ccnp route · ccnp route eigrp 4 ccna recap 4 rtp 4 timers 5 eigrp authentication 5 neighbor...

77
CCNP ROUTE EIGRP 4 CCNA Recap 4 RTP 4 Timers 5 EIGRP authentication 5 Neighbor discovery 6 Neighbor table 7 Topology table 8 EIGRP and Frame Relay + other topics 8 Changing the metric 10 Successor and feasible successor 11 Speed up convergence 12 Load balance 13 Route filtering 13 Route summarization 14 Default candidate route 15 OSPF 17 CCNA Summary 17 OSPF packets 19 OSPF neighborship in LAN 20 Types of LSA 21 Database Exchange Process 22 Database Exchange without DR 23 Database Exchange with DR 24 OSPF route selection 24 OSPF Route Filtering 25 Manual summarization 26 Default route 26 OSPF virtual link 28 OSPF neighborship in WAN 29 OSPF and Frame Relay 29 Integrated IS-IS 32 IS-IS metric 32 Short spanning tree, SPT 33

Upload: others

Post on 21-Jan-2021

13 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: CCNP Route · CCNP ROUTE EIGRP 4 CCNA Recap 4 RTP 4 Timers 5 EIGRP authentication 5 Neighbor discovery 6 Neighbor table 7 Topology table 8 EIGRP and Frame Relay + other topics 8 Changing

CCNP ROUTEEIGRP 4

CCNA Recap 4RTP 4Timers 5EIGRP authentication 5Neighbor discovery 6

Neighbor table 7Topology table 8

EIGRP and Frame Relay + other topics 8Changing the metric 10Successor and feasible successor 11Speed up convergence 12Load balance 13Route filtering 13Route summarization 14Default candidate route 15

OSPF 17CCNA Summary 17OSPF packets 19OSPF neighborship in LAN 20Types of LSA 21Database Exchange Process 22

Database Exchange without DR 23Database Exchange with DR 24

OSPF route selection 24OSPF Route Filtering 25Manual summarization 26Default route 26OSPF virtual link 28OSPF neighborship in WAN 29OSPF and Frame Relay 29

Integrated IS-IS 32IS-IS metric 32Short spanning tree, SPT 33

Page 2: CCNP Route · CCNP ROUTE EIGRP 4 CCNA Recap 4 RTP 4 Timers 5 EIGRP authentication 5 Neighbor discovery 6 Neighbor table 7 Topology table 8 EIGRP and Frame Relay + other topics 8 Changing

IS-IS PDU 33Hello, LSP and SNP 33TLV 35

IS-IS addressing 36Configuration 36

Route redistribution 38EIGRP Redistribution 39OSPF Redistribution 39Redistribute into IS-IS 40Redistribution filtering 40Multiple router redistribution 42Backup interface 43

DHCP 44Route policy 46

IP SLA 47BGP 49

Introduction 49Path Attributes: AS_PATH 50BGP FSM 51eBGP neighborship 52Network command 53iBGP neighbor relationship 54BGP filter 55BGP PA 56

IPv6 59Advantages of IPv6: 59DHCP and NDP 60Types of IPv6 addresses and some protocols 61Configuring IPv6 address 62Changes in routing protocol 63

RIP next generation, or RIPng, is the IPv6 version RIP. 63EIGRP for IPv6 differs from EIGRP for IPv4 by 64OSPFv3 is the IPv6 version of OSPFv2 65IS-IS for IPv6 67BGPP4+ for IPv6 67Redistribution and static routes 68

Migration and tunnel 68

Page 3: CCNP Route · CCNP ROUTE EIGRP 4 CCNA Recap 4 RTP 4 Timers 5 EIGRP authentication 5 Neighbor discovery 6 Neighbor table 7 Topology table 8 EIGRP and Frame Relay + other topics 8 Changing

Dual stack 68Tunneling 69NAT-PT 70

Branch design and WAN 72Basic terminology 72Connecting with IPsec 72Connecting with DSL 72Connecting with VPN 73

Multicast 74Multicast MAC and IP address 74Multicast solutions 75Versions of IGMP 75Implementing multicast 77

Multicast routing protocol 77

Page 4: CCNP Route · CCNP ROUTE EIGRP 4 CCNA Recap 4 RTP 4 Timers 5 EIGRP authentication 5 Neighbor discovery 6 Neighbor table 7 Topology table 8 EIGRP and Frame Relay + other topics 8 Changing

EIGRP

CCNA Recap

Like OSPF, EIGRP also recognize other neighbors through Hello (update) messages with matching criteria. These messages are sent at 224.0.0.10 and both routers need to have 1) same ASN, 2) reside in the same subnet, 3) same K value, and 4) same authentication. As soon as these criteria are checked, a router becomes the neighbor. Then, 2 neighbors can begin exchanging information.

EIGRP has Hello interval and Hold Timer (= OSPF Dead interval) for Hello messages.

EIGRP also have neighbor table (show ip eigrp neighbor), topology table (show ip eigrp topology), and routing table (show ip route). The neighbor table contain all the possible next-hop router without knowing anything else about the route (distance-vector).

EIGRP Update messages are send when a router needs to convey topology information to multiple routers (in case of single router, unicast address is used instead). These messages are transported using Reliable Transport Protocol (RTP, Cisco proprietary), which can resend packet if lost. Update messages can be Full or Partial updates, with full updates (containing the entire routing table) only send when a router first comes up.

Metric of EIGRP is (by default) based on bandwidth and delay (manually configurable with ʻbandwidthʼ and ʻdelayʼ interface command) or can include load and reliability, although these are strongly discouraged for the sake of metric stability.

RD, or AD is the distance from the next-hop router to the destination, while FD is the distance from this router to the destination. FD is the metric of successor route. Feasible successor route, on the other hand, MUST HAVE RD LESS THAN FD OF SUCCESSOR ROUTE.FD = ((107/slowest-bandwidth) + delay) * 256; both can be set with ʻbandwidthʼ and ʻdelayʼ.

When the successor route fails, there are 2 options. If the router has feasible successor, it will be used. If no feasible successor is present, DUAL algorithm is ran to find a new loop-free route to the destination and add it to the routing table. The algorithm simply test the current, viable routes to the destination (like a ping) using a query message and wait for a reply message.

In essence, EIGRP support manual summarization at any router, support multiple routed protocols (IP, IPX, and AppleTalk), each independent of each other; convergence takes less than 10 seconds (sometimes even faster). However, EIGRP is Cisco proprietary. In a routing table entry, (FD/RD)

If IGRP is ran in the same AS as EIGRP, the 2 can automatically redistribute routes.

RTP

You can input either host address or network address for ‘network’ command in EIGRP. EIGRP uses IP protocol type 88.

Page 5: CCNP Route · CCNP ROUTE EIGRP 4 CCNA Recap 4 RTP 4 Timers 5 EIGRP authentication 5 Neighbor discovery 6 Neighbor table 7 Topology table 8 EIGRP and Frame Relay + other topics 8 Changing

EIGRP uses protocol-dependent module (PDM), which means different routed protocol’s EIGRP is processed independently. Different tables are maintained.

When using RTP, the router needs to know how many other routers exist, so it knows how many acknowledgements to expect. Using the neighbor table, if a multicast is not replied by a neighbor, a unicast copy is send, repeatedly (16 times), until the router gives up and neighbor is removed from the table (declared dead).

RTP protocol send packets with sequence number so the latest information can be passed around. Hello and ACK don’t require RTP, while Update, Query and Reply does.

Timers

EIGRP may sometimes fail to recognize the down state of a neighbor; in this situation, the Hold Timer (15 s for LAN, 60 s for Frame Relay, and 180 s for slow WAN links) is the mechanism to recognize the problem. Other than Hold Timer, EIGRP may also implement Bidirectional Forwarding Detection (BFD) to recognize failure of links.

In EIGRP, the Hello Interval and Hold Timer may change on a per-interface basis by applying ‘(config-if)#ip hello-interval eigrp ASN TIMER’ or ‘(config-if)#ip hold-time eigrp ASN TIMER’, where TIMER is the value you would like to configure the timer. Changing the hold time doesn’t change the hello time.

If 2 routers (in a neighbor relationship) has different Hello and Hold Timer, with R1 having the smaller values, R2 MUST have a Hello Timer less than R1’s Hold Timer. This way, before R1’s Hold Timer expires, R2 will be able to send Hello messages to R1, to maintain their neighbor relationship. However, if the timer values differ, and R2 has a Hello Timer greater than R1’s Hold Timer, the neighborship continues to fail and recover, flapping routes in and out of routing table. ‘show ip eigrp interface TYPE NUMBER detail’ expose the Hello Timer, but remaining Hold Timer is displayed in ‘show ip eigrp neighbors’.

It’s suggested that Hello interval and Hold timer should be set in a 1:3 ratio.

EIGRP authentication

EIGRP authentication is based on PSK generating a MD5 digest, Hello messages are authenticated, this means if authentication fails, neighbor will not be formed. To configure authentication, you need to create a key chain and enable it:1. Create authentication/key chain by ‘(config)#key chain NAME’; this name doesn’t have to

match for neighbors and contain many keys in one chain.2. Create one or more keys using ‘key NUMBER’, where NUMBER is used to identify which

key to use; again, this doesn’t have to match for neighbors.3. Define key value (password) with ‘key-string PASSWORD’; the value MUST match.4. (optional) define lifetime for both sending and accepting each key string with ‘accept-

lifetime start-time {infinite | END_TIME | duration SECONDS}’ or ‘send-lifetime start-time {infinite | END_TIME | duration SECONDS}’. This means the key value is only valid for some time instead of all the time.

5. Enable MD5 authentication with ‘(config-if)#ip authentication mode eigrp ASN md5'.6. Then choose key chain to use with ‘(config-if)#ip authentication key-chain eigrp ASN

NAME’, where NAME is the name of the key chain.NOTE: when you send EIGRP message, the key with lowest key number is used.

Page 6: CCNP Route · CCNP ROUTE EIGRP 4 CCNA Recap 4 RTP 4 Timers 5 EIGRP authentication 5 Neighbor discovery 6 Neighbor table 7 Topology table 8 EIGRP and Frame Relay + other topics 8 Changing

Key number must match between routers to form neighborship If R1 try to match the latter (in situation of 2 or more keys in the key chain) to check on authentication, R2 can't establish authentication check regardless whether it had the correct/wrong password, matching/unmatching key number/chain.

Check with ‘show key chain’ and ‘debug ip eigrp packet’ commands. ‘missing authentication’ means no MD5 digest is included, while ‘invalid authentication’ means a key string mismatch.

Neighboring EIGRP routers that use authentications should be configured to use NTP to synchronize the clock. In a lab, you can set the time with ‘#clock set’ command.

Neighbor discovery

When you would like to advertise a route connected to this router interface, but try not to find a neighbor (such as LAN interface with no other routers), you may choose to take one of these options:

1- Enable interface to advertise with ‘network’ command, while disable Hellos on interface FastEthernet 0/0 with ‘(config-router)#passive-interface f 0/0’. You can also use ‘(config-router)#passive-interface default’, which set all interfaces to passive-interface, then UNpassive it with ‘(config-router)#no passive interface TYPE NUMBER’. ‘show ip eigrp interfaces’ will display all the UNpassive interfaces. Configuring passive interface means the interface will receive the update (discarded to prevent neighborship) but don’t send it. If configured with static neighbor, no update enter/leave interface. Network 0.0.0.0 advertise all connected networks because every network match.

2- ‘redistribute connected’ RELAYS every network it is connected to, but there must be at least one interface participating in EIGRP (or included in ‘network’ command) for routes to be successfully redistributed; otherwise, the adjacency would even disappear. Same thing apply to ‘redistribute static’. Since connected has AD of 0 and rest routing protocols have higher AD, you wouldn’t see a change in the routing table. ‘redistribute connected’ + ‘network x.x.x.x’ = ‘network 0.0.0.0’ in external routes.

EIGRP neighbor can be statically configured so router send unicast message (to neighbor’s IP address, not RID) instead of flooding multicast Hellos. ‘(config-router)#neighbor IP_ADD INT’ command specify neighbor’s IP address at IP_ADD and outgoing interface with INT. You can set up multiple static neighbors. Note: this command only work if neighbor’s IP address is in the same subnet as exit interface’s IP subnet. Once the command is configured, neighbor disappear from ‘show ip eigrp neighbor. ‘network’ command is also necessary. When both routers (in a link) has the ‘neighbor’ command set, no traffic will pass from or through that link. When only one router has it set, all its neighbors fail unless one neighbor has a matching neighbor command set.

Page 7: CCNP Route · CCNP ROUTE EIGRP 4 CCNA Recap 4 RTP 4 Timers 5 EIGRP authentication 5 Neighbor discovery 6 Neighbor table 7 Topology table 8 EIGRP and Frame Relay + other topics 8 Changing

Requirement EIGRP OSPF

The routers must be able to send/receive IP packets to one another. Yes Yes

Interfaces’ primary (not secondary) IP addresses must be in same subnet. Yes Yes

Must not be passive on the connected interface. Yes Yes

Must use the same ASN (EIGRP) or process-ID (OSPF) on the router configuration command.

Yes No

Hello interval/timer, plus either the Hold (EIGRP) or Dead (OSPF) timer, must match. No Yes

Must pass neighbor authentication (if configured). Yes Yes

Must be in same area. N/A Yes

IP MTU must match. No Yes

K-values (used in metric calculation) must match. Yes N/A

Router IDs must be unique. No[1] Yes

You can change the way EIGRP configures its metric by changing some constants (value that don’t change throughout the equation) by ‘(config-router)#metric weights’ command. Mismatched k-value between neighbors prevent routers from becoming neighbors, mismatch will be logged when using ‘show ip protocols’. In ‘show ip protocols’, ‘gateway’ in ‘Routing information source’ displays the interface that connects to the network advertised by ‘network’ command. This doesn’t include the loopback interface. Loopback interface will not have any peers.

‘metric holddown’ enables hold down timer as loop-avoidance measure ‘metric maximum-hops’ enable infinite hop count as loop-avoidance measure, maximum configurable hops is 255 RID is used in EIGRP to identify routers; duplicated RID will not prevent neighborship.

‘show ip eigrp traffic’ display statistics regarding EIGRP messages send/received. ‘show ip eigrp accounting’ display EIGRP RID and ASN

Neighbor table

The neighbor table include:- Layer 3 address of neighbor + interface from which Hello (of that neighbor) is heard- Hold timer + Uptime (how long since the router first heard about neighbor)- Sequence number (of last packet send and received from neighbor)- Packets in Queue (high value indicate network congestion)- Retransmission timeout, RTO (time before retransmitting packet, if ack hasn't received)

In RIP, one-sided static neighborship will not cause problem reaching other routers. It has format of ‘(config-router)#neighbor IP_ADD’.

Static neighbor Passive-interface Static neighbor + passive-interfaceRIP

OSPFIS-ISEIGRP

Multi + Unicast Not send/receive UnicastUnicast No send/no receive/no advertised None

Not send/not receiveUnicast Not send/not receive None

Page 8: CCNP Route · CCNP ROUTE EIGRP 4 CCNA Recap 4 RTP 4 Timers 5 EIGRP authentication 5 Neighbor discovery 6 Neighbor table 7 Topology table 8 EIGRP and Frame Relay + other topics 8 Changing

- Smooth round trip time, or SRTT (take for a packet to take round trip)

Topology table

The topology table include:- Status of route (active or passive) + Status of Reply (whether the Query has a Reply)- Status of Query (if send, another field that track) + status of update (has update been

sent)- Prefixes, masks, interface, next-hop, feasible + advertised distance for every non-looping

route to remote networks. These information are obtained through Update messages received

When a route disappears, the router also contact its neighbors through Update message. Query messages began to diffuse throughout the AS, but if no routes are found, the entry id deleted from the routing and topology table.

EIGRP and Frame Relay + other topics

In frame relay, neighborship can only form between 2 routers with PVC connecting them.

In multiprotocol label switching (MPLS) VPN (Layer 3 service, perform routing), each customer edge (CE) router is connected to MPLS at a provide edge (PE) router and forms a EIGRP neighborship. PE routers communicate with each other using MP-BGP.

In Metropolitan Ethernet (MetroE), routers connect each other using Ethernet links and see each as in a big VLAN. This technology uses Virtual Private Wire Service (VPWS) for point-to-point topologies, and Virtual Private LAN Service (VPLS) for multipoint topologies. EIGRP neighborship can be form between all routers.

Hello (5) Update (1) Query (3) Reply (4) ACK Request

No RTP RTP RTP RTP RTP No RTP

Multi/Uni-cast Multi/Uni-cast Multicast Unicast Unicast Multi/Unicast

Neighbor initialization, Hello(A), Hello(B), Update(B), ACK(A), Update(A), ACK(B)

Update and ACK are used to exchange data topology, where Update contains the topology information; ACK acknowledges the receipt of Update, it’s just an EIGRP packet with no data and non-zero acknowledgement number. Update include: 1) prefix, 2) prefix length, 3) metric factor, and 4) non-metrics (MTU and hop count). Note: MTU is used to tracked the minimum MTU you can use on the path.

Request packets are used to get specific information from one or more neighbors and are used in route server applications.

Version: 0 or 1 [4 bits]

OPCode: 1 (Update), 3 (Query), 4 (Reply), or 5 (Hello) [4 bits]

Checksum [24 bits]

Flags [32 bits] Flags [32 bits] Flags [32 bits]Sequence: used by RTP [32 bits]Sequence: used by RTP [32 bits]Sequence: used by RTP [32 bits]

Acknowledgment [32 bits] Acknowledgment [32 bits] Acknowledgment [32 bits] Autonomous System Number [32 bits] Autonomous System Number [32 bits] Autonomous System Number [32 bits] Type Length Values, or TLVs [32 bits] Type Length Values, or TLVs [32 bits] Type Length Values, or TLVs [32 bits]

Page 9: CCNP Route · CCNP ROUTE EIGRP 4 CCNA Recap 4 RTP 4 Timers 5 EIGRP authentication 5 Neighbor discovery 6 Neighbor table 7 Topology table 8 EIGRP and Frame Relay + other topics 8 Changing

One TLV is parameter TLV that includes the K-values and the hold time.TLV Type = 0x0001 (parameter) [16 bits]TLV Type = 0x0001 (parameter) [16 bits] Length: of the TLV [16 bits]Length: of the TLV [16 bits]

K1 K2 K3 K4K5 Reserved Hold Time [16 bits]Hold Time [16 bits]

Another TLV is internal route TLVType = 0x0102 (internal route) [16 bits]Type = 0x0102 (internal route) [16 bits]Type = 0x0102 (internal route) [16 bits] Length [16 bits]Length [16 bits]

Next Hop IP address [32 bits]Next Hop IP address [32 bits]Next Hop IP address [32 bits]Next Hop IP address [32 bits]Next Hop IP address [32 bits]Delay [32 bit]Delay [32 bit]Delay [32 bit]Delay [32 bit]Delay [32 bit]

Bandwidth [32 bits]Bandwidth [32 bits]Bandwidth [32 bits]Bandwidth [32 bits]Bandwidth [32 bits]MTU [24 bits]MTU [24 bits]MTU [24 bits]MTU [24 bits] Hop Count [8 bits]

Reliability [8 bits] Load [8 bits] ReservedReservedReservedTLVsTLVsTLVsTLVsTLVs

Prefix Length [8 bits] Destination network [24 bits]Destination network [24 bits]Destination network [24 bits]Destination network [24 bits] Hop count defaults to a max of 100, but can be tuned to max of 255 with (config-router)#metric maximum-hops’.

