwide proportions.

If you really want to understand the history and mechanics of modern networking protocols, you should read the RFCs that define them. Especially important RFCs to know for this exam include:

RFC 2328 – OSPF

http://www.ietf.org/rfc/rfc2328.txt?number=2328

RFC 1142 – IS-IS

http://www.ietf.org/rfc/rfc2328.txt?number=2328

RFC 1771 – BGPv4

http://www.ietf.org/rfc/rfc1771.txt?number=1771

RFC 2460 – IPv6

http://www.ietf.org/rfc/rfc2460.txt?number=2460

As an amusing aside, you might be interested to know that there exists a flourishing tradition of "joke" RFCs (generally one a year, usually on April 1st). These include:

RFC 527 (ARPAWOCKY) - A sham technical document, written in the style of Lewis Carroll.

RFC 748 (Telnet Randomly-Lose Option) - A parody of the TCP/IP documentation style.

RFC 1149 (A Standard for the Transmission of IP Datagrams on Avian Carriers) - A deadpan skewering of standards-document legalese, describing protocols for transmitting Internet data packets by carrier pigeon.

Remember that few RFCs are standards, but all Internet standards are recorded in RFCs.

This link is the starting point for RFC searches:

http://www.ietf.org/rfc.html

Cisco Hierarchical Internetworking Model The Hierarchical model is the basis of most Cisco network designs. There are three levels, each with its own emphasis:

Access – The point at which users join the network.

Distribution – The control layer, which includes the aggregation of traffic, access lists, compression, encryption and other services that provide the glue between Access and Core layers.

BSCI v2.0 (642-801)

Core – Concentrates all traffic traversing the network.

OSI Protocols Created by the International Organization for Standardization (ISO) to develop standards for data networking, the Open System Interconnection (OSI) protocols represent an international standardization program that facilitates multi-vendor equipment interoperability. In an OSI network there are four significant architectural entities: hosts, areas, a backbone, and a domain.

Host – Any non-routing host or node.

Area – A logical entity formed by a set of contiguous routers and the data links that connect them.

Backbone - Many routing protocols use a hierarchical design that defines separate areas, connected through a shared area, which forms a backbone.

Domain - Any portion of an OSI network that is under common administrative authority.

Routing Internet Protocol (IP) Addressing IP is a layer-3 routed protocol with two primary responsibilities: providing connectionless, best-effort delivery of datagrams; and providing fragmentation and reassembly of datagrams to support data links with different maximum-transmission unit (MTU) sizes.

Addresses (IPv4) are 32 bits long, with the most significant bits specifying the network, as determined by a subnet mask. This subnet is either derived from the first few bits of the address, or specified directly, depending on if you are using classful (conforming to major address boundaries) or classless (further subnetting classful addresses) addressing. IP addresses are written in dotted-decimal format, with each set of eight bits separated by a period. The minimum and maximum packet headers for IP are 20 and 24 bytes, respectively with the actual length depending on the application in use. Here is an excellent description of the primary fields:

http://www.erg.abdn.ac.uk/users/gorry/course/inet-pages/ip-packet.html

Here are the basic facts about the different classes of IP addresses:

IP Address Class

Purpose High-Order Bit(s)

Default Subnet Mask

Address Range

A Few large organizations

0 255.0.0.0 1.0.0.0 to 126.0.0.0

B Medium-size organizations

10 255.255.0.0 128.1.0.0 to 191.254.0.0

C Relatively small organizations

110 255.255.255.0 192.0.1.0 to 223.255.254.0

D Multicast groups (RFC 1112)

1110 N/A 224.0.0.0 to 239.255.255.255

BSCI v2.0 (642-801)

E Experimental 1111 N/A 240.0.0.0 to 254.255.255.255

Remember that the default Subnet Mask is just that, a default; it can be adjusted as necessary (depending on the routing protocol) by the network designer.

Classfull Addressing This addressing scheme is commonly used where the subnet mask reflects the number of bits used to calculate the default gateway (e.g., Class A 10.0.0.0 mask 255.X.0.0, Class B 172.0.0.0 mask 255.255.0.0, Class C 192.0.0.0 mask 255.255.255.0). RIPv1 and IGRP can only be used with a classfull addressing scheme.

Classless Addressing CIDR - Classless Inter-Domain Routing - is used to conserve and use address space effectively (see VLSM). It is required for route summarization to work correctly. Careful planning and implementation are both required. An easy way to identify a classless address is to look at the subnet mask. You will commonly see a Class A address with a Class B or C subnet mask. Some protocols require additional configuration to support discontiguous subnets. Link state protocols support classless addressing. RIP version 1 and IGRP do not, because they do not pass subnet information.

Connection and Non-Connection Protocols A connection-oriented data transfer works like a telephone call in that the caller initiates a connection, confirms that the connection is made, and terminates the session when the data exchange is complete.

A connection-oriented protocol will have a method for establishing a connection, providing flow and error control, and then providing session termination.

When troubleshooting connection-oriented protocols, check to see if there are multiple retransmissions of segments of data. If so, you should determine why upper layer protocols are requesting them and verify that sequence numbers, acknowledgements, window sizes, and other connection-oriented parameters are appropriate and being incremented or managed correctly.

BSCI v2.0 (642-801)

Connectionless protocols forward data without prior coordination, and with no guarantee that it will reach its destination. A higher-layer application reassembles the packets in proper order, and requests the retransmission of any missing packets, if it is needed. Some applications and protocols don’t care about packet lost. An example for such protocol is Real Time Protocol (RTP), responsible for video and voice transportation.

When troubleshooting connectionless protocol data transfer problems you should look to see problems where errors in the data are not being reported back to the sender, where data is not being acknowledged, or where data does not arrive in order.

IP Helper Addresses By default routers don’t forward broadcast packets. The “ip helper” command is used to forward User Datagram Protocol (UDP) broadcasts, including BOOTP packets, received on an interface. Since DHCP protocol information is carried inside BOOTP packets, it is also supported. The “ip helper” command allows you to control which broadcast packets a router forwards. The helper address is configured on the interface from which the BOOTP request is going to be received, and references the final destination of the request packet.

The IP-HELPER command should be entered on the same interface that the BOOTP frame is received. It is converted to a unicast message and forwarded to the specified destination. Here is a sample configuration:

ip helper-address X.X.X.X (where X.X.X.X is the destination IP)

Passive-Interface When enabled on an interface, the PASSIVE-INTERFACE router command allows the interface to receive routing updates, but does not allow it to forward routes out of the interface.

You should know that the passive interface feature behaves differently with different protocols. For most protocols, passive interface stops the router from sending updates to a particular neighbor, but continues to listen and use routing updates from that neighbor. However, on EIGRP and OSPF, passive interface causes the router to stop sending and receiving hello packets, preventing the forming of peers.

The passive-interface command is applied at the global level and allows the specified interface to hear routing updates, but not repeat them. This is used to control the propagation of routing updates.

Here is a sample configuration:

RouterA(config)# router rip

RouterA(config-router)# passive-interface serial 0

Network Address Translation (NAT) NAT operates on a router connecting two networks with different addressing schemes together. The translation operates in conjunction with routing; internal and external address numbers are associated in pairs and translated by the NATing device. Overloading is using port numbers to allow multiple external addresses to share a smaller number of internal addresses.

The most common use of NAT is to provide Internet connectivity to internal networks that use private addressing. It is also commonly used when an organization uses different addressing schemes internally, perhaps during an upgrade or when one company acquires another and the networks must be merged.

These are the different types of addresses used by Network Address Translation (NAT):

Inside local address - Addresses assigned for use on the local network. These will usually be taken from the private address pools. These are the normal inside addresses.

BSCI v2.0 (642-801)

Inside global address - A legitimate IP address that represents one or more inside local IP addresses to the outside world. This would be the “real” address that gets translated into one or more outside Local Addresses.

Outside local address - The IP address of an outside host as it appears to the inside network. Not necessarily a legitimate address, it was allocated from an address space routable on the inside. This is the inside network address that corresponds to the “real” address present to the outside world. Using overloading, many outside local addresses can be combined in a smaller number of inside global addresses.

Outside global address - A legitimate IP address assigned to a host on the outside network by the host's owner. This is the address that will be allocated from a globally routable address or network space.

To provide an example of Network Address Translation, I’ve posted a partial router where R1 is pinged by R3 through a NATed address on R2. Please see the details below:

Figure 1 – Network Diagram

R2#show run

!

interface Ethernet0

ip address 192.168.12.2 255.255.255.0

no ip directed-broadcast

ip nat inside

!

interface Serial0

ip address 172.16.23.2 255.255.255.0

no ip directed-broadcast

ip nat outside

no ip mroute-cache

!

ip nat inside source static 192.168.12.1 172.16.23.1

BSCI v2.0 (642-801)

RED and WRED Random Early Detection (RED) is a congestion avoidance mechanism that takes advantage of TCP’s tail drop congestion control mechanism. By randomly dropping packets prior to periods of high congestion, RED tells the packet source to decrease its transmission rate. Assuming the packet source is using TCP, it will decrease its transmission rate until all the packets reach their destination, indicating that the congestion is cleared.

Tail drop treats all traffic equally and does not differentiate between classes of service. When the output queue is full and tail drop is in effect, packets are dropped until the congestion is eliminated and the queue is no longer full.

A variation on RED is Weighted RED (WRED), which drops packets selectively based on IP precedence. Packets with a higher IP precedence are less likely to be dropped than packets with a lower precedence. Thus, higher priority traffic is delivered with a higher probability than lower priority traffic.

Underlying the RED mechanism is the premise that most traffic runs on data transport implementations which are sensitive to loss and will temporarily slow down when some of their traffic is dropped. TCP, which responds appropriately (even robustly) to a traffic drop by slowing down its traffic transmission, effectively allows RED's traffic-drop behavior to work as a congestion-avoidance signaling mechanism.

Don’t be overly concerned with the differences between RED and WRED. WRED is simply RED with the added features of IP precedence and QoS. If all your traffic is at the same precedence level, you have RED; otherwise the precedence level signals to WRED the different priorities of traffic, which then allows WRED to drop lower priority traffic before higher priority traffic.

