1. CopyrightAuthorized Self-Study Guide: Building Scalable
Cisco Internetworks (BSCI), Third EditionDiane TeareCatherine
PaquetCopyright 2007 Cisco Systems, Inc.Published by:Cisco Press800
East 96th StreetIndianapolis, IN 46240 USAAll rights reserved. No
part of this book may be reproduced or transmitted in any form or
by any means, electronic or mechanical,including photocopying,
recording, or by any information storage and retrieval system,
without written permission from thepublisher, except for the
inclusion of brief quotations in a review.Printed in the United
States of America 1 2 3 4 5 6 7 8 9 0First Printing December
2006Library of Congress Number: 2004114556Warning and
DisclaimerThis book is designed to provide information about
building scalable Cisco internetworks. Every effort has been made
to make thisbook as complete and as accurate as possible, but no
warranty or fitness is implied.The information is provided on an
"as is" basis. The authors, Cisco Press, and Cisco Systems, Inc.
shall have neither liability norresponsibility to any person or
entity with respect to any loss or damages arising from the
information contained in this book orfrom the use of the discs or
programs that may accompany it.The opinions expressed in this book
belong to the author and are not necessarily those of Cisco
Systems, Inc.Corporate and Government SalesCisco Press offers
excellent discounts on this book when ordered in quantity for bulk
purchases or special sales.For more information, please contact:
U.S. Corporate and Government Sales
[email protected] sales outside of
the U.S. please contact: International Sales 1-317-581-3793
[email protected] AcknowledgmentsAll
terms mentioned in this book that are known to be trademarks or
service marks have been appropriately capitalized. CiscoPress or
Cisco Systems, Inc. cannot attest to the accuracy of this
information. Use of a term in this book should not be regardedas
affecting the validity of any trademark or service mark.Feedback
InformationAt Cisco Press, our goal is to create in-depth technical
books of the highest quality and value. Each book is crafted with
care andprecision, undergoing rigorous development that involves
the unique expertise of members from the professional
technicalcommunity.
2. Readers feedback is a natural continuation of this process.
If you have any comments regarding how we could improve the
qualityof this book, or otherwise alter it to better suit your
needs, you can contact us through e-mail at
[email protected]. Pleasemake sure to include the book title
and ISBN in your message.We greatly appreciate your
assistance.Publisher: Paul BogerCisco Representative: Anthony
WolfendenCisco Press Program Manager: Jeff BradyExecutive Editor:
Mary Beth RayManaging Editor: Patrick KanouseDevelopment Editor:
Andrew CuppProject Editor: Seth KerneyCopy Editor: Keith
ClineTechnical Editors: Mark Gallo, Joe HarrisPublishing
Coordinator: Vanessa EvansBook and Cover Designer: Louisa
AdairComposition: ICC Macmillan Inc.Indexer: Tim WrightAmericas
HeadquartersCisco Systems, Inc.170 West Tasman DriveSan Jose, CA
95134-1706USAwww.cisco.comTel: 408 526-4000800 553-NETS (6387)Fax:
408 527-0883Asia Pacific HeadquartersCisco Systems, Inc.168
Robinson Road#28-01 Capital TowerSingapore
068912www.cisco.comTel:+65 6317 7777Fax:+65 6317 7799European
HeadquartersCisco Systems International
BVHaarlerbergparkHaarlerbergweg 13-191101 CH AmsterdamThe
Netherlandswww-europe.cisco.comTel: +31 0 800 020 0791Fax: +31 0 20
357 1100Cisco has more than 200 offices worldwide. Addresses, phone
numbers, and fax numbers are listed on the Cisco Website
atwww.cisco.com/go/offices.2006 Cisco Systems, Inc. All rights
reserved. CCVR, the Cisco logo, and the Cisco Square Bridge logo
are trademarks of CiscoSystems, Inc.; Changing the Way We Work,
Live, Play, and Learn is a service mark of Cisco Systems, Inc.; and
Access Registrar,Aironet, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP,
CCNA, CCNP, CCSP, Cisco, the Cisco Certified Internetwork Expert
logo,Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital,
the Cisco Systems logo, Cisco Unity, Enterprise/Solver,
3. EtherChannel, EtherFast, EtherSwitch, Fast Step, Follow Me
Browsing, FormShare, GigaDrive, GigaStack, HomeLink,
InternetQuotient, IOS, IP/TV, iQ Expertise, the iQ logo, iQ Net
Readiness Scorecard, iQuick Study, LightStream, Linksys,
MeetingPlace,MGX, Networking Academy, Network Registrar, Packet,
PIX. ProConnect, RateMUX, ScriptShare, SlideCast,
SMARTnet,StackWise, The Fastest Way to Increase Your Internet
Quotient, and TransPath are registered trademarks of Cisco Systems,
Inc.and/or its affiliates in the United States and certain other
countries.All other trademarks mentioned in this document or
Website are the property of their respective owners. The use of the
wordpartner does not imply a partnership relationship between Cisco
and any other company. (0609R)DedicationsIf a man empties his purse
into his head, no man can take it away from him. An investment in
knowledge always pays the bestinterest.Benjamin FranklinFrom
Diane:This book is dedicated to my loving husband, Allan Mertin,
who again has encouraged, supported, and "held the fort" during
thisproject; to our charming son, Nicholas, whose inquisitive mind,
knowledge, and antics are both entertaining us and making surethat
we will be life-long learners; and to my parents, Syd and Beryl,
for their continuous caring and support.From Catherine:To my
parents and sisterMaurice, Florence, and Hlne Paquetfor your
continuous support: Thank you. To my children,Laurence and Simon:
"Develop a passion for learning. If you do, you will never cease to
grow" (Anthony J. DAngelor). And, finally,to Pierre Rivard, my soul
mate, husband, and an eternal learner: Your enthusiasm is
contagious. Thanks for sharing it with us.
4. About the AuthorsDiane Teare is a professional in the
networking, training, and e-learning fields. She has more than 20
years of experience indesigning, implementing, and troubleshooting
network hardware and software and has also been involved in
teaching, coursedesign, and project management. She has extensive
knowledge of network design and routing technologies and is an
instructorwith one of the largest authorized Cisco Learning
Partners. She was recently the director of e-learning for the same
company,where she was responsible for planning and supporting all
the companys e-learning offerings in Canada, including Cisco
courses.Diane was part of the team that developed the latest
version of the BSCI course. She has a bachelors degree in applied
science inelectrical engineering (BASc) and a masters degree in
applied science in management science (MASc). She is a certified
CiscoSystems instructor and currently holds her CCNP and CCDP
certifications. She coauthored the Cisco Press titles CampusNetwork
Design Fundamentals and the first two editions of this book; and
edited CCDA Self-Study: Designing for CiscoInternetwork Solutions
(DESGN) and Designing Cisco Networks.Catherine Paquet has in-depth
knowledge of security systems, remote access, and routing
technology. She is a CCSP, a CCNP,and a CCSI with one of the
largest Cisco Learning Partners. She started her internetworking
career as a LAN manager, moved toMAN manager, and eventually became
the nationwide WAN manager with a federal agency. Prior to starting
Netrisec Inc., anetwork security consultancy, Catherine was the
director of technical resources for a Cisco Learning Partner.
Catherine currentlyworks on network design and implementation
projects and lectures on topics related to security frameworks,
regulations, andreturn on security investments. In 2002 and 2003,
she volunteered with the U.N. mission in Kabul, Afghanistan, to
train Afghanpublic servants in the area of networking. Catherine
has a masters degree in business administration with a major in
managementinformation systems (MBA [MIS]). She coauthored the Cisco
Press titles Campus Network Design Fundamentals, The BusinessCase
for Network Security: Advocacy, Governance, and ROI, and the first
two editions of this book, and edited Building CiscoRemote Access
Networks.
5. About the Technical ReviewersMark Gallo is a Systems
Engineering Manager at Cisco within the Channels organization. He
has led several engineering groupsresponsible for positioning and
delivering Cisco end-to-end systems, and for designing and
implementing enterprise LANs andinternational IP networks. He has a
bachelor of science degree in electrical engineering from the
University of Pittsburgh and holdsCisco CCNP and CCDP
certifications. Mark resides in northern Virginia with his wife,
Betsy, and son, Paul.Joe Harris, CCIE No. 6200, has both CCIE
Security and Routing and Switching certifications and is a
Commercial SystemsEngineer with Cisco specializing in advanced
routing and security. He has more than 12 years of experience in
the field ofdesigning and implementing Cisco network solutions. Joe
holds a bachelor of science degree from Louisiana Tech University
andresides with his wife and two children in Frisco, Texas.