One last TLV is the external route TLV to exchange external route informationType = 0x0103Type = 0x0103Type = 0x0103 Length [16 bits]Length [16 bits]Length [16 bits]

Next Hop IP address [32 bits]Next Hop IP address [32 bits]Next Hop IP address [32 bits]Next Hop IP address [32 bits]Next Hop IP address [32 bits]Next Hop IP address [32 bits]Originating Router RID [32 bits]Originating Router RID [32 bits]Originating Router RID [32 bits]Originating Router RID [32 bits]Originating Router RID [32 bits]Originating Router RID [32 bits]

Originating Autonomous System Number [32 bits]Originating Autonomous System Number [32 bits]Originating Autonomous System Number [32 bits]Originating Autonomous System Number [32 bits]Originating Autonomous System Number [32 bits]Originating Autonomous System Number [32 bits]Arbitrary Tag: redistribution tag [32 bits]Arbitrary Tag: redistribution tag [32 bits]Arbitrary Tag: redistribution tag [32 bits]Arbitrary Tag: redistribution tag [32 bits]Arbitrary Tag: redistribution tag [32 bits]Arbitrary Tag: redistribution tag [32 bits]

External Protocol MetricExternal Protocol MetricExternal Protocol MetricExternal Protocol MetricExternal Protocol MetricExternal Protocol MetricReservedReservedReserved External Protocol ID [8 bits]External Protocol ID [8 bits] Flags

Delay [32 bit]Delay [32 bit]Delay [32 bit]Delay [32 bit]Delay [32 bit]Delay [32 bit]Bandwidth [32 bits]Bandwidth [32 bits]Bandwidth [32 bits]Bandwidth [32 bits]Bandwidth [32 bits]Bandwidth [32 bits]

MTU [24 bits]MTU [24 bits]MTU [24 bits]MTU [24 bits] Hop Count [8 bits]Hop Count [8 bits]Reliability [8 bits] Load [8 bits] ReservedReservedReservedReserved

Prefix Length [8 bits] Destination network [24 bits]Destination network [24 bits]Destination network [24 bits]Destination network [24 bits]Destination network [24 bits]

When new information arrives, the outgoing interface is associated with that neighbor and delay (of this router) is added and recalculated. Bandwidth is changed to the slower of the 2 bandwidth, and update other items, such as load, reliability, MTU, and add 1 to hop count.

EIGRP uses CUMULATIVE delay and LEAST-COST bandwidth. Note that using ‘delay’ command set delay in tens-on-microsecond, while ‘show’ commands display delay in microseconds, making a tenfold difference (with ‘delay’ value 10 times bigger).

EIGRP do not periodically flood updates. EIGRP uses split horizon on most interfaces by default. Split horizon means if the router learns the best route for a network from an interface, the router will not advertise updates about that network exiting from that interface.

For point-to-point topologies, Updates and ACK are send using unicast address. For multipoint topologies, the central router will update using multicast, whereas the connected routers reply with unicast ACK.

Issues with multipoint interfaces using Frame Relay and EIGRP are caused by split horizon. Specifically, these options have to be true:1- 3 or more routers are configured as a part of a single subnet using Frame Relay2- multipoint interfaces are used3- permanently, or for a time, a full mesh of PVCs between routers do not exist.

Page 10: CCNP Route · CCNP ROUTE EIGRP 4 CCNA Recap 4 RTP 4 Timers 5 EIGRP authentication 5 Neighbor discovery 6 Neighbor table 7 Topology table 8 EIGRP and Frame Relay + other topics 8 Changing

For instance, A and B are connected to C at C’s multipoint interface over Frame Relay. A and B do not have a PVC link between them, and all routers are using EIGRP. EIGRP neighborship will not be formed between A and B because no Hellos can be send. To make things worse, A and B can’t learn each other’s subnet due to split horizon. A simple solution is to configure ‘(config-subif)#no ip split-horizon eigrp ASN’ on the multipoint interface. If you are using RIP, use ‘(config-subif)#no ip split-horizon’ instead. You can confirm your configuration using ‘show interface’ or ‘debug ip eigrp’ commands.

Another problem for EIGRP in Frame Relay in the inability to multicast Hello messages since Frame Relay block broadcast and multicast by default. A router can only generate all the Update messages and encapsulate each with a unicast address. For a network with many links, this may add much overhead to traffic.

By default, a router consumes at most 50% bandwidth for EIGRP traffic, you can adjust this with ‘(config-if)#ip bandwidth-percent eigrp ASN PERCENT’ or (config-subif)#; the command HAS to be set in both mode. This way, the messages are buffered, then send out.

Suggestion: set the bandwidth of PtP link as the CIR of the PVC Suggestion: the bandwidth MUST match for 2 routers connecting the same PVC When you have multiple PVCs, treat each one as PtP, meaning assign different bandwidth to each other. In multipoint interface, the ‘bandwidth’ is equally divided over all links Set the bandwidth of multipoint link as number of PVC * lowest CIR. Since the total bandwidth is divided to share between the number of links, EIGRP traffic is calculated based on individual rate. E.g A and B are multilinked at C, which has total bandwidth of 2000 Kbps, if EIGRP is configured to take 30% of the traffic, then A has (2000 / 2) * 30% = 300 Kbps for EIGRP traffic.

It’s possible for PVCs to work even if the total amount of CIR is greater than the access rate. In frame relay, the excess traffic will be queued (if excess traffic is local) and if excess traffic occurs in

Know that ‘bandwidth’ is set per sub/interface (you can set a PVC/subinterface), so the value has a maximum.

Changing the metric

EIGRP metric can be changed by changing 1) its interface bandwidth, 2) its interface delay, 3) changing K-values, and 4) adding metric using offset-lists.

When changing the metric factors of EIGRP, it is recommended that delay is changed instead of bandwidth since ‘bandwidth’ effect many other factors as well (include SNMP statistics, QoS, utilization, etc). Default setting is

listed on the left:

When setting total bandwidth of PVCs to be greater than the access rate, PVCs can forward normally when traffic is not heavy. But when each PVC is reaching its limit, packets will begin to be dropped or the traffic has to slow down (with BECN and FECN in Frame Relay)

Interface Bandwidth (Kbps) Delay (Microseconds)

Serial 1544 2000

GigibitE 1,000,000 10

FastE 100,000 100

Ethernet 10,000 1000

Page 11: CCNP Route · CCNP ROUTE EIGRP 4 CCNA Recap 4 RTP 4 Timers 5 EIGRP authentication 5 Neighbor discovery 6 Neighbor table 7 Topology table 8 EIGRP and Frame Relay + other topics 8 Changing

Frame relay and Metro Ethernet installation often use an access link and have PVCs with total CIR greater than the clock rate. In MetroE, shaping is typically applied when you are not using the entire link. Note that this shaping applies to the entire router, not to its PVCs individually.

Another way you can influence the metric is by changing the K-values with ‘metric weight 0 K1 K2 K3 K4 K5’ whereas Kn are replaced with its value. By default, K1 = K3 = 1 and K2 = K4 = K5 = 0. Changing K2, K4, or K5’s value include load and reliability in the calculation, thus may cause route flapping and other problems.

Offset list allow an engineer to add a value called offset, to FD of selected routes (by the ACL). ‘(config-router)#offset-list {ACL_NO | ACL_NAME} {in | out} OFFSET INTERFACE_TYPE INTERFACE_NUMBER’, Interface type and number is optional since the router can match the network for all the routes it receives. ACL indicate the network/subnet to be searched by permitting it and interface type number is where the ACL will be searched. The ACL must be a standard/named ACL. You will see the offset in action when you use ‘show ip eigrp topology’ (+ specific route) the FD and (FD/RD) will be different, whereas FD is the FD before offset and (FD/RD) is the FD after offset.

Successor and feasible successor

Last section discussed how to change the metric calculations, this section discuss how to converge faster. EIGRP uses the concept of successor and feasible successor, whereas successors are placed into the routing table and feasible successor, and the feasible successor runs DUAL to check if it’s loop-free. NOTE: feasible successor’s FD MUST BE LESS THAN (NOT EQUAL TO) successor’s RD. To verify feasible successor of a route, use ‘show ip eigrp topology’ or ‘show ip eigrp topology all-links’.

However, if no FS is present when successor fails, DUAL is ran to discover a loop-free route; this is called going alive on a route. Routes for which the router has a non-loop successor route and no failure has yet occurred remains in a passive state. Routes for which the successor route fails, with no feasible successor routes, move to an active state. In this state,- The route is designated with A in ‘show ip eigrp topology’ command. - Query messages are send to every neighbor except the failed neighbor (also known as the

successor route), asking for a route to that specific subnet.- Neighbors that consider themselves being passive for that subnet (have route to that

subnet and is active and loop-free) will 1) not forward Query messages, and 2) send a Reply message to tell the original router about the route.

- Neighbors that are active (do not have a route to that subnet) 1) flood Query messages to all its neighbors, 2) waiting for its neighbors Reply message (indicating some neighbors know about the subnet). The routers waits for all the Reply messages from the neighboring routers, then send a Reply back to the original router. If no routes can be found, an ‘unreachable’ message is send.

- The original router then decide which path it will choose and confirm whether it’s loop-free or not.

Page 12: CCNP Route · CCNP ROUTE EIGRP 4 CCNA Recap 4 RTP 4 Timers 5 EIGRP authentication 5 Neighbor discovery 6 Neighbor table 7 Topology table 8 EIGRP and Frame Relay + other topics 8 Changing

Before any EIGRP neighborship is established, the routing table contains all subnets listed in ‘show ip route connected’ and subnets redistributed from other routers. Split horizon is used in Query process to prevent loops.

Speed up convergence

This method takes less than 10 seconds of convergence in a small network. In a large network with many routers, it may be inefficient. The solution is either 1) stub routers, or 2) router summarization.

Stub router is a router that should not forward traffic between 2 remote EIGRP-learned subnet. This is like a non-ABR or ASBR router in OSPF.

Stub routers do not advertise EIGRP-learned routes from one neighbor to another. Non-stub routers show which router is or is not a stub and do not forward Query messages to stub routers (cause stub routers reply with “inaccessible” message). However, stub routers will form neighborships with non-stub routers.

Stub routers are configured by ‘eigrp stub’ command, parameters include:Parameter Default Combined Description

receive-only Off No (optional) Prevents the router from advertising routes.

connected On Yes (optional) advertise connected routes; may need ‘redistribute connected’ if the subnet is not included in ‘network’

static Off Yes (optional) Permits redistribution of static routes with ‘redistribute static’ if subnet isn’t included in ‘network’

summary On Yes Advertises summary routes.

redistributed Off Advertises redistributed routes, if redistribution is configured.

Default stub options are connected and summary, only the exact match will be send. Stub options are displayed in ‘show ip eigrp neighbors detail’

‘redistribute connected’ is a command that changes connected routes to be used by other types of routing, such as routing protocol. (because connected route is not part of dynamic routing process) However, since connected has AD of 0 and rest routing protocols have higher AD, you wouldn’t see a change in the routing table. ‘redistribute static’ command does the same thing but for static routes.

Summarizing routes is another way to reduce Query messages. If a router encounters a Query message that asks for a subnet INCLUDED in one of its summary routes, it will send an EIGRP Reply message immediately and doesn’t flood the Query message.

IOS can set a timer to limit how long it take to receive Reply messages (in a large network with many routers); the active timer is set default to 3 minutes (you can change this with ‘(config-router)#timers active-time MIN’. Routes that didn’t reply within the timer is considered Stuck-in-Active (SIA) routes.

Older IOS bring down the neighborship to the router where SIA routes comes from. From IOS 12.2, a SIA-Query is send at half-time of the timer to the yet replying routers. If a reply

Page 13: CCNP Route · CCNP ROUTE EIGRP 4 CCNA Recap 4 RTP 4 Timers 5 EIGRP authentication 5 Neighbor discovery 6 Neighbor table 7 Topology table 8 EIGRP and Frame Relay + other topics 8 Changing

is heard back, the neighborship is still working, if no reply is heard back, the neighborship is destroyed.

Load balance

When you are using load balancing, whether equal cost or not, actually speed up convergence so that one link going down, the other just working as normal.

‘(config-router)#maximum-paths NO’, with a default of 4 routes (in older routers, 6 is max, while in new routers, max is above 16), configures the number of EIGRP routes to use, then, depending on whether unequal cost load balance is used, ‘variance’ command takes place (variance 1 disables unequal sharing; max 128). These commands can be verified by ‘show ip protocols’. In EIGRP, unequal sharing traffic is distributed equally so different-speed link are assigned different load. WARNING: in a latency sensitive environment, setting ‘variance’ too high can cause lost of data.

When routes have been added to the routing table, the router can 1) send the traffic proportionally, lower metric routes take more packets, or 2) all traffic is send over the lowest-metric route, other routes are just there for faster convergence.

Route filtering

This method enables the engineer to decide which routes are advertised in an EIGRP update; this also decrease the size of the routing table. This is done with ‘(config-router)#distribute-list’ command and 1) ACL, 2) prefix list, or 3) route maps.Here is complete command:‘distribute-list {ACL_NO | ACL_NAME} in [type_NO]’‘distribute-list {ACL_NO | ACL_NAME} out [INT | ROUTE_PRO | ASN]

When performing route filtering with ACL, permit statements allow route to be advertised, while deny statement filters the route. This is done with ‘distribute-list ACL_NO {in | out} [INT_TYPE INT_NO]’, whereas interface can be omitted to apply the ACL to all the interfaces’ inbound or outbound traffic. If only routes from 10.0.0.0/25 are allowed, 10.0.0.0/24 actually fit. ‘gateway’ keyword can be used to allow/filter routes to that specific interface.

Prefix list examine both (a range of) prefix and (a range of) prefix length. Prefix list is more flexible than standard ACL and operate much faster than ACL. Prefix = route prefix = subnet number = network address | Prefix length = subnet mask

A prefix list is created in global configuration and has a sequence number to be edited. The command looks like ‘(config)#ip prefix-list NAME [seq NO] {deny | permit PREFIX/PREFIX LENGTH} [ge VALUE] [le VALUE]’

1- A route’s prefix HAS to be within the range implied by prefix/prefix length.2- The route’s subnet mask MUST match ranges of prefixes implied by PREFIX-LENGTH, ge, and le parameters. ge(greater-than-or-equal-to) and le(less-than-or-equal-to) parameters are optionally.NOTE: ge MUST be greater than the set prefix length, while le MUST be less than 32

Page 14: CCNP Route · CCNP ROUTE EIGRP 4 CCNA Recap 4 RTP 4 Timers 5 EIGRP authentication 5 Neighbor discovery 6 Neighbor table 7 Topology table 8 EIGRP and Frame Relay + other topics 8 Changing

Parameter Equation Example

Neither Prefix-length = CIDR ip prefix list permit 10.0.0.0/8, CIDR = 8

Both ge < CIDR ≤ le ge = 10, le = 13, CIDR = 11, 12, 13

Only ge ge < CIDR ≤ 32 ge = 28, CIDR = 29, 30, 31, 32

Only le Prefix-length ≤ CIDR ≤ le le = 10, prefix-length = 8, CIDR = 8, 9, 10

Permit 0.0.0.0/0 le 32 (in prefix list) = permit any (ACL) Deny 0.0.0.0/0 ge 30 le 30 -> denies any route with /30 CIDR

E.g (config-router)#distribute-list prefix R1 out -> where R1 is the name of prefix list.

Route maps provide logic similar to if/then/else in programming language. A single route map has one or more route-map commands in it, and routers process route-map commands in sequential orders based on sequence numbers (added automatically or manually). Each command has underlying matching parameters configured with ‘match’ command. To match all routes, simply omit ‘match’ command. Earlier entries have more precedence over later ones.

Route maps have commands like ‘route-map samplename deny 10’, then ‘match ip address prefix-list ABC’ or ‘match ip address 1’. This causes subnets that matches the criteria of ACL 1 or prefix-list ABC to be discarded. For instance, if 192.168.1.0/24 (in prefix-list ABC) is permitted by the prefix list, its route will not show up because route maps have denied it. ‘show route-map’ will display related statistics.

Here are some important points:- route-map commands with the permit option either cause a route to be allowed through

(if matched by the match command) or remain in the list of routes to be examined by the next route-map clause.

- route-map commands with the deny option either filter the route (if matched by the match command) or remain in the list of routes to be examined by the next route-map clause.

- If a clause’s match commands refer to an ACL or prefix list, and the ACL or prefix list matches a route with the deny action, the route is not necessarily filtered. Instead, it just means that route does not match that particular match command and can then be considered by the next route-map clause.

- The route-map command includes an implied deny all clause at the end; to configure a permit all, use the route-map command, with a permit action, but without a match command.

Route summarization

Route summarization differs from route filtering in that it reduce the routing table size BUT do not affect the reach-ability of the route; EIGRP automatically summarize at classful network boundary, but support manual summarization in every router. Route summarization reduces the Query Scope, this means unnecessary Query messages are not flooded.

Tradeoffs: cause suboptimal routing Packets destined for inaccessible subnets included in the traffic

Page 15: CCNP Route · CCNP ROUTE EIGRP 4 CCNA Recap 4 RTP 4 Timers 5 EIGRP authentication 5 Neighbor discovery 6 Neighbor table 7 Topology table 8 EIGRP and Frame Relay + other topics 8 Changing

Suggestion: when planning a new part of a network, first assign the summary address to the edge router, then assign address within the summary address to other devices.

If there are multiple routes to the summarized subnet, the route with the lowest metric is displayed and the other set up as backup route (or load balance if configured).

A summary route is considered up and working unless all the routes to it has failed. This uses ‘(config-if)#ip summary-address eigrp ASN PREFIX SUBNET_MASK’ on the interface connected to the summarized subnets. Here is what happens:

- This router bring down all EIGRP neighborship on which the subordinate routes are configured, then up. This means a new set of topology table is exchanged (remember that the entire topology table is exchanged when a router starts up).

- This router advertises the summary route on the basis that this router ALREADY has a route to one of the subnets included in the summary route. No subordinate routes are advertised, which means subnets whose address ranges are within the summary route are not advertised.

- A route with exit interface of Null0 is added to the routing table. Null0 is a logical interface that acts as a trash can to delete all packets for subordinate routes contained in the summary route but not actually present. Performing a ‘show ip route IP_ADDRESS’ command will show you whether a packet to this route will be discarded.

Note: if a packet matches a more specific route than the summary route, the packet is forwarded. If the packet ONLY matches the summary route, it will be discarded. This is why the automatic summary route has a exit interface of Null0; such a route is also called discarded route.

Summary route has AD = 5 on local router, but neighbor only summary route with AD = 90

EIGRP doesn’t automatically summarize external routes unless there is a subnet of the same major network that is an internal route.

When a router has multiple working interfaces, and those interfaces use IP addresses in different classful networks, the router advertises a summary route for each classful network on interfaces attached to a different classful network.

Contiguous network: A single classful network in which packets sent between every pair of subnets will pass only through subnets of that same classful network, without having to pass through subnets of any other classful network. Discontiguous network: A single classful network in which packets sent between at least one pair of subnets must pass through subnets of a different classful network.

When routers belong to the same classful network summarizes, other router wouldn’t not be abled to decide which router to forward the packet; maybe load balance can be used, but only 1 copy of the message is distributed between 2 routers, causing partial loss to the entire message. 2 solutions exist, 1) ‘no auto-summary’, or 2) stop using discontiguous network (also for classful routing protocols). To discover whether EIGRP is currently using auto-summarization, use ‘show ip protocols’

Default candidate route

Page 16: CCNP Route · CCNP ROUTE EIGRP 4 CCNA Recap 4 RTP 4 Timers 5 EIGRP authentication 5 Neighbor discovery 6 Neighbor table 7 Topology table 8 EIGRP and Frame Relay + other topics 8 Changing

There are many ways to configure default candidate routes in EIGRP, which the router will choose the best to be the default route. However, if you don’t wish to advertise this route as a default route, but still advertise it, use ‘default-information {in | out} [ACL_NO]’ command or ‘no default-information allowed in’ command to disable default routes from that ASN and treat them as normal routes. There 4 ways to create a default candidate route

1) Define a ‘ip route 0.0.0.0 0.0.0.0’ followed by the next-hop router or exit interface (such as ‘null0’). Then advertise this route by ‘network 0.0.0.0’ (if this route fail, an Update will be sent). The route will be shown as internal EIGRP route.

2) If defined with ‘ip route 0.0.0.0 0.0.0.0’ followed by next hop, then advertised with ‘redistribute static’, the route shows as an external EIGRP route (EX).

3) ‘ip route 0.0.0.0 0.0.0.0’ + ‘eigrp stub static’ (optionally with ‘eigrp stub redistributed’ if not included in ‘network’) = candidate default internal EIGRP route.

4) Use a summary route as a default route by ‘ip summary-address eigrp ASN 0.0.0.0 0.0.0.0’ then advertise it, this default route will be shown as internal EIGRP route.

5) Flag an existing route to a classful network (because the subnet mask should be the same in all networks). Then advertise as the default route by ‘ip default-network NET_ADD’ command. Only an interface needs to participate in EIGRP for advertisement of this route, and that interface doesn’t have to include the classful route. It’s recommended to use a virtual interface if you don’t use a full classful network address between your Internet router and ISP router.