Internet Protocol Version 6 (IPv6) IPv6 offers several enhancements to the IPv4 standard, including greatly expanded addressing space and new partial broadcast options, like Anycast. The addressing will move from the current 32 bits to 128, and the addresses are presented in Hex rather than decimal. IP Version 6 allows many more addresses (more than 3.4×1038 possible addresses) compared to IPv4. With so available addresses, address conservation techniques, such as NAT, are no longer necessary.

The Anycast function is one of the new features of IPv6. Anycast can be understood best by comparing with Unicast and Multicast. IP Unicast allows a source node to transmit IP datagrams to a single destination node. The destination node is identified by a Unicast address. IP multicast allows a source node to transmit IP datagrams to a group of destination nodes. A multicast group identifies the destination nodes, and we use a multicast address to identify the multicast group.

IP Anycast allows a source node to transmit IP datagrams to a single destination node, out of a group of destination nodes; meaning the datagram will reach the closest destination node in the set of destination nodes, based on routing measure of distance. The source node need not even know about how to pick the closest destination node, as the routing system will figure this out (a nice way of saying that the source node has no control over the selection). The set of destination nodes is identified by an Anycast address.

IPv6 address types are distinguished by the value of the high-order octet of the addresses: a value of 0xFF (binary 11111111) identifies an address as a multicast address; 0x00 indicates loopback or unassigned addresses; any other value identifies an address as a Unicast address. Anycast addresses are taken from the Unicast address space, and are not syntactically distinguishable from Unicast addresses. IPv6 addresses can be written in a compressed format by using a double colon to summarize at least one octet of continuous zeros.

Valid IPv6 Unicast or Anycast addresses:

1080:0:0:0:8:800:200C:417A

1080::8:800:200C:417A

Valid IPv6 Multicast addresses:

FF01:0:0:0:0:0:0:101

FF01::101

BSCI v2.0 (642-801)

Valid IPv6 Lookback addresses

0:0:0:0:0:0:0:1

::1

This address is equivalent to the IPv4 loopback address of 127.0.0.1.

Valid IPv6 Unspecified addresses

0:0:0:0:0:0:0:0

::

This address is equivalent to the IPv4 unspecified address of 0.0.0.0.

Routing Protocol Concepts Routing protocols provide dynamic network information to the routers that are part of the domain, and represent one of the most important areas for a network engineer to master.

Distance-Vector Routing Protocols These protocols are designed to periodically pass the full contents of their routing tables to all of their immediate neighbors (usually every 30 to 90 seconds). Each recipient then increments the values and updates its routing table to send out in the next update. Once this information has made the rounds, each router will have built a routing table with information about the "distances" to networked resources without learning anything specific about the other routers, or about the network's actual topology.

The primary benefits of these protocols are how easy they are to configure and maintain. The problems associated with them include slow convergence, routing loops, counting to infinity problems, and excessive bandwidth utilization from the size and repetition of the updates.

Routing Information Protocol (RIP) and Interior Gateway Routing Protocol (IGRP) are the primary examples of Distance-Vector routing protocols.

Link State Routing Protocols Link State Routing protocols develop and maintain a full knowledge of the network's routers, as well as how they connect to one another. This information is gathered through the exchange of link-state advertisements (LSAs) between routers, which develop a topological database that is used by the Shortest Path Algorithm to compute reachability to networked destinations. This process allows quick discovery of changes in the network topology.

One of the biggest advantages to Link-State protocols is that they avoid the problem of wasted bandwidth that comes from DV (Distance Vector) routing protocols sending out their full routing tables several times a minute. On a properly configured network, this will leave more bandwidth available for passing user traffic.

Other advantages to Link-State routing protocols include:

Faster convergence.

Greater scalability, allowing bigger, more robust networks.

Changes in topology can be sent out immediately, so convergence can be quicker.

They take bandwidth into account when determining routes.

The concerns with Link-State protocols include:

BSCI v2.0 (642-801)

During the initial discovery process, link-state routing protocols can flood the network, decreasing the network's capability to transport data.

Link-state routing is both memory and processor intensive.

Open Shortest Path First (OSPF) and Intermediate System-to-Intermediate System (IS-IS) are the primary examples of Link State routing protocols.

Routing Protocol Types

Key

DV = Distance Vector

LS = Link State

BDRL = Bandwidth, Delay, Reliability and Load

DVDEE = Default value, delay, expense and errors

PV = Path-vector

PA = Path attributes and other factors

Routing Protocols and Their Attributes

Protocol Used by Type Metrics Scalability Range

RIP IP DV Classfull Hop count 15 Hops

RIPv2 IP DV Classless Hop count 15 Hops

IGRP IP DV Classfull BDRL 255 Hops (default is 100)

EIGRP IP, IPX and AppleTalk

Hybrid Classless BDRL Thousands of routers

RTMP AppleTalk DV N/A Hop count 15 Hops

AURP AppleTalk DV N/A Hop count 15 Hops on each side

IPX RIP IPX DV N/A Ticks/Hop count

15 Hops

NLSP IPX LS N/A Cost/Bandwidth 127 Hops

OSPF IP LS Interior Cost 50 routers per area (approximately 100 areas)

IS-IS IP LS Interior DVDEE Thousands of routers

BGP IP PV Exterior PA Thousands of routers

BSCI v2.0 (642-801)

Open Shortest Path First (OSPF) OSPF is an open standard Link State routing protocol that uses Dijkstra’s Shortest Path First (SPF) algorithm. Several of OSPF’s advantages include: fast convergence, classless routing, VLSM support, support for much larger inter-networks, authentication support, the use of areas to minimize routing protocol traffic, route selection based on cost, and a hierarchical design.

All OSPF routers must have a unique router ID. The router ID is the highest IP address on any of its loopback interfaces. If the router doesn’t have any loopback interfaces, then it chooses the highest IP address on any of its enable interfaces. The interface doesn’t have to have OSPF enabled on it. Loopback interfaces are often used because they are always active and there is usually more leeway in address assignment.

OSPF information is carried by IP packets, by using IP protocol number 89.

OSPF Area Types These include:

Standard - Accepts internal, external and summary LSA’s.

Backbone (transit area) - In multi-area OSPF networks all other areas must connect directly to this area in order to exchange route information. It must be labeled area “0”, and it accepts all LSA types. This behaves like a normal Standard area, except it happens to reside in the middle of the network. The basic rule for OSPF is that every area must share at least one interface in the area 0.

Stub - Refers to an area that does not accept Type-5 LSAs to learn of external Autonomous Systems (such a domains running under a different routing protocol). If routers need to route to networks outside the autonomous system, they must use a default route.

Not-so-stubby (NSSA) – This is a non-proprietary extension of the existing stub area feature that allows the injection of external routes in a limited fashion into the stub area. Redistribution into an NSSA area creates a special type of link-state advertisement (LSA) known as type 7, which can only exist in an NSSA area. An NSSA autonomous system boundary router (ASBR) generates this LSA, and an NSSA area border router (ABR) translates it into a type 5 LSA, which gets propagated into the OSPF domain.

Totally Stubby – All LSAs except Type 1 and 2 are blocked. Intra-area routes and the default route are the only routes passed within a totally stubby area. This is Cisco proprietary.

Area 0 The core backbone area for OSPF is area 0. One of the basic rules of OSPF is that all areas must connect to area 0 (just as all roads lead to Rome). If there is an area that is not contiguous with area 0, your only option is to use a virtual-link. This will provide a tunnel through another area in order to make it appear that the area is directly connected to area 0.

The main dictate in OSPF is that multiple areas must all connect directly to

BSCI v2.0 (642-801)

the backbone area. The connection to the backbone area is via an ABR, which is resident in both areas and holds a full topological database for each area. A remote network can connect to area 0 via a virtual link, essentially a tunnel through the ABR in the intermediate area. From the viewpoint of OSPF, it has a direct connection.

Excess LSA traffic and frequent table recalculations are common problems associated with having too many routers in an OSPF area.

Stub and Totally Stubby Area Similarities:

There can only be a single ABR and single exit point from the area.

Stub areas reduce the size of the link-state database into the area, which reduces memory requirements of the router.

All routers within the stub area must be configured as stub routers. If not, they cannot form adjacencies with the other stub routers.

A stub area cannot be used as a transit area for virtual links.

An ASBR cannot be internal to a stub area.

Inter-area routing is based on a default route.

Neither will accept Type-5 LSAs (autonomous system entries).

Both are typically used in a hub and spoke topology with the spokes being remote sites configured as stub or totally stubby areas.

Differences:

Totally stubby areas have smaller routing tables, since the only routes they accept are from area 0, which is the default route.

Totally stubby areas will not accept Summary LSA’s (Type-3 and Type-4).

Totally stubby is Cisco proprietary, while stub is an OSPF standard.

Router Types These include:

Internal Router (LSA Type 1 or 2) – Internal routers are those that have all their interfaces in the same area, whether that is area 0, or another. Having an identical link-state database and running a single copy of the routing algorithm would be the defining characteristic of an internal router.

Backbone Routers – There are routers that have at least one interface connected to area 0. This is simply an internal router that happens to be in area 0.

Area Border Router (LSA Type 3 or 4) – These are routers that have interfaces attached to multiple areas. They maintain separate link-state databases for each area. This may require the router to have more memory and CPU power. These routers act as gateways for inter-area traffic. They must have at least one interface in the backbone area, unless a virtual link is configured. These routers will often summarize routes from other areas into the backbone area.

Autonomous System Boundary Router (LSA Type 5 or 7) – These are routers that have at least one interface into an external network, such as a non-OSPF network. These routers can redistribute non-OSPF network information to and from an OSPF network. Redistribution into an NSSA area creates a special type of link-state advertisement (LSA) known as type 7. This router will be running another routing protocol besides OSPF, such as EIGRP, IGRP, RIP, IS-IS, etc.

BSCI v2.0 (642-801)

Area Border Routers (ABRs) are responsible for maintaining the routing information between areas. Internal routers receive all routes from the ABR except for those routes that are contained within the internal area.

Traffic destined for networks outside of the AS must traverse Area 0 to an Autonomous System Border Router (ASBR). The ASBR is responsible for handling the routing between OSPF and another AS using another routing protocol, such as EIGRP.