6. AcknowledgmentsWe would like to thank many people for
helping us put this book together:The Cisco Press team: Mary Beth
Ray, the executive editor, coordinated the entire team and ensured
that everything was linedup for the successful completion of the
book. Drew Cupp, the development editor, has once again been
invaluable with his eye fordetail and speedy responses to our many
queries. We also want to thank Seth Kerney, the project editor, and
Keith Cline, the copyeditor, for their excellent work in steering
this book through the editorial process. Finally, we want to thank
Brett Bartow, theexecutive editor on the previous editions to this
book (and our other books), for sticking with us all these
years!The Global Knowledge and Cisco Systems team: Many other
people were involved in the development of the latest version ofthe
BSCI course, and we want to extend our thanks to themour apologies
if we have forgotten someone! The Global Knowledgeteam included Ray
Dooley and his teamCarol Kavalla, Bill Treneer, and Norma
DouthitPatti Hedgspeth, Kimberly Ferguson,Ammarah Abbasi, Karie
Krueger, Joy Rau, Richard Chapin, and Margaret Prince. The Cisco
team included Ray Garra, BobMartinez, Roger Beatty, Cynthia
Barnette, Peter Wood, Dennis Keirnan, Brenda Nichols, Glenn Tapley,
Drew Blair, Mike Bevan,James Cagney, Kathy Yankton, Ray Viscaina,
Andy Esponsa, Eric De Jesus, Christy Faria, Jeremy Creech, Lee
Rogers, AdrianaVascan, and Charles Newby. Thanks also to the other
members of the development teams of the original BSCN and
BSCIcourses, including Patrick Lao, Kip Peterson, Keith Serrao,
Kevin Calkins, Won Lee, and Imran Quershi.The technical reviewers:
We want to thank the technical reviewers of this bookMark Gallo and
Joe Harrisfor their thorough,detailed review and very valuable
input.Our families: Of course, this book would not have been
possible without the constant understanding and patience of our
families.They have always been there to motivate and inspire us. We
thank you all.Each other: Last, but not least, this book is a
product of work by two friends, which made it even more of a
pleasure to complete.Icons Used in This Book
7. Command Syntax ConventionsThe conventions used to present
command syntax in this book are the same conventions used in the
IOS Command Reference.The Command Reference describes these
conventions as follows:Boldface indicates commands and keywords
that are entered literally as shown. In actual configuration
examples andoutput (not general command syntax), boldface indicates
commands that are manually input by the user (such as a
showcommand).Italics indicate arguments for which you supply actual
values.Vertical bars (|) separate alternative, mutually exclusive
elements.Square brackets [ ] indicate optional elements.Braces { }
indicate a required choice.Braces within brackets [{ }] indicate a
required choice within an optional element.
8. ForewordAuthorized Self-Study Guide: Building Scalable Cisco
Internetworks (BSCI), Third Edition, is an excellent self-study
resource for theCCNP BSCI exam. Whether you are studying to become
CCNP certified or are just seeking to gain a better understanding
ofswitching technology, implementation and operation, planning and
design, and troubleshooting, you will benefit from the
informationpresented in this book.Cisco Press Self-Study Guide
titles are designed to help educate, develop, and grow the
community of Cisco networkingprofessionals. As an early-stage
exam-preparation product, this book presents a detailed and
comprehensive introduction to thetechnologies used to build
scalable routed networks. Developed in conjunction with the Cisco
certifications team, Cisco Pressbooks are the only self-study books
authorized by Cisco Systems.Most networking professionals use a
variety of learning methods to gain necessary skills. Cisco Press
Self-Study Guide titles are aprime source of content for some
individuals and can also serve as an excellent supplement to other
forms of learning. Trainingclasses, whether delivered in a
classroom or on the Internet, are a great way to quickly acquire
new understanding. Hands-onpractice is essential for anyone seeking
to build, or hone, new skills. Authorized Cisco training classes,
labs, and simulations areavailable exclusively from Cisco Learning
Solutions Partners worldwide. Please visit
http://www.cisco.com/go/training to learn moreabout Cisco Learning
Solutions Partners.I hope and expect that you will find this guide
to be an essential part of your exam preparation and a valuable
addition to yourpersonal library.Don FieldDirector,
CertificationsCisco System, Inc.December 2006
9. IntroductionInternetworks are growing at a fast pace to
support more protocols and users and are becoming more complex. As
the premierdesigner and provider of internetworking devices, Cisco
Systems is committed to supporting these growing networks.This book
teaches you how to design, configure, maintain, and scale a routed
network. It focuses on using Cisco routersconnected in LANs and
WANs typically found at medium-to-large network sites. After
completing this book, you will be able toselect and implement the
appropriate Cisco IOS services required to build a scalable, routed
network.In this book, you study a broad range of technical details
on topics related to routing. Routing protocol principles are
examined indetail before the following routing protocols are
explored: Enhanced Interior Gateway Routing Protocol (EIGRP), Open
ShortestPath First (OSPF), Intermediate System-to-Intermediate
System (IS-IS), and Border Gateway Protocol (BGP). Running
multiplerouting protocols and controlling the information passed
between them are examined, and IP multicast and IP version 6 (IPv6)
areexplored.Configuration examples and sample verification outputs
demonstrate troubleshooting techniques and illustrate critical
issuessurrounding network operation. Chapter-ending Configuration
Exercises and Review Questions illustrate and help solidify
theconcepts presented in this book.This book starts you down the
path toward attaining your CCNP, CCIP, or CCDP certification,
because it provides in-depthinformation to help you prepare for the
BSCI exam.The commands and configuration examples presented in this
book are based on Cisco IOS Release 12.4.Who Should Read This
BookThis book is intended for network architects, network
designers, systems engineers, network managers, and
networkadministrators who are responsible for implementing and
troubleshooting growing routed networks.If you are planning to take
the BSCI exam toward your CCNP, CCIP, or CCDP certification, this
book provides you with in-depthstudy material. To fully benefit
from this book, you should be CCNA certified or should possess the
following knowledge:A working knowledge of the OSI reference
modelAn understanding of internetworking fundamentals, including
commonly used networking terms, numbering schemes,topologies,
distance vector routing protocol operation, and when to use static
and default routesThe ability to operate and configure a Cisco
router, including displaying and interpreting a routers routing
table, configuringstatic and default routes, enabling a WAN serial
connection using High-Level Data Link Control (HDLC) or
PPP,configuring Frame Relay permanent virtual circuits (PVC) on
interfaces and subinterfaces, configuring IP standard andextended
access lists, and verifying router configurations with available
tools, such as show and debug commandsWorking knowledge of the
TCP/IP stack, and configuring IP addresses and the Routing
Information Protocol (RIP)If you lack this knowledge and these
skills, you can gain them by completing the Cisco Introduction to
Cisco NetworkingTechnologies (INTRO) and Interconnecting Cisco
Network Devices (ICND) courses or by reading the related Cisco
Press books.Whats New in This EditionThis book is an update to CCNP
Self-Study: Building Scalable Cisco Internetworks (BSCI), Second
Edition (ISBN 1-58705-146-X).This third edition addresses changes
to the BSCI course. The following are the major changes between
books:Each topic has been rewritten. Any items that were removed
from the main portion of the previous edition because ofcourse
changes have been put in an appendix or sidebar, as appropriate.
The appendixes have been modified andupdated to reflect the content
of the book.New chapters on network architecture framework and
design models, IP multicast, and IPv6 are included.Route
authentication is included for EIGRP, OSPF, and BGP.
10. Examples and Configuration Exercises now use Cisco IOS
Release 12.4 on Cisco 2811 routers; outputs have been redoneusing
this new release on these routers.The "Advanced IP Addressing"
chapter was removed; much of the information from this chapter has
been included inAppendix C, "IPv4 Supplement."Objectives of This
BookWhen you complete the readings and exercises in this book, you
will be able to describe the converged network requirements
ofvarious networked applications within the Cisco architectures.
You will also be able to describe advanced IP routing
principles,including static and dynamic routing characteristics and
the concepts of classful and classless routing and address
summarization.You will be able to implement and verify EIGRP, OSPF,
and Integrated IS-IS for scalable multiarea networks, and BGP
forenterprise Internet service provider (ISP) connectivity. You
will also be able to manipulate routing updates and packet flow.
You willbe able to implement and verify IP multicast forwarding
using Protocol Independent Multicast (PIM) and related protocols,
anddescribe how IPv6 functions to satisfy the increasingly complex
requirements of hierarchical addressing.Summary of ContentsThe
chapters and appendixes in this book are as follows:Chapter 1,
"Network Architecture Framework and Design Models," introduces
converged networks and the variety of trafficwithin them. Some
strategies, frameworks, and models used in the network design
process are presented.Chapter 2, "Routing Principles," covers the
principles of routing, including static and dynamic routing
characteristics,classful and classless routing, and the differences
between distance vector, link-state, and hybrid routing protocol
behavior.Chapter 3, "Configuring the Enhanced Interior Gateway
Routing Protocol," introduces EIGRP. Topics include
EIGRPterminology and concepts, EIGRP configuration, verification,
and troubleshooting. EIGRP authentication is also included.Chapter
4, "Configuring the Open Shortest Path First Protocol," introduces
the OSPF routing protocol. Basic configurationof OSPF, in both
single and multiple areas is described. OSPF configuration over
specific network types is also explored.Chapter 5, "Advanced Open
Shortest Path First Protocol Configuration," covers advanced
operation, configuration, andverification of the OSPF protocol. The
different types of OSPF routers and link-state advertisements
(LSAs) areintroduced. OSPF route summarization configuration is
covered and default routes are introduced. Stub areas, virtual
links,and OSPF authentication configuration are explored.Chapter 6,
"Configuring the Integrated Intermediate System-to-Intermediate
System Protocol," provides an overview of theIntegrated IS-IS
protocol, including its operation and configuration (and basic
configuration examples).Chapter 7, "Manipulating Routing Updates,"
discusses different ways to control routing update information.