A routing protocol is not required. You can only use ‘no default-information [allowed] {in | out}’

Page 17: CCNP Route · CCNP ROUTE EIGRP 4 CCNA Recap 4 RTP 4 Timers 5 EIGRP authentication 5 Neighbor discovery 6 Neighbor table 7 Topology table 8 EIGRP and Frame Relay + other topics 8 Changing

OSPF

CCNA Summary

Link state routing protocols include OSPF and IS-IS. Routers using OSPF is identified by a Router ID (RID) in the entry of Link-state database (LSDB). RID has the same format as an IP address, which can be automatically selected, or manually set. RID can be configured by1)use ʻrouter-idʼ + RID after ʻrouter OSPFʼ + P_ID.2)If above step no used, any loopback (always up/up virtual interface) address [ʻinterface

loopbackʼ + number, then ʻip addressʼ command] with the highest numeric IP address is used.3)If above steps are not used, the router picks the highest IP address (out of all its up/up

interfaces)RID is chosen when the IOS is initially loaded. New, better address WONʼT take over after OSPF is restarted by ʻclear ip ospf processʼ then ʻreloadʼ the router.

After OSPF RID has chosen and interfaces come up, this router become neighbors with other routers if they are connected to the SAME subnet. To discover OSPF neighbors, an OSPF send Hello packets out 224.0.0.5 and IP protocol type 89. LSAs are send out 224.0.0.6

To form a neighbor relationship, both routers must have these criteria match:- Subnet mask and subnet number (network address)- Hello (10 sec by default) and dead (= 4* Hello) interval; if dead timer is up, a router is marked down and converge.

- OSPF area ID (Cisco suggest ≤ 50 routers in an area; AID ranges from 0 to 4,294,967,295.)- Value of stub area flag- Authentication password (if there is one)

When discover other neighbors, the routers run SPF algorithm to fill their routing table. In the beginning, both Router A and B are Down. If router A receives Router Bʼs Hello message (with Router A not on the list of neighbors) and decide that Router B can be a neighbor (all criteria meet), Router A adds Router B to the list of OSPF neighbor (a field in the Hello message) [this is initialization]; this is two-way state for neighbors. Neighbors are kept track in a routerʼs neighbor database; use ʻshow ip ospf neighborʼ command.

After both routers (in a link) recognize others, they began exchange their LSDB, which MUST be the same for routers forming neighborship. The exchange of LSDB is done differently for different topologies; in CCNA, only PtP and broadcast are considered. The topology of the routers can be manually set with ʻip ospf networkʼ following the type.

PtP topology refers to 2 routers that are directly connected (or the subnet has only 2 routers) to each other. In this case, LSDBs are DIRECTLY advertised and updated between the routers until they both become fully adjacent.

On the other hand, if you were to exchange information for 10 routers on the same subnet, you would be overwhelmed with the load of the traffic. In this case (multiple routers on the same subnet), you need a Designated Router (DR) that act as the boss that distribute the information

Page 18: CCNP Route · CCNP ROUTE EIGRP 4 CCNA Recap 4 RTP 4 Timers 5 EIGRP authentication 5 Neighbor discovery 6 Neighbor table 7 Topology table 8 EIGRP and Frame Relay + other topics 8 Changing

to ALL the employees; the employees are NOT allowed to talk to EACH OTHER. DR has a Backup called BDR. All other routers are known as DROther. When multiple routers exist, priority value of a router (usually) decide the DR and BDR. This value range from 0 to 255, with 0 never considered for election.- The router with the highest OSPF priority becomes DR, if priority ties, highest RID wins.- If a new, better candidate comes along, no challenge is presented to the old DR and BDR.- The router with second highest OSPF becomes BDR, if priority ties, second highest RID wins. After routers decide to exchange their LSDB, they send a list of LSAs to their neighbors asking if they already have the LSAs. If yes, no further exchange is needed. If no, this router send the missing LSAs to the neighbor.

When a neighbor has all the LSAs, a neighbor is considered in a Full state. Hello messages are still send, but if a neighbor is down (detected by the dead interval), the routers converge and resend the necessary LSAs. Note that every LSA is flooded every 30 minutes, regardless of the state of the router. However, each LSA has its own flooding period, instead of sending all LSAs at once.

LSAs ARE RECORDED IN ROUTERʼs LSDB, or OSPFʼs topology database; shown with ʻshow ip ospf databaseʼ command. A LSA contains an entry for each known routerʼs RID, its interface, IP address, mask and subnet, as well as all the routers reachable from that router. SPF algorithm can pick the route with the least cost and place it in the routing table with ʻshow ip routeʼ.

In large networks, OSPF can be a pain in the ass since so many routers need configuration. A viable solution is logically cut the network into smaller, logical divisions called areas. Area-Border Routers (ABR) lies between areas and facilitate communication between routers by manually-summarize the routes (thus reduce the number of routes). ABR belongs to both areas and require more memory and CPU since it process routes about both areas.Term Description

Autonomous System Border Router (ASBR)

An OSPF router that connects to routers that do not use OSPF for the purpose of exchanging external routes into and out of the OSPF domain.

Backbone router A router that has at least one interface in area 0

Internal router A router in a single nonbackbone area.

Backbone area A special OSPF area to which all other areas must connect. Area 0.

External route A route learned from outside the OSPF domain and then advertised into the OSPF domain.

Intra-area route A route to a subnet inside the same area as the router.

Interarea route A route to a subnet in an area of which the router is not a part.

Autonomous system A set of routers that use OSPF; routers in the same network have same AS

To configure OSPF,Step 1. Enter OSPF configuration mode for a particular OSPF process using the router ospf

process-id global command. Process-ID can range from 1 to 65,535.

Step 2. (Optional) Configure the OSPF router ID by:a. Configuring the router-id id-value router subcommand.b. Configuring an IP address on a loopback interface.

Page 19: CCNP Route · CCNP ROUTE EIGRP 4 CCNA Recap 4 RTP 4 Timers 5 EIGRP authentication 5 Neighbor discovery 6 Neighbor table 7 Topology table 8 EIGRP and Frame Relay + other topics 8 Changing

Step 3. Configure one or more network ip-address wildcard-mask area area-id router subcommands, with any matched interfaces being added to the listed area.

Step 4. (Optional) Change the interface Hello using (config-if)#ip ospf hello-interval time andDead intervals with (config-if)#ip ospf dead-interval timeRetransmit (for LSA if no acknowledgement is heard) interval with (config-if)#ip ospf retransmit-interval TIME

Step 5. (Optional) Impact routing choices by tuning interface costs as follows:a. Configure costs directly using the ip ospf cost value interface subcommand.b. Change interface bandwidths using the bandwidth value interface subcommand.c. Change the numerator in the formula to calculate the cost based on the interface bandwidth, using the auto-cost reference-bandwidth value router subcommand.

Step 6. (Optional) Configure OSPF authentication:a. On a per-interface basis using the ip ospf authentication interface subcommand.b. For all interfaces in an area using the area authentication router subcommand.

Step 7. (Optional) Configure support for multiple equal-cost routes using the maximum-paths number router subcommand.

ʻshow ip ospf interfaceʼ command list more detailed information about each interface. OSPF, by default, load-balance over 4 equal-cost paths; but it can support up to 16 routes by configuration. This is also true for EIGRP

OSPF packets

This is the OSPF header in front of all OSPF packetVersion [8 bits] Type: 1=hello, 2=database description, 3=

request, 4=update, 5=acknowledgement[8 bits]Packet Length [16 bits]

Router ID: don’t change unless reload or interface (of RID) is shut [32 bits]Router ID: don’t change unless reload or interface (of RID) is shut [32 bits]Router ID: don’t change unless reload or interface (of RID) is shut [32 bits]Area IDArea IDArea IDChecksumChecksum Authentication TypeAuthentication: only valid for OSPFv2 [64 bits]Authentication: only valid for OSPFv2 [64 bits]Authentication: only valid for OSPFv2 [64 bits]

Authentication Type = 0 for null, 1 for plain text, and 2 for MD5

Hello packetNetwork Mask: unnumbered and virtual interface = 0.0.0.0 [32 bits]Network Mask: unnumbered and virtual interface = 0.0.0.0 [32 bits]Network Mask: unnumbered and virtual interface = 0.0.0.0 [32 bits]Network Mask: unnumbered and virtual interface = 0.0.0.0 [32 bits]

Hello Interval [16 bits]

Options: bit 0 (support ToS), bit 1 (support T7 LSA), bit 2 (support MOSPF), bit 3 (support NSSA), bit 4 (support T8 LSA), bit 5 (support Demand

Circuit), bit 6 (support Opaque LSA), bit 7 (prevent loop in VPN) [8 bits]

Options: bit 0 (support ToS), bit 1 (support T7 LSA), bit 2 (support MOSPF), bit 3 (support NSSA), bit 4 (support T8 LSA), bit 5 (support Demand

Circuit), bit 6 (support Opaque LSA), bit 7 (prevent loop in VPN) [8 bits]

Options: bit 0 (support ToS), bit 1 (support T7 LSA), bit 2 (support MOSPF), bit 3 (support NSSA), bit 4 (support T8 LSA), bit 5 (support Demand

Circuit), bit 6 (support Opaque LSA), bit 7 (prevent loop in VPN) [8 bits]Router Priority [8 bits]Router Priority [8 bits] Router Dead Interval [32 bits] DR RID [32 bits]

BDR RID [32 bits]BDR RID [32 bits] Neighbor: RID of all neighbor Hellos [variable]

Database Description packetsInterface MTU = 0 if virtual link [16 bits]

Options: see Options in Hello [8 bits]

Flags: bit 0 (master if on), bit 1 (on if there’s more packet in the flow), bit 2 (off if this is the first packet in the flow), bit 3-7 (all off) [8 bits]

DBD Sequence Number: master increment to support continuous packet [32 bits]DBD Sequence Number: master increment to support continuous packet [32 bits]DBD Sequence Number: master increment to support continuous packet [32 bits]LSA Header: contain multiple headers, each 20 bytes [variable]LSA Header: contain multiple headers, each 20 bytes [variable]LSA Header: contain multiple headers, each 20 bytes [variable]

Link state requestLink State Type: LSA type [32 bits] Link State ID: more info for LSA [32 bits]Link State ID: more info for LSA [32 bits]

Advertising RID [32 bits] Checksum Authentication Type

Link state update

Page 20: CCNP Route · CCNP ROUTE EIGRP 4 CCNA Recap 4 RTP 4 Timers 5 EIGRP authentication 5 Neighbor discovery 6 Neighbor table 7 Topology table 8 EIGRP and Frame Relay + other topics 8 Changing

Number of LSAs carried [32 bits] Link State Advertisement [variable]

OSPF neighborship in LAN

All the ‘network’ commands are configured so the most specific wildcard mask is listed first in the configuration file. If area is not specified in ‘network’ command, the closest match to the IP address of that router interface will become the ‘network’ command of that subnet. However, this is not recommended.

Hello messages are distributed to interfaces that have meet: - Enabled with ‘(config-router)#network PREFIX SUBNET_MASK [area A_ID]’ or ‘(config-

if)#ip ospf P_ID area A_ID’- Must not have ‘(config-router)#passive-interface INT_TYPE NO’ configuredNote: distributing Hello on an interface means OSPF is attempting to find a POTENTIAL neighbor on that interface. By default, Hello sends to broadcast link every 10 s and nonbroadcast link every 30 s

OSPF support bidirectional forwarding detection(BFD) using ‘ip ospf dead-interval minimal hello-multiplier’ followed by a number n. This command (also set hello and dead interval) set the dead interval to 1 second, and hello interval to 1/n second. Hello Interval is included in ‘show ip ospf interface’ command.

Neighborship will not form between routers with the same RID, however, other routers in the same area may be confused because it sees two routers with the same RID. Note that this router may have only 1 route, although to 2 routers with same RID, so information may be delivered incorrectly. OSPF can’t start without RID.

If routers experience a MTU mismatch, they will remain in ‘EXCHANGE’ or ‘INIT’ state forever. MTU can be set ‘ip mtu' or ‘mtu'

Router with N neighbors have N SPF treeInterface Area

Clear Text

MD5

(config-if)#ip ospf authentication(config-if)#ip ospf authentication-key PASS

(config-router)#area A_ID authentication(config-if)#ip ospf authentication-key PASS

(config-if)#ip ospf authentication message-digest(config-if)#ip ospf message-digest-key KEY_NO md5 PASS

(config-router)#area A_ID authentication message-digest(config-if)#ip ospf message-digest-key KEY_NO md5 PASS

Password MUST be less than 16 characters. Key number doesn’t have to match. If both are configured, interface commands take precedence.

The type of keys generated can be detected in ‘debug ip ospf adj’ (everything), ‘show ip ospf interface’ (which type of authentication), and ‘show ip ospf neighbor’ (whether a neighbor survived authentication).

OSPF don’t support key chains, if there are 2 keys, and every packet wants to used authentication, there will be 2 copies of each packet send. When you have a new key, you must delete the old one to prevent excessive traffic.

Page 21: CCNP Route · CCNP ROUTE EIGRP 4 CCNA Recap 4 RTP 4 Timers 5 EIGRP authentication 5 Neighbor discovery 6 Neighbor table 7 Topology table 8 EIGRP and Frame Relay + other topics 8 Changing

Types of LSA

Link State Age: 3600 sec by default [16 bits] Options: same as Hello Options [8 bits]Link State Type [8 bits] Link State ID: describe LSA network [32 bits]

Advertising Router [32 bits] Link State Sequence Number [32 bits]Link State Checksum [16 bits] Length [16 bits]

LSA Type

Common Name Description

1 Router Each router creates its own Type 1 LSA to represent itself for each area it connects to. Type 1 LSA lists the RID and all interface IP addresses on that router that are in that area. Represents stub networks as well.

2 Network One per transit network. Created by the DR on the subnet, and represents the subnet and the router interfaces connected to the subnet.

3 Net Summary Created by ABRs to represent subnets listed in one area’s type 1 and 2 LSAs when being advertised into another area. Defines the links (subnets) in the origin area, and cost, but no topology data.

4 ASBR Summary Advertises route to reach ASBR; generated and advertised by ABR

5 AS External Advertise External routes; generated and advertised by ASBR

6 Group Membership Defined for MOSPF; not supported by Cisco IOS.

7 NSSA External Created by ASBRs inside an NSSA area, instead of a type 5 LSA.

8 External Attributes Not implemented in Cisco routers.

9–11 Opaque Used as generic LSAs to allow for easy future extension of OSPF; for example, type 10 has been adapted for MPLS traffic engineering.

20-byte LSA Header20-byte LSA Header20-byte LSA Header20-byte LSA Header20-byte LSA Header20-byte LSA Header20-byte LSA Header20-byte LSA Header0 [4 bits] V = on if

virtual linkE = on if ASBR

B = on if ABR

0 [9 bits]0 [9 bits]

Number of Links: count of all router links [16 bits]

Number of Links: count of all router links [16 bits]

Link state identifier ID [32 bits]Link state identifier ID [32 bits]Link state identifier ID [32 bits]Link state identifier ID [32 bits]Link state identifier ID [32 bits]Link state identifier ID [32 bits]Link state identifier ID [32 bits]Link state identifier ID [32 bits]Link Data [32 bits]Link Data [32 bits]Link Data [32 bits]Link Data [32 bits]Link Data [32 bits]Link Data [32 bits]Link Data [32 bits]Link Data [32 bits]

Type [8 bits]Type [8 bits]Type [8 bits]Type [8 bits]Type [8 bits] Number TOS = 0Number TOS = 0 MetricStarting from Link ID again...Starting from Link ID again...Starting from Link ID again...Starting from Link ID again...Starting from Link ID again...Starting from Link ID again...Starting from Link ID again...Starting from Link ID again...

Combination for Type, LSID, and Link DataDescription Type LSID Link DataPoint-to-point numbered 1 Neighbors RID Interface IP addressPoint-to-point unnumbered 1 Neighbors RID MIBII IfIndex valueTransit 2 DR RID Interface IP addressStub 3 IP network address Subnet maskVirtual Link 4 Neighbor RID Interface IP address

Type 1, or Router LSA, is created and advertised by every router.- Each internal router has one Router LSA, while each ABR has multiple Router LSAs, one for

each area.- Router LSAs are flooded throughout its (intended) area by sending a copy to all connected

neighbors.- Each Router LSA include: ~ All the neighbors directly connected, Router Interface address is where the LSA is send/receive.

Page 22: CCNP Route · CCNP ROUTE EIGRP 4 CCNA Recap 4 RTP 4 Timers 5 EIGRP authentication 5 Neighbor discovery 6 Neighbor table 7 Topology table 8 EIGRP and Frame Relay + other topics 8 Changing

20-byte LSA HeaderSubnet Mask [32 bits]

Attached Router: list of RID in the segment, including DR. One per header [32 bits]

Type 2, or Network LSA, is created when a DR (+ BDR) is present; this is a NMBA topology. DR and BDR are elected based on their priority (1 - 255; default 1), if tied, check RID. If DR and BDR are elected and better routers comes along, no change will take place until either DR or BDR fails. This type of LSA is used as a pseudo-node, which is multicasted into the subnet connecting all the routers. DR generates Network LSA and flood it out the interface connected to the subnet; the LSID is the DR’s interface (that connect to the subnet) RID. This LSA also show the routers directly connected to it.

20-byte LSA Header20-byte LSA HeaderSubnet Mask [32 bits]Subnet Mask [32 bits]

0 Metric [24 bits]TOS = 0 [8 bits] TOS Metric = 0 [24 bits]

OSPF can model all the topology inside a single area using Type 1 and 2 LSAs. When a router uses its SPF process to build a model of the topology, it can then calculate the best (lowest cost) route for each subnet in the area. When LSAs are first received, they are immediately flooded to other neighbors before the algorithm takes place.

One Type 3 LSA contains one subnet and lowest-cost to reach it from this ABR.

Type 4 LSA has the same format as Type 3, but contain information about ASBR instead.

By default, Cisco IOS doesn't limit the number of LSA. It can be limited with ‘(config-router)#max-lsa LSA_NO’. When exceeded, the router generates log messages. After 1 minute, OSPF take down all adjacency and clear the database. This is ignore state (configured by ignore timer), no OSPF packets are sent/received by interfaces that belong to the OSPF process. If the OSPF process remains normal for the time that is defined by a reset-time parameter, the ignore state counter is reset to 0.

The command to see all LSAs is ‘show ip ospf database [LSA_TYPE LSID]’, here is the complete format: ‘show ip ospf database [router | network | summary | asbr-summary | nssa-external | external | database-summary]

Database Exchange Process

This process utilize 5 types of messages:Message Name/number Description

Hello (1) Used to discover neighbors, supply information used to confirm two routers should be allowed to become neighbors, to bring a neighbor relationship to a 2-way state, and to monitor a neighbor’s responsiveness in case it fails

Database Description (DD or DBD) (2)

Used to exchange brief versions of each LSA, typically on initial topology exchange, so that a router knows a list of that neighbor’s known LSAs

Page 23: CCNP Route · CCNP ROUTE EIGRP 4 CCNA Recap 4 RTP 4 Timers 5 EIGRP authentication 5 Neighbor discovery 6 Neighbor table 7 Topology table 8 EIGRP and Frame Relay + other topics 8 Changing

Link-State Request (LSR) (3)

A packet that lists the LSIDs of LSAs the sender of the LSR would like the receiver of the LSR to supply during database exchange

Link-State Update (LSU) (4)

A packet that contains fully detailed LSAs, typically sent in response to an LSR message. Retransmit in 5 second if not acknowledged.

Link-State Acknowledgment (LSAck) (5)

Sent to confirm receipt of an LSU message. Contain common OSPF header + list of LSA header

OSPF uses Finite State Machine (FSM) to determine 8 neighbor states used to describe the current state of each OSPF neighbor. Adjacency is established when routers have the same LSDB.State Meaning

Down No Hellos have been received from this neighbor for more than the dead interval.

Attempt Used when the neighbor is defined with the neighbor command, after sending a Hello, but before receiving a Hello from that neighbor.

Init A Hello has been received from the neighbor, but it did not have the local router’s RID in it or lists parameters that do not pass the neighbor verification checks. This is a permanent state when Hello parameters do not match.

2Way A Hello has been received from the neighbor, it has the router’s RID in it, and all neighbor verification checks passed.

ExStart Currently negotiating the DD sequence numbers and master/slave logic used for DD packets.

Exchange Finished negotiating the DD process particulars, and currently exchanging DD packets.

Loading All DD packets are exchanged, and the routers are currently sending LSR, LSU, and LSAck packets to exchange full LSAs.