LSA Types These include:

Router link entry - Type 1 LSA’s, which broadcast only in a specific area. Contains all the default Link State information. This information is generated by each router for each area to which it belongs. It describes the state of the router’s link to the area. The link status and cost are two of the descriptors provided. It sends information about the routers links.

Network entry - Type 2 LSA’s, which multicast to all area routers in a multi-access network by the Designated Router (DR). They describe the set of routers attached to a particular network, and are flooded only within the area that contains the network.

Summary entry - Type 3 and 4 LSA’s. Type 3 LSA’s have route information for the internal networks and are sent to the backbone routers. Type 4 LSA’s have information about the ASBRs. This information is broadcast by the ABR, and it will reach all the backbone routers.

Autonomous system entry - This is a Type 5 or 7 LSA. These come from the ASBR and contain information related to external networks. Type 7 LSA’s are only found in NSSA areas. Type 5 LSA is flooded through all autonomous systems except the stub, totally stubby and no so stubby area.

Quick Review Just to make sure this sticks in your mind, here is a list of the OSPF area types and the LSAs they accept:

Area 0 (backbone) - LSA types 1, 2, 3, 4, 5

Non-backbone, non-stub - LSA types 1, 2, 3, 4, 5

Stub - LSA types 1, 2, 3

Totally Stub - LSA types 1, 2

Not-so-Stubby (NSSA) - LSA types 1, 2, 7

Route Table Updates Routers primarily use Type 1 and Type 2 LSA’s to calculate routes. They will also use Type 3 and Type 4 LSA’s to calculate a route for areas within the wider internetwork. When a router has both intra- and inter-area routes available, the intra-area will always be preferred. An easy way to remember this is, “Why go around the block to go next door?”

Only stub area routers do not expect type 5 LSA’s. All other routers perform path calculations to external AS’s.

Traffic Types These include:

Intra-area - Traffic passed between routers within a single area.

Inter-area - Traffic passed between routers in different areas.

External - Traffic passed between an OSPF router and a router in another autonomous system.

BSCI v2.0 (642-801)

Network Types When OSPF is enabled on an interface, it defines itself based on the physical network:

Broadcast - For FDDI, Ethernet and Token Ring.

Point-to-point – For most conventional point-to-point WAN technologies.

Non-broadcast - For Serial, Frame Relay and ATM.

Broadcast MultiAccess Networks Under OSPF, there is one DR (Designated Router) and one Backup Designated Router (BDR) per shared network segment. This then distributes updates for all the routers on that segment, conserving bandwidth and avoiding confusing routing tables.

Rather then having every router on a shared network segment (such as a LAN subnet), one router is selected to be the Designated Router (DR), with a backup called the Backup Designated Router (BDR). The election for DR and BDR is performed using the Hello protocol via IP multicast packets on each segment.

The router with the highest OSPF priority on a segment becomes the DR, and then the process is repeated for the BDR. In the event of a tie, the router with the highest Router ID (RID) will win.

The default for the interface OSPF priority is one. Remember that the DR and BDR concepts are per multiaccess segment. Setting the ospf priority on an interface is done using the ip ospf priority <value> interface command. A priority value of zero indicates an interface that has been configured as not available to be elected as a DR or BDR.

Once the OSPF election is complete, and the DR and BDR are selected, other routers will establish full adjacency with the DR and the BDR. If all the other routers were to form adjacencies with each other, quite a bit of bandwidth would be wasted passing unnecessary link-state advertisements (LSAs). To avoid this, all non-DR/BDR routers form two-way adjacencies instead.

If a router joins the network with a priority somewhere between the existing DR and BDR, the network does not recalculate until the DR fails, then the BDR becomes the DR, and the new router will become BDR.

You can control the selection of DRs through the use of the “IP OSPF Priority” command; the highest priority wins, and a setting of “0” makes the router ineligible to become the DR.

OSPF Operations (Summary from RFC 2328):

Router starts and initializes the protocol, then waits for an indication that all the interfaces are up and operational.

OSPF Hello Protocol is used to discover neighbors. OSPF sends and receives hello packets. On broadcast and point-to-point networks, hello packets are sent via multicast AllSPFRouters address - 224.0.0.5. Non-broadcast networks need neighbor configuration in order to form a proper adjacency.

A designated router (DR) is elected (if necessary) to determine which routers should be adjacent.

Routers form adjacencies with neighbors, and then synchronize their link-state databases. Routing updates are only sent to adjacent neighbors, and routers send state updates, also known as Link State Advertisements (LSAs).

All routers send their changes in the LSA to the 224.0.0.6 address, which is the address of all OSPF DR and BDRs.

Flooding of LSAs throughout the area ensures that all link-state databases are identical. This database is used to construct the shortest-path tree, and ultimately, the routing table.

BSCI v2.0 (642-801)

The default OSPF hello and dead intervals on Broadcast MultiAccess and on Point-to-point intervals are 10 seconds and 40 seconds.

The default OSPF hello and dead intervals on NBMA are 30 seconds and 120 seconds.

On OSPF Cisco routers the default metric is based on media bandwidth.

By default, four equal routes to the same destination are kept in the routing table. With a maximum-path command you can increase this value to six.

OSPF Startup After router1 startup, it is in down state. It doesn’t have information about other routers. It sends hello packets

through its OSPF enabled interfaces to the multicast address 224.0.0.5.

All running routers add the router1 to their list of neighbors. This is the init state.

All routers that received the router hello packets send the unicast hello packet to the router1. The neighbor field includes all neighbor router information.

Router1 adds received neighbor information to its neighbor table. This is two-way state.

The router realizes who are the DR and BDR.

Special Media OSPF has some specialized functionality for certain configurations:

Demand circuits – The Hello protocol sends and receives packets on set intervals. If Hello packets are not received within 4 times of the hello interval (dead interval), the link will be torn down. This can cause issues over ISDN links, because OSPF will keep the link up trying to form an adjacency. The solution to the problem is the command, ip ospf demand-circuit. This stops router to router communication once their databases have been exchanged.

Broadcast Media – OSPF relies on multicast to function, and if it cannot, problems will result. Manual configuration is required to ensure proper adjacencies over non-broadcast media. The neighbor <ip address> command will ensure proper communications take place.

Virtual Links All areas must have at least one router that is connected to the backbone. In some rare instances, you might have a router that needs to cross another area to get to the backbone. To do this you need to create a virtual link. The virtual link is not recommended, and is usually used during a migration. VLs have two main purposes:

Linking an area that does not have a physical connection to area 0.

As a patch, in the event the ABR that connects an area to the backbone fails.

VLs must be configured on both routers, and cannot be configured through stub areas. Below are the commands for VLs:

Router(config-router)#area area-id virtual-link router id – This is the most basic form of the command. To display information about VLs on the router, use sh ip ospf virtual-links.

BSCI v2.0 (642-801)

OSPF and Redistribution There is an important keyword with OSPF - subnets. You will need to use the SUBNETS argument on the redistribution command whenever there is a major network that is subnetted and is being redistributed into an OSPF domain. Without this keyword, OSPF only redistributes major networks that aren't subnetted. It doesn’t hurt to use this command if it is not needed, so you should get used to putting it on every redistribution into OSPF. Here is a sample use of the command:

router ospf 1

network 192.168.99.0.0 0.255.255.255 area 0

redistribute static metric 200 subnets

redistribute rip metric 200 subnets

redistribute igrp 1 metric 100 subnets

redistribute eigrp 1 metric 100 subnets

redistribute isis metric 10 subnets

OSPF Commands (Single Area) Setup router (config)#router ospf # (#=process ID)

Enables ospf on the router

router (config-router)#network address wildcard-mask area # (#=area id)

Address can be a subnet, network or the address of the interface

Selects the networks that will be in the OSPF network

router (config-if)#interface loopback #(#=the loopback address)

OSPF has been proven more reliable with a loopback number

Loopback address can override the highest ip address for the router id

router (config-if)#ip ospf priority 0-255

router (config-if)#ip ospf cost # (#= the cost value 1-65535)

BSCI v2.0 (642-801)

OSPF Multiple-Areas Configuration Commands Enable OSPF on the Router router(config)# router ospf X (X=process id)

The next step is to tell the router which networks are on the OSPF network

router(config-router)#network address wildcard-mask area (area id)

Commands for Stub Area Configuration router(config-router)#area area-id stub

Configures Regular Stub area

router(config-router)#area area-id stub no-summary

Configures A Total Stub Area

Commands for Route Summarization on OSPF For ASBR’s:

router(config-router)#summary-address address mask

Condenses inter-area routes into summary

For ABR’s:

router(config-router)#area area-id range address mask

Condenses inter-area routes into summary

Commands for Troubleshooting OSPF router#show ip route

Gives the route information learned by the router.

router#show ip protocol

Router information along with metrics and networks. Used to verify how OSPF is configured.

router#show ip ospf

Displays how many times the SPF algorithm was calculated and the update interval time.

router#show ip ospf interface

Displays hello interval, adjacencies, and the ospf area id.

router#show ip ospf neighbor detail

Shows the list of neighbors, DR and BDR info priorities and states.

router#show ip ospf database

Displays the database topology, link state database, router id and ospf process id.

router#show ip ospf border-routers

List the ABR’s in the AS.

router#show ip ospf virtual-links

Shows the status on all the virtual links.

BSCI v2.0 (642-801)

router#show ip ospf process-id

Shows the information about each area to which the router is connected, and shows the type of the OSPF router – ABR, an ASBR or both.

Intermediate System-to-Intermediate System (IS-IS) IS-IS is “the other” Link State protocol that Cisco supports. While not as popular as OSPF, IS-IS can be found in the backbone of several major ISPs because it was stable before the bugs were worked out for OSPF, and because even today it still scales better than OSPF. It is an Open System Interconnection (OSI) dynamic routing protocol designed to be used in the OSI Connectionless Network Service (CLNS). Features of the protocol include:

Classless behavior

Fast convergence

High level of scalability

Hierarchical routing

Support of Cisco IOS route-leaking, multi-area routing and overload-bit

The term end system (ES) refers to any non-routing host or node; intermediate system (IS) refers to a router. These terms are the basis for the OSI End System-to-Intermediate System (ES-IS) and Intermediate System-to-Intermediate System (IS-IS) protocols

To configure IS-IS you must create an IS-IS routing process and assign it to specific interfaces (rather than to networks). Only one IS-IS routing process is allowed per router. It summarizes networks to reduce the size of the routing tables, and is a classless protocol that supports VLSM.