Routeredistribution to interconnect networks that use multiple
routing protocols is explained. Information between the
protocolscan be controlled by using distribute lists and route maps
and by changing the administrative distance; the chapterdiscusses
the configuration of each of these techniques. The chapter
concludes with a discussion of the Dynamic HostConfiguration
Protocol (DHCP) and how to enable DHCP server functionality on a
Cisco IOS device.Chapter 8, "Configuring the Border Gateway
Protocol," introduces BGP, including terminology and the
fundamentals ofBGP operation, configuration, and troubleshooting
techniques. BGP authentication and the use of route maps
formanipulating BGP path attributes are also introduced.Chapter 9,
"Implementing IP Multicast," provides an introduction to IP
multicast, multicast addressing and protocols, andthe
implementation of IP multicast on Cisco devices.Chapter 10,
"Implementing IPv6," introduces IPv6 and the IPv6 addressing
scheme. Routing protocols that support IPv6are explored, and the
details of OSPF for IPv6 configuration are presented. The chapter
also discusses how IPv4 networkscan be transitioned to
IPv6."Acronyms and Abbreviations" identifies abbreviations,
acronyms, and initialisms used in this book and in
theinternetworking industry.Appendix A, "Answers to Review
Questions," contains the answers to the review questions that
appear at the end of eachchapter.Appendix B, "Configuration
Exercise Equipment Requirements and Backbone Configurations,"
contains information on theequipment requirements for the
Configuration Exercises, along with the initial configuration
commands for the backbonerouters.In addition to the material in the
printed book, you can also find the following appendixes at
ciscopress.com on your My RegisteredBooks page after you register
your book (see the next section, "Online Material," for
details):Appendix C, "IPv4 Supplement," provides job aids and
supplementary information that are intended for your use
whenworking with IPv4 addresses. Topics include subnetting job aid,
decimal-to-binary conversion chart, IPv4 addressing
11. review, IPv4 access lists, IP address planning,
hierarchical addressing using variable-length subnet masks (VLSMs),
routesummarization, and classless interdomain routing
(CIDR).Appendix D, "Manipulating Routing Updates Supplement,"
provides supplementary information about the features
andconfiguration of policy-based routing (PBR).Appendix E, "BGP
Supplement," provides supplementary information on BGP covering the
following topics: BGP routesummarization, redistribution with
interior gateway protocols (IGPs), policy control and prefix lists,
communities, and routereflectors.Appendix F, "Summary of BSCI
Router Commands," lists some of the Cisco router IOS commands you
might find in thisbook, organized in various categories.Appendix G,
"Open System Interconnection (OSI) Reference Model," is a brief
overview of the OSI seven-layer model.Online MaterialAfter you
register your book on the Cisco Press website, you can find helpful
material related to this book.To register this book, go to
http://www.ciscopress.com/bookstore/register.asp and enter the
books ISBN located on the backcover. Youll then be prompted to log
in or join ciscopress.com to continue registration.After you
register the book, a link to the supplemental content will be
listed on your My Registered Books page. There you can findthe
supplemental material in Appendixes C through G. You can also
download three configuration files for use in the
booksConfiguration Exercises, as well as a copy of the network
diagram used for the Configuration Exercises.The printed book does
contain helpful references to the online appendixes to guide you in
making the best use of this supplementaland background
material.Configuration Exercises and Review QuestionsConfiguration
Exercises at the end of the chapters let you practice configuring
routers with the commands and topics presented. Ifyou have access
to real hardware, you can try these exercises on your routers;
refer to Appendix B for a list of recommendedequipment and initial
configuration commands for the backbone routers. However, even if
you do not have access to any routers,you can go through the
exercises and keep a log of your own running configurations.
Commands used and solutions to theConfiguration Exercises are
provided within the exercise sections.At the end of each chapter,
you can test your knowledge by answering Review Questions on the
subjects covered in that chapter.You can compare your answers to
the answers provided in Appendix A to find out how you did and what
material you might need tostudy further.Authors Notes, Key Points,
Sidebars, and CautionsThe notes, sidebars, and cautions found in
this book provide extra information on a subject. The key points
highlight specific pointsof interest.
12. 1 of 2Part I: Network Architecture and DesignChapter 1
Network Architecture Framework and Design ModelsChapter 1. Network
Architecture Framework and Design ModelsThis chapter discusses
network architecture framework and design models. It covers the
following topics:Converged NetworksCisco Intelligent Information
NetworkCisco Service-Oriented Network Architecture FrameworkCisco
Enterprise ArchitectureCisco Hierarchical Network ModelCisco
Enterprise Composite Network ModelRouting and Routing Protocols
Within the Enterprise Composite Network ModelThis chapter
introduces converged networks and the variety of traffic within
them. To accommodate the requirements of suchnetworks, Cisco has
introduced the Intelligent Information Network (IIN) strategy along
with the Service-Oriented NetworkArchitecture (SONA) framework that
guides the evolution of enterprise networks toward an IIN, both of
which this chapterdescribes.The components of the Cisco
enterprise-wide systems architecture are introduced. Two network
design modelsthe traditionalhierarchical network model and the
Enterprise Composite Network Model are described. The chapter
concludes with a discussionof how routing protocols fit within the
Enterprise Composite Network Model.Converged NetworksA converged
network is one in which data, voice, and video traffic coexists on
a single network. When voice and video aretransported across a
network, the voice and video are seen by the network as being just
like any other application data.Converged networks contain a
variety of different types of traffic, including the
following:Voice and video traffic Examples include IP telephony,
involving applications such as contact centers, and videobroadcast
and conferencing.Mission-critical traffic This data is generated by
applications critical to an organization (for example,
informationgenerated by a stock exchange application at a finance
company, patient records at a hospital, and so forth).Transactional
traffic This information is generated by applications such as those
for e-commerce.Routing protocol traffic Data from whichever routing
protocols are running in the network, such as the
RoutingInformation Protocol (RIP), Open Shortest Path First
Protocol (OSPF), Enhanced Interior Gateway Routing Protocol(EIGRP),
Intermediate System-to-Intermediate System Protocol (IS-IS), and
Border Gateway Protocol (BGP).Network management traffic Including
information about the status of the network and its devices.The
requirements on the network differ significantly depending on the
mix of traffic types, especially in terms of security
andperformance.For example, voice and video performance
requirements include low delay and jitter (variation in delay),
whereas transactional
13. 2 of 2traffic requires high reliability and security with
relatively low bandwidth. Voice applications, such as IP telephony,
also require highreliability and availability because user
expectations for "dial tone" in an IP network are exactly the same
as in the traditionaltelephone network. Video traffic is frequently
carried as IP multicast traffic, requiring multicast features to be
enabled on thenetwork. To meet these traffic requirements,
converged networks use quality of service (QoS) mechanisms so that,
for example,voice and video traffic are given priority over
web-based traffic.Several security strategies, such as device
hardening with strict access control and authentication, intrusion
protection, intrusiondetection, and traffic protection with
encryption, can minimize or possibly eliminate network security
threats. Security is a key issuein all networks and becomes even
more important in wireless networks where access is possible
virtually anywhere.
14. 1 of 1Cisco Intelligent Information NetworkTo accommodate
todays and tomorrows network requirements, the Cisco vision of the
future includes the IIN, a strategy thataddresses how the network
is integrated with businesses and business priorities. The IIN
encompasses the following features:Integration of networked
resources and information assets that have been largely unlinked
The modernconverged networks with integrated voice, video, and data
require that IT departments (and other departments that
weretraditionally responsible for other technologies) more closely
link the IT infrastructure with the network.Intelligence across
multiple products and infrastructure layers The intelligence built
in to each component of thenetwork is extended network-wide and
applies end to end.Active participation of the network in the
delivery of services and applications With added intelligence, the
IINmakes it possible for the network to actively manage, monitor,
and optimize service and application delivery across theentire IT
environment.The IIN offers much more than basic connectivity,
bandwidth for users, and access to applicationsit offers an
end-to-endfunctionality and centralized, unified control that
promotes true business transparency and agility.With the IIN, Cisco
is helping organizations to address new IT challenges, such as the
deployment of service-orientedarchitectures, web services, and
virtualization (as described in the upcoming "Phase 2" bullet). The
IIN technology vision offers anevolutionary approach that consists
of three phases in which functionality can be added to the
infrastructure as required. The threephases are as follows:Phase
1:Integrated transport Everything (data, voice, and video)
consolidates onto an IP network for secure networkconvergence. By
integrating data, voice, and video transport into a single,
standards-based, modular network,organizations can simplify network
management and generate enterprise-wide efficiencies. Network
convergence also laysthe foundation for a new class of IP-enabled
applications, now known as Cisco Unified Communications
solutions.NoteCisco Unified Communications is the name, launched in
March 2006, for the entire range of what were previouslyknown as
Cisco IP communications products. These include all call control,
conferencing, voicemail andmessaging, customer contact, IP phone,
video telephony, videoconferencing, rich media clients, and
voiceapplication products.Phase 2: Integrated services When the
network infrastructure is converged, IT resources can be pooled and
shared,or virtualized, to flexibly address the changing needs of
the organization. By extending this virtualization concept
toencompass server, storage, and network elements, an organization
can transparently use all of its resources moreefficiently.
Business continuity is also enhanced because in the event of a
local systems failure, shared resources acrossthe IIN can provide
needed services.Phase 3: Integrated applications This phase focuses
on making the network application aware so that it can
optimizeapplication performance and more efficiently deliver
networked applications to users. With Application-Oriented
Networking(AON) technology, Cisco has entered this third IIN phase.
In addition to capabilities such as content caching, loadbalancing,
and application-level security, the Cisco AON makes it possible for
the network to simplify the applicationinfrastructure by
integrating intelligent application message handling, optimization,
and security into the existing network.NoteYou can access the IIN
home page at http://www.cisco.com/go/iin.