Full Neighbors are fully adjacent, meaning they believe that their LSDBs for that area are identical. Routing table (re)calculations can begin.

Database Exchange without DR

1. Down state: no messages send2. INIT state: Hello Messages send3. 2-WAY state: neighborship is confirmed with matching Hellos; neighbors are listed in the

Neighbors List. Since no DR is present, exchange process will begin.4. ExStart state: begins after first DD packet is sent to 224.0.0.5 (unless ‘neighbor’

command has set, making the DD unicast).DD messages include LSID and LSA sequence number, which begin with 0x80000001 and increment when changes have taken place. This way, LSAs contained by router and their version can be used to determine whether the LSA will be send to the neighbor.5. Exchange state: begins after Master is elected (router with highest RID). Master first

send DD messages responded by the slave (whether it has the LSA or not). When master finishes, slave can update DD messages (LSA headers) that master doesn’t have.

When this state ends, routers know what LSA to send to neighbor and what LSA it wants the neighbor to send to it.6. Loading state: based on the above information, send LSR (link state request) for wanted

LSAs. Neighbor reply with LSU (link state update), which contains the real LSA. Acknowledge receipt of LSU by 1) implicit acknowledgement, sending back the identical LSU, or 2) explicit acknowledgement message called LSA ACK.

7. FULL state: every router has the same LSDB.

Page 24: CCNP Route · CCNP ROUTE EIGRP 4 CCNA Recap 4 RTP 4 Timers 5 EIGRP authentication 5 Neighbor discovery 6 Neighbor table 7 Topology table 8 EIGRP and Frame Relay + other topics 8 Changing

Database Exchange with DR

If the network type is either broadcast or NMBA, each non-DR router (including BDR), form a neighborship with DR and exchange LSA with it; this way, DR acts as a pseudonode that distribute information.1. Down state: no messages send2. INIT state: Hello Messages send3. 2-WAY state: neighborship with DR and BDR is confirmed with matching Hellos;

neighbors are listed in the Neighbors List.4. ExStart state: begins when neighbor send first DD packet to 224.0.0.6; DR + BDR

multicast address.5. Exchange state: Master is always DR, regardless whether it has the highest RID or not;

send DD messages of LSAs it know to slave at 224.0.0.5. When master finishes, slave can update DD messages (LSA headers) that master doesn’t have.

6. Loading state: based on the above information, send LSR (link state request) for wanted LSAs. Neighbor reply with LSU (link state update), which contains the real LSA. Acknowledge receipt of LSU by 1) implicit acknowledgement, sending back the identical LSU, or 2) explicit acknowledgement message called LSA ACK.

7. FULL state: every router has the same LSDB.

There are 2 types of neighborships that can be formed in OSPF: neighbors and full-adjacent neighbors. In a PtP relationship where only 2 routers exist, both form fully-adjacent neighborship. In a NMBA, FULL state refers to the converged state between a DROTHER and DR or BDR, while 2WAY refers to the relationship between non-DR and BDR neighbors.

In an already formed neighborship, new LSAs are immediately forwarded out to connected neighbors. In other words, they are forwarded out to other neighbors before LSAs are put into the SPF algorithm; this is where link-state has more advantage in convergence time than distance-vector. For a newly added connection, the new router first exchange LSAs with current neighbor. Then, the current neighbor distribute the LSAs before calculate using SPF algorithm.

Each LSA is reflooded every 30 minutes, regardless of changes made to it. Router increments the sequence number, reset the timer, then reflood the LSA; if a router receives a LSU with lower LSA sequence number (than its own), it will forward its copy of newer LSU. When a router realize it need to flush an LSA for LSDB, it set the MaxAge to 3600 seconds then reflood the LSA. Other routers see the age is already at the maximum, causing those routers to remove this LSA. LSA checksum is performed (according to each LSA) every 10 minutes

OSPF route selection

Each route has a cost equal to the sum of costs of all outgoing interfaces; OSPF chooses the lowest-cost route to a subnet and places it in the routing table.

When multiple routes exist to the same destination, the lower type LSA is first considered. If tied, cost is used to break it.

For intra-area route, decision can be easily made using Type 1 and 2 LSA. For inter-area route, route is chosen based on Type 3 LSA; marked with O IA; all inter-area route MUST pass through area 0.

Page 25: CCNP Route · CCNP ROUTE EIGRP 4 CCNA Recap 4 RTP 4 Timers 5 EIGRP authentication 5 Neighbor discovery 6 Neighbor table 7 Topology table 8 EIGRP and Frame Relay + other topics 8 Changing

For inter-area routes that relates to 2 or more ABRs, an ABR COULD choose an inter-area route over the intra-area route. However, there are 2 rules that prevent this:- intra-area routes have precedence over inter-area route- If an ABR learns a Type 3 LSA (other than its own) inside a backbone area, the ABR

ignores that LSA when calculating its own routes.

A change to the Type 3 LSA–it fails, comes back up, or the metric changes–does impact the choice of best route, so the changed Type 3 LSA must be flooded. However, non-ABR don’t run SPF again, only change in Type 1 and 2 LSAs require an SPF calculation.

OSPF calculate an interface cost = (reference-bandwidth in Kbps)/(interface-bandwidth in Kbps). There are 4 ways to change an OSPF metric:1) change reference bandwidth, by ‘(config-router)#auto-cost reference-bandwidth’

followed by the bandwidth in Mbps. Recommend to use same command in all routers in the same domain; difference doesn’t result in failed neighborship. Default is 100 Mbps

2) change interface bandwidth, by ‘(config-if)#bandwidth’ command followed by bandwidth in Kbps. By default, bandwidth is 1544 in serial interface and sub-interfaces. For ports using auto-negotiation, the speed is the negotiated speed.

3) set OSPF cost directly by ‘(config-if)#ip ospf cost’ followed by the value. Override ‘auto-cost reference-bandwidth’

4) Change the cost for the default route advertised by this router using ‘(config-router)#area A_ID default-cost COST’

An LSA should be unfavorable when it’s redistributed from BGP. In this case, it should be configured with ‘(config-router)#max-metric router-lsa on-startup {wait-for-bgp | SEC_AFTER_REBOOT}’

OSPF Route Filtering

OSPF advertise LSAs, thus, they filter LSAs. However, since filtering Type 1 and Type 2 LSA would cause SPF to fail, 3 options exist:

- Filter Type 3 LSAs on ABR using ‘(config-router)#area A_ID filter-list prefix NAME {in | out}’ command, whereas NAME is the name of the prefix-list that controls the traffic. Denied subnets are filtered, while permitted subnet flow through as normal. ‘in’ keyword applies the prefix list to subnets coming IN from other areas. ‘out’ keyword applies the prefix list to subnets going OUT to other areas.

When designing filter for multi-area topology, you should be careful with ‘out’, since it prevents the LSA from spreading to every other area.Type 3 LSA filters on T3 LSA for the entire area.

- Filter Type 5 LSAs on ASBR using ACL, prefix list, route map, or ‘default-information’ command.

- Filter routes OSPF would normally add to the routing table on a single router. This method is performed after SPF algorithm and before routes are placed in the routing table. This feature does not change the LSDB flooding process, does not change the LSAs added by ABRs or ASBRs, and does not change the SPF algorithm’s choice of best route.

Page 26: CCNP Route · CCNP ROUTE EIGRP 4 CCNA Recap 4 RTP 4 Timers 5 EIGRP authentication 5 Neighbor discovery 6 Neighbor table 7 Topology table 8 EIGRP and Frame Relay + other topics 8 Changing

Usually, a ‘(config-router)#distribute-list’ command is used, along with ACL, prefix-list, or route map. ‘in’ here filters the routes BEFORE it’s placed in the routing table. ‘interface’ can be included to match the route from a certain interface. Note that LSAs are not filtered, the router just prevented from entering the RIB; the LSA can still be seen on the LSDB.

Manual summarization

Summarization differs when applied to ABR and ASBR.

In ABR, you use ‘area A_ID range IP_ADD MASK [advertise | not-advertise] [cost COST]’ command. The ABR must have one subordinate subnet from that range of address; if no subordinate subnet exist, the LSA is not advertised. The metric for the summary route’s Type 3 LSA is the best metric of all subordinate subnets; or it can be manually set with ‘cost’ keyword. A summary route can be hidden (or not advertised) by adding ‘not-advertise’ keyword in the end of the command. If you use a summary route for some subnet (192.168.0.0/23) and you have another subnet (not included in the summary route, e.g 10.0.0.0/8), this area will then advertise the summary route and that subnet (2 Type 3 LSAs). However, if area 0 is a transit area (with virtual link), then the individual subnets will be advertised instead.

ASBR, redistribute routes into OSPF from other routing source and create Type 5 LSA for each redistributed subnet. The network address is the LSID and RID of ASBR become the advertising router. For type 5 LSA to distribute, the requirements are similar to that of ABR except you use ‘(config-router)#summary-address IP_ADD MASK [not-advertise]’ command. ‘redistribute static’ only works for non-default static routes. This means you can’t manually set the cost at ASBR.

Default route

A default route can be created by using a IP address of 0.0.0.0 0.0.0.0 as a summary route for ABR or ASBR. However, it’s not as popular as ‘(config-router)#default-information originate’ and stub area when distributing a default route. The main goal for default route in ASBR is to direct traffic to the Internet. The main goal for default route in ABR is to direct traffic to another area.

‘(config-router)#default-information originate [always] [metric COST] [metric-type TYPE VALUE] [route-map NAME]’ command tells ASBR to flood a default route (Type 5 LSA) pointing to itself IF it has a default route in its routing table. The default route on the ASBR is either statically entered or learned redistributed. ASBR stop advertising its default route if it fails. The default route has a default metric of 1 and metric type of E2

‘always’ keyword allow the default route to be advertised even if ASBR’s default route is down. During this time, packets for the Internet will be received then discarded. ‘metric’ keyword allow you to define the metric, default is 1 ‘metric-type’ keyword defines type of metric, external type 1 or type 2, default E2 ‘route-map’ controls what to advertise, withdraw the default route

Page 27: CCNP Route · CCNP ROUTE EIGRP 4 CCNA Recap 4 RTP 4 Timers 5 EIGRP authentication 5 Neighbor discovery 6 Neighbor table 7 Topology table 8 EIGRP and Frame Relay + other topics 8 Changing

Another method to provide default route is with stub area. The idea is that (other) routers will no longer acknowledge any other routes (to the outside) except one from the ABR (with IP add and mask of 0.0.0.0 0.0.0.0). All routers MUST be stubby to remain neighbors. The cost of the default route, if not set with ‘area default-cost’, the default cost is 1

Stub Area Totally Stubby Area NSSA Totally NSSA

Default route of 0.0.0.0 0.0.0.0

from ABR

All routers must be same type of stub

Command for stub

Command to set cost of default

route

Filter Type 3 LSA

Filter Type 4 LSA

Filter Type 5 LSA

Filter Type 7 LSA

Redistribute external routes

Cisco Proprietary

Yes; as T3 LSA

Yes; as T3 LSA No, unless ‘(config-router)#area A_ID nssa default-information-originate’

Yes; as T3 LSA

Yes Yes Yes Yes

(config-router)#area A_ID stub’On each router

‘(config-router)#area A_ID stub no-summary’On ABR and ‘(config-router)#area A_ID stub’On other routers

‘(config-router)#area A_ID nssa’On each router

‘(config-router)#area A_ID nssa no-summary’On ABR and‘(config-router)#area A_ID nssa’On other routers

(config-router)#area A_ID default-cost COST

(config-router)#area A_ID default-cost COST

(config-router)#area A_ID default-cost COST

(config-router)#area A_ID default-cost COST

No Yes (except default route)

No Yes (except default route)

No Yes No Yes

Yes Yes Yes Yes

Yes Yes No No

No No Yes Yes

No Yes No Yes

About default route generated:- Stub and totally stubby areas automatically generates a summary LSA (3) with LSID

0.0.0.0 and network 0.0.0.0 even if no default route is configured. Of course, you need to have ‘area A_ID stub [no-summary]’ command set

- For NSSA, you can manually configure a default route or manually force the area to automatically generate a default route by ‘area A_ID nssa default-information originate’

- For totally NSSA, a default route will be automatically generated and advertised.

‘default-information {in | out} {ACL_NO | NAME}’ command control EIGRP’s default candidate advertisement. ‘default-information originate’ allow/stop BGP from advertising its default route. ‘default-information originate [route-map NAME]’ command control how and what default routes to advertise in RIP, IS-IS. ‘default-information originate [always] [metric VAL] [metric-type TYPE] [route-map NAME]’ command advertises a Type 5 LSA with LSID 0.0.0.0 and network 0.0.0.0, making this router an ASBR. By default, OSPF router don’t advertise default routes throughout the domain, they keep it to themselves.

Page 28: CCNP Route · CCNP ROUTE EIGRP 4 CCNA Recap 4 RTP 4 Timers 5 EIGRP authentication 5 Neighbor discovery 6 Neighbor table 7 Topology table 8 EIGRP and Frame Relay + other topics 8 Changing

Type 7 LSA act as a Type 5 LSA and is specially designed to work with stubby area. NSSA and totally NSSA DO reject Type 5 LSA, but ABRs accept Type 7 LSA as an alternative (and advertise them as Type 5 LSA to the internal routers).

Here are some show commands to verify the result.• show ip ospf– Confirms with one (highlighted) line that the router believes that the area is a stub area.• show ip ospf database summary 0.0.0.0– By definition, this command lists all summary (Type 3) LSAs with prefix 0.0.0.0.• show ip ospf database database-summary– This command lists statistics about the numbers of and types of LSAs in the database.

OSPF virtual link

Good OSPF design requires:- Each area to be contiguous- The transit area can’t be stub- Each non-backbone area should connect to backbone area through ABR- There must be only one backbone area

Virtual link allows 2 ABRs that connect to the same non-backbone area to from a neighbor relationship even though it may not be physically close.

This typically happens when there are 2 areas (with same area ID, which is often area 0) connecting to the same area. To prevent an A_ID collision, virtual link is configured on both ABRs connecting the 2 same-area-ID area; thus, making the 2 areas appear as one. The ABRs also consider themselves as linked in a PtP fashion. Another, simpler solution, is to just change the area-ID.

When the ABRs forward data to each other, they are encapsulated in an IP packet with destination address of the other ABR (unicast), and the routers in the shared area would forward them as normal. LSAs forwarded over the virtual link usually has the ‘Do Not Age’, or DNA bit set. This means if no changes occur, the 30-minutes reflood of LSA do not occur. However, if there is a topology change, the new LSA will be forwarded. Hellos are also not send. If all the routes from the shared, or transit area to one of the duplicated area fails, the virtual link immediately fails.

Configure virtual link, use ‘(config-router)#area A_ID virtual-link R_RID’. R_RID refers to the RID of the other ABR. A_ID is the area ID of the shared area.

As neighborship continues, the 2 ABR will eventually reach FULL state. Check with ‘show ip ospf virtual-link’ command, and the neighborship should appear in ‘show ip ospf neighbor’. The PtP neighborship of OSPF will be connected at ‘VL0’ virtual interface.

Type No. Command Syntax for Virtual Links

none 0 area num virtual-link router-id authentication null

clear text 1 area num virtual-link router-id authentication authentication-key key-value

Page 29: CCNP Route · CCNP ROUTE EIGRP 4 CCNA Recap 4 RTP 4 Timers 5 EIGRP authentication 5 Neighbor discovery 6 Neighbor table 7 Topology table 8 EIGRP and Frame Relay + other topics 8 Changing

MD5 2 area num authentication message-digestArea NUM virtual link RID message-digest-key key-num md5 key-value

OSPF neighborship in WAN

Most of the process is the same as in LAN, but due to the different service and topology in WAN, part of route selection process differs.

OSPF network type differ on each interface (depends on what topology it’s involved into), you need to consider the following:- whether the link allows router to multicast Hellos?- Whether 2 or more OSPF routers can exist in the same link?- Whether router should attempt to elect OSPF DR on that interface?

OSPF network type is set by ‘(config-if)#ip ospf network’ followed by:Parameters Use DR/

BDR?Hello Dynamic neighbor

discovery>= 2 routers?

Cisco prop.

Media type

Broadcast (LAN) Yes 10 Yes Yes Yes Ethernet, FDDI, Token Ring

Point-to-point No 10 Yes No Yes Frame relay and ATM PtP, HDLC, PPP

Loopback No — — No

Nonbroadcast (NBMA) Yes 30 No Yes No Frame relay, ATM, x.25, SMDS

Point-to-multipoint No 30 Yes Yes No

Point-to-multipoint nonbroadcast

No 30 No Yes Yes

‘show ip ospf interface’. Serial link doesn’t elect DR/BDR cuz it’s PtP PtP network type uses multicast to send information Loopback interface is treated as a stub host and always advertised with cost of 1. If the network type is ‘loopback’, the route is always advertised as /32 route. If network type is ‘point-to-point’, the address is advertised whatever its CIDR is.

When using MPLS VPN, customer router (CE) connect using serial link, Frame Relay, or Ethernet to PE. CE will ONLY form an OSPF neighborship with PE.

When using Metro Ethernet, router will direct VPWS (PtP) or VPLS (multipoint) traffic from sub-interfaces of Ethernet into the network by VLAN trunking. In this WAN, routers do not form OSPF neighborship with routers (from ISP) connect to them, ONLY the ends of the network.

OSPF and Frame Relay

There are many network types used in Frame Relay, here is a brief summary:ip ospf network DR/

BDR‘neighbor’ command

Broadcast/multicast

Default Hello

Cisco Proprietary

Best Topology

broadcast Manual No Yes 10 Yes Full mesh

nonbroadcast Manual Yes No 30 No Full mesh

Point-to-point No No Yes 10 Yes Point-to-point

Page 30: CCNP Route · CCNP ROUTE EIGRP 4 CCNA Recap 4 RTP 4 Timers 5 EIGRP authentication 5 Neighbor discovery 6 Neighbor table 7 Topology table 8 EIGRP and Frame Relay + other topics 8 Changing

point-to-multipoint No Yes Yes 30 No Any

point-to-multipoint nonbroadcast

No Yes No 30 Yes Any

Some engineers choose to use a network type that elect DR and BDR. However, for this design to work, 1) a PVC MUST exist between DR and every other router in the subnet, and 2) a PVC MUST exist between BDR and every other router in the subnet. If the above requires can’t be met, it’s best that you don’t use this network type at all.

Point-to-point occur between 2 routers only.

Broadcast is multiaccess, which means multiple end points and a central point (maybe a switch). Broadcast and multicast messages are supported on this type of topology, and DR and BDR will be elected. Work best with full mesh, if design is not full mesh, DR need to be elected manually. This is the default network type on Ethernet interfaces.

Non-broadcast: same physical topology as broadcast, but don’t support broadcast or multicast messages. Must send unicast (include Hello) and must know other’s IP address (require ‘neighbor’ command). Include NBMA and point-to-multipoint- NBMA: Work best with full mesh, DR and BDR are elected manually if design isn’t full

mesh. ‘neighbor’ command can’t use ‘cost’ parameter- Point-to-multipoint: all router address are in the same subnet; don’t need DR and BDR.

Work best with partial mesh; MUST specify neighbor with ‘neighbor’ command.

With point-to-multipoint, the router considers the dynamically discovered neighbors to be reachable with a cost equal to the cost of the associated multipoint subinterface, so the cost cannot be set per neighbor. Can use ‘neighbor’ command to set the neighbor.

‘(config-if)#neighbor IP_ADD [priority VAL][poll-interval SEC][cost MET]’ command, where this router continues to send Hellos to inactive neighbor (for certain situation) at a reduced rate; default is 120 seconds. Priority can also be set with ‘ip ospf priority’ command.

Note that having different network type will cause problems that are very difficult to predict, and there is no mechanism from preventing you to set different network type, so ALWAYS configure the same network type.

A sub-interface can be point-to-point or multipoint. Point-to-point sub-interface, by default, use point-to-point network type.

A simple configuration would include IP address for a subnet in a single sub-interface. But configuring a single IP address for each router in the entire router subnet saves IP address and number of subnets.

Multipoint can support any network type except point-to-point, and by default, uses NBMA network type (both multipoint and serial interface). This sub-interface allow neighbor to dynamically recognize each other.