IS-IS has many things in common with other Link State routing protocols, including OSPF. IS-IS characteristics include:

Hierarchical segmenting of the routing domain into areas with one backbone and multiple non-backbone areas. Inter-area traffic must traverse the backbone.

Routers within an IS-IS domain use a hello mechanism to discover neighbors and form adjacencies.

The information exchanged between adjacent routers concerns type and status of links or interfaces, not actual routes.

Each router builds a Link State Database (LSDB), which in a stable environment will be identical between routers in an area.

There are three types of IS-IS routers:

Level-1 routers - Similar to totally stubby areas in OSPF. A Level-1 router can only communicate with other Level-1 routers in its area and Level-1 / Level-2 routers in its area.

Level-2 routers - Similar to backbone routers in OSPF. Level-2 routers communicate with other Level-2 and Level-1 / Level-2 routers.

Level-1 / Level-2 routers - Similar to OSPF ABRs. A Level-1 / Level-2 router can communicate with Level-1 routers within its area and other Level-2 routers.

IS-IS adjacencies form between routers based on their level. L1 routers form adjacencies with other L1 routers, L2 routers form adjacencies with other L2 routers, and L1/L2 routers form two separate adjacencies with each other (L1-L1 and L2-L2). L1/L2 routers also form adjacencies with L1 and L2 routers.

BSCI v2.0 (642-801)

Please remember that IS-IS domains are broken into areas, which are connected using L2 routers. This means that L2 routers form adjacencies with other L2 routers with different Area IDs. L1 routers, on the other hand, can only form adjacencies with routers with matching Area IDs.

OSI CLNP OSI connectionless network service is implemented by using the Connectionless Network Protocol (CLNP) and Connectionless Network Service (CLNS) (both described in the ISO 8473 standard).

CLNP is an OSI network layer protocol that carries upper-layer data and error indications over connectionless links. It provides the interface between the Connectionless Network Service (CLNS) and upper layers.

CLNS provides network layer services to the transport layer via CLNP. It does not perform connection setup or termination because paths are determined independently for each packet that is transmitted through a network. This contrasts with Connection-Mode Network Service (CMNS). In addition, CLNS provides best-effort delivery, which means that no guarantee exists that data will not be lost, corrupted, misordered, or duplicated. CLNS relies on transport layer protocols to perform error detection and correction.

Even though IS-IS is primarily used with TCP/IP, it was designed to be (and still is) an OSI CNLP protocol, with a completely different set of transport methods, requiring a CLNP addressing structure in order to support the flow of IS-IS packets. These are carried without any encapsulation. Normally one CLNP-based address is assigned to reach router in the domain. This address (configured in the router configuration section) is software based (like a loopback interface), which means it will not go down as long as the router is running. Because connectivity is based on CNLP instead of IP, it is possible to have an IS-IS network that is at full convergence with all the routing traffic being passed, but with no IP connectivity available.

Remember that CLNS is a network layer service that is used for peer communication. In this system, routers are Intermediate Systems (IS) and hosts are called Host Systems (HS). Below is a description of the operation:

An End System (ES) does not have routing information; they discover routers through Intermediate System Hellos (ISHs). An ES will also send hellos (ESHs), to help the protocol determine how best to optimally route traffic.

There is no ARP or ICMP for CLNS, but there is an ES-IS protocol that provides these services. IS-IS is the protocol for routing OSI, and operates at the data-link layer.

Hello IS-IS makes use of two Hello packet formats: one for point-to-point links and one for LAN (broadcast) links. When two routers disagree on the packet format, no adjacency can be formed. There is no equivalent of the 'IP OSPF NETWORK' command in IS-IS; the network type is entirely dependent on the interface type:

Frame Relay Configuration IS-IS Network Type

Physical Interface / frame relay map clns Broadcast

Physical Interface / frame interface-dlci Not supported

Point to Point Sub-Interface Point-to-point

Point to Multi Point Sub-Interface Not supported

BSCI v2.0 (642-801)

Link types are based on the interface configuration, and Cisco does not offer anything for IS-IS like OSPF's "network type" command to change the type of Hello packets, so if this problem exists, it is necessary to change the format of an interface to resolve this issue.

Metrics Unlike OSPF, which uses a formula to determine a cost associated with each link, IS-IS uses an almost arbitrary cost value. Valid metric settings for cost are between 1 and 63, the Cisco default metric value being 10 for all interfaces, regardless of bandwidth (with the exception of the lo0 interface, which has a default metric of 0). It is often necessary to modify this default metric to efficiently direct traffic flow across IS-IS backbones.

The total cost of a path is determined by adding all the costs en route. Originally, 1023 was the highest path cost, but Cisco added the use of a 24-bit metric, deemed a “wide metric”, which now allows values to be between 1 and 224-1 (16,777,215).

There is an excellent discussion of IS-IS metrics on pages 110-112 of the Cisco Press book IS-IS Network Design Solutions by Abe Martey.

The original IS-IS specification uses four types of metrics. Cost, being the default metric, is supported by all routers. Delay, expense, and error are optional metrics.

The Cisco implementation uses cost only.

Basic Operation Hello packets are sent out of all IS-IS interfaces to allow neighbors to be discovered, and adjacencies to be

established.

Adjacencies are formed when three main criteria are matched: authentication parameters, IS-type and MTU size.

Link-state packets (LSPs) are built for active interfaces, along with information from adjacent routers. Flooding generally occurs to all adjacent neighbors.

Each router constructs a link-state database from these LSPs.

Each IS constructs a shortest-path tree, and uses this to build a routing table.

Adjacency Creation Two routers will become neighbors if the following parameters are agreed:

Level 1 - The two routers sharing a common network segment must have their interfaces configured to be in the same area if they are to have a Level 1 adjacency.

Level 2 - The two routers sharing a common network segment must be configured as Level 2 if they are in different areas and want to become neighbors.

Useful IS-IS Terms to Understand These include:

Routing Domain - The International Organization for Standardization (ISO) defines a domain as a collection of connected areas. A large domain may be divided into multiple areas. Each individual system resides in one area, with routing within an area being referred to as Level 1 routing; routing between areas is referred to as Level 2 routing. Routing domains provide full connectivity to all end systems within them. You can think of an IS-IS routing domain as similar to a BGP autonomous system; it is a collection of areas under an administration that implements routing policies within the domain.

BSCI v2.0 (642-801)

Backbone - IS-IS does not have a separate backbone area like the OSPF’s area 0. The IS-IS backbone is a contiguous collection of Level 2-capable routers, each of which can be in different areas.

Areas – In an IS-IS environment, the border between areas is on the link that connects two routers in different areas. This is in contrast to OSPF, in which the area borders are within the Area Border Routers (ABRs).

Intermediate System - The International Organization for Standardization (ISO) defines an intermediate system as any router (routing network node) that delivers and receives Network Protocol Data Units (NPDUs) from other systems, and relays them to other destination systems.

IS-IS Addressing - An IS-IS NSAP (Network Service Access Point) address is divided into two parts: an Area Address (AA) and a System ID. Level 2 routing uses the AA, while Level 1 routing uses the system ID address.

IS-IS on NBMA IS-IS allows control of link state packet (LSP) flooding. This is vitally important on meshed point-to-point links over NMBA. There are two ways to reduce LSP flooding:

Block flooding at the interface level.

Configuration of mesh groups – Mesh groups allow grouping of interfaces. When an LSP is received on an interface that is a member of a mesh group, the LSP is not forwarded to interfaces that are members of the group (normally it would be forwarded out all interfaces).

Areas and the Domain A routing domain is a group of areas under the same administrative authority, and subject to the same routing policies. The backbone is simply a collection of Level 2 routers. There is no specifically defined backbone area like that found under OSPF.

A router is only in a single area, and an area border consists of two routers, each within a distinct area. This is different than OSPF, where the ABR is a member of both areas.

As is true in most link state implementations, it is not possible to summarize address space within an ISIS area. Routing information can only be summarized as it enters the ISIS domain or is passed between L1 and L2 routers.

Router Types Large routing domains use a two-level hierarchy. A large domain will be divided into several areas, with each system residing in its own area. Routing within a single area is referred to as Level 1 routing. Routing between areas is called Level 2 routing. Routers can be Level 1, Level 2, or support both functions (L1/L2).

Level 1 Intermediate Systems track routing within their areas. If a

BSCI v2.0 (642-801)

packet’s destination is outside the area, Level 1 IS sends the packet to the Level 2 IS nearest to it.

On local area networks, the protocol uses a Designated Intermediate System (DIS) to conduct flooding (the DIS is elected). The DIS is elected by priority and can be compared to the DR in OSPF. If there is a priority tie, the highest MAC is used.

Peers must share common physical links to transmit information between them. This does not require that a common IP subnet be shared across the physical link as IS-IS adjacency determination is based on CLNP, not IP.

Addressing The protocol conveys both OSI network layer information, along with subnetwork addresses. The address identifies either:

Network Service Access Point (NSAP) – The interface between layers-3 and -4.

Network Entity Title (NET) – The network layer entity for OSI IS.

Subnetwork addresses, also called Subnetwork Point-of-Attachment Addresses (SNPAs), are the physical attachment points, and uniquely identify each system on the network. The SNPA is the 48 bit MAC address. Systems transmit NSAP and NET to SNPA mapping information to help define the network.

The command SHOW ISIS DATABASE displays the IS-IS link state database; basically, the list of IS-IS Link State Protocol Data Units (LSP) that the router has received on its IS-IS enabled interfaces.

An NSAP address consists of two parts: the initial domain part (IDP) and the domain specific part (DSP). The IDP consists of a 1-byte authority and format identifier (AFI) and a variable-length initial domain identifier (IDI), and the DSP is a string of digits identifying a particular transport implementation of a specified AFI authority. Everything to the left of the system ID is the area address of a network node.

The big difference between NSAP addressing and IP addressing is that there will be a single NSAP address for the entire router, whereas with IP there will be one IP address per interface.

Security IS-IS provides the ability to configure a password for a specified link, area, or domain. Password exchange becomes a prerequisite for routers to become neighbors. Passwords are passed in clear text. The three types are used for:

Link Authentication – Between ISs in a common subnet. It is possible to use a separate configuration for L1 and L2, but L1 is the default.