15. 1 of 2Cisco Service-Oriented Network Architecture
FrameworkThe Cisco SONA is an architectural framework that
illustrates how to build integrated systems and guides the
evolution ofenterprise networks toward an IIN. Using the SONA
framework, enterprises can improve flexibility and increase
efficiency byoptimizing applications, business processes, and
resources to enable IT to have a greater impact on business.The
SONA framework leverages the extensive product-line services,
proven architectures, and experience of Cisco and itspartners to
help enterprises achieve their business goals.The SONA framework,
shown in Figure 1-1, shows how integrated systems can allow a
dynamic, flexible architecture and providefor operational
efficiency through standardization and virtualization. In this
framework, the network is the common element thatconnects and
enables all components of the IT infrastructure.Figure 1-1. Cisco
SONA FrameworkThe SONA framework outlines the following three
layers:Networked infrastructure layer Where all the IT resources
are interconnected across a converged network foundation.The IT
resources include servers, storage, and clients. The network
infrastructure layer represents how these resourcesexist in
different places in the network, including the campus, branch, data
center, wide-area network (WAN),metropolitan-area network (MAN),
and with the teleworker. The objective of this layer is to provide
connectivity, anywhereand anytime.
16. 2 of 2Interactive services layer Enables efficient
allocation of resources to applications and business processes
deliveredthrough the networked infrastructure. This layer comprises
these services:- Voice and collaboration services- Mobility
services- Security and identity services- Storage services-
Computer services- Application networking services- Network
infrastructure virtualization- Services management- Adaptive
management servicesApplication layer This layer includes business
applications and collaboration applications. The objective of this
layer isto meet business requirements and achieve efficiencies by
leveraging the interactive services layer.NoteYou can access the
SONA home page at http://www.cisco.com/go/sona.
17. 1 of 2Cisco Enterprise ArchitectureCisco provides an
enterprise-wide systems architecture that helps companies to
protect, optimize, and grow the infrastructure thatsupports their
business processes. As illustrated in Figure 1-2, the architecture
provides for integration of the entirenetworkcampus, data center,
branches, teleworkers, and WANoffering staff secure access to the
tools, processes, andservices they require.Figure 1-2. Cisco
Enterprise Architecture[View full size image]The Cisco Enterprise
Campus Architecture combines a core infrastructure of intelligent
switching and routing with tightly integratedproductivity-enhancing
technologies, including IP communications, mobility, and advanced
security. The architecture provides theenterprise with high
availability through a resilient multilayer design, redundant
hardware and software features, and automaticprocedures for
reconfiguring network paths when failures occur. IP multicast
capabilities provide optimized bandwidth consumption,and QoS
features ensure that real-time traffic (such as voice, video, or
critical data) is not dropped or delayed. Integrated
securityprotects against and mitigates the impact of worms,
viruses, and other attacks on the network, including at the switch
port level.For example, the Cisco enterprise-wide architecture
extends support for security standards, such as the Institute for
Electrical andElectronic Engineers (IEEE) 802.1x port-based network
access control standard and the Extensible Authentication Protocol
(EAP).It also provides the flexibility to add IPsec and
Multiprotocol Label Switching virtual private networks (MPLS VPNs),
identity andaccess management, and virtual local-area networks
(VLANs) to compartmentalize access. These features help
improveperformance and security while decreasing costs.The Cisco
Enterprise Data Center Architecture is a cohesive, adaptive network
architecture that supports requirements forconsolidation, business
continuance, and security while enabling emerging service-oriented
architectures, virtualization, andon-demand computing. Staff,
suppliers, or customers can be provided with secure access to
applications and resources,simplifying and streamlining management
and significantly reducing overhead. Redundant data centers provide
backup usingsynchronous and asynchronous data and application
replication. The network and devices offer server and application
loadbalancing to maximize performance. This architecture allows the
enterprise to scale without major changes to the infrastructure.The
Cisco Enterprise Branch Architecture allows enterprises to extend
head-office applications and services (such as security,
IPcommunications, and advanced application performance) to
thousands of remote locations and users or to a small group
ofbranches. Cisco integrates security, switching, network analysis,
caching, and converged voice and video services into a series
ofintegrated services routers (ISRs) in the branch so that the
enterprises can deploy new services without buying new routers.
Thisarchitecture provides secure access to voice, mission-critical
data, and video applicationsanywhere, anytime. Advanced
routing,VPNs, redundant WAN links, application content caching, and
local IP telephony call processing features are available with
high
18. 2 of 2levels of resilience for all the branch offices. An
optimized network leverages the WAN and LAN to reduce traffic and
savebandwidth and operational expenses. The enterprise can easily
support branch offices with the ability to centrally
configure,monitor, and manage devices located at remote sites,
including tools, such as AutoQoS, which configures devices to
handlecongestion and bandwidth issues before they affect network
performance.The Cisco Enterprise Teleworker Architecture allows
enterprises to securely deliver voice and data services to remote
small orhome offices over a standard broadband access service,
providing a business-resiliency solution for the enterprise and a
flexiblework environment for employees. Centralized management
minimizes the IT support costs. Integrated security and
identity-basednetworking services enable the enterprise to extend
campus security policies to the teleworker. Staff can securely log
in to thenetwork over an always-on VPN and gain access to
authorized applications and services from a single cost-effective
platform.Productivity can further be enhanced by adding an IP
phone, thereby providing cost-effective access to a centralized
IPcommunications system with voice and unified messaging
services.The Cisco Enterprise WAN Architecture offers the
convergence of voice, video, and data services over a single Cisco
UnifiedCommunications network, which enables the enterprise to
cost-effectively span large geographic areas. QoS, granular
servicelevels, and comprehensive encryption options help ensure the
secure delivery of high-quality corporate voice, video, and
dataresources to all corporate sites, enabling staff to work
productively and efficiently wherever they are located. Security is
providedwith multiservice VPNs (IPsec and MPLS) over Layer 2 or
Layer 3 WANs, hub-and-spoke, or full-mesh topologies.
19. 1 of 2Cisco Hierarchical Network ModelTraditionally, the
three-layer hierarchical model has been used in network design,
providing a modular framework that allowsdesign flexibility and
facilitates implementation and troubleshooting. The hierarchical
model divides networks or modular blockswithin a network into the
access, distribution, and core layers, as illustrated in Figure
1-3. The features of the hierarchical layers areas follows:Access
layer This layer is used to grant users access to network devices.
In a network campus, the access layergenerally incorporates
switched LAN devices with ports that provide connectivity to
workstations and servers. In the WANenvironment, the access layer
at remote sites or at teleworkers homes provides access to the
corporate network acrossvarious WAN technologies.Distribution layer
This layer aggregates the wiring closets and uses switches to
segment workgroups and isolatenetwork problems in a campus
environment. Similarly, the distribution layer aggregates WAN
connections at the edge ofthe campus and provides policy-based
connectivity (in other words, it implements the organizations
policies).Core layer (also referred to as the backbone) The core
layer is a high-speed backbone and is designed to switchpackets as
fast as possible. Because the core is critical for connectivity, it
must provide a high level of availability and adaptto changes
quickly.Figure 1-3. Cisco Hierarchical Network ModelThe
hierarchical model can be applied to networks that include any type
of connectivity, such as LANs, WANs, wireless LANs(WLANs), MANs,
and VPNs. For example, Figure 1-4 demonstrates the hierarchical
model applied to a WAN environment.Figure 1-4. Hierarchical Model
Applied to a WAN[View full size image]
20. 2 of 2The hierarchical model is useful for smaller
networks, but does not scale well to todays larger, more complex
networks. TheEnterprise Composite Network Model, introduced in the
following section, provides additional modularity and
functionality.
21. 1 of 3Cisco Enterprise Composite Network ModelCisco has
developed a set of best practices for security, comprising a
blueprint for network designers and administrators for theproper
deployment of security solutions to support network applications
and the existing network infrastructure. This blueprint iscalled
"SAFE." SAFE includes the Enterprise Composite Network Model, which
network professionals can use to describe andanalyze any modern
enterprise network. This model supports larger networks than those
designed with only the hierarchical modeland clarifies the
functional boundaries within the network.NoteYou can access the
SAFE blueprint home page at http://www.cisco.com/go/safe.The
Enterprise Composite Network Model first divides the network into
three functional areas, as illustrated in Figure 1-5 anddescribed
as follows:Enterprise Campus This functional area contains the
modules required to build a hierarchical, highly robust
campusnetwork. Access, distribution, and core principles are
applied to these modules appropriately.Enterprise Edge This
functional area aggregates connectivity from the various elements
at the edge of the enterprisenetwork, including to remote
locations, the Internet, and remote users.Service Provider Edge
This area is not implemented by the organization; instead, it is
included to represent connectivityto service providers such as
Internet service providers (ISPs), WAN providers, and the public
switched telephone network(PSTN).Figure 1-5. Enterprise Composite
Network Model Functional AreasAs illustrated in Figure 1-6, each of
these functional areas contains various network modules. These
modules can in turn includehierarchical core, distribution, and
access layer functionality.Figure 1-6. Modules Within the
Enterprise Composite Network Model[View full size image]
22. 2 of 3The Enterprise Campus functional area comprises the
following modules:Building Containing access switches and end-user
devices (including PCs and IP phones).Building Distribution
Includes distribution multilayer switches to provide access between
workgroups and to the Core.Core Also called the backbone, provides
a high-speed connection between buildings themselves, and between
buildingsand the Server and Edge Distribution modules.Edge
Distribution The interface between the Enterprise Campus and the
Enterprise Edge functional areas. This moduleconcentrates
connectivity to and from all branches and teleworkers accessing the
campus via a WAN or the Internet.Server Represents the campuss data
center.Management Represents the network management functionality,
including monitoring, logging, security, and othermanagement
features within an enterprise.Figure 1-7 illustrates how the
Building, Building Distribution, and Core modules map directly onto
the hierarchical models access,distribution, and core layers. The
figure also shows how multiple buildings can be represented by
multiple sets of a Building and aBuilding Distribution module, with
each connected to the Core.Figure 1-7. Multiple Buildings
Represented Within the Enterprise Campus[View full size image]
23. 3 of 3The Enterprise Edge functional area is the interface
between the Enterprise Campus functional area (through the Edge
Distributionmodule) and the Service Provider Edge functional area.