If router A and B are in a Frame Relay partial mesh network, but are not directly connected to each other. When A wants to send packets to B, its IP header will include a

Page 31: CCNP Route · CCNP ROUTE EIGRP 4 CCNA Recap 4 RTP 4 Timers 5 EIGRP authentication 5 Neighbor discovery 6 Neighbor table 7 Topology table 8 EIGRP and Frame Relay + other topics 8 Changing

destination IP address (of B), and a DLCI (of another router, router C, that has both PVC to A and B). When C receives the packet, it will forward it to B. This is done by placing a static map command of B’s IP address and C’s DLCI, so all traffic for B will go to C. Vice versa also need to be configured for the opposite traffic. This way, ping will work and so will other traffic.

In serial interfaces, a broken link between R1 and R2 cause R1 not be abled to ping the IP address on both interfaces because the ping needs to leave the link. You can verify this with the round-trip time to ping (from R1) to R2 and R1's own interface.

Page 32: CCNP Route · CCNP ROUTE EIGRP 4 CCNA Recap 4 RTP 4 Timers 5 EIGRP authentication 5 Neighbor discovery 6 Neighbor table 7 Topology table 8 EIGRP and Frame Relay + other topics 8 Changing

Integrated IS-IS

A router is known as intermediate system (IS) and end devices are known as end-system (ES); so IS-IS really just mean router to router routing protocol. IS-IS is specified to route CLNS; which provides connectionless network service like UDP. OSI network layer protocol is CLNP (also known as ISO-IP) and used for CLNS. IS-IS start as a OSI routing protocol, it uses a CLNS address as RID for management purpose. IS-IS also uses CLNS addressing called NSAP.

Integrated IS-IS can operate in both ISO and IP environment IS-IS uses a single DR and different timers. When using frame relay static maps, use ‘(config-if)#frame-relay map clns DLCI’ command. In order for frame relay to operate correctly with IS-IS, you can use one of 3 methods:- Subinterfaces- GRE tunnels, not scalable and require much configuration- Full mesh frame relay, not scalable.

OSI support 4 routing levels, meaning that router can be either one of them:- 0: find end-system and ES-to-IS- 1: exchange routes within an area- 2: exchange routes between areas- 3: between autonomous system and is the province of interdomain routing protocol (IDRP)

All devices of the same level have the same LSDB. Devices exist in more than one level must maintain LSDB for each level. Link State Packets (LSPs) are used to exchange information and form LSDB. Routers only maintain level-n information that is common to both routers.

For adjacency to form, these fields from Hello packet must match:- MTU- Support same routing level- Unique system ID- Matching authentication- Same Hello and Hole timers- When connecting to another area, one router must be able to support both levels.

IS-IS support 2 network types, broadcast and point-to-point. In point-to-point relationship, after adjacency is established, CSNP is send, which is a list of all the links held in the LSDB. Hold = Hello * 3 In broadcast relationship, DIS is elected, and Hello between DIS and non-DIS take place every 3.3 seconds. If a router fail to receive Hello from DIS, it’s forced to resign even though it can contact other routers. Non-broadcast relationships are recommended to be set as a series of point-to-point.

DIS is elected based on Layer 2 addressing, the lowest wins. Priority is also included in the criteria, change with ‘(config-if)#isis priority’ command.

IS-IS metric There are 4 type of metrics used in IS-IS:- Default, or Cost metric, must be supported by all routers. Inversely proportional to

bandwidth, lower metric, more preferable.- Delay metric is optional, and measures the time data travel from one point to another.

Page 33: CCNP Route · CCNP ROUTE EIGRP 4 CCNA Recap 4 RTP 4 Timers 5 EIGRP authentication 5 Neighbor discovery 6 Neighbor table 7 Topology table 8 EIGRP and Frame Relay + other topics 8 Changing

- Expense metric is also optional- Error metric measure residual error probability of a link; optional.Note: these values are carried by TLV 2, 3, 5, 128, and 130.

By default, all interface metric are 10 since old style allow on 6 bits to carry the metric, wide-style metric is better in serving the purpose of determining the best path.

Short spanning tree, SPT When SPF starts to run, all routers are classified as one of 3 sets:- Unknown: all routers except the root- Tentative: as SPF continues, all routers start move to this set beginning with ones directly

connected to the root- Paths: moves to this set from tentative beginning with routers directly connected to root.

IS-IS PDU

IS-IS PDU is encapsulated directly in a frame. The fixed header is 8 bytes long, but can be followed by a list of optional fields called TLV. They use the same header:

IRPD: specify L3 protocol [8 bits]IRPD: specify L3 protocol [8 bits] Packet Length: in bytes [8 bits]Version/Protocol ID Extension: = 1 [8 bits]Version/Protocol ID Extension: = 1 [8 bits] ID Length: of NSAP address [8 bits]

Reserved PDU Type [4 bits] Version: 1 [8 bits]ReservedReserved Maximum Area Addresses: 1 - 254 [8 bits]

Additional Header FieldsAdditional Header FieldsAdditional Header FieldsTLV FieldsTLV FieldsTLV Fields

ID Length = 0 (6 bytes) ID Length = 255 (no NSAP add) ID Length = 1-8 (actual len)

Hello, LSP and SNP IS-IS uses 3 types of packets:- Hello PDU form adjacency, there are 3 types of Hellos, LAN Level 1 Hello, LAN Level 2

Hello, and Point-to-Point Hello PDU.1) End system hellos (ESH) to attach ES to routers; attach the local subnet2) IS hellos (ISH) for routers to announce themselves back to ES3) Intermediate-to-intermediate hellos (IIH) is used between routers at level 1 and 2. There

are 2 types of IIH due to different network types. There are point-to-point hello (Level 1 IIH) for PtP link and LAN hello (Level 2 IIH) over broadcast links.

Hellos are send out using L2 multicast, Level 1 LAN are send to multicast 0100.C200.0014, while Level-2 Hello are send to 0180.C200.0015. IS-IS also have 0900.2B00.0005 to reach all IS and 0900.2B00.0004 to reach all ES.

This is the same format for L1 and L2 Hello PDUIRPDIRPDIRPDIRPDIRPD Packet Length

Version / Protocol ID ExtensionVersion / Protocol ID ExtensionVersion / Protocol ID ExtensionVersion / Protocol ID ExtensionVersion / Protocol ID Extension ID LengthR R R PDU TypePDU Type Version

ReservedReservedReservedReservedReserved Maximum Area AddressesReserved (6 bits)Reserved (6 bits)Reserved (6 bits)Reserved (6 bits) Circuit Type: use 2 bits; 0x01=L1; 0x02=L2; 0x03=L1/L2Circuit Type: use 2 bits; 0x01=L1; 0x02=L2; 0x03=L1/L2

Source ID: system ID of sender (6 bytes)Source ID: system ID of sender (6 bytes)Source ID: system ID of sender (6 bytes)Source ID: system ID of sender (6 bytes)Source ID: system ID of sender (6 bytes)Source ID: system ID of sender (6 bytes)Holding Time (2 bytes)Holding Time (2 bytes)Holding Time (2 bytes)Holding Time (2 bytes)Holding Time (2 bytes)Holding Time (2 bytes)

PDU Length: in bytes = 0x1492 (2 bytes)PDU Length: in bytes = 0x1492 (2 bytes)PDU Length: in bytes = 0x1492 (2 bytes)PDU Length: in bytes = 0x1492 (2 bytes)PDU Length: in bytes = 0x1492 (2 bytes)PDU Length: in bytes = 0x1492 (2 bytes)Priority: use for DIS election on broadcast/NBMA segment. First bit = 0, priority default:

64, range: 1 - 127. Election is preemptive, form N * (N - 1) adjacency (1 byte)Priority: use for DIS election on broadcast/NBMA segment. First bit = 0, priority default:

64, range: 1 - 127. Election is preemptive, form N * (N - 1) adjacency (1 byte)Priority: use for DIS election on broadcast/NBMA segment. First bit = 0, priority default:

64, range: 1 - 127. Election is preemptive, form N * (N - 1) adjacency (1 byte)Priority: use for DIS election on broadcast/NBMA segment. First bit = 0, priority default:

64, range: 1 - 127. Election is preemptive, form N * (N - 1) adjacency (1 byte)Priority: use for DIS election on broadcast/NBMA segment. First bit = 0, priority default:

64, range: 1 - 127. Election is preemptive, form N * (N - 1) adjacency (1 byte)Priority: use for DIS election on broadcast/NBMA segment. First bit = 0, priority default:

64, range: 1 - 127. Election is preemptive, form N * (N - 1) adjacency (1 byte)LAN ID: system ID + circuit ID of current DIS (7 bytes)LAN ID: system ID + circuit ID of current DIS (7 bytes)LAN ID: system ID + circuit ID of current DIS (7 bytes)LAN ID: system ID + circuit ID of current DIS (7 bytes)LAN ID: system ID + circuit ID of current DIS (7 bytes)LAN ID: system ID + circuit ID of current DIS (7 bytes)

TLV Fields (variable)TLV Fields (variable)TLV Fields (variable)TLV Fields (variable)TLV Fields (variable)TLV Fields (variable)

Page 34: CCNP Route · CCNP ROUTE EIGRP 4 CCNA Recap 4 RTP 4 Timers 5 EIGRP authentication 5 Neighbor discovery 6 Neighbor table 7 Topology table 8 EIGRP and Frame Relay + other topics 8 Changing

PtP Hello PDU is used on WAN links regardless of Level typeIRPDIRPDIRPDIRPDIRPD Packet Length

Version / Protocol ID ExtensionVersion / Protocol ID ExtensionVersion / Protocol ID ExtensionVersion / Protocol ID ExtensionVersion / Protocol ID Extension ID LengthR R R PDU TypePDU Type Version

ReservedReservedReservedReservedReserved Maximum Area AddressesReserved (6 bits)Reserved (6 bits)Reserved (6 bits)Reserved (6 bits) Circuit Type (2 bits)Circuit Type (2 bits)

Source ID (6 bytes)Source ID (6 bytes)Source ID (6 bytes)Source ID (6 bytes)Source ID (6 bytes)Source ID (6 bytes)Holding Time (2 bytes)Holding Time (2 bytes)Holding Time (2 bytes)Holding Time (2 bytes)Holding Time (2 bytes)Holding Time (2 bytes)PDU Length (2 bytes)PDU Length (2 bytes)PDU Length (2 bytes)PDU Length (2 bytes)PDU Length (2 bytes)PDU Length (2 bytes)

Local Circuit ID: identify a link (1 byte)Local Circuit ID: identify a link (1 byte)Local Circuit ID: identify a link (1 byte)Local Circuit ID: identify a link (1 byte)Local Circuit ID: identify a link (1 byte)Local Circuit ID: identify a link (1 byte)TLV Fields (variable)TLV Fields (variable)TLV Fields (variable)TLV Fields (variable)TLV Fields (variable)TLV Fields (variable)

- Link state PDU is used to distribute routing information; it has the same format for Level 1 PDU and Level 2 PDU and list their adjacencies; TLV hold the level 1 and 2 information. Different TLV can be designed to carry different information, frames with un-supported TLV are ignored.

IRPDIRPDIRPDIRPD Packet LengthVersion / Protocol ID ExtensionVersion / Protocol ID ExtensionVersion / Protocol ID ExtensionVersion / Protocol ID Extension ID Length

R R R PDU Type VersionReservedReservedReservedReserved Maximum Area Addresses

PDU Length (2 bytes)PDU Length (2 bytes)PDU Length (2 bytes)PDU Length (2 bytes)PDU Length (2 bytes)Remaining Time: specified in seconds (2 bytes)Remaining Time: specified in seconds (2 bytes)Remaining Time: specified in seconds (2 bytes)Remaining Time: specified in seconds (2 bytes)Remaining Time: specified in seconds (2 bytes)

LSP ID: combination of system ID, circuit ID, and LSP number; identify PDU (8 bytes)LSP ID: combination of system ID, circuit ID, and LSP number; identify PDU (8 bytes)LSP ID: combination of system ID, circuit ID, and LSP number; identify PDU (8 bytes)LSP ID: combination of system ID, circuit ID, and LSP number; identify PDU (8 bytes)LSP ID: combination of system ID, circuit ID, and LSP number; identify PDU (8 bytes)Sequence Number: like revision for VTP (4 bytes)Sequence Number: like revision for VTP (4 bytes)Sequence Number: like revision for VTP (4 bytes)Sequence Number: like revision for VTP (4 bytes)Sequence Number: like revision for VTP (4 bytes)

Checksum (2 bytes)Checksum (2 bytes)Checksum (2 bytes)Checksum (2 bytes)Checksum (2 bytes)Attributes: bit 1-2=0x01 (L1) or 0x03 (L2 or L1/L2); bit 3=whether to use this LSP; bit

4-7=router is attached to another area; bit 8=not supported on Cisco IOS (1 byte)Attributes: bit 1-2=0x01 (L1) or 0x03 (L2 or L1/L2); bit 3=whether to use this LSP; bit

4-7=router is attached to another area; bit 8=not supported on Cisco IOS (1 byte)Attributes: bit 1-2=0x01 (L1) or 0x03 (L2 or L1/L2); bit 3=whether to use this LSP; bit

4-7=router is attached to another area; bit 8=not supported on Cisco IOS (1 byte)Attributes: bit 1-2=0x01 (L1) or 0x03 (L2 or L1/L2); bit 3=whether to use this LSP; bit

4-7=router is attached to another area; bit 8=not supported on Cisco IOS (1 byte)Attributes: bit 1-2=0x01 (L1) or 0x03 (L2 or L1/L2); bit 3=whether to use this LSP; bit

4-7=router is attached to another area; bit 8=not supported on Cisco IOS (1 byte)

- Sequence number PDU control distribution of LSP and what LSDB to form. Specific for each level, SNP can be complete or partial, which is CSNP (contain complete listing of LSP in LSDB; advertised to form adjacency) or PSNP. SNP are never flooded; they are send between neighbors. Unrecognized LSP are passed down rather than discarded.

CSNP formatIRPDIRPDIRPDIRPD Packet Length

Version / Protocol ID ExtensionVersion / Protocol ID ExtensionVersion / Protocol ID ExtensionVersion / Protocol ID Extension ID LengthR R R PDU Type Version

ReservedReservedReservedReserved Maximum Area AddressesLength (2 bytes)Length (2 bytes)Length (2 bytes)Length (2 bytes)Length (2 bytes)

LAN ID: system ID + circuit ID of current DIS (7 bytes)LAN ID: system ID + circuit ID of current DIS (7 bytes)LAN ID: system ID + circuit ID of current DIS (7 bytes)LAN ID: system ID + circuit ID of current DIS (7 bytes)LAN ID: system ID + circuit ID of current DIS (7 bytes)Start LSP ID: = 0 to indicate the first LSP (8 bytes)Start LSP ID: = 0 to indicate the first LSP (8 bytes)Start LSP ID: = 0 to indicate the first LSP (8 bytes)Start LSP ID: = 0 to indicate the first LSP (8 bytes)Start LSP ID: = 0 to indicate the first LSP (8 bytes)

End LSP ID: = 0xFFFF.... To indicate the last LSP possible (8 bytes)End LSP ID: = 0xFFFF.... To indicate the last LSP possible (8 bytes)End LSP ID: = 0xFFFF.... To indicate the last LSP possible (8 bytes)End LSP ID: = 0xFFFF.... To indicate the last LSP possible (8 bytes)End LSP ID: = 0xFFFF.... To indicate the last LSP possible (8 bytes)TLVs (variable)TLVs (variable)TLVs (variable)TLVs (variable)TLVs (variable)

PSNP formatIRPDIRPDIRPDIRPD Packet Length

Version / Protocol ID ExtensionVersion / Protocol ID ExtensionVersion / Protocol ID ExtensionVersion / Protocol ID Extension ID LengthR R R PDU Type Version

ReservedReservedReservedReserved Maximum Area AddressesLength (2 bytes)Length (2 bytes)Length (2 bytes)Length (2 bytes)Length (2 bytes)

Source ID (7 bytes)Source ID (7 bytes)Source ID (7 bytes)Source ID (7 bytes)Source ID (7 bytes)TLVs (variable)TLVs (variable)TLVs (variable)TLVs (variable)TLVs (variable)

Page 35: CCNP Route · CCNP ROUTE EIGRP 4 CCNA Recap 4 RTP 4 Timers 5 EIGRP authentication 5 Neighbor discovery 6 Neighbor table 7 Topology table 8 EIGRP and Frame Relay + other topics 8 Changing

TLVHere are the different types of TLVs used.

Packet Type PDU Type TLV Type TLV NameLAN Level-1 Hello

Packet

15 1 Area AddressLAN Level-1 Hello Packet

6 IS Neighbors (Hellos)LAN Level-1 Hello

Packet

8 Padding

LAN Level-1 Hello Packet

10 Authentication Information

LAN Level-1 Hello Packet

129 Protocols Supported

LAN Level-1 Hello Packet

132 IP Interface Address

LAN Level-2 Hello

Packet

16 1 Area AddressLAN Level-2 Hello Packet

6 IS Neighbors (Hellos)LAN Level-2 Hello

Packet

8 Padding

LAN Level-2 Hello Packet

10 Authentication Information

LAN Level-2 Hello Packet

129 Protocols Supported

LAN Level-2 Hello Packet

132 IP Interface Address

Point-to-Point Hello

Packet

17 1 Area AddressPoint-to-Point Hello Packet

8 PaddingPoint-to-Point Hello

Packet

10 Authentication Information

Point-to-Point Hello Packet

129 Protocols Supported

Point-to-Point Hello Packet

132 IP Interface Address

Level-1 Link State

Packet

18 1 Area AddressLevel-1 Link State Packet

2 IS Neighbors (LSP)Level-1 Link State

Packet

3 ES Neighbors

Level-1 Link State Packet

6 IS Neighbors (Hellos)

Level-1 Link State Packet

10 Authentication Information

Level-1 Link State Packet

128 IP Internal Reachability Information

Level-1 Link State Packet

129 Protocols Supported

Level-1 Link State Packet

132 IP Interface Address

Level-2 Link State

Packet

20 1 Area AddressLevel-2 Link State Packet

2 IS Neighbors (LSP)Level-2 Link State

Packet

4 Partition - DIS

Level-2 Link State Packet

5 Prefix Neighbors

Level-2 Link State Packet

10 Authentication Information

Level-2 Link State Packet

128 IP Internal Reachability Information

Level-2 Link State Packet

129 Protocols Supported

Level-2 Link State Packet

130 IP External Reachability Information

Level-2 Link State Packet

131 IDRP Information

Level-2 Link State Packet

132 IP Interface Address

Level-1 Complete SNP

24 9 LSP EntriesLevel-1 Complete SNP

10 Authentication Information

Level-2 Complete

SNP

25 9 LSP EntriesLevel-2 Complete SNP

10 Authentication Information

Page 36: CCNP Route · CCNP ROUTE EIGRP 4 CCNA Recap 4 RTP 4 Timers 5 EIGRP authentication 5 Neighbor discovery 6 Neighbor table 7 Topology table 8 EIGRP and Frame Relay + other topics 8 Changing

Level-1 Partial SNP

26 9 LSP EntriesLevel-1 Partial SNP

10 Authentication Information

Level-2 Partial SNP

27 9 LSP EntriesLevel-2 Partial SNP 10 Authentication Information

IS-IS addressing

IS-IS addressing is known as NSAP or NET. The address range from 8 to 20 bytes, you can configure a maximum of 3 NETs on a router (same area ID). A NET consist of 3 parts:- Area: equivalent of IPv4 network bits. Multiple area ID means multiple area, but not

multiple level. Composed of AFI (47 for British, 39 for ANSI, 49 for private addressing), IDI and DSP. Area ID must be at least one byte long.

- System ID: equivalent of IPv4 host bits; remain same. Unique on all routers, formed from MAC address.

- N-SEL (selector): equivalent of TCP/UDP port on a host; always = 00 for IOS.

IS-IS address comes in one of three formats:- 8-octet area IS: area + system ID + SEL- OSI NSAP format: domain + area + system ID + SEL- GOSIP NSAP: AFI + ICD + DFI + AAI + Reserved + RDI + area + system ID + SEL

Configuration

Enable IS-IS with ‘(config)#router isis TAG’, where TAG can be used to identify an area, like ASN for EIGRP. By default, every router is in Level 1. Assign NET with ‘(config-router)#net NET_ADD’ using AFI(2 digit).AREA_ID(4 digit).ADD(4 digit).ADD(4 digit).ADD(4 digit).00 format. ‘(config-if)#ip router isis TAG’ on every interface you would like to advertise. ‘(config-if)#isis metric VAL’ to manually configure the metric on each interface. To switch the metric to wide style, use ‘(config-router)#metric-style wide’, using ‘transition’ instead of ‘wide’ allow both metric style.