Area Authentication – Between ISs in the same IS area.

Domain Authentication – Only available on L2 and L1/L2 ISs.

Designated Intermediate System and Pseudonodes

The idea behind the DIS is the same as behind the designated router in OSPF. The DIS creates a pseudonode, and all the routers on a LAN, form an adjacency with the pseudonode instead of forming adjacencies with each other router in a full mesh.

On a LAN, one of the routers will elect itself the DIS based on interface priority (the 64 is the default). If all interface priorities are the same, the router with the highest subnetwork point of attachment (SNPA) is selected. MAC addresses are the SNPA on LANs.

BSCI v2.0 (642-801)

The DIS election is pre-emptive (unlike the OSPF). If a new router boots on the LAN with a higher interface priority it becomes the DIS.

Other Resources The Cisco Press book “IS-IS Network Design Solutions” by Abe Martey is an excellent resource to learn more about the IS-IS protocol.

Enhanced Interior Gateway Routing Protocol (EIGRP) EIGRP is a Cisco proprietary protocol that is considered a ‘hybrid’ because it combines attributes of both Link State and Distance Vector routing protocols. It was released as an enhancement to Cisco's other proprietary routing protocol, IGRP, and can detect and resolve a link failure within one second. It converges rapidly and scales well into large networks. EIGRP sends routing updates to directly connected neighbors sending only the changes, rather than the entire routing table. EIGRP does not send periodic updates; updates are only sent when there has been a change, and only to the routers that need these updates, in contrast to pure link-state protocols.

EIGRP supports Variable Length Subnet Masking (VLSM) by carrying subnet information in its updates, allowing for automatic network summarization. It maintains interoperability with IGRP routers; in fact EIGRP provides for automatic redistribution of routes to and from the IGRP protocol, provided the AS number is configured the same for both.

The EIGRP routing process is based on transport layer of the OSI model and uses IP protocol number 88.

DUAL (Diffusing Update Algorithm) DUAL is the routing engine behind EIGRP. It allows for multiple routers to update at the same time, and provides for multi-protocol routing. It tracks route updates sent by neighbors and ensures against black holes. DUAL uses various metrics to select the most efficient path, and inserts it into the routing table, based on the concept of feasible successors (more about that later).

Choosing Routes DUAL selects primary and backup routes based on the composite metric, and guarantees that the selected routes are loop free. The primary routes are then moved to a routing table. The rest (up to 6) are stored in the topology table as feasible successors.

EIGRP uses the same composite metric as IGRP to determine the best path*. The default criteria (**) used are:

Bandwidth - The smallest bandwidth cost between source and destination.

Delay - Cumulative interface delay along the path.

Reliability - Worst reliability between source and destination based on keepalives.

Load - Utilization on a link between source and destination based on bits per second on its worst link.

MTU - The smallest Maximum Transmission Unit.

* Only Bandwidth and Delay are used by default.

** To help you remember, think of “Bob Doesn’t Really Like Me” for Bandwidth, Delay, Reliability, Load and MTU.

BSCI v2.0 (642-801)

Protocol Dependence EIGRP can provide routing services for IP, IPX, and AppleTalk. Each is managed by a different module, and maintains a separate set of tables. The IPX EIGRP module is responsible for sending and receiving EIGRP packets that are encapsulated in IPX. The Apple EIGRP module is responsible for AppleTalk packets. The IP EIGRP module is responsible for IP packets. They route like strangers in the night, except they don’t even exchange glances.

Tables Tables include:

Neighbor table – This contains the current configuration of all the router’s immediately adjacent neighbors. EIGRP keeps a table of adjacent routers for each of the protocols that are running (IPX, IP, and AppleTalk). This table is responsible for maintaining all neighbor information: it holds the neighbor’s address and interface, along with information required by RTP (sequence numbers and a transmission list), and round-trip information to dynamically adjust transmission intervals. Remember that each protocol module maintains its own unique neighbor table.

Topology table - This table is maintained by the protocol dependent modules, and is used by DUAL. It has all the destination networks advertised by the other neighbor routers, and is a table of all the route entries the router has learned. Each entry in the table includes the destination, and a list of all the neighbors that can reach it, along with metric information and link costs. There are two states for a destination within the topology table: active and passive. Each protocol module maintains its own topology table.

Routing table - EIGRP chooses the best routes to a destination network from the topology table and places these routes in the routing table. EIGRP calculates the best route, or successor, from the topology table and puts the entry in the routing table. Each protocol maintains its own routing table. The routing table contains:

How the route was discovered.

Destination network address and the subnet mask.

Metric Distance: This is the cost of the metric from the router.

Next hop address.

Route age.

Outbound interface.

Hello Packets and the EIGRP Discovery Process EIGRP sends hello packets every 5 seconds on high bandwidth links, like PPP and HDLC leased lines, Ethernet, TR, FDDI and Frame Relay (FR) point-to-point and ATM. It sends hellos every 60 seconds on low bandwidth multipoint links, like FR multipoint and ATM multipoint links.

These multicast hello messages are sent out through all interfaces that belong to the EIGRP process, and listen for similar multicast messages from other routers coming through the same set of interfaces. When a router receives a hello packet from a router belonging to the same autonomous system (AS), it attempts to establish a neighbor relationship (adjacency).

Route Tagging There are two types of routes within EIGRP: internal and external. Internal are originated within the AS. External are learned from the outside (redistribution). External routes are “tagged” with the following:

Router ID of the router that performed the route injection.

AS number of the destination.

BSCI v2.0 (642-801)

An administrator tag.

External protocol ID.

Metric (external protocol).

Default routing bit flag information.

Load Balancing EIGRP can have up to six parallel equal-cost paths for load balancing, with the “variance” command used to adjust the metrics if there is a need to provide unequal-path load balancing.

Route Age An important point to remember with EIGRP is that very old routes are to be expected in a healthy network. Since updates only occur when there is a change, and change is bad (indicating an unstable network), like fine wines, EIGRP routes should be seasoned by time. Here is a sample output from a “show IP route” on an EIGRP network.

Router#show ip route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default

U - per-user static route, o - ODR

Gateway of last resort is not set

172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks

D 172.16.0.0/16 is a summary, 4d06h, Null0

C 172.16.1.0/24 is directly connected, TokenRing0

C 192.168.4.0/24 is directly connected, Loopback3

C 192.168.5.0/24 is directly connected, Loopback4

D 10.0.0.0/8 [90/832000] via 172.16.1.3, 4d06h, TokenRing0

C 192.168.1.0/24 is directly connected, Loopback0

C 192.168.2.0/24 is directly connected, Loopback1

C 192.168.3.0/24 is directly connected, Loopback2

Router#

Notice that some routes have designations of “4d06h”, which mean the routes are over four days old. Short aging periods in an EIGRP network indicates change, and should be monitored carefully.

BSCI v2.0 (642-801)

EIGRP Packet Types EIGRP packet types include:

Updates – Used to build the topology table, EIGRP routing updates are sent to EIGRP neighbors to determine the reachability of destinations.

Query – Sent to neighbors when a route is not available.

Reply – Replies to queries with the status of the route.

Hello– Used to establish EIGRP neighbor relationships.

Acknowledgement – Ensures reliable delivery of EIGRP packets.

All five have guaranteed delivery using the Reliable Transport Protocol (RTP). EIGRP packets are sent using a mix of both unicast and multicast packets, with the packets being sent to the multicast address 224.0.0.10, which every EIGRP interface automatically listens to. The first three packet types are considered reliable packets, because the recipient sends an acknowledgement. Hello packets do not require an acknowledgement; and acknowledgements obviously don’t require an acknowledgment.

FD, RD, FC, FS and Successors Feasible Distance (FD) is the minimum distance (metric) along a path to a destination network. If there are multiple links to a destination, FD is the lowest metric (if there is only one way to get there, then it has to be the FD).

Reported Distance (RD) is the distance (metric) towards a destination as advertised by an upstream neighbor. This is the value that is reported in queries, replies and updates. Remember that this is not a distance from THIS router, but rather the metric the neighbor advertises for a specific destination.

A neighboring EIGRP router meets the Feasibility Condition (FC) if its RD is smaller than this router’s FD. If the neighbor router meets the FC and has the lowest cost path to a destination, it becomes the SUCCESSOR, and the router begins to use it as the next hop for forwarding packets. Keep in mind that multiple successors are possible (load balancing).

The Feasible Successor (FS) is a neighbor whose RD is less than the FD, but does not have the lowest cost path to a destination. Think of this as a backup route that has already been calculated, just in case the primary fails.

EIGRP and Dropped Links When EIGRP discovers a down link, the router does a lookup in its topology table for a successor. If a suitable one is found, it changes to the new route. The router then does a recalculation for the next successor. Keep in mind that

BSCI v2.0 (642-801)

this allows for almost immediate recovery from a network failure, because the successor is already defined.

If no route updates for a successor or feasible successor are found, then the router deletes the entry from the topology database and routing table. If routers do not respond within 180 seconds, their routes are also put into blocked state, and the query router begins to look for the additional routes it lost though the lost router.

EIGRP and NBMA When configuring EIGRP for NBMA Interfaces (Frame Relay, X.25, ATM) it is particularly important to configure the interfaces and sub-interfaces correctly, otherwise EIGRP packets could be lost. There are three basic rules:

1. The traffic that EIGRP is allowed to send on a single virtual circuit (VC) cannot exceed the capacity of that virtual circuit.

2. The total EIGRP traffic for all virtual circuits cannot exceed the access line speed of the interface.

3. The bandwidth allowed for EIGRP on each virtual circuit must be the same in each direction.

There are three different scenarios for NBMA interfaces.

Pure Multipoint Configuration (No Sub-interfaces) – If all the virtual circuits are all the same size, simply divide the configured bandwidth evenly across each virtual circuit. For example, if you have a T1 access line with four 56Kbps VCs (virtual circuits), you should configure the bandwidth to be 224Kbps (4 * 56Kbps) in order to avoid dropping packets. If the virtual circuits are of different capacities, the bandwidth should be set based on the lowest capacity virtual circuit. For instance, if a T1 access line has three 256Kbps VCs and one 56Kpbs VC, the bandwidth should be set to 224Kbps (4 * 56Kbps). In such configurations, putting at least the slow virtual circuit onto a point-to-point sub-interface is strongly recommended (so that the bandwidth can be raised on the others). If the total bandwidth of the virtual circuits equals or exceeds the access line speed, configure the bandwidth to equal the access line speed.