It is composed of the following four modules:E-commerce Includes
the servers, network devices, and so forth necessary for an
organization to provide e-commercefunctionality, such as online
orderingCorporate Internet Provides Internet access for the
organization, and passes VPN traffic from external users to theVPN
and Remote Access moduleVPN and Remote Access Terminates VPN
traffic and dial-in connections from external usersWAN Provides
connectivity from remote sites using various WAN technologiesThe
three modules within the Service Provider Edge functional area are
as follows:ISP Represents Internet connectionsPSTN Represents all
nonpermanent connections, including via analog phone, cellular
phone, and Integrated ServicesDigital Network (ISDN)Frame
Relay/Asynchronous Transfer Mode (ATM) Represents all permanent
connections to remote locations,including via Frame Relay, ATM,
leased lines, cable, digital subscriber line (DSL), and
wirelessNoteFor further information and details about network
design, refer to the Cisco Press book CCDA Self-Study: Designing
forCisco Internetwork Solutions (DESGN).
24. 1 of 1Routing and Routing Protocols Within the Enterprise
Composite Network ModelRouting protocols are an integral part of
any network. When designing a network using the architectures and
models introduced inthis chapter, routing protocol selection and
planning are among the design decisions to be made. Although the
best practice is touse one IP routing protocol throughout the
enterprise if possible, in many cases multiple routing protocols
might be required, asillustrated in Figure 1-8. For example, BGP
might be used in the Corporate Internet module, whereas static
routes are often usedfor remote-access and VPN users. Therefore,
enterprises might have to deal with multiple routing
protocols.Figure 1-8. Multiple Routing Protocols May Be Used Within
a Network[View full size image]The Enterprise Composite Network
Model can assist in determining where each routing protocol is
implemented, where theboundaries between protocols are, and how
traffic flows between them will be managed.Each routing protocol
has its own unique characteristics, some of which Table 1-1
identifies. The next part of this book, Part II,focuses on the
characteristics, operation, and configuration of IP routing
protocols.Table 1-1. Routing Protocol ComparisonParameters EIGRP
OSPF IS-ISSize of network(small-medium-large-very large)Large Large
Very largeSpeed of convergence (veryhigh-high-medium-low)Very high
High HighUse of VLSM (yes-no) Yes Yes YesSupport for mixed-vendor
devices(yes-no)No Yes YesNetwork support staff knowledge(good,
fair, poor)Good Good Fair
25. 1 of 1SummaryIn this chapter, you learned about converged
networks and network architecture frameworks and design models. The
IIN strategyand the SONA framework that guides enterprises toward
an IIN were described. The components of the Cisco
enterprise-widesystems architecture were explored, and the
traditional hierarchical network model was introduced. The
Enterprise CompositeNetwork Model was described, along with how
routing protocols fit within this model.
26. Review QuestionsAnswer the following questions, and then
refer to Appendix A, "Answers to Review Questions," for the
answers.1. What is a converged network?2. What are the three phases
of the IIN?3. Which are layers within the SONA
framework?Accessa.Network Infrastructureb.Interactive
Servicesc.Enterprise Edged.Applicatione.Edge Distributionf.4. What
are the components of the Cisco Enterprise Architecture?5. Which
are the layers within the hierarchical network
model?Accessa.Network
Infrastructureb.Corec.Distributiond.Applicatione.Edge
Distributionf.Network Managementg.6. Describe each of the
functional areas of the Enterprise Composite Network Model.7. Which
modules are within the Enterprise Campus functional area?8. Why
might a network need to have more than one routing protocol
running?
27. 1 of 7Part II: IP Routing ProtocolsChapter 2 Routing
PrinciplesChapter 3 Configuring the Enhanced Interior Gateway
Routing ProtocolChapter 4 Configuring the Open Shortest Path First
ProtocolChapter 5 Advanced Open Shortest Path First Protocol
ConfigurationChapter 6 Configuring the Integrated Intermediate
System-to-Intermediate System ProtocolChapter 7 Manipulating
Routing UpdatesChapter 8 Configuring the Border Gateway
ProtocolChapter 2. Routing PrinciplesThis chapter discusses IP
routing principles. It covers the following topics:IP Routing
OverviewCharacteristics of Routing ProtocolsRIPIP Routing Protocol
ComparisonsThis chapter covers IP routing principles, including
static and dynamic routing characteristics, classful and classless
routing, andmanual and automatic route summarization across network
boundaries. It explains the difference between distance
vector,link-state, and hybrid routing protocols; and includes
comparisons of IP routing protocols. Characteristics and
configuration of theRouting Information Protocol (RIP) are
described.NoteThe online Appendix C, "IPv4 Supplement," includes
job aids and supplementary information related to IPv4
addressesthat you should understand before reading the rest of the
book. Therefore, you are encouraged to review any of thematerial in
Appendix C that you are not familiar with before reading the rest
of this chapter.IP Routing OverviewRouters forward packets toward
destination networks. To forward the packets, routers must know
about these remote networksand determine the best way to reach
them. This section addresses the ways in which routers learn about
networks and howrouters can incorporate static and dynamic
routes.Routers must be aware of destination networks to be able to
forward packets to them. A router knows about the networks
directly
28. 2 of 7attached to its interfaces; it calculates the subnet
or network number of an interface by using the address and subnet
maskconfigured on that interface. For networks not directly
connected to one of its interfaces, however, the router must rely
on outsideinformation. A router can be made aware of remote
networks in two ways: An administrator can manually configure the
information(static routing), or a router can learn from other
routers (dynamic routing). A routing table can contain both static
and dynamicallyrecognized routes.Network administrators can use
static routing, dynamic routing, or a combination of
both.Principles of Static RoutingThis section explains the
situations in which static routes are the most appropriate to use.A
static route can be used in the following circumstances:When it is
undesirable to have dynamic routing updates forwarded across slow
bandwidth links, such as a dialup link.When the administrator needs
total control over the routes used by the router.When a backup to a
dynamically recognized route is necessary.When it is necessary to
reach a network accessible by only one path (a stub network). For
example, in Figure 2-1, there isonly one way for router A to reach
the 10.2.0.0/16 network on router B. The administrator can
configure a static route onrouter A to reach the 10.2.0.0/16
network via 10.1.1.1.Figure 2-1. Configuring Static Routing[View
full size image]When a router is underpowered and does not have the
CPU or memory resources necessary to handle a dynamic
routingprotocol.When a route should appear to the router as a
directly connected network.A perfect use for static routing is a
hub-and-spoke design, with all remote sites defaulting back to the
central site and the one ortwo routers at the central site having a
static route for all subnets at each remote site. However, without
proper design, as thenetwork grows into hundreds of routers, with
each router having numerous subnets, the number of static routes on
each router alsoincreases. Each time a new subnet or router is
added, an administrator must add a static route to the new networks
on a numberof routers. The administrative burden to maintain this
network can become excessive, making dynamic routing a better
choice.Another drawback of static routing is that when a topology
change occurs on the internetwork, an administrator might have
toreroute traffic by configuring new static routes around the
problem area. In contrast, with dynamic routing, the routers must
learnthe new topology. The routers share information with each
other and their routing processes automatically discover whether
anyalternative routes exist and reroute without administrator
intervention. Because the routers mutually develop an
independentagreement of what the new topology is, they are said to
converge on what the new routes should be. Dynamic routing
providesfaster convergence.Key Point: ConvergenceA network is
converged when routing tables on all routers in the network are
synchronized and contain a route to alldestination networks.
Convergence time is the time it takes for all routers in a network
to agree on the new topology.Configuring a Static RouteThe
following command, explained in Table 2-1, is used to create static
routes:RouterA(config)#ip route prefix mask {address | interface}
[distance][permanent] [tag tag]
29. 3 of 7Table 2-1. ip route Commandip route Command
Descriptionprefix mask The IP network and subnet mask for the
remote networkto be entered into the IP routing table.address The
IP address of the next hop that can be used to reachthe destination
network.interface The local router outbound interface to be used to
reachthe destination network.distance (Optional) The administrative
distance to be assigned tothis route.permanent (Optional) Specifies
that the route will not be removedfrom the routing table even if
the interface associated withthe route goes down.tag tag (Optional)
A value that can be used as a match value inroute maps.NoteUse
static routes pointing to an interface on point-to-point interfaces
only, because on multiaccess interfaces the router willnot know the
specific address to which to send the information. On
point-to-point interfaces, the information is sent to theonly other
device on the network.If no dynamic routing protocol is used on a
link connecting two routers, such as in Figure 2-1, a static route
must be configured onthe routers on both sides of the link.