Verify with ‘show clns neighbor’, ‘show isis database’, ‘show clns interface’.

To configure an area to route only Level 1,- Add a tag to the routing process- Use (config-router)#is-type level-1- Use ‘(config-if)#isis circuit-type level-1 for all advertised interfaces

To configure an area to route only Level 2,- Use ‘(config-router)#is-type level-2- (config-if)#isis circuit-type level-2

To create a manual summarization, use ‘(config-router)#summary-address IP_ADD SUB_MASK {level-1 | level-2 | level-1-2}’. Don’t need ‘redistribute static ip’. Summary (not default) route display with ‘show ip protocols’.

A default route in IS-IS is created by ‘(config)#ip route 0.0.0.0 0.0.0.0 null0’ + ‘(config-router)#default-information originate [route-map NAME]’ will advertise a default route with metric = 0. ‘redistribute static ip’ doesn’t advertise 0.0.0.0 static route, but every other static route.

Page 37: CCNP Route · CCNP ROUTE EIGRP 4 CCNA Recap 4 RTP 4 Timers 5 EIGRP authentication 5 Neighbor discovery 6 Neighbor table 7 Topology table 8 EIGRP and Frame Relay + other topics 8 Changing

To enable authentication for IS-IS, there are plain-text and MD5 encrypted.Plain text:- Per-interface ‘(config-if)#isis password PASS {level-1 | level-2}- For all Level 1 LSP, CSNP, and PSNP ‘(config-router)#area-password PASS authenticate snp

{validate | receive-only}’- For all level 2 LSP, CSNP, and PSNP ‘(config-router)#domain-password PASS authenticate

snp {validate | receive-only}’

Key chain: ‘key chain NAME’ -> ‘(config-router)#authentication mode {text | md5} [level-1 | level-2] -> ‘(config-router)#authentication key-chain NAME’.

For IS-IS to correctly advertise routes, you need ‘router isis’ + ‘redistribute connected’. No message for successful authentication or adjacency.

Page 38: CCNP Route · CCNP ROUTE EIGRP 4 CCNA Recap 4 RTP 4 Timers 5 EIGRP authentication 5 Neighbor discovery 6 Neighbor table 7 Topology table 8 EIGRP and Frame Relay + other topics 8 Changing

Route redistribution

Route redistribution is often needed when a network running 2 different routing protocols (maybe even the same routing protocol, but different AS) need to exchange routes. Redistribution can even be useful for a merged network using the same routed protocol.

When a static route is used as redistribution rather than an IGP, it’s recommended that you either 1) specify the exit interface directly (for point-or-point link), or 2) specify both the exit interface and the next-hop address (for broadcast link). This is used to prevent recursive lookup, which occur because only the next hop address exist. The routing table is checked twice: 1) when a packet enters the router and router looks up the entry, and 2) router checks the next-hop address.

To be able to redistribute,- use at least one working physical link with each routing domain.- A working routing protocol for each routing domain.- Additional configuration that tell the routing protocol to take the routes learned by another

source of routing information and to then advertise those routes.

When performing redistribution, the router (re-distributing) take routes from the IP routing table and pass those routes to a routing protocol for redistribution. Routing protocols treat the foreign routes as external routes, and since different protocols have different methods of calculating metric, there will be different metric calculation.

At the point of redistribution, the receiving process start with a seed metric, which is usually assigned manually. Here are some seed metric for routing protocols.Source/Destination RIP EIGRP OSPF ISIS BGP (MED)

Connected 1 Interface metric 20 (E2) 0 0

Static 1 Interface Metric 20 (E2) 0 0

RIP Infinite 20 (E2) 0 IGP metric

EIGRP Infinite 20 (E2) 0 IGP metric

OSPF Infinite Infinite 0 IGP metric

ISIS Infinite Infinite 20 (E2) IGP metric

BGP Infinite Infinite 1 (E2) 0

When more than one route exist for a particular destination network, the better route is judged per AD. Routers can only redistribute routes they know (static or dynamic). When a route is redistributed, it gets the default AD of the new routing protocol.

Route feedback refers to loop created by multiple redistribution router, solutions include: - Change the metric, - Change AD, - Use default route, - User passive interface with static route, - Use distribute list

Networks converge at the speed of the slower protocol.

If there are one ‘match’ command, the criteria can match to any condition to be true, this is logical OR. If there are multiple statements, all must be considered true for the route map statement to be matched, this is logical AND.

Page 39: CCNP Route · CCNP ROUTE EIGRP 4 CCNA Recap 4 RTP 4 Timers 5 EIGRP authentication 5 Neighbor discovery 6 Neighbor table 7 Topology table 8 EIGRP and Frame Relay + other topics 8 Changing

EIGRP Redistribution

This is the complete configuration of EIGRP redistribute command, used in EIGRP router configuration mode:‘(config-router)#redistribute eigrp ASN [metric BW DELAY REL LOAD MTU] [tag VALUE] [route-map NAME]’, where tag refers to a number that identifies a route. It can be further manipulated with route maps.

For redistribution to work, the redistributing router MUST set the metric factor (from which the metric is calculated) for those external routes using one of 3 methods:Function Command

Setting the default for all redistribute commands (config-router)#default-metric bw delay reliability load mtu

Setting the component metrics applied to all routes redistributed by a single redistribute command

(config-router)#redistribute PRO [P_ID | ASN] [metric BW DEL REL LOAD MTU

Setting different component metrics to different routes from a single route source

Use the route-map parameter use a specified route map to set the metric.

Note that if you are redistributing from another EIGRP process, EIGRP will (already) have a default metric; thus, no need for the above method. To redistribute between IGRP and EIGRP, simply configure them to use the same ASN. Note: delay is again 10 times smaller than delay in ‘show’ command.

When ‘redistribute’ command refers to another IGP as the routing source, the router will redistribute (these routes will show ‘via Redistributed’ exit interface):- All routes in the routing table learned by that routing protocol- All connected routes of interfaces on which that routing protocol is enabledNote: redistributing router will become the next-hop router for packets to the other domain.Note: EIGRP external routes has AD of 170.

OSPF Redistribution

- OSPF redistribution uses default metric, thus, no need to configure using commands- OSPF create LSA for external route- Redistributed routes are flagged as external.- The command for redistribution (in OSPF router configuration mode) is:(config-router)#redistribute ospf P_ID [metric VALUE] [metric-type {1 | 2}] [match {internal | nssa-internal | external 1 | external 2}] [tag VALUE] [route-map NAME] [subnets]Metric Defines cost metric assigned to routes redistributed by this command, unless overriden

by a referenced route map

Metric-type Defines external metric type, type 1 or 2

match If redistributing from OSPF, this keyword lets you match internal OSPF routes, external (by type), and NSSA external routes, essentially filtering which routes are redistributed.

subnets Redistribute subnets of classless networks

When redistribute OSPF from:- Another OSPF AD, use the route’s metric- A subnet, only the classful network is considered unless ‘subnets’ is added- Any source, Type 5 LSA is created for each external route. If in a (totally) NSSA area, Type

7 LSA is created instead.

Page 40: CCNP Route · CCNP ROUTE EIGRP 4 CCNA Recap 4 RTP 4 Timers 5 EIGRP authentication 5 Neighbor discovery 6 Neighbor table 7 Topology table 8 EIGRP and Frame Relay + other topics 8 Changing

The same rules that can change EIGRP metric also applies to OSPF.

When Type 5 LSA is created by the ASBR, it’s flooded to the connected area. ABRs in that area will flood the LSA to routers in its area unless it’s a stubby area, which requires default route instead.

OSPF external route can either be type 1 or type 2 (default). These routes calculate metric differently, type 2 external route uses metric stated in the LSA. This means all routes advertised by E2 has the same metric, making all ASBR equal cost. How a router choose its route differ depends on whether it’s in the same area as ASBR.

When ASBR reside in the same area as this router and many routes are available, this router checks the next hop router RID to find the shortest distance route.

When ASBR reside in another area, not as same as this router, route calculation involves another LSA. The total cost = cost to reach ABR + cost from ABR to ASBR (metric listed in Type 4 LSA). Type 4 Summary ASBR LSA is created by ABR when it receives an LSA from ASBR. Type 4 LSA include ABR’s RID, ASBR’s RID and cost to reach ASBR from ABR. Displayed with ‘show ip ospf database asbr-summary’ show ip ospf border-routers, lists a line for every ABR and ASBR known to the local router. It lists whether the router is inside the same area or in another area, the RID of the ABR or ASBR, and this router’s best route to reach each ABR and ASBR.

Another solution is to use E1 route instead of E2 (Type 5 LSA) by ‘metric-type 1’; E1 route metric = internal cost + external cost. For a given IP subnet, OSPF ALWAYS prefer E1 route over E2 route regardless of metric.

Routers may be redistributed into a (totally) NSSA area using Type 7 LSA. The ASBR flood Type 7 LSAs (which continues in this form) that reaches (totally) NSSA area, if the area is not stub, ABR converts it to a Type 5 LSA and forward it.

Redistribute into IS-IS

By default, all redistributed routes have a metric of 0 and imported only to Level 2 LSDB. You can change the behavior with ‘redistribute static ip {level-1 | level-2 | level-1-2 | metric | metric-type | route-map} ‘redistribute static’ only advertise CLNS routes. To use IP, use ‘redistribute static ip’

Redistribution filtering

You can use ‘route-map’ keyword included in the ‘redistribute’ command to choose what route to 1) set a different metric, 2) set a different type, or 3) which to redistribute.

In addition to filter by ACL or prefix-list, route-map can filter based onmatch Command Description

match interface interface-type interface-number [... interface-type interface-number]

Filter by outgoing interface

Page 41: CCNP Route · CCNP ROUTE EIGRP 4 CCNA Recap 4 RTP 4 Timers 5 EIGRP authentication 5 Neighbor discovery 6 Neighbor table 7 Topology table 8 EIGRP and Frame Relay + other topics 8 Changing

[*]match ip address {[access-list-number | access-list-name] | prefix-list prefix-list-name}

Filter by destination IP address

[*]match ip next-hop {access-list-number | access-list-name}

Filter by route’s next-hop address

[*]match ip route-source {access-list-number | access-list-name}

Filter by advertising router’s IP address

match metric metric-value [+- deviation] Filter by route’s metric, or a range (plus/minus the configured deviation)

match route-type {internal | external [type–1 | type–2] | level–1 | level–2}

Filter by route type; level 1 and 2 refers to IS-IS term

match tag tag-value [...tag-value] Filter by route tag, which requires the tag to be set in an earlier command.

Other than filtering routes, a route map can also cause value of items of route to change using the ‘set’ command:set Command Description

set metric metric-value Sets the route’s metric for OSPF, RIP, and IS-IS

set metric bandwidth delay reliability loading mtu Sets the EIGRP route’s metric values

set metric-type {type–1 | type–2} Sets type of route for OSPF

set tag tag-value Sets the unitless tag value in the route

In an ACL, ip host 172.16.1.0 host 255.255.255.0 matches route whose destination subnet is 172.16.1.0, specifically, those address with mask of 255.255.255.0.

You can also use ‘show access-lists’ and ‘show ip prefix-list detail’ followed by prefix-list name. These commands show you the number of matches found.

To set the metric for a route use ‘set metric’ route map subcommand. If you are setting the metric for OSPF or RIP, follow the command by the metric, such as ‘set metric 10’. If you’re setting the metric for EIGRP, follow the command by bandwidth, delay, reliability, load, MTU, such as ‘set metric 100 22 255 1 1500’. To apply the metrics, use ‘redistribute ...... Set-metric’ command. The precedence is 1) set-metric from route map, 2) set-metric from redistribute, 3) default-metric command. Verify using ‘show ip route’ or ‘show ip eigrp topology’

When using ‘match {internal | external 1 | external 2 | nssa-external}’ part of command, you are matching the type of routes to be redistributed.

If you are only filtering redistribution routes (without setting metric and other stuff), you can use ‘distribute-list’ command with direction being ‘out’ (this is a MUST) and the mechanism is either ACL or prefix-list. For instance, ‘distribute-list 1 out ospf 2’ applies ACL 1 to EIGRP (current domain) for routes redistributing from OSPF process number 2. Another example is ‘distribute-list prefix fred out eigrp 1’ applies a prefix-list named fred to EIGRP ASN 1 redistributing into OSPF (current domain).

Note that filtering take place as the route is redistributed to the destination routing protocol that is added to the topology table (if one is present). ‘show ip access-lists’ and

Page 42: CCNP Route · CCNP ROUTE EIGRP 4 CCNA Recap 4 RTP 4 Timers 5 EIGRP authentication 5 Neighbor discovery 6 Neighbor table 7 Topology table 8 EIGRP and Frame Relay + other topics 8 Changing

‘show ip prefix-list detail’ command confirms the successful action while ‘show ip eigrp/ospf topology’ of the destination protocol will not show the route.

Filtering for OSPF will only filter LSA from the RIB, but it still remain in LSDB. Filtering for BGP is preferably done in per-neighbor basis.

Multiple router redistribution

When multiple redistribution routers exist, a subnet can be looped (in advertisement) between the domains because the default metric of the route from the redistribution may be lower than the metric of the internal route. Therefore, the router is tricked into going through the further route and may even cause a loop. Somehow, if EIGRP is present as one of the routing protocols, this situation would not occur.

One method to resolve this problem is purposefully use a (default) metric higher than the highest internal route metric. This way, the router can precede internal routes before redistributed routes.

In OSPF, this problem can also be prevented since it has a (default) higher precedence for E1 routes; meaning for every redistributed routes that has cost of total cost of internal and external route, it has precedence over those redistributed routes that counts only external

cost.

Remember: if there are 2 possible routes to a certain destination, the longer prefix wins. If the prefix is equal, lower AD wins.

Another behavior that prevent domain loop is recognition of redistributed routes. If a route in domain A is redistributed into domain B, the redistribution router will not advertise this route back from B to A because it doesn’t exist in B.

RIP doesn’t have a concept of internal and external routes. In RIP, internal route simple refer to routes exist inside the RIP domain and external routes are ones exist outside RIP domain.

You can manually set the AD of routing protocol to overcome domain loop problem. Redistribution problem between RIP and OSPF can be solved this way:

Protocol Command

RIP distance ad-value

EIGRP distance eigrp internal-ad external-ad

OSPF distance ospf {external ad-value} {intra-area ad-value} {inter-area ad-value}

Route Type AD

Connected 0

Static 1

EIGRP summary route 5

External BGP 20

EIGRP (internal) 90

IGRP 100

OSPF 110

IS-IS 115

RIP 120

On-Demand Routing (ODR) 160

EIGRP (external) 170

Internal BGP 200

Unreachable 255

Page 43: CCNP Route · CCNP ROUTE EIGRP 4 CCNA Recap 4 RTP 4 Timers 5 EIGRP authentication 5 Neighbor discovery 6 Neighbor table 7 Topology table 8 EIGRP and Frame Relay + other topics 8 Changing

When multiple routing domains exist, routers may be confused by the redistributed routes and chose the route with the lowest AD, which may be the longer way around, 3 solutions are present to solve this problem:1. per-route AD setting, the full ‘distance’ command is ‘(config-router)#distance AD

[IP_ADD WILDCARD] [ACL_NAME/ID]’. Whereas routers whose IP address match the range of address in IP_ADD WILDCARD, the specified AD value applies. The route is matched using ACL. Thus, the router that redistribute that route will stop the route from being advertised. This command can’t be used with prefix list.

In OSPF, IP_ADD WILDCARD refers to the RID of the router that advertise this LSA. In RIP and EIGRP, IP_ADD WILDCARD is the interface IP address that advertise this route.

2. Filter routes using prefix-list at the redistribution router also prevent this sort of problem.

3. Route tag is a 32-bit integer that can be used to identify a (set of) routes; it’s an identifier that can be used for many purposed. In redistribution, you can tag (identify) certain routes, and then decide to let them pass or filter them. To set a tag, simply add ‘set tag’ followed by the identifier after a route map clause. This route map can be added in ‘redistribute’ command for it to filter redistributed routes.

Backup interface

An interface can be configure to back up another interface. When configured, this interface stay in standby mode. To use S0/0 as backup for S1/0, configure ‘(config-if)#backup interface s1/0’ on S0/0’s interface configuration mode. ‘(config-if)#backup delay [UP] [DOWN]’ configures the backup interface to come alive when the primary interface has failed for UP seconds. The backup interface will be shut down when the primary interface has come up for DOWN seconds. ‘(config-if)#backup load [EX] [DIS]’ configures the backup interface to share traffic once the load on the primary interface exceed EX% of its bandwidth. Backup interface return to shutdown mode once primary interface’s load drops to DIS% of its bandwidth.

Page 44: CCNP Route · CCNP ROUTE EIGRP 4 CCNA Recap 4 RTP 4 Timers 5 EIGRP authentication 5 Neighbor discovery 6 Neighbor table 7 Topology table 8 EIGRP and Frame Relay + other topics 8 Changing

DHCP

DHCP is transformed from BootP, and uses UDP port 67 (server) and 68 (client).

DHCP works by:1. Client broadcast DHCP DISCOVER message (at FFFF.FFFF.FFFF) asking for IP configuration

information and servers respond with address, mask, gateway, and other information.2. A DHCP server responds with DHCP OFFER contains, an IP address, mask, gateway, lease

time, and possibly option codes.3. Client consider the DHCP OFFER message and pick one. Different system have different

methods of considering DHCP. Client uses a DHCP REQUEST to ask if its previous address is available.

4. Final decision is made to which address is assigned. The server will record this assignment and respond with DHCP ACK.

5. Now, the client will send an ARP request to its new address. This is used to determine if an IP address duplication occurs. If any thing else replies, the process start over. This ARP is known as a gratuitous ARP. 2 pings are also send to that IP address, this can be configured with ‘ip dhcp ping packets’ command.

Other DHCP messages that you may see include:- DHCPNAK sent by the server to DHCP client if the IP address that it requests/uses is no

longer valid. Then, DHCP client has to restart the process.- DHCPPDECLINE is send to the server from DHCP client if it deem DHCP information from

server is invalid. Then the process restart.- DHCPRELEASE is send from the client to DHCP server canceling the rest of its current

lease. This can be done by ‘ipconfig /release’ on Windows- DHCPINFORM is not supported by all vendors. DHCP client already has IP address and this

message is used to obtain other information.

The devices that lie between a DHCP server and DHCP client is called DHCP relay.

When a router is both configured as a DHCP client (Internet-facing interface) and DHCP server (facing hosts), you can use ‘(config)#ip dhcp pool NAME’ + ‘(config-dhcp)#import all’ to import the parameters received from the ISP to your hosts.

Here are some more command:(config)# command Description

service dhcp Enables DHCP server (on by default)

ip dhcp database Configures a database agent

no ip dhcp conflict logging Disables logging of conflicts

ip dhcp excluded-address start-ip end-ip Lists addresses that should be excluded from the pool

domain-name domain Default DNS assignment

Cisco IOS allow router to forward DHCP broadcasts (if the DHCP server is not within that broadcast domain) by using the ‘(config-if)#ip helper-address’ command. This command should be placed on the interface closest to the DHCP client. When set, the router will forward the broadcast as a unicast to specific UDP ports.

There are 8 ports, 37 (NTP), 49 (TACACS), 53 (DNS), 67 and 68 (DHCP), 69 (TFTP), 137 (NetBIOS name), 138 (NetBIOS datagram).

Page 45: CCNP Route · CCNP ROUTE EIGRP 4 CCNA Recap 4 RTP 4 Timers 5 EIGRP authentication 5 Neighbor discovery 6 Neighbor table 7 Topology table 8 EIGRP and Frame Relay + other topics 8 Changing

When ‘ip helper-address’ is set, these types of packets will be recognized and forwarded to the specified IP address. However, you may not have all these feature built into one server, so you may wish to disable certain features. To do so, use ‘(config)#no ip forward-protocol up PORT_NO' command, you can also add another port without the ‘no’ keyword.

DHCP can provide extended functionality depending on the vendor features. For Cisco devices, you have option:- 150: used to carry configuration files from TFTP server (usually a Cisco CallManager or

Unified Communications Server) to IP phones using ‘(dhcp-config)#option 150 ip IP_ADD’.- 60: is vendor class identifier is a text string that uniquely identifies the vendor.- 43: used to provide Cisco LWAP with IP address of WLAN controller.