Pure Point-to-Point Configuration (each VC on a separate sub-interface) - This configuration allows maximum control, since the bandwidth can be configured separately on each sub-interface, and is the best configuration if the virtual circuits have different capacities. Each sub-interface bandwidth should be configured to be no greater than the available bandwidth on the associated virtual circuit, and the total bandwidth for all sub-interfaces cannot exceed the available access line bandwidth. If the interface is oversubscribed, the access line bandwidth must be divided across each of the sub-interfaces. For instance, if a T1 access line (1544 Kbps) has ten virtual circuits with a capacity of 256Kbps, the bandwidth on each sub-interface should be configured to be 154Kbps (1544/10).

Hybrid Configuration (point-to-point and multipoint sub-interfaces) - Hybrid configurations should use combinations of the two individual strategies, while ensuring that the three basic rules are followed.

Hub and Spoke The most common problem in an EIGRP hub-and-spoke environment occurs when routes cannot be advertised back out to the spokes over the same interface they were received on at the hub. Use of sub-interfaces would overcome the split horizon restriction.

Stuck-in-Active A stuck-in-active (SIA) condition occurs when a neighbor fails to reply to an EIGRP query for a better route within three minutes. This causes the neighbor relationship of the router to be reset. There is an excellent description of this problem in chapter 7 of Cisco Press’ “Troubleshooting IP Routing Protocols” by Shamim, Aziz, Liu and Martey.

Reasons for this condition can include:

The router is too busy to answer the query (generally due to high CPU utilization).

BSCI v2.0 (642-801)

The router is having memory problems, and cannot allocate the memory to process the query or build the reply packet.

The circuit between the two routers is not good enough for packets getting through to keep the neighbor relationship up. That can mean that some queries or replies are getting lost between the routers.

Unidirectional links (a link on which traffic can only flow in one direction because of a failure).

EIGRP Configuration Router(config)#router eigrp autonomous system – This enables the routing process for the specified AS. You

should remember that an EIGRP AS is not the same as a BGP AS number.

Router(config-router)#network network-number – This associates networks with the router process. EIGRP sends updates to the interfaces specified with the network statement. If you do not specify an interface’s network, it will not be advertised.

Router(config-router)#auto-summary – This enables auto summarization.

Router(config-router)#maximum-paths – Sets the maximum paths (4 is the default).

Router(config-if)#ip summary-address eigrp as-number address mask – This interface level command enables summarization.

Router(config-router)#passive-interface interface – This prevents EIGRP updates and hello packets from being sent on the named interface.

Router(config-router)#variance metric-variance-multiplier – Use this to allow load balancing over unequal cost paths. This includes routes with a metric less than or equal to the multiplier times the minimum metric for the route to the destination.

Route Summarization for EIGRP This is on by default, but only at the network or class boundaries. Manual configuration for route summarization is primarily done at the core or distribution layers. An example of the syntax for configuration is as follows:

ip summary-address eigrp 100 10.98.0.0 255.255.0.0

Important! By default, EIRGP does not support VLSM. You must use the no auto-summary command. Summaries are done at the interface level rather than at the router level. Use no auto-summary command to enable support of discontiguous subnets.

Example:

router eigrp 100

network 10.0.0.0

network 192.64.0.0

no auto summary

interface serial 1

ip address 10.98.98.24 255.255.255.0

bandwidth 128

ip summary-address eigrp 100 192.64.0.0 255.255.0.0

BSCI v2.0 (642-801)

Verifying Operations Router#show ip protocols – Shows routing protocol information.

Router#show ip eigrp neighbors – Displays neighbor information within the same AS.

Router#show ip eigrp interfaces – Shows interfaces that are participating in the EIGRP process.

Router#show ip eigrp topology – Shows the topology database.

The Cisco Press book “EIGRP Network Design Solutions” by Ivan Pepelnjak is an excellent resource for learning EIGRP.

Border Gateway Protocol (BGP) BGP version 4 is a path-vector routing protocol used to exchange routing information between Autonomous Systems (ASs), and is considered the routing protocol of the Internet. It carries route information such as a sequence of AS numbers that provide a path to follow to a destination network. This allows massive-scale inter-Autonomous System routing (the Internet routing table currently registers over 100,000 routes!).

BGP neighbors are defined in the router configuration, not by their physical location in the network. Even if two routers are physically connected, they are not necessarily neighbors unless a network engineer defines a TCP connection.

To ensure reliable packet delivery, BGP uses TCP (port 179) as its transport protocol. When BGP talkers (routers) communicate for the first time, they exchange their entire routing tables. The protocol then maintains a table version number to track the current instance of the BGP routing table. Keepalive messages are sent between neighbors to make sure they’re up.

BGP routes can be learned through manual configuration, redistribution, or from what other BGP routers have learned. BGP routers pass along information learned from one peer to others. Several years ago Cisco said hosting the BGP routing table would require at least 128 MB, and it has grown significantly since then. While it is possible to configure mutual redistribution between BGP and various IGP's, because IGP's cannot adequately scale and don't carry path attributes, this is generally not recommended.

There are two flavors of BGP, internal and external (iBGP and eBGP).

Interior Border Gateway Protocol (iBGP) - Used to exchange information between routers within the same AS. Neighbors don’t need to be directly connected, but they do need IP connectivity via an IP Internal Gateway Protocol (IGP), such as OSPF or EIGRP. iBGP is flexible, scalable, and efficient for controlling the exchange of information within an AS, and shows a consistent view of the AS to external neighbors.

Exterior Border Gateway Protocol (eBGP) - Used when routers belong to different ASs and need to exchange external updates. Neighbors normally require direct connectivity; however, Cisco does provide the “ebgp-multihop” router configuration command to override this behavior (more about that later).

Any time you make changes to a router’s BGP configuration, your BGP neighbor connections must be reset. This is done using the Cisco IOS command "clear ip bgp *". You can use the "show ip bgp" command to view the existing BGP table.

BSCI v2.0 (642-801)

CIDR BGP’s effective use of Classless Inter-domain Routing (CIDR) has been a major factor in slowing the explosive growth of the Internet routing table. A network is called a super-net when the prefix boundary contains fewer bits than the network’s natural mask.

Situations that may require BGP include:

Extremely large networks.

A network that is connected to more than one AS.

Networks that are connected to two or more Internet Service Providers.

When you have a unique routing policy that requires it.

If you manage the network for a major ISP.

When you’re preparing for, or taking the CCIE Lab exam.

AS Numbers On the Internet, an Autonomous System (AS) is a unit of router policy; meaning either a network or a group of networks that is controlled by a common network administrator (or group of administrators) on behalf of a single administrative entity (such as a university, a business enterprise, or a business division).

Networks within an AS communicate routing information to each other using an IGP. An Autonomous System shares routing information with other Autonomous Systems using the BGP. An AS (sometimes referred to as a routing domain) will be assigned a globally unique number, called an Autonomous System Number (ASN).

BGP routes carry a list of AS numbers between the source and destination called the AS path. You might want to think of the AS paths as similar to a traceroute for IP, but instead of IP addresses, the route contains a list of AS numbers. Each AS along the path prepends its AS number to the AS_PATH.

By default, BGP will choose one best path among the possible equal-cost paths learned from a remote AS, but this can be changed. It is possible to load balance a single router in the local AS with multiple routers in a single remote AS (a single homed BGP environment) using the “maximum-paths” command.

AS numbers from 64512-65535 are private AS numbers and are similar in fashion to the RFC 1918 IP addresses of 10.0.0.0/8; 172.16.0.0/16-172.31.0.0/16 and 192.168.0.0/24. These AS numbers aren’t used anywhere in the Core BGP route tables, and are understood to be non-unique. They are used to keep the AS number requirement down. Smaller BGP users will often use Private AS numbers, and then have them translated to public AS numbers by routers upstream toward the core of the Internet. Many of the larger ISPs may have multiple public AS numbers. Smaller ISPs will usually only have one public AS number.

Synchronization/Full Mesh The synchronization rule states that BGP will not advertise routes to external neighbors learned via iBGP, unless the IGP has knowledge of the destination. This means that BGP must either maintain a full mesh within an AS, or use route reflectors to simulate this mesh.

With synchronization enabled (the default condition), BGP waits until the IGP has propagated routing information across the Autonomous System before advertising transit routes to other ASs. This ensures networks are reachable before eBGP advertises a route. This feature prevents routing blackholes, by ensuring consistency throughout the routing domain.

This can be turned off using the Cisco IOS “no sync” command. But, this isn’t recommended unless all the routers in your AS are running BGP and are fully meshed, or if your AS isn’t a transit AS. The inappropriate use of the “no sync” command can cause non-BGP routers within an Autonomous System to receive traffic for destinations that they don’t have a route for.

BSCI v2.0 (642-801)

Summarization When BGP auto-summary is enabled (which it is by default) locally originated BGP networks are summarized at their classfull address boundaries. When auto-summary is disabled, routes that are locally introduced into the BGP table are not summarized at their classfull boundaries (obviously). When a subnet exists in the routing table AND there is a classfull network statement for a network in the routing table AND a classfull mask on that network statement AND auto-summary is enabled, then when any subnet of that network is put into the local routing table, BGP will install the whole classfull network into the BGP table.

If the AS doing BGP does not own the complete classfull network, Cisco recommends disabling BGP auto-summary.

Peering RFC 1771 specified four Border Gateway Protocol 4 (BGP-4) messages used by routers running BGP (BGP speakers):

Initial Exchange – The OPEN message passes the BGP version number, the AS of the sending router, an identifier, the hold time, and a set of optional fields, including the parameter field length and the defined parameter itself.

Updates – Once the initial exchange is complete, the routers then send UPDATE messages. The initial update is the entire routing table. Once the peers have passed all their routes, the updates are only done as needed. These messages contain path information, along with attributes.

Keepalives – BGP routers constantly ensure that all neighbors are reachable. This is done with a KEEPALIVE message.