Otherwise, the remote router will not know how to return the packet
to its originator located onthe other network; there will be only
one-way communication.While configuring a static route, you must
specify either a next-hop IP address or an exit interface to notify
the router whichdirection to send traffic. Figure 2-1 shows both
configurations. Router A recognizes the directly connected networks
172.16.1.0 and10.1.1.0. It needs a route to the remote network
10.2.0.0. Router B knows about the directly connected networks
10.2.0.0 and10.1.1.0; it needs a route to the remote network
172.16.1.0. Notice that on router B, the next-hop IP address of the
router A serialinterface has been used. On router A, however, the
ip route command specifies its own Serial 0/0/0 interface as the
exit interface.If a next-hop IP address is used, it should be the
IP address of the interface of the router on the other end of the
link. If an exitinterface is used, the local router sends data to
the router on the other end of its attached link. When an exit
interface is specified,the router considers this a directly
connected route.Configuring a Static Default RouteIn some
circumstances, a router does not need to recognize the details of
remote networks. The router is configured to send alltraffic, or
all traffic for which there is no entry in the routing table, in a
particular direction, known as a default route. Default routesare
either dynamically advertised using routing protocols or statically
configured.To create a static default route, use the normal ip
route command, but with the destination network (the prefix in the
commandsyntax) and its subnet mask (the mask in the command syntax)
both set at 0.0.0.0. This address is a type of wildcard
designation;any destination network will match. Because the router
tries to match the longest common bit pattern, a network listed in
therouting table is used before the default route. If the
destination network is not listed in the routing table, the default
route is used.In Figure 2-2, on router A, the static route to the
10.2.0.0 network has been replaced with a static default route
pointing to router B.On router B, a static default route has been
added, pointing to its Internet service provider (ISP). Traffic
from a device on the routerA 172.16.1.0 network bound for a network
on the Internet is sent to router B. Router B recognizes that the
destination networkdoes not match any specific entries in its
routing table and sends that traffic to the ISP. It is then the
ISPs responsibility to routethat traffic to its destination.Figure
2-2. Configuring the Static Default Route[View full size
image]
30. 4 of 7In Figure 2-2, to reach the 172.16.1.0/24 network,
router B still needs a static route pointing out its S0/0/0
interface.Entering the show ip route command on router A in Figure
2-2 returns the information shown in Example 2-1.Example 2-1. show
ip route CommandRouterA#show ip routeGateway of last resort is not
setC 172.16.1.0 is directly connected, FastEthernet0/0C 10.1.1.0 is
directly connected, Serial0/0/0S* 0.0.0.0/0 [1/0] via
10.1.1.1Principles of Dynamic RoutingDynamic routing allows the
network to adjust to changes in the topology automatically, without
administrator involvement. Thissection describes dynamic routing
principles.A static route cannot respond dynamically to changes in
the network. If a link fails, the static route is no longer valid
if it isconfigured to use that failed link, so a new static route
must be configured. If a new router or new link is added, that
informationmust also be configured on every router in the network.
In a very large or unstable network, these changes can lead
toconsiderable work for network administrators. It can also take a
long time for every router in the network to receive the
correctinformation. In situations such as these, it might be better
to have the routers receive information about networks and links
fromeach other using a dynamic routing protocol.When using a
dynamic routing protocol, the administrator configures the routing
protocol on each router, as shown in Figure 2-3.The routers then
exchange information about the reachable networks and the state of
each network. Routers exchange informationonly with other routers
running the same routing protocol. When the network topology
changes, the new information is dynamicallypropagated throughout
the network, and each router updates its routing table to reflect
the changes. The following are someexamples of dynamic routing
protocols:RIPEnhanced Interior Gateway Routing Protocol
(EIGRP)Intermediate System-to-Intermediate System (IS-IS)Open
Shortest Path First (OSPF)Border Gateway Protocol (BGP)Figure 2-3.
Routers Running a Dynamic Routing Protocol Exchange Routing
Information[View full size image]The information exchanged by
routers includes the metric or cost to each destination (this value
is sometimes called the distance).Key Point: MetricA metric is a
value (such as path length) that routing protocols use to measure
paths to a destination.Different routing protocols base their
metric on different measurements, including hop count, interface
speed, or more-complexmetrics. Most routing protocols maintain
databases containing all the networks that the routing protocol
recognizes and all thepaths to each network. If a routing protocol
recognizes more than one way to reach a network, it compares the
metric for eachdifferent path and chooses the path with the lowest
metric. If multiple paths have the same metric, a maximum of 16 can
be
31. 5 of 7installed in the routing table, and the router can
perform load balancing between them. EIGRP can also perform load
balancingbetween unequal-cost paths.NotePrior to Cisco IOS Release
12.3(2)T, the maximum number of parallel routes (equal-cost paths)
supported by IP routingprotocols was 6; in Cisco IOS Release
12.3(2)T that maximum was changed to 16.To configure an IP dynamic
routing protocol, use the router protocol command. Protocols other
than RIP also require specificationof either an autonomous system
or a process number. You also need the network command under the
router configuration modeof all routing protocols except IS-IS and
BGP.For RIP, EIGRP, and OSPF, the network command tells the router
which interfaces are participating in that routing protocol.
Anyinterface that has an IP address that falls within the range
specified in the network statement is considered active for that
protocol.In other words, the router sends updates from the
specified interfaces and expects to receive updates from the same
interfaces.Some protocols look for neighbors by sending hello
packets out those interfaces. Thus, because a network statement
identifiesinterfaces on the local router, it is configured only for
directly connected networks. A router also originates
advertisements for thenetworks connected to the specified
interfaces.RIP allows only major network numbers (Class A, B, or C
network numbers) to be specified in the network command. EIGRP
andOSPF permit exact specification of interfaces with a combination
of a subnet or interface address and a wildcard mask.The network
statement functions differently in BGP. BGP requires its neighbors
to be statically configured. The networkstatement in BGP tells the
router to originate an advertisement for that network. Without a
network statement, BGP passes alongadvertisements it receives from
other routers, but it does not originate any network advertisements
itself. In BGP, the networklisted in the network statement does not
have to be directly connected, because it does not identify
interfaces on the router as itdoes in other protocols (this process
is explained in detail in Chapter 8, "Configuring the Border
Gateway Protocol").Integrated IS-IS does not use the network
statement. Instead, interfaces participating in the IS-IS routing
process are identifiedunder interface configuration mode. (OSPF
also permits the interfaces to be specified this way, as an
alternative to using thenetwork command.)Example 2-2 shows the
configuration of the routers in Figure 2-3. Both routers A and B
are configured with RIP. Router A has twodirectly attached networks
and RIP is used to advertise to neighbors on both of those
interfaces. Therefore, network statementsare configured for both
the 172.16.1.0 network and the 10.1.1.0 network. Router A sends RIP
packets out interfaces Fa0/0 andS0/0/0, advertising the networks
that are attached to those interfaces.Example 2-2. Configuring
RIProuterA(config)#router riprouterA(config-router)#network
172.16.0.0routerA(config-router)#network 10.0.0.0routerB(config)#ip
route 0.0.0.0 0.0.0.0 Serial0/0/1routerB(config)#router
riprouterB(config-router)#network 10.0.0.0Router B also has two
directly attached networks. However, router B wants only the
network it shares with router A to participate inRIP. Therefore, a
network statement is configured only for the 10.1.1.0 network. As
explained earlier, with RIP, only the majornetwork number is
actually used in the network command. Router B also has a static
default route pointing toward its ISP to reachother networks.
Router B sends RIP packets out its interface S0/0/0, but not out
its interface S0/0/1. It does not advertise the192.168.1.0 network
attached to S0/0/1 or the static default route unless specifically
configured to do so.Principles of On-Demand RoutingA drawback of
static routes is that they must be manually configured and updated
when the network topology changes. Adrawback of dynamic routing
protocols is that they use network bandwidth and router resources.
In a hub-and-spoke network withhundreds of spokes, both the
configuration needed for static routes and the resource usage of
dynamic routing can beconsiderable.There is a third option:
on-demand routing (ODR). ODR uses the Cisco Discovery Protocol
(CDP) to carry network informationbetween spoke (stub) routers and
the hub router. ODR provides IP routing information with minimal
overhead compared to adynamic routing protocol and requires less
manual configuration than static routes.ODR is applicable in a
hub-and-spoke topology only. In this type of topology, each spoke
router is adjacent only to the hub.Another name for a spoke router
is stub router. The stub router may have some LAN networks
connected to it and typically has aWAN connection to the hub
router. The hub router needs to recognize the networks connected to
each spoke, but the spokes
32. 6 of 7need only a default route pointing to the hub.When
ODR is configured, the stub routers use CDP to send IP prefix
information to the hub router. Stub routers send prefixinformation
for all their directly connected networks. ODR reports the subnet
mask, so it allows different subnets within the samemajor network
to have different subnet masks. This is known as variable-length
subnet masking (VLSM) and is described in detailin Appendix C.The
hub router, in turn, sends a default route to the spokes that
points back to itself. It installs the stub networks reported by
ODRin its routing table and can be configured to redistribute these
routes into a dynamic routing protocol. For a next-hop address,
thehub router uses the IP address of the spoke routers as reported
to it by CDP.ODR is not a true routing protocol because the
information exchanged is limited to IP prefixes and a default
route. ODR reports nometric information; the hub router uses a hop
count of 1 as the metric for all routes reported via ODR. However,
by using ODR,routing information for stub networks can be obtained
dynamically without the overhead of a dynamic routing protocol, and
defaultroutes can be provided to the stub routers without manual
configuration.Configuring ODRODR is configured on the hub router
using the router odr global configuration command.On the stub
router, there must be no IP routing protocol configured. In fact,
from the standpoint of ODR, a router is automaticallyconsidered a
stub when no IP routing protocols have been configured. Figure 2-4
shows a hub-and-spoke topology.Figure 2-4. Hub-and-Spoke Topology:
Configuring ODR[View full size image]ODR can also be tuned with
optional commands, including using a distribute list to control the
network information that isrecognized through ODR, and adjusting
the ODR timers with the timers basic router configuration
command.ODR relies on the CDP to carry the information between the
hub router and the spoke routers. Therefore, CDP must be enabledon
the links between the hub router and spokes. Cisco routers by
default have CDP enabled both globally and per interface.However,
on some WAN links, such as ATM, CDP must be explicitly enabled.The
CDP updates are sent as multicasts. On WAN links that require
mappings, such as dialer links and Frame Relay, it isimportant to
use the broadcast keyword in the mapping statements; allowing
broadcasts also allows multicasts across the link.CDP uses
Subnetwork Access Protocol (SNAP) frames, so it runs on all media
that support SNAP.CDP updates are sent every 60 seconds by default.