To troubleshoot DHCP, start by checking L1 connectivity. Then use ‘show ip dhcp database’ -> ‘show dhcp server’ (if this device is a client) -> ‘show ip dhcp server statistics’ -> ‘show ip dhcp binding’ (clear ip dhcp binding) -> ‘debug ip dhcp server events’ -> ‘debug ip dhcp server packets’

Page 46: CCNP Route · CCNP ROUTE EIGRP 4 CCNA Recap 4 RTP 4 Timers 5 EIGRP authentication 5 Neighbor discovery 6 Neighbor table 7 Topology table 8 EIGRP and Frame Relay + other topics 8 Changing

Route policy

Most routers today use Cisco Express Forwarding (CEF) table rather than IP routing table as it’s more efficient in process routing requests.

Policy-based routing(PBR) override a router’s natural destination by establishing its set of rules on how to route the packet after decapsulation and before the packet is looked up by CEF. The routes are chosen based on a route map, on which the rules (for routing) are also established. PBR has 4 advantages:- Source-based transit provider selection: in situation of multiple ISP, PBR allow traffic to be

distributed to specific ISP according to network need- QoS: apply QoS on traffic- Cost saving: by conserving and managing traffic route, money is also saved- Load sharing:

First, you have a route map containing ACL/prefix-list that match a set of routes you want to manipulate. Then, you include these logical lists by ‘match’ commands, which there can be more than one per clause. If there are more than one ‘match statements, all of criteria has to match to be considered for the traffic.

You can further customize the characteristics of these routes using the ‘set’ command.Command Comments

set ip next-hop ip-address[. . . ip-address] Next-hop addresses must be in a connected subnet; forwards to the first address in the list for which the associated interface is up.

set ip default next-hop ip-address[. . . ip-address]

Same logic as previous command, except policy routing first attempts to route based on the routing table.

set interface interface-type interface-number [. . . interface-type interface-number]

Forwards packets using the first interface in the up list.

set default interface interface-type interface-number [. . . interface-type interface-number]

Same logic as previous command, except policy routing first attempts to route based on the routing table.

PBR can be applied to an interface inbound with ‘(config-if)#ip policy route-map NAME’. So you need to place the PBR as close to the source as possible. PBR can be applied globally to router traffic (inbound and outbound) with ‘(config)#ip local policy route-map NAME’.

You can verify the result with ‘show ip policy’ ‘show route-map’ and ‘debug ip policy’

You can add a ‘default’ keyword to the command, this means:“try route as usual but ignore default routes. If normal routing fails, use PBR”. If no ‘default’ keyword is present,“try PBR first, and if it doesn’t work, route as usual”

QoS is the manipulation of packets so that different packets can have different priority, thus, giving priority to those packets that need to pass fast. In the past, QoS can be shaped by PBR; however, new designs often ignore PBR’s marking capability. PBR implement QoS by setting type of service (ToS) byte; in old fashion, the first 3 bits is called IP precedence(IPP) field. Since 1990, the ToS byte was redefined as differentiated services (DS) byte, with the first 6 bits known as differentiated service code print (DSCP).

Page 47: CCNP Route · CCNP ROUTE EIGRP 4 CCNA Recap 4 RTP 4 Timers 5 EIGRP authentication 5 Neighbor discovery 6 Neighbor table 7 Topology table 8 EIGRP and Frame Relay + other topics 8 Changing

PBR support QoS by setting the IPP field with ‘set ip precedence VALUE’ and ‘set ip tos VALUE’ command.

Policy-based routing (PBR) must be configured before PBR fast switching can be enabled. Fast switching of PBR is disabled by default. CEF-switched PBR is enabled by default.A fast-switched PBR supports all the match commands and most of the set commands except for the following:

• The set ip default next-hop command is not supported.• The set interface command is supported over point-to-point links, unless a route cache entry

exists that uses the same interface that is specified in the set interface command in the route map.

IP SLA

IP service-level agreement (IP SLA) measures the ongoing behavior of the network by conducting different tests set by previous configuration. This feature collects data that are stored in IOS RTTMON MIB for later reviews by management tools such as Cisco IPM. The management software can then decide the performance of the network and necessary actions taken to enhance network experience.

You can configure static routes and PBR to use IP SLA operations, so that if the operation shows a failure of a particular measurement or reduced performance of the measurement below a configured threshold, the router stops using either the static route or PBR logic. This combination of features provides a means to control when the static and PBR paths are used and when they are ignored.

IP SLA is based on ‘operations’, each define a job to perform. This may include, the type of packet to use, the time to perform this operation, and what results to look out in this ‘operation’.

IP SLA originate from response time porter (RTR) feature that uses ‘rtr' command and was based on ‘probe’ instead of ‘operation’.

IP SLA has SLA responder that is configured to reply to IP SLA configured packets (that a normal router wouldn’t respond) to test various goals. Other normal devices will respond to a packet if the device is configured to receive and respond to such a packet. For instance, you can configure IP SLA on a router to send a ‘ping’ to PC without pre-configuration on the PC. But you would need to configure a router to be SLA responder if you want to test something such as whether the router will respond in SIA state.

To configure an IP SLA for ping test:1. (config)#ip sla OPERATION_NO2. (config-ip-sla)#icmp-echo {DEST_IP | DEST_HOST} [source-ip {IP_ADD | HOST}

SOUR_INT INT_NO]3. (config)#frequency SEC !define frequency to send the ping; optional4. (config)#ip sla schedule OPERATION_NO [life {forever | SEC}] [start-time {HH:MM[:SS]

[MONTH DAY | DAY MONTH] | pending | now | after HH:MM:SS}][ageout SEC][recurring]5. You can disable the operation with ‘(config)#no ip sla OPERATION_NO’

You can confirm your running configuration by ‘show ip sla configuration’ or show ip sla statistics’, which can optionally follow the operation number of the operation.

To configure a static route to track an IP SLA, you need to:

Page 48: CCNP Route · CCNP ROUTE EIGRP 4 CCNA Recap 4 RTP 4 Timers 5 EIGRP authentication 5 Neighbor discovery 6 Neighbor table 7 Topology table 8 EIGRP and Frame Relay + other topics 8 Changing

1. (config)#track OBJ_NO ip sla OPER_NO [state | reachability]2. (config-track)#delay {down SEC | up SEC} ! Optional, delay to regulate flapping.The up timers on the tracking object defines how long to wait (in a down state) to transition into OK state. Similarly, the down timer defines how long to wait (in an OK state) to transition to a down state.3. (config)#ip route DEST_IP_ADD MASK {OUTGOING_INT | NEXT_HOP} track OBJ_NO ‘show track’ command display the track information.

If IP SLA operation fail, the static route will be removed.

To configure PBR to object tracking, old version use ‘set ip next-hop’ in route map,While new version use ‘set ip next-hop verify-availability IP_ADD track OBJ_NO’

When track object is up, PBR work as configured. When it’s down, PBR act as if it doesn’t exist, while the router send packets in a normal process.

However, when using this, ‘show track’ display a ‘ROUTE-MAP’ instead of ‘STATIC-ROUTING’, while ‘show track OBJ_NO’ and ‘show ip sla statistics’ display ‘STATIC_ROUTING’.

Page 49: CCNP Route · CCNP ROUTE EIGRP 4 CCNA Recap 4 RTP 4 Timers 5 EIGRP authentication 5 Neighbor discovery 6 Neighbor table 7 Topology table 8 EIGRP and Frame Relay + other topics 8 Changing

BGP

Introduction

BGP should be used for one of these reasons:- It’s the only routing protocol that can connect your organization to multiple AS- If you need to implement a routing policy (path and packet flow manipulation) only

possible with BGP- If your organization is acting as a transit AS and connect others AS- Have extensive control over route advertisement and traffic pattern

Step 1. ICANN and IANA group public IPv4 addresses by major geographic region.

Step 2. IANA allocates those address ranges to Regional Internet Registries (RIR).

Step 3. Each RIR further subdivides the address space by allocating public address ranges to National Internet Registries (NIR) or Local Internet Registries (LIR). (ISPs are typically LIRs.)

Step 4. Each type of Internet Registry (IR) can assign a further subdivided range of addresses to the end user organization to use.

192.0.2.0/24 Reserved for use in documentation and example code.

192.88.99.0/24 Used for IPv6 to IPv4 relay (6to4 relay) (RFC 3068).

198.18.0.0/15 Benchmark testing for Internet devices (RFC 2544).

To connect to the Internet, an Enterprise uses either default routes (+ redistribution) or BGP (require much memory and processing power). BGP is the better choice when you have multiple route and you would like to manipulate these routes.

Outbound routing are routes that direct packets from Enterprise to Internet and inbound routing are routes that direct packets from Internet to Enterprise. There are

One link/ISP Multilinks/ISP

One ISP

Multiple ISP

Single homed; suggest use static with interface ‘null0’ for mismatched packets OR BGP with default route

Dual homed; you can have multiple routers (one ASN) connect to a single ISP. This design provide redundancy and it’s recommended to use BGP for other feature

Single multihomed Dual multihomed

Since BGP contains so many routes (the Internet), ISP gives you 3 options to receive routes:- Default route only: advertise only a default route to BGP- Full update: ISP advertise the entire routing table- Partial update: ISP send you some routes that would be shorter if reached from you and a

default route for traffic that are better routed by ISP.

OSPF/EIGRP BGP

Forms neighbor relationship before sending routing information

Forms neighbor relationship before sending routing information

Neighbors typically discovered using multicast packets on the connected subnets

Neighbor IP address is explicitly configured and may not be on common subnet.

Does not use TCP Uses a TCP connection between neighbors (port 179).

Page 50: CCNP Route · CCNP ROUTE EIGRP 4 CCNA Recap 4 RTP 4 Timers 5 EIGRP authentication 5 Neighbor discovery 6 Neighbor table 7 Topology table 8 EIGRP and Frame Relay + other topics 8 Changing

Advertises prefix/length Advertises prefix/length, called Network Layer Reachability Information (NLRI.)

Advertises metric information Advertises a variety of path attributes (PA) that BGP uses instead of a metric to choose the best path.

Emphasis on fast convergence to the truly most efficient route

Emphasis on scalability; may not always choose the most efficient route.

Link state or distance vector logic Path vector logic (similar to distance vector).

ASN ranges from 0 to 65,535. BGP assigns 64,512 - 65,534 ASNs to be private. Being private means this ASN connect to only one other ASN (sometimes multiple ASN) and these ASNs can’t cause loop by themselves.

Value

Purpose

0 1 - 64,495 64,496 - 64,511 64,512 - 65,534 65,535

Reserved Public ASN Documentation Private ASN Reserved

Public ASNs are assigned by RIPE NCC and registered in RIPE database, private ASNs can be removed on eBGP configuration by using ‘neighbor ebgp-neighbor-address remove-private-as’ command.

BGP peering is establishing using TCP port 179. Using TCP, a TCP segment is resend is retransmission timer reaches 0. The far-end acknowledgement may be delayed up to a 1 second to determine if any data should be sent along with the acknowledgement. Because BPG uses TCP, it’s reliable and can perform error recovery. One of the is flow control. Each BGP peer advertises its available buffer space to allow the far end of the session to send only a specific amount of data to prevent overflowing. Underlying TCP session can be shown with ‘show tcp brief’

Only one instance of BGP can be enabled in a router.

Path Attributes: AS_PATH

Path attributes (PAs) are factors that allow BGP to select a route over another. By default, no BGP PAs have been set, and BGP use AS_PATH (autonomous system path) PA when choosing the best route among many routes. When a router uses BGP to advertise a route with AS_PATH, it will tell which list of ASN the path will go through. AS_PATH can:- Choose the best route by using the route with shortest AS_PATH- Prevent routing loops.

AS_PATH works by recording the ASN that it has passed. For instance, a route originated from ASN 3 then flow to ASN 7 then 9 and arrives at ASN 1, it will have an AS_PATH of (3, 7, 9). BGP, by default, choose the route with the least amount of ASNs (distance vector). Loop is also prevented by ignoring route updates that contain the current AS’s ASN. However, having duplicated ASN means ASN 3 can’t learn route to the duplicated ASN 3.

BGP defines 2 kinds of neighbors: internal BGP (iBGP) and external BGP (eBGP). This is used to refer to neighbors that are in the same ASN or different ASN. One difference is the update of AS_PATH, when advertising to an iBGP peer, no ASN is added. When advertising to an eBGP peer, this AS’ ASN is added. All BGP connection can be listed as either iBGP or eBGP.

There are 2 types of routing:

Page 51: CCNP Route · CCNP ROUTE EIGRP 4 CCNA Recap 4 RTP 4 Timers 5 EIGRP authentication 5 Neighbor discovery 6 Neighbor table 7 Topology table 8 EIGRP and Frame Relay + other topics 8 Changing

- Hot-potato routing: traffic exit the AS via the closest exit point.- Cold-potato routing: traffic exit the AS via the path closest to the destination. Optimal.

BGP FSM

BGP finite state machine (FSM) works as:1. Router try to establish TCP connection with IP address configured in ‘neighbor’ command

at well-known TCP port 179.2. After 3-way handshake is complete, first BGP message send is the Open message, which

contains parameters to be verified to establish neighborship.3. After parameters match, and neighborship is formed, neighbors are in established state.

Then Update messages can be send, which includes list of PAs and prefixes.State Typical Reasons

Idle The BGP process is either administratively down or awaiting the next retry attempt. TCP session should be initiated by remote peer. Local route transition to Connect and begin listen for a connection initiated by the remote peer.

Connect Trying to establish TCP session. If successful, local router send Open message and change to OpenSent. If not, local router resets the ConnectRetry timer and transition to Active state.If the timer reaches 0 while the local router is in the Connect state, timer is reset and another attempt is made. Router remain in Connect state.

Active Try to establish TCP session. If successful, local router send Open message and change to OpenSent. If not, local router initiate another session, sets ConnectRetry timer to 0, and transition back to Connect state.If peering stop at this stage, it means TCP session attempts have been made by remote routers to connect from an unexpected IP address, causing the local router to refuse. Local router remain in Active state and resets ConnectRetry timer.

Opensent The TCP connection exists, and a BGP Open message has been sent to the remote peer. Transition to OpenReceive state and wait for initial keepalive from peer to move into OpenConfirm state.If TCP session disconnect is received in this state, local router terminated BGP session, reset ConnectRetry timer, and transition back to Active State.

Openconfirm Open messages have been send and received. Local router send Keepalives to peer and wait for Keepalives from remote peer

Established Achieved after receive Keepalive from peer. All neighbor parameters match, the neighbor relationship works, and the peers can now exchange Update messages.

To verify neighborship, use ‘show tcp brief’ can display the underlying TCP connection. ‘debug ip bgp’ display intermittent BGP information.

‘neighbor IP_ADD shutdown’ command shut down the BGP neighbor and move the routers to Idle state. Here are 4 types of messages send:Message Purpose EIGRP Equivalent

Open (1) First message exchanged after TCP connection has established. Contain BGP version, ASN, hold timer (peers have same hold timer, value of the smaller hold time), BGP identifier, optional parameter length and optional parameter

Hello

Keepalive (3)

Used to maintain peer. Contain only header. By default, hold timer is 3 times keepalive interval. Update messages can also reset keepalive interval

Hello

Page 52: CCNP Route · CCNP ROUTE EIGRP 4 CCNA Recap 4 RTP 4 Timers 5 EIGRP authentication 5 Neighbor discovery 6 Neighbor table 7 Topology table 8 EIGRP and Frame Relay + other topics 8 Changing

Update (2) Used to exchange PAs and the associated prefix/length (NLRI) that use those attributes. Each update contains a single set of path attributes and all NLRI that have the said path attributes. Also contain withdrawn routes.

Update

Notification (4)

Used to signal a BGP error. Contain error code, error subcode, and data.

No direct equivalent

All BGP messages share the same header, composed of:- 16 byte marker field: set to all 1s to detect a loss of synchronization.- 2 byte length field: indicate total length of BGP message, range from 19 to 4096- 1 byte type field: indicate different BGP messages in () in above table.

Path attribute field in Update

All prefixes, except those filtered by ‘neighbor IP_ADD route-map NAME in’, are listed in the routing table for calculation.Verification Step Command

List entire BGP routing table, under ‘Path’, you’ll see AS_PATH PA with the last ASN listed to the left. If an internal route is displayed, it has ‘i'. ‘*’ means a valid route, and ‘>’ is best route

Show ip bgp

List possible default routes. show ip bgp 0.0.0.0 0.0.0.0

List possible routes, per prefix. show ip bgp prefix [subnet-mask]

List all possible route for each neighbor show ip bgp neighbors

List routes learned from one neighbor, before any inbound filtering is applied.

show ip bgp neighbors ip-address received-routes

List routes learned from a specific neighbor that passed any inbound filters.

show ip bgp neighbors ip-address routes

Lists routes advertised to a neighbor after applying outbound filtering.

show ip bgp neighbors ip-address advertised-routes

List the number of prefixes learned per neighbor. State/pfxRcd refers to the state of the neighbor state, if established, it shows the number of prefixes received from that neighbor.

show ip bgp summary

eBGP neighborship

To configure BGP, you need at least 2 commands:- ‘(config)#router bgp ASN’- ‘(config-router)#neighbor IP_ADD remote-as REMOTE_ASN’

For BGP neighbor relationship to form,- TCP connection between them MUST be established and both routers MUST have ‘neighbor

remote-as’ to refer to the IP address of the interface for which TCP packets exit (when the exiting interface is not explicitly defined).

- The neighbors MUST be listed in ‘neighbor IP remote-as ASN’ command- BGP RID MUST not be duplicated- Md5 authentication MUST pass (if configured)

BGP RID is established by1) configuring ‘(config-router)#bgp router-id RID’. If not,

Page 53: CCNP Route · CCNP ROUTE EIGRP 4 CCNA Recap 4 RTP 4 Timers 5 EIGRP authentication 5 Neighbor discovery 6 Neighbor table 7 Topology table 8 EIGRP and Frame Relay + other topics 8 Changing

2) Use the highest numeric IP address of any up/up loopback interfaces at BGP initialization3) Use the highest numeric IP address of any up/up normal interface at BGP initialization

To configure authentication, use ‘(config-router)#neighbor IP_ADD password PASSWORD’ command on both routers in a neighborship. IP_ADD refers to the IP address of the other router, while PASSWORD must be identical for neighborship to succeed.

When multiple links exist between 2 BGP routers, and you would like to establish BGP neighborship between them, there are 2 options:- configure a connections for each physical interface; consumes bandwidth and memory.- Configure connections using virtual (loopback) interfaces, which requires less bandwidth

and memory and ensure the interface is always up/up.

To configure loopback interface for eBGP neighbors:- ‘(config)#interface loopback NO’ -> ‘(config-if)#ip address IP_ADD’- ‘(config-router)#neighbor IP_ADD remote-as ASN’, note that this is still the neighbor’s IP

address- Tell the router it’s using a loopback interface by ‘(config-router)#neighbor IP_ADD update-

source loopback NO’ where NO is the number configured in ‘interface loopback’. Now, you have specified the destination address and the source address of this neighborship.

- Make sure router has IP route to its neighbor’s loopback interface (usually through a physical interface by static route or IGP; remember to allow redundancy)

- Configure eBGP multihop with ‘neighbor IP_ADD ebgp-multihop TTL’ command. This command allow you to define the TTL field, which is default to 1. When sending segments directly between the 2 interfaces, this command is not needed. However, when using loopback interface, TTL decrease by 1, thus, the segment is discarded before it reaches the loopback interface. Configuring the value to 2 solves the problem.

Using a loopback interface solves 2 problems:1) If the connected port is down, the router can still send the packet without being

interrupted because loopback interface is always up.2) If the connected port is down, and another interface tries to reach the neighbor will be

banned because the source address doesn’t match.

The ‘neighbor’ command can be configured with ‘peer-group’ parameter, this allow one set of command can be applied to all neighbors (either external or internal, not both) joining the peer-group; thus, simplify configuration and reduce updates. ‘neighbor NAME peer-group’ set a peer group with NAME, then ‘neighbor IP_ADD peer-group NAME’ can assign that neighbor to that peer-group, note that neighbor must have ‘neighbor remote-as’ set.

Network command

Be default, BGP uses ‘no auto-summary’ command. BGP’s ‘network PREFIX mask SUBNET_MASK’ command cause the route stated to match any routes from the list of prefix/length received; the match MUST be exact. If a match is found, the route is put into the local BGP table. Note: this prefix MUST be a public address range.

If you have several subordinate routes instead, you need to use manual summarization or static route with null0 exit interface. If you omit ‘mask’ parameter, you get a classful network.