Notifications – The NOTIFICATION message is sent when there are errors between the peers. This message either terminates the negotiation, or gracefully closes the connection.

In eBGP peering, the next hop is the IP address of the neighbor that announced the route. However, when the route is advertised on a multi-access media (such as Ethernet or Frame Relay), the next hop is usually the IP address of the router interface connected to that media that originated the route.

BGP Attributes BGP routes have properties, or attributes, that are used to determine the best route to a destination.

These properties include:

Weight – A Cisco defined attribute that is known only to the local router. If more than one route exists to a destination, the one with the highest weight will be preferred.

Local preference – Used to prefer an exit from the local Autonomous System. The local preference attribute is known throughout the AS, with the higher local preference chosen exit point.

AS_Path – The ordered list of ASs through which an advertisement has passed. BGP uses this to prevent loops, as it will never accept an advertisement that includes its own AS in the path.

Multi-exit Discriminator (MED) – Allows an AS to advertise a preferred entry point to a neighbor AS.

Origin – This describes how BGP has learned a route. There are three possible values:

IGP – The route was learned within the AS. These are routes advertised via the network command.

EGP – Routes learned via the External Gateway Protocol.

Incomplete - The route was redistributed into BGP.

BSCI v2.0 (642-801)

Next Hop – For eBGP, it is the IP address that is used to reach the advertising router. For eBGP, this is the peer. Note that this information is passed throughout an AS using iBGP.

Community – A group of routers to which a set of specific rules can be applied; a community is a group of destinations that share some common property. It is not restricted to one network or AS, and has no physical boundaries. The purpose of the community attribute is to simplify routing policies by identifying routes based on a logical property rather than an AS number or IP prefix. It filters traffic in and out and is used in redistribution. BGP uses route maps to apply the community attribute, and there are three predefined attributes:

No-export – Do not advertise through eBGP.

No-advertise – Do not advertise to any peer.

Internet – Advertise to all.

BGP Path Selection BGP will select what it considers the one best path, which is then put into the BGP routing table and propagated to its neighbors. The ten-step criterion for selecting the path for a destination is:

1. If the path specifies a next hop that is not accessible, the update is dropped.

2. The path with the largest weight is preferred.

3. If the weights are the same, the path with the larger local preference is preferred.

4. If the local preference is the same, then prefer the path that originated on this router.

5. If no route originated on this router, then prefer the one with the shortest AS-path.

6. If they have the same AS-path, then prefer the path with the lowest origin path.

7. If the origin codes are the same, then prefer the path with the lowest Multi-Exit Discriminator (MED).

8. If the MED is the same, then prefer an external path to an internal path.

9. If these are the same, then prefer a path through the closest IGP neighbor.

10. Lastly, prefer the path with the lowest IP address, as specified by the BGP router ID. If a loopback is configured, this will be used as the router ID.

BSCI v2.0 (642-801)

Scalability Problems (and Solutions) with iBGP Autonomous systems consisting of hundreds of routers can create management problems for network administrators. Remember that iBGP must be fully meshed unless you use one of the techniques listed below, which requires BGP neighbor statements to and from every iBGP router in a given AS.

Peer Groups - Several BGP routers that share the same update policies can be grouped into a peer group to simplify configuration and to make updating more efficient. The power of this function will be obvious the first time you need to configure hundreds of routers and type the same commands over, and over, and over again. The members of a peer group will inherit changes made to the peer group, simplifying updates. Peer group members inherit the following:

Remote-as (if configured)

Version

Update-source

Out-route-map

Out-filter-list

Out-dist-list

Minimum-advertisement-interval

Next-hop-self

Confederations - Confederations eliminate the need to fully mesh BGP communications in a given AS by splitting a single AS into sub-AS’s and using eBGP between them. The sub-ASs will usually use private AS numbers. In most BGP environments it is too cumbersome to have all the BGP routers peered to each other. ASs external to the confederation group look like a single AS to the routers inside.

Route Reflectors - Route reflectors can also reduce the number of BGP peering statements by configuring some of the iBGP routers as route reflectors. The route reflector clients only peer with the route reflectors, and not each other. This setup can greatly reduce the number of BGP peering configurations required in an AS. You can cluster BGP Route Reflectors to provide redundancy. This prevents the failure of a single router from bringing down your iBGP domain.

Next-Hop-Self Command The rules of BGP state that if a route is learned via iBGP, then the next-hop information does not change. With eBGP peers, the next hop information is modified at each eBGP router (in each AS), so the next-hop appears as the advertising router.

In a non-meshed environment where you know that a path exists from the current router to a specific address, the BGP router command “neighbor {ip-address | peer-group-name} next-hop-self” can be used to disable next-hop processing. This will cause the current router to advertise itself as the next hop for a specified neighbor, simplifying the network. Other BGP neighbors will then forward packets for that destination to the current router.

This feature allows you to set BGP attributes for a BGP route reflector and turn off the next-hop calculation for eBGP peers. This, in conjunction with iBGP Multipath Load Sharing, allows you to use an outbound route map to include BGP route reflectors in the forwarding path.

This would not be useful in a fully meshed environment, since it will result in unnecessary extra hops where there may be a more direct path.

BSCI v2.0 (642-801)

Filtering BGP Updates Several methods exist for filtering BGP updates, including community lists, prefix filters, distribute lists, AS path filters and route maps. Each tool has its use, and the fact that there are so many should indicate how deep the topic of BGP configuration is. An excellent book on the topic is Habibi’s “Internet Routing Architectures” by Cisco Press.

Policy Routing Policy routing is a means of managing routes and the paths used with manually configured rules. It makes routing decisions based on a variety of parameters such as source address or source and destination address rather than just destination address alone. Policy routing can be used to manipulate traffic inside an AS or between ASs. Policy routing has many of the same drawbacks as static routing.

Route Dampening A network that has a router with flapping routes (routes that go up and down) can often cause problems, as the BGP routers must continuously update their routing tables. Route dampening is used to control this route instability. Dampening classifies routes as "well-behaved" or "ill-behaved" based on their past reliability and penalties are assigned each time a route flaps. When a set penalty is reached, BGP suppresses the route until it is well behaved and trusted again. There is no penalty limit at which a route is permanently barred from joining the domain. Route dampening is not enabled by default.

Commands:

bgp dampening - Enables route dampening for BGP.

clear ip bgp dampening address mask - Use the clear command to reverse dampening.

show ip bgp flap-statistics -Use the flap-statistic command to show flapping routes.

clear ip bgp flap-statistics - Use the clear command to clear the statistics.

Route Distribution Static Routes BGP is one method of dealing with flapping networks and preventing BGP instability. The drawback with static routes is BGP will show the route to be active even if the route is down. Static routing with BGP enables the route to always be advertised and always in the routing database. Use the redistribute static command and use the following syntax to distribute static routes.

router bgp 100

neighbor 131.108.0.0 mask 255.255.0.0

neighbor 131.108.32.5 remote-as 300

redistribute static

ip route 10.0.0.0 0.255.255.255 null 0

null 0 is a null interface. With the configuration above it will cause any packet destined for the 10.x.x.x network to be discarded.

Default Route (Gateway)

0.0.0.0 is the default gateway. It is also the gateway of last resort, usually an interface on the border router leading to your ISP. Use the following syntax:

ip route 0.0.0.0 0.0.0.0 s1

BSCI v2.0 (642-801)

Multi-Homing BGP Running BGP connected to multiple ISPs is called multi-homing. There are several ways to implement multi-homing, including:

Receiving full Internet routes (this requires huge amounts of memory and processing power).

Receiving directly connected routes (which will only give you your ISP networks, along with a default route, but is much easier on the router resources).

Receiving default routes only (this is preferable when your router has minimal memory and processing power, and usually gets the job done if you are just looking for redundancy).

There is an excellent Cisco document on this topic at:

http://www.cisco.com/warp/public/459/27.html

BACKDOOR configurations The BACKDOOR argument of the NETWORK command changes the normal eBGP Administrative distance on a link (20, by default) to the AD of an iBGP route (200, by default), thus making an IGP route preferred for a local link. This is done when you must use BGP, but an IGP route is more efficient locally. There is an excellent example of this statement being used in a configuration on page 326 of the Cisco Press book “Internet Routing Architectures” by Sam Halabi. To enable a backdoor route, use the following command.

Network address backdoor

Basic Configuration Router(config)#router bgp Autonomous System – This command enables the bgp process on a router, and

assigns an AS number.

Router(config-router)#neighbor ip address remote-as autonomous-system – This designates the neighbor with its IP address, along with the AS of the peer. Note that this statement is how BGP determines whether the peer is an Internal or External peer. An internal peer is configured with the same AS as the router itself. An external peer has another AS.

Router(config-router)#network net-address mask netmask – This command tells BGP to advertise this route to neighbors. Note that BGP will only advertise this route if it knows how to reach it (if it is in its routing table). If the destination cannot be reached by the router, this will not be advertised.

Summary Routes Use the aggregate-address command to summarize network routes.

Syntax:

Aggregate-address address mask

or

Aggregate-address address mask summary-only

There are more variations of this command.

BSCI v2.0 (642-801)

Statistic Commands Show ip bgp summary - Use the summary argument to display the status of all BGP connections.

Show ip bgp paths - Use the paths argument to view the BGP database.

Show ip bgp neighbors address - Provides a detailed list of the bgp neighbors and the TCP information.

Verifying Operations Show ip bgp neighbor – This command will show information about the BGP neighbors, and the current state.

An ESTABLISHED state indicates that peer relationship is established, and routes are being exchanged.

Show ip bgp – This gives information about the BGP process, Network Layer Reachability Information (NLRI), attributes, and path information.

The Cisco Press books “Internet Routing Architectures, 2nd edition” by Sam Halabi, “Routing TCP/IP, volume 2” by Jeff Doyle and the “Cisco BGP-4 Command and Configuration Handbook” by William Parkhurst are excellent resources for BGP.

Redistribution It is not always possible or desirable to use a single routing protocol on your entire Internetwork. In this case, you will need to implement a way of passing the networks learned by one routing protocol into another so that every server, host and networked device can find every other. Redistribution provides this tool.