This setting might be too infrequent in rapidly changing networks
or too oftenin stable ones. You can adjust the timers with the cdp
timer global configuration command. You can verify CDP settings by
usingthe show cdp interface command.As soon as ODR is configured
and running, routes from the stub routers are identified in the hub
routers routing table with an ocharacter, as shown in Example 2-3.
Notice in the example that the metric is 1, and the administrative
distance for ODR is 160.(Administrative distance is described in
the "Administrative Distance" section later in this chapter.) Also,
do not confuse the ocharacter of ODR routes with the O character of
OSPF routes.Example 2-3. Routing Table with ODR Routes
33. 7 of 7RouterB#show ip route172.16.0.0/16 is subnetted, 4
subnetso 172.16.1.0/24 [160/1] via 10.1.1.2, 00:00:23, Serial0/0/1o
172.16.2.0/24 [160/1] via 10.2.2.2, 00:00:03, Serial0/0/2o
172.16.3.0/24 [160/1] via 10.3.3.2, 00:00:16, Serial0/0/3The
routing table for each spoke router contains only its connected
networks and a static default route injected by ODR from thehub
router.
34. 1 of 6Characteristics of Routing ProtocolsRouting protocols
can be classified into different categories such as distance
vector, link-state, or a hybrid of these two. IP routingprotocols
can also be classified as either classful or classless. These
characteristics are explored in this section.Distance Vector,
Link-State, and Hybrid Routing ProtocolsWhen a network is using a
distance vector routing protocol, all the routers send their
routing tables (or a portion of their tables) toonly their
neighboring routers. The routers then use the received information
to determine whether any changes need to be madeto their own
routing table (for example, if a better way to a specific network
is now available). This process repeats periodically.In contrast,
when a network is using a link-state routing protocol, each of the
routers sends the state of its own interfaces (its links)to all
other routers (or to all routers in a part of the network, known as
an area) only when there is a change. Each router uses thereceived
information to recalculate the best path to each network and then
saves this information in its routing table.As its name suggests, a
hybrid protocol has characteristics of both distance vector and
link-state protocols. Hybrid protocols sendonly changed information
(similar to link-state protocols) but only to neighboring routers
(similar to distance vector protocols).Classful Routing Protocol
ConceptsIP routing protocols can be categorized as classful or
classless.Key Point: Classless and Classful Routing
ProtocolsRouting updates sent by a classful routing protocol do not
include the subnet mask. RIP Version 1 (RIPv1) is a classfulrouting
protocol.Routing updates sent by a classless routing protocol
include the subnet mask. RIP Version 2 (RIPv2), EIGRP, OSPF,IS-IS,
and BGP are classless routing protocols.Classful Routing Protocol
BehaviorWhen classful protocols were originally developed, networks
were very different from those used now. The best modem speedwas
300 bps, the largest WAN line was 56 kbps, router memory was less
than 640 KB, and processors were running in the kHzrange. Routing
updates had to be small enough not to monopolize the WAN link
bandwidth. In addition, routers did not have theresources to
maintain current information about every subnet.A classful routing
protocol does not include subnet mask information in its routing
updates. Because no subnet mask information isknown, when a
classful router sends or receives routing updates, the router makes
assumptions about the subnet mask beingused by the networks listed
in the update, based on IP address class.Routers send update
packets from their interfaces to other connected routers. A router
sends the entire subnet address when anupdate packet involves a
subnet of the same classful network as the IP address of the
transmitting interface. The receiving routerthen assumes that the
subnet in the update and the interface use the same subnet mask.If
that route is using a different subnet mask, the receiving router
will have incorrect information in its routing table. Thus,
whenusing a classful routing protocol, it is important to use the
same subnet mask on all subnets belonging to the same
classfulnetwork.When a router using a classful routing protocol
needs to send an update about a subnet of a network across an
interfacebelonging to a different network, the router assumes that
the remote router will use the default subnet mask for that class
of IPaddress. Therefore, when the router sends the update, it does
not include the subnet information. The update packet contains
onlythe classful network information. This process is called
autosummarization across the network boundary; the router sends
asummary of all the subnets in that network by sending only the
major network information. Classful routing protocols
automaticallycreate a classful summary route at major network
boundaries. Classful routing protocols do not allow summarization
at otherpoints within the major network address space.
35. 2 of 6The router that receives the update behaves in a
similar fashion. When an update contains information about a
different classfulnetwork than the one in use on its interface, the
router applies the default classful mask to that update. The router
must assumewhat the subnet mask is because the update does not
contain subnet mask information.In Figure 2-5, router A advertises
the 10.1.0.0 subnet to router B because the interface connecting
them belongs to the samemajor classful 10.0.0.0 network. When
router B receives the update packet, it assumes that the 10.1.0.0
subnet uses the same16-bit mask as the one used on its 10.2.0.0
subnet.Figure 2-5. Network Summarization in Classful Routing[View
full size image]Router C advertises the 172.16.1.0 subnet to router
B because the interface connecting them belongs to the same major
classful172.16.0.0 network. Therefore, router Bs routing table has
information about all the subnets that are in use in the
network.However, router B summarizes the 172.16.1.0 and 172.16.2.0
subnets to 172.16.0.0 before sending them to router A.
Therefore,router As routing table contains summary information
about only the 172.16.0.0 network.Similarly, router B summarizes
the 10.1.0.0 and 10.2.0.0 subnets to 10.0.0.0 before sending the
routing information to router C.This summarization occurs because
the update crosses a major network boundary. The update goes from a
subnet of network10.0.0.0, subnet 10.2.0.0, to a subnet of another
major network, network 172.16.0.0. Router Cs routing table contains
summaryinformation about only the 10.0.0.0 network.Summarizing
Routes in a Discontiguous NetworkDiscontiguous subnets are subnets
of the same major network that are separated by a different major
network.Classful protocols summarize automatically at network
boundaries, which means thatSubnets are not advertised to a
different major network.Discontiguous subnets are not visible to
each other.In the example shown in Figure 2-6, routers A and B do
not advertise the 172.16.5.0 255.255.255.0 and 172.16.6.0
255.255.255.0subnets, because RIPv1 cannot advertise subnets across
a different major network; both router A and router B
advertise172.16.0.0. This leads to confusion when routing across
network 192.168.14.16/28. Router C, for example, receives routes
about172.16.0.0 from two different directions; it therefore might
make an incorrect routing decision.Figure 2-6. Classful Routing
Protocols Do Not Support Discontiguous Subnets[View full size
image]You can resolve this situation by using RIPv2, OSPF, IS-IS,
or EIGRP and not using summarization, because the subnet routes
willbe advertised with their actual subnet masks.The ip classless
CommandThe behavior of a classful routing protocol changes when the
ip classless global configuration command is used.
36. 3 of 6NoteThe ip classless command is enabled by default in
Release 12.0 and later of the Cisco IOS Software; in earlier
releasesit is disabled by default.When running a classful protocol
(RIPv1), ip classless must be enabled if you want the router to
select a default route when itmust route to an unknown subnet of a
network for which it knows some subnets. For example, consider a
routers routing table thathas entries for subnets 10.5.0.0/16 and
10.6.0.0/16 and a default route of 0.0.0.0. If a packet arrives for
a destination on the10.7.0.0/16 subnet and ip classless is not
enabled, the packet is dropped. Classful protocols assume that if
they know some ofthe subnets of network 10.0.0.0, they must know
all that networks existing subnets. Enabling ip classless tells the
router that itshould follow the best supernet route or the default
route for unknown subnets of known networks, and for unknown
networks.The Routing Table Acts ClassfullyIt is actually the
routing table itself that acts classfully by default without the ip
classless command, and will do soeven if no routing protocols are
running. For example, if you have only static routes and no routing
protocols, youstill would not be able to reach a subnet of a known
major network using a default route unless the ip classlesscommand
is enabled.A CCIE technical reviewer of an earlier edition of this
book performed the following test using two Cisco 2520routers
running Cisco IOS c2500-i-l.122-8.T5.bin. The two routers, R1 and
R2, were connected via interface E0,and no routing protocols were
enabled on either router.Router R1 configuration:!interface
Loopback 0ip address 10.1.0.1 255.255.0.0interface Loopback 1ip
address 10.2.0.1 255.255.0.0interface Ethernet 0ip address 10.3.0.1
255.255.0.0!ip route 0.0.0.0 0.0.0.0 10.3.0.2!no ip classlessRouter
R2 configuration:!interface Loopback 0ip address 10.4.0.1
255.255.0.0interface Ethernet 0ip address 10.3.0.2 255.255.0.0!Test
1:R1 has a default route pointing to R2 and has the no ip classless
command configured. A ping from R1 to R2sloopback0 fails. When the
ip classless command is entered on R1, the ping from R1 to R2s
loopback0, via thedefault route, succeeds. This test proves that
even though no routing protocols are used, the routing table
actsclassfully.Test 2:The second step is to test the classful
nature of the routing table using a classless routing protocol,
OSPF. OSPFis turned on for all interfaces on R1 but is activated
only on R2s Ethernet link.R2s OSPF is configured to inject a
default route into R1 using the default-information originate
alwayscommand (which is covered in detail in Chapter 5, "Advanced
Open Shortest Path First Protocol Configuration").R1 therefore has
a default route pointing to R2 that is introduced via OSPF. The
pings from R1 to R2s loopback0succeed regardless of the ip
classless command. Therefore, turning on OSPF, a classless
protocol, overrides therouting tables classful nature.