Page 54: CCNP Route · CCNP ROUTE EIGRP 4 CCNA Recap 4 RTP 4 Timers 5 EIGRP authentication 5 Neighbor discovery 6 Neighbor table 7 Topology table 8 EIGRP and Frame Relay + other topics 8 Changing

If you use ‘network’ command without ‘mask’ and ‘auto-summary’ is also used, the route will match:- An exact route found in the routing table, OR- Any subordinate routes

Another method to distribute BGP route is by using redistribution. If you have a single classful network, you only need to ‘redistribute’ follow that classful network.

However, if you have multiple subordinate routes instead, you need to use ‘route-map’ parameter to include a prefix-list or ACL to match the range of routes you would like to advertise. You can find them at ‘show ip bgp IP_ADD/CIDR longer-prefixes’ command.

Nevertheless, if you have multiple subordinate routes that you would like to summarize and advertise as a single route, you can:- Use IGP summarization to create the route from the entire prefix- Configure null0 static route for the entire prefix on the Internet-connected router- Configure BGP route summarization by ‘(config-router)#aggregate-address IP_ADD MASK

[summary-only][as-set]’ command. Using ‘summary-only’, the subordinate routes will be suppressed of advertisement and they will show ‘s’ as their designation. Using ‘as-set’, all the AS passed will be recorded. A ‘null0’ exit interface is also recorded

iBGP neighbor relationship

iBGP neighbors are also established by ‘router bgp ASN’ and ‘neighbor IP_ADD remote-as ASN’, instead, the remote ASN is the same ASN as ‘router bgp ASN’

Sometime, the iBGP neighbors won’t be in the same subnet due to their distance. At this time, it’s recommended that you use loopback interface. The configuration is the same as for eBGP except there is no restriction of TTL = 1 in iBGP neighbor relationship.

When iBGP neighbors are directly connected, it only requires ‘neighbor remote-as’ and ‘route bgp’ command to form the neighborship.

BGP: 1) advertise best route (with influence from the PAs) in Update message, 2) don’t advertise iBGP-learned routes to iBGP peers (only external routes are advertised to iBGP peer to prevent loops). Only the BGP router that has the external route will advertise the external route, this prevents a BGP router from advertise the route back to where it come from.

In BGP, the next-hop router doesn’t have to be in the same subnet as one of the router’s IP address (e.g loopback interface); because BGP is not designed to work under this condition.

Next-hop IP address is not changed in Updates. If R1 (ASN 1) advertise to R2 (ASN 2) with its loopback interface, and R2 advertise the route to R3 (ASN 2), the next-hop address will still be the loopback IP address of R1. This situation would not cause any problem as long as each router has an IP route that matches the next-hop IP address.

The above solution is provided by having a route (static or dynamic) to the destination.

Page 55: CCNP Route · CCNP ROUTE EIGRP 4 CCNA Recap 4 RTP 4 Timers 5 EIGRP authentication 5 Neighbor discovery 6 Neighbor table 7 Topology table 8 EIGRP and Frame Relay + other topics 8 Changing

Another solution is by using ‘neighbor IP_ADD next-hop-self’ command on both routers in a neighbor relationship so the next-hop IP address change as needed. This way the router would know how to forward the message. A drawback to this solution is the loopback interface addresses, which also require a static or dynamic route to it for packets to be forwarded.

When advertising BGP routes for BGP routers not connected together, you may ran into loops. To prevent BGP loop (in CCNP), you can use:- Run BGP on some internal routers. Since BGP block internal routes from advertising back

(so the route learning is just one way), one path will not allow other routers to learn. You need a full mesh design for it to work.

- Redistribute BGP routes into IGP (not recommended). Due to the large amount of routes to be processed in BGP, redistributing a default route and calculating the metric will be a big task and requires a lot of memory and processing power; it may even crash your device.

Synchronization refers to the process of agreeing on whether to use an iBGP route will be placed in the routing table. This decision is made by check whether an IGP route for the same prefix exist as well. If not, the iBGP route will not be placed in the routing table. This mechanism is used to prevent loops, make sure packets will arrive at correct destination, and reduce unnecessary traffic.

Sync is performed by ‘(config-router)#synchronization’ command. In later versions of IOS, this feature is off by default because redistribution between IGP and BGP is not recommended. However, when BGP is implemented with MPLS, such implementation is considered reasonable. Sync should also be turned off if- All routers in the AS are running BGP- All BGP routers inside AS are meshed- When AS is not a transit AS.

BGP filter

BGP can filter Update message per neighbor, and disable the filter by ‘reset’ command. BGP can filter on prefix/prefix length, PAs, direction, and most importantly, per neighbor. IGP often use one route map for an entire process instead.BGP Subcommand Commands

ReferencedWhat Can Be Matched

neighbor distribute-list (standard ACL)

access-list, ip access-list

Prefix, with WC mask

neighbor distribute-list (extended ACL)

access-list, ip access-list

Prefix and prefix length, with WC mask for each

neighbor prefix-list ip prefix-list Exact or “first N” bits of prefix, plus range of prefix lengths

neighbor filter-list ip as-path access-list

AS_PATH contents; all NLRI whose AS_PATHs are matched considered to be a match

neighbor route-map route-map Prefix, prefix length, AS_PATH, and/or any other PA matchable within a BGP route map

One reason to use filtering is to prevent the Enterprise AS from becoming a transit AS for which packets from one ISP to another should not have routed from.

Page 56: CCNP Route · CCNP ROUTE EIGRP 4 CCNA Recap 4 RTP 4 Timers 5 EIGRP authentication 5 Neighbor discovery 6 Neighbor table 7 Topology table 8 EIGRP and Frame Relay + other topics 8 Changing

Outbound routes refer to routes from which packets from outside come in. Inbound routes refer to routes which packets send from this router to the outside.

‘show ip bgp neighbor IP_ADD advertised-routes’ can be used to check if route is implemented.

For any changes can take place, you must use ‘clear ip bgp IP_ADD’ which is the IP address of the neighbor; this command can perform a hard or soft reset. Other methods include reloading the router and administratively shutdown a neighbor.

A hard reset occurs when the local router 1) bring down the neighborship, 2) the underlying TCP connection, 3) remove all BGP table entry learned from that neighbor. A soft reset occurs when 1) router doesn’t bring down the neighborship or TCP connection, 2) resend adjusted outgoing Updates, which then adjust the BGP table.

A hard reset could- take a long time to complete and interrupt routing in the interim- Count as a flap and cause peers to disassociate themselves- Force a full set of routing updates and could generate a lot of traffic.

You can verify the command by‘show ip bgp neighbor IP_ADD received-routes‘ (pre-filter) -> require ‘neighbor IP_ADD soft-configuration inbound’‘show ip bgp neighbor IP_ADD routes’ (post-filter) and ‘show ip bgp neighbor IP_ADD advertised-routes’ (advertised in Update)

To see pre-filtered BGP table, use ‘show ip bgp’ command

Only extended ACL is can filter prefix/prefix length

BGP PA

You can define many BGP PAs to adjust the path selection process, different PAs set different criteria. Next_Hop PA defines the next-hop IP address of a route. Here are some PA:PA Description Enterprise Route

Direction (Typical)

NEXT_HOP Lists the next-hop IP address used to reach a prefix. N/A

Weight[1] A numeric value, range 0 through 216 – 1, set by a router when receiving Updates, influencing that one router’s route for a prefix. Not advertised to any BGP peers.

Outbound

Local Preference (LOCAL_PREF)

A numeric value, range 0 through 232 – 1, set and communicated throughout a single AS for the purpose of influencing the choice of best route for all routers in that AS.

Outbound

AS_PATH (length)

The number of ASNs in the AS_Path PA. Outbound, Inbound

ORIGIN Value implying the route was injected into BGP; I (IGP), E (EGP), or ? (incomplete information).

Outbound

Multi Exit Discriminator (MED)

Set and advertised by routers in one AS, impacting the BGP decision of routers in the other AS. Smaller is better.

Inbound

Page 57: CCNP Route · CCNP ROUTE EIGRP 4 CCNA Recap 4 RTP 4 Timers 5 EIGRP authentication 5 Neighbor discovery 6 Neighbor table 7 Topology table 8 EIGRP and Frame Relay + other topics 8 Changing

Here is a general process of how BGP chooses its route. Step 9 - 11 is only used when there is a tie, or the previous step can’t generate a clear winner.Step Mnemon

ic LetterShort Phrase Which Is Better?

0 N Next hop: reachable? If no route to reach Next_Hop, router cannot use this route.

1 W Weight Bigger.

2 L LOCAL_PREF Bigger.

3 L Locally injected routes Locally injected ‘network’ is better than iBGP/eBGP learned.

4 A AS_PATH length Smaller.

5 O ORIGIN Prefer I over E. Prefer E over ?

6 M MED Smaller.

7 N Neighbor Type Prefer eBGP over iBGP.

8 I IGP metric to Next_Hop Smaller. If no IGP is used, consider tied.

9 Oldest eBGP route

10 Route with lowest BGP RID

11 Route with lowest neighbor IP address

BGP only choose one route as the best route (thus, no load balancing).

Step 1, 2, 4, and 6 influence the outbound routes.

Step 1, or Weight is not a BGP PA, but a Cisco feature. Weight can be selective, pre-configured (per route, per neighbor, on the neighbor) to influence route selection process; the biggest weight route is chosen. Weight can’t be learned through Update because no such field is included. Weight value range from 0 to 65,535, 0 for learned routes, and 32,768 for locally injected routes.

This is applied to all learned or injected (‘network’) routes (coming in, then leaving the router) specified by ‘neighbor IP_ADD route-map NAME in’ (apply route map to particular routes from particular neighbor), then ‘set weight’ followed by the weight. You can also set all weight values to all routes from one neighbor by ‘(config-router)#neighbor IP_ADD weight VALUE’ command.

Step 2, or Local_Pref PA is used to determine the best router (in the AS) to forward packets that belong to a certain prefix. For instance, if R1, R2, and R3, belong in ASN 2 and only R2 has external route to 192.1.1.0/25, while R1 and R3 learned this route from R2. In this case, R2 can set its Local_Pref so that it becomes the favorable router for packets to 192.1.1.0/25. By design, Local_Pref is set on R2 (using route-map) and then updated to R1 and R3 via iBPG Update. Local-Pref is NOT updated to eBGP peer by default.

Local_Pref has default value of 100, whereas it ranges from 0 to 4,294,967,295, with higher values more favorable. The default value can be changed by ‘(config-router)#bgp default local-preference’ followed by the value. This PA can also be set for a particular set of routes specified in the ‘neighbor IP_ADD route-map NAME in’ command then ‘set local-preference’ subcommand, where the neighbor

Page 58: CCNP Route · CCNP ROUTE EIGRP 4 CCNA Recap 4 RTP 4 Timers 5 EIGRP authentication 5 Neighbor discovery 6 Neighbor table 7 Topology table 8 EIGRP and Frame Relay + other topics 8 Changing

is the eBGP from the ISP. This is because Updates for eBGP connection will not include Local_Pref value.

‘show ip bgp IP_SUBNET/CIDR longer-prefixes’ show which route is older by placing its entry later.

Before the best BGP route is placed into the routing table, it still has to go through the IOS Routing Table Manager (RTM). This is where AD comes into play, with eBGP having AD of 20 and iBGP having AD of 200.

Step 4, AS_Path can be increased so that the route becomes less favorable to forward packets through. This is done by a neighbor route map followed by ‘set as-path prepend’ followed by the ASN. If you would like to add 2 ASs, each has ASN 3, you can use ‘set as-path prepend 3 3’. It’s recommended that you use the same ASN as that of the current AS to prevent confusion.

‘show ip bgp rib-failure’ shows routes for which BGP has chosen the best route, but not listed in the routing table (which is also known as routing information base, or RIB). This can occur when BGP chooses its best route, but it’s not placed into the RIB because there is another routing protocols presenting the same prefix and has a lower AD.

BGP also has ‘maximum-paths’ command that allow tied routes (after step 8) to be presented in the routing table. The number designate how many routes will be allowed.

To control inbound routes, you can use multi-exit discriminator (MED). The Enterprise can announce to the ISP a value (MED) that tell ISP which route to the Enterprise is the best. The smaller the MED, the more favorable the route. This often occurs when there are multiple routes. MED is set with ‘default-metric VAL’ command.

iBGP routes within the AS decides which route (best) will accept traffic from the remote AS. The range of MED is the same as Local_Pref, but the smaller, the better. This criteria is set by ‘set metric’ in a outward route map.

Page 59: CCNP Route · CCNP ROUTE EIGRP 4 CCNA Recap 4 RTP 4 Timers 5 EIGRP authentication 5 Neighbor discovery 6 Neighbor table 7 Topology table 8 EIGRP and Frame Relay + other topics 8 Changing

IPv6

Advantages of IPv6:

- 4 types of address assignments- Built-in support for address renumbering, or the ability to change the public IPv6 prefix by

advertising the current prefix with a short timeout and new prefix with longer lease life.- Mobility, IPv6 hosts can roam between networks and retain their IP address without losing

current application sessions.- Dependent and independent public address space. ISP can assign public IPv6 address

range (dependent), or company can register their own public address space (independent)- Easy aggregation due to the large amount of addresses available- No need for NAT/PAT- IPsec built into IPv6 using extension header NH 50 to provide more security.- Simple header: no need for header checksum, reducing overhead. A flow label is included

to identify the packet flow, used with QoS; header size is fixed 320 bits, or 40 bytes and contain only always used fields.

- Extension headers (added between L3 and upper layer headers) indicate extended information. If not supported, router can ignore it, reduce processing time. Easily add more

- No broadcast- Capable of using IPv4 and at the same time due to transition tools- Determine optimum fragmentation using MTU discovery. The source node of a connection

will send a packet equal to its local link’s MTU. As this packet traverses the path toward its destination, smaller MTU devices will not fragment the packet and send a “packet too big” message back to the source indicating its MTU value and ask the source to send a new packet of that size in order to pass through. This process will continue until the destination is reached, and the rest of the packet will be send using that MTU size. This process repeats every 5 minutes. The MTU can be based on destination address, source address or flow label.

- Unlike IPv4, whichever router that receives a giant packet can fragment it, IPv6 only allow the source route to fragment the packet, therefore, one of 2 methods can be used: MTU discovery or set the size of IP packet equal or less than 1280 bytes (standard set by all)

IPv6 addresses are divided into different geographic region called RIR (there are North America, Central/South America, Europe, Asia/Pacific, and Africa), the summary address is called registry prefix. Each RIR divide the big block and assign smaller blocks to different ISPs, these summary routes are called site prefix. Then ISP assigns groups of address to different customers; this is called a global routing prefix or site prefix. The company can further subnet the prefix, the subnetted prefix is called subnet prefix. Thus, by using summary routes, there can be a single IPv6 route for entire North America.

IPv6 has no concept of classful address because it’s composed of a prefix + host part. IPv6 also doesn’t have zero and broadcast subnet, and use IP protocol number 41.

Version = 0x06 [4 bits] Class: for DSCP [8 bits] Flow Label [20 bits]Payload Length: length of extra

header [16 bits]Next Header: equivalent of IP

protocol field[8 bits]Hop Limit: TTL [8 bits]

Source Address [16 bytes] Destination Address [16 bytes] Destination Address [16 bytes]

Page 60: CCNP Route · CCNP ROUTE EIGRP 4 CCNA Recap 4 RTP 4 Timers 5 EIGRP authentication 5 Neighbor discovery 6 Neighbor table 7 Topology table 8 EIGRP and Frame Relay + other topics 8 Changing

There are 3 ways of representing IPv6 addresses:- Preferred representation: writing full 128 bits- IPv6 with embedded IPv4: 96 bits of IPv6 address and 32 bits of IPv4 address. There are

IPv4 compatible IPv6 address and IPv4 mapped IPv6 addresses. Compatible address is used to establish automatic tunnel to carry IPv6 packets over native IPv4 networks; address = 96 bits of 0 + IPv4 address. Mapped address is used when the router is implementing dual stack; address = 80 bits of 0 + 16 bits of 1 + IPv4 address.

- Compressed representation: use :: and short writings

DHCP and NDP

Method Type Prefix and length learned from...

Host learned from...

Default router learned from...

DHCP

Stateful DHCP

Dynamic DHCP Server DHCP Server Router, using NDP Stateful DHCP

Stateless autoconfig

Dynamic Router, using NDP Derived from MAC Router, using NDP Stateless DHCP

Static configuration

Static Local config Local config Router, using NDP Stateless DHCP

Static config with EUI-64

Static Local config Derived from MAC Router, using NDP Stateless DHCP

Stateful DHCP works like IPv4 DHCP except that router information must be learned by neighbor discovery protocol, which is actually how all IPv6 hosts use to obtain router information. Stateful refers to the tracking of addresses by DHCP server. Source address = ::, this address is also used in neighbor discovery Another difference is that IPv4 uses broadcast, which is replaced by FF02::1:2 multicast address in IPv6.

Stateless autoconfig uses NDP to learn prefix/prefix length, and default router. Its obtains DNS IPv6 address via stateless DHCP and obtain its host ID by adding FF:FE between the middle of the device’s MAC address, achieving a format called EUI-64. Note that the 7th bit, or global/local bit, it’s flipped when making EUI-64 address. 0 means locally assigned and 1 means globally assigned. Stateless autoconfiguration include 4 steps:- Determine the interface ID (last 64 bits of IPv6 address)- Determine link-local IPv6 address- Determine if other hosts are used the same address using DAD- Determine global IPv6 address.

Stateless DHCP, is used along with stateless autoconfig to provide DNS information.

Static configuration can take place by either configuring the entire 128-bit of the address, of by configuring the first 64 bit and configure the device to use EUI-64 format. Router information can be supplied by NDP, while DNS info can be supplied by stateless DHCP.

NDP is a feature of ICMPv6. During request for IP information, NDP hands out information by asking the router to multicast all known IPv6 prefixes and the IPv6 address of default gateway. These information are distributed via ICMPv6 messages called

Page 61: CCNP Route · CCNP ROUTE EIGRP 4 CCNA Recap 4 RTP 4 Timers 5 EIGRP authentication 5 Neighbor discovery 6 Neighbor table 7 Topology table 8 EIGRP and Frame Relay + other topics 8 Changing

- Router Solicitation (RS, ICMP type 133) is send by a host requesting router information; the destination address is FF02::1

- Router Advertisement (RA, ICMP type 134) is the reply to RS message by one router listing it’s known prefixes, this message is send back to all IPv6 nodes at FF02::1. This also include DHCP server information is one present.

Note: if RA can’t be received, the device multicast DHCP solicit message to FF02::1:2 to obtain information. Cisco routers doesn't support much DHCPv6 functionality, so you will need specialized DHCP server to do the job if your IPv6 network grows.

Type [8 bits] Code [8 bits] Checksum [16 bits] Message [32 bits] Message [32 bits] Message [32 bits]

ICMPv6 Type 1 2 3 128 129Description Destination Unreachable Packet Too Big Time Exceeded Echo Request Echo Reply

Code 0 3 8 11Description Echo Reply Destination Unreachable Echo Time Exceeded

When a host needs to send some message, it’ll look in the neighbor database for a list of known neighboring IPv6 address and their corresponding MAC address. If not found, use NDP to discover MAC address. This time, NS (request, ICMP Type 135) and NA (reply, ICMP Type 136) ICMPv6 messages are used instead to search for MAC address. NS message use a destination address called solicited node multicast address (this address will not across different broadcast domain), which represents all hosts with the same last 24 bits and use FF02::1:FF00:0/104 range. Thus, only hosts/routers whose last 24 bits (6 hex digits of 32 digits) match will receive the message. Note that counting from right to left, the 24th bit should ALWAYS be 0. Thus, if the last 6 digit of your IPv6 address is AB:5004, the solicited node address is FF02::1:FF:2B:5004.

Duplicate Address Detection (DAD) is performed when an IPv6 address is first set up. This is used to prevent hosts from creating problems by trying to use the same IPv6 address. It uses the solicited node multicast address to send NS message. If a host reply with the same address as this host, then a duplicate address exist. In IPv4, this is gratuitous ARP.

Inverse neighbor discovery (IND) uses INS and INA messages; it’s the equivalent of inverse ARP in IPv4. This protocol is used to deal with WAN protocol such as Frame Relay. The INS message lists 1) source IPv6 address, 2) destination IPv6 address (FF02::1 multicast), 3) MAC addresses, 4) request to reply with your IPv6 address.

‘(config-if)#ipv6 nd’ is used to configure NDP

NDP can perform L2 address resolution, router discovery