Steps for Redistribution:

1. Enable the relevant routing protocols on the border routers.

2. Specify the networks to be advertised within each specific routing entry domain.

3. Determine how you want to redistribute (one- or two-way).

4. Determine what metrics need to be established to facilitate redistribution, and, if the protocol being redistributed into is OSPF, that the "subnet" parameter is being used.

5. Apply any distribute-lists, if required.

6. Apply any route-maps, if required.

7. Address any VLSM/FLSM issues that remain.

Excellent CCO Links: Redistribute Command

Redistributing Routing Protocols

BSCI v2.0 (642-801)

Static Routing and Connected Ports If you want to advertise static and connected routes to a dynamic routing protocol, you must specify that these should be shared. No metric is necessary when redistributing static and connected routes into RIP, IGRP, EIGRP and OSPF. The commands are:

Router (config-router)# Redistribute Static

Router (config-router)# Redistribute Connected

There is an exception to the rule listed above. RIP will automatically advertise out the default route (0.0.0.0) regardless of whether it’s static or not.

IGRP and EIGRP Metrics are an essential part of redistributing routes into IGRP and EIGRP.

When a metric is not supplied for routes injected into an IGRP routing domain, the entries will appear with a metric of –1 (meaning the network is unreachable). Supplying appropriate metrics for redistributed routes resolves this problem.

IGRP and EIGRP use five metrics when redistributing other protocols:

Bandwidth

Delay

Reliability

Load

MTU

By the way, a good mnemonic device for remembering this is “Bob Doesn’t Really Like Me”. The table below provides a definition of these metrics:

Metric Value

bandwidth A value based on the bandwidth of a specific interface; for example, 10000 for 10Mbps Ethernet.

delay 100 x 10 microseconds = 1 ms.

reliability 255 for 100% reliability.

loading Effective bandwidth of the route in Kilobits per second (Kbps).

MTU Minimum MTU of the router, usually equals the Ethernet bandwidth.

The following output shows an EIGRP router redistributing static, OSPF, RIP, and ISIS routes using the “default-metric” command:

router eigrp 1

network 131.108.0.0

redistribute static

BSCI v2.0 (642-801)

redistribute ospf 1

redistribute rip

default-metric 10000 100 255 1 1500

Multiple IGRP and EIGRP processes can run on the same router, with redistribution between them, but this is rarely necessary, and will consume memory and CPU cycles. Redistribution of an IGRP/EIGRP routing process into another IGRP/EIGRP routing process doesn't require any metric conversion, so there is no need to define metrics or use the default-metric command during redistribution.

IGRP and EIGRP will automatically redistribute if they share the same AS#.

OSPF A metric is not required for OSPF, however, if you redistribute an IGP into OSPF without specifying a default-metric, it will be assigned a metric of 20.

There is an important keyword with OSPF - subnets. If you omit the subnets parameter of the redistribution command, subnetted (non-major subnets) routes will not be redistributed into OSPF. Since it doesn’t hurt your configuration to have this parameter, even if you don’t need it, get used to always including it.

The OSPF metric is based on 108/ bandwidth of the link. For example, the OSPF cost of Ethernet is 10: 108/107 = 10

Multiple OSPF processes can run on the same router, with redistribution between them, but this is rarely necessary, and will consume memory and CPU cycles.

Whenever you use the redistribute or the default-information router configuration commands to redistribute routes into an OSPF routing domain, the router automatically becomes an Autonomous System Boundary Router (ASBR). However, an ASBR does not, by default, generate a default route into the OSPF routing domain.

Keywords:

The keyword internal indicates the OSPF intra-area and inter-area routes.

The keyword External 1 is the external route type 1.

The keyword External 2 is the external route type 2.

BSCI v2.0 (642-801)

The following output shows an OSPF router redistributing static, RIP, IGRP, EIGRP, and ISIS routes:

router ospf 1

network 131.108.0.0 0.0.255.255 area 0

redistribute static metric 200 subnets

redistribute rip metric 200 subnets

redistribute igrp 1 metric 100 subnets

redistribute eigrp 1 metric 100 subnets

redistribute isis metric 10 subnets

redistribute connected metric 10 subnets

BGP You don’t generally want to redistribute BGP routes into an IGP, or IGP routes into BGP.

It is, however, somewhat common to redistribute one or two routes and to make them exterior routes for IGRP, or to allow BGP to generate a default route for your entire autonomous system. When redistributing from BGP into IGP, only the routes learned using eBGP get redistributed.

To allow the redistribution of internal Border Gateway Protocol (iBGP) routes into an Interior Gateway Protocol (IGP) such as Intermediate System-to-Intermediate System (IS-IS) or Open Shortest Path First (OSPF), use the bgp redistribute-internal command in address family configuration mode. To restore the system to the default condition, use the no form of this command.

You would not generally redistribute your IGP into BGP, but rather list the networks in your autonomous system with “network” commands within the BGP router configuration. Networks that are listed this way are referred to as local networks and have a BGP origin attribute of "IGP." They must appear in the main IP routing table and can have any source; for example, they can be directly connected or learned via an IGP. The BGP routing process periodically scans the main IP routing table to detect the presence or absence of local networks, updating the BGP routing table as appropriate.

If you do choose to redistribute into BGP, you must be very careful about the validity of the routes coming from your IGP, especially if the routes were redistributed from BGP into the IGP elsewhere. This can create a situation where BGP is injecting information into the IGP and then sending such information back into BGP, and vice versa. Incorrectly redistributing routes into BGP can result in the loss of critical information, such as the AS-path, which is required for BGP to function properly.

Networks that are redistributed into BGP from the EGP protocol will be given the BGP origin attribute "EGP." Other networks that are redistributed into BGP will have the BGP origin attribute of "incomplete." The origin attribute in our implementation is only used in the path selection process.

Policy-Based Routing (PBR) PBR provides a flexible way of routing packets by defining policies for traffic flows and allowing greater control by extending and complementing existing routing protocol mechanisms. They allow sophisticated if/then logic to be applied on a router to manage redistribution, control and modify routing information, add granularity to NAT configurations, implement BGP policy-based routing, and other functions.

Policies can be based on IP address, port numbers, or protocols. Route maps are similar to access lists, in that they both perform if/then programming, defining the criteria used to determine how packets are handled. The main difference being that route maps have the ability to define an action based on that criteria; meaning if a packet

BSCI v2.0 (642-801)

matches a criteria, a predefined action is taken to change or manage the packet. Access Control Lists (ACLs) can only permit or deny the matched packet.

All packets received on a PBR enabled interface are passed through enhanced packet filters known as route maps. The route maps used by PBR dictate the policy, and determine where packets are forwarded. They can use standard or extended IP access lists.

‎The following characterize the operation of route map statements:

The route map statements used for policy-based routing can be marked as permit or deny.

Only if the statement is marked as permit and the packet meets the match criteria will the accompanying Set commands be applied.

The statements in a route map correspond to the lines of an access list. Specifying the match conditions in a route map is similar to specifying the source and destination addresses and masks in an access list. Also like ACLs, lines in the route map are processed sequentially until a match is made.

‎Sequence numbers are used to specify the order in which conditions are checked. If there are multiple statements in a route map with different sequence numbers, the lower value is checked first. If there is no match for the first condition, the next will be checked; and so on down the list.

A route map can contain logical ANDs as well as logical ORs:

A single match statement can contain multiple conditions, at least one of which must be true for a match to be made. This is a logical OR.

‎A route map statement can contain multiple match statements, in which all the match statements in the route map statement must be considered true for the route map statement to be considered matched. This is a logical AND.

A criteria is created using the Match statement that either permits or denies. They are interpreted in the following ways:

If a statement is marked as deny, the packets meeting the match criteria are sent back through the normal forwarding channels and destination-based routing is performed.

If the statement is marked as permit and a packet matches the access-lists, then the first valid set clause is applied to that packet.

‎

Once the criteria is defined, then how they will be handled is defined through the use of the set statement.

Configuration commands for PBR The basic configuration steps are to use the route-map command to define the route-map, and define its criteria using a list of match and set commands. The match commands specify the match criteria - the conditions under which policy routing occurs. The set commands specify the set actions - the particular routing actions to perform if the criteria enforced by the match commands are met. The ip policy route-map interface command is used to apply a route map by name.

PBR is a significant topic, worthy of further study, but I’ve included some of the more common commands below:

Router(config)# route-map map-tag - Defines a route map to control where packets are output. This command puts the router into route-map configuration mode. The map-tag is the name of the route map.

Router(route-map)# match interface interface-type interface-number - Used to define any routes that have their next hop out one of the interfaces specified.

BSCI v2.0 (642-801)

Router(route-map)# match ip address {access-list-number | access-list-name} - Used to define any routes that have a destination network number address that is permitted by a standard or extended access list.

Router(route-map)# match ip next-hop {access-list-number | access-list-name} - Used to define any routes that have a next hop router address passed by one of the access lists specified.

Router(route-map)# match ip route-source {access-list-number | access-list-name} - Used to define routes that have been advertised by routers and access servers at the address specified by the access lists.

Router(route-map)# match length minimum-length maximum-length - Used to define policy routing based on the Level 3 length of a packet.

Router(route-map)# set interface interface-type interface-number - Used to define where to send output packets that pass a match clause of a route map for policy routing.

Router(route-map)# set ip precedence number|name - Used to define how to set the precedence value in the IP header of the output packets that pass a match clause of a route map for policy routing.

Router(route-map)# set next-hop next-hop - Used to specify the address of the next hop of the output packets that pass a match clause of a route map for policy routing.

Router(interface)# ip policy route-map map-tag - Used to apply a route map to outbound packets on an interface.

Here is a sample configuration:

access-list 1 deny ip 192.168.10.1

access-list 1 permit ip 192.168.10.0 0.0.0.255

access-list 2 permit ip 192.168.10.1

access-list 2 permit ip 192.168.20.2

!

interface ethernet 1

ip policy route-map Gimli

!

route-map Gimli permit 10

match ip address 1

set ip next-hop 192.168.30.3

!

route-map Gimli permit 20

match ip address 2

set ip next-hop 192.168.30.5

To learn more about PBR, here is an excellent link from the Cisco website:

http://www.cisco.com/en/US/products/hw/switches/ps4324/products_configuration_guide_chapter09186a008011c8c7.html#1006578