37. 4 of 6Classless Routing Protocol ConceptsClassless routing
protocols can be considered second-generation protocols because
they are designed to address some of thelimitations of the earlier
classful routing protocols. One of the most serious limitations in
a classful network environment is that thesubnet mask is not
exchanged during the routing update process, and therefore, the
same subnet mask must be used on allsubnetworks within the same
major network.With classless routing protocols, different subnets
within the same major network can have different subnet masks; in
other words,they support VLSM. If more than one entry in the
routing table matches a particular destination, the longest prefix
match in therouting table is used. For example, if a routing table
has different paths to 172.16.0.0/16 and to 172.16.5.0/24, packets
addressedto 172.16.5.99 are routed through the 172.16.5.0/24 path,
because that address has the longest match with the
destinationnetwork.Another limitation of the classful approach is
the need to automatically summarize to the classful network
boundary at majornetwork boundaries. In a classless environment,
the route summarization process can be controlled manually and can
usually beinvoked at any bit position within the address. Because
subnet routes might be propagated throughout the routing domain,
manualroute summarization might be required to keep the size of the
routing tables manageable.RIPv2 and EIGRP Automatic
Network-Boundary SummarizationBy default, RIPv2 and EIGRP perform
automatic network summarization at classful boundaries, just like a
classful protocol does.Automatic summarization lets RIPv2 and EIGRP
be backward compatible with their predecessors, RIPv1 and Interior
GatewayRouting Protocol (IGRP).NoteIGRP is no longer supported, as
of Cisco IOS Release 12.3.The difference between these protocols
and their predecessors is that you can manually turn off automatic
summarization, usingthe no auto-summary router configuration
command. You do not need this command when you are using OSPF or
IS-IS,because neither protocol performs automatic network
summarization by default.The autosummarization behavior can cause
problems in a network that has discontiguous subnets or if some of
the summarizedsubnets cannot be reached via the advertising router.
If a summarized route indicates that certain subnets can be reached
via arouter, when in fact those subnets are discontiguous or
unreachable via that router, the network might have problems
similar tothose caused by a classful protocol. For example, in
Figure 2-7, both router A and router B are advertising a summarized
route to172.16.0.0/16. Router C therefore receives two routes to
172.16.0.0/16 and cannot identify which subnets are attached to
whichrouter.Figure 2-7. Automatic Network-Boundary
Summarization[View full size image]You can resolve this problem by
disabling automatic summarization when running RIPv2 or EIGRP.
Classless routers use thelongest prefix match when selecting a
route from the routing table; therefore, if one of the routers
advertises without summarizing,the other routers see subnet routes
and the summary route. The other routers can then select the
longest prefix match and followthe correct path. For example, in
Figure 2-7, if router A continues to summarize to 172.16.0.0/16 and
router B is configured not tosummarize, router C receives explicit
routes for 172.16.6.0/24 and 172.16.9.0/24, along with the
summarized route to172.16.0.0/16. All traffic for router B subnets
is sent to router B, and all other traffic for the 172.16.0.0
network is sent to router A.Another example is shown in Figures 2-8
and 2-9. In the RIPv2 network illustrated in Figure 2-8, notice how
router C, which isattached to router B via the 192.168.5.0/24
network, handles routing information about network 172.16.0.0.
Router B automaticallysummarizes the 172.16.1.0/24 and
172.16.2.0/24 subnets to 172.16.0.0/16 before sending the route to
router C, because it is sentover an interface in a different
network. Instead of using the subnet mask known to router B (/24),
router C uses this defaultclassful mask for a Class B address (/16)
when it stores the 172.16.0.0 information in its routing
table.Figure 2-8. RIPv2 Summarizes By Default; OSPF Does Not
38. 5 of 6[View full size image]Figure 2-9. Effect of the no
auto-summary Command for RIPv2[View full size image]In the OSPF
network shown in Figure 2-9, router B passes the subnet and subnet
mask information to router C, and router C putsthe subnet details
in its routing table. Router C does not need to use default
classful masks for the received routing informationbecause the
subnet mask is included in the routing update, and OSPF does not
automatically summarize networks.You can disable automatic
summarization for RIPv2 and EIGRP with the no auto-summary router
configuration command. Whenautomatic summarization is disabled,
RIPv2 and EIGRP forward subnet information, even over interfaces
belonging to differentmajor networks. In Figure 2-9, automatic
summarization has been disabled. Notice that now the routing table
is the same for boththe RIPv2 and the OSPF routers.
39. 6 of 6NoteThe BGP auto-summary router configuration command
determines how BGP handles redistributed routes; Chapter 8describes
this command in detail.
40. 1 of 3RIPThis section describes the two versions of RIP,
RIPv1 and RIPv2, and how to configure them; later chapters in this
book detail theother routing protocols.Characteristics of
RIPv1RIPv1 is described in RFC 1058, Routing Information Protocol.
Its key characteristics include the following:Hop count is used as
the metric for path selection.The maximum allowable hop count is
15.Routing updates are broadcast every 30 seconds by default.
Because it is a distance vector routing protocol, updates aresent
even if no change has occurred.RIP can load balance over as many as
16 equal-cost paths (4 paths by default).It has no authentication
support.NoteRFCs are available at
http://www.rfc-editor.org/rfcsearch.html.RIPv1 is a classful
distance vector routing protocol that does not send the subnet mask
in its updates. Therefore, RIPv1 does notsupport
VLSM.Characteristics of RIPv2RIPv2 is a classless distance vector
routing protocol defined in RFC 1721, RIP Version 2 Protocol
Analysis; RFC 1722, RIPVersion 2 Protocol Applicability Statement;
and RFC 2453, RIP Version 2. The most significant addition to RIPv2
is the inclusion ofthe mask in the RIPv2 routing update packet,
allowing RIPv2 to support VLSM. RIPv2 automatically summarizes
routes on classfulnetwork boundaries; but as described earlier, you
can disable this behavior.In addition, RIPv2 uses multicast
addressing for more-efficient periodic updating on each interface.
RIPv2 uses the 224.0.0.9multicast address to advertise to other
RIPv2 routers. This approach is more efficient than RIPv1s
approach. RIPv1 uses a255.255.255.255 broadcast address, so all
devices, including PCs and servers, must process the update packet.
They performthe checksum on the Layer 2 packet and pass it up their
IP stack. IP sends the packet to the User Datagram Protocol
(UDP)process, and UDP checks to see whether RIP port 520 is
available. Most PCs and servers do not have any process running
onthis port and discard the packet. RIP can fit up to 25 networks
and subnets in each update, and updates are dispatched every
30seconds. For example, if the routing table has 1000 subnets, 40
packets are dispatched every 30 seconds (80 packets a minute).With
each packet being a broadcast, all devices must look at it; most of
the devices discard the packet.The IP multicast address for RIPv2
has its own multicast MAC address. Devices that can distinguish
between a multicast and abroadcast at the MAC layer read the start
of the Layer 2 frame and determine that the destination MAC address
is not for them.They can then discard all these packets at the
interface level and not use CPU resources or buffer memory for
these unwantedpackets. Even on devices that cannot distinguish
between broadcast and multicast at Layer 2, the worst that will
happen is that theRIP updates will be discarded at the IP layer
instead of being passed to UDP, because those devices are not using
the 224.0.0.9multicast address.RIPv2 also supports security between
RIP routers using message-digest or clear-text authentication.
(RIPv2 security features arenot covered in this book.)RIP
Configuration CommandsTo activate the RIP process (Version 1 by
default), use the following command:
41. 2 of 3Router(config)#router ripBy default, the Cisco IOS
software receives both RIPv1 and RIPv2 packets; however, it sends
only Version 1 packets. Toconfigure the software to send and
receive packets from only one version, use the version {1 | 2}
router configuration command.To select participating attached
networks, use the following command, specifying the major classful
network number:Router(config-router)#network
network-numberRegardless of the RIP version, a network command
using the classful network number is required under the RIP routing
process.Although the RIP version command controls RIPs overall
default behavior, you might need to control the version of RIP on
aper-interface basis. To control the version of RIP on each
interface, use the ip rip send version and ip rip receive
versioninterface configuration commands. Version control per
interface might be required when you are connecting legacy RIP
networksto newer networks. The command syntax is as
follows:Router(config-if)#ip rip {send | receive} version {1 |2 | 1
2}By default, automatic summarization across network boundaries is
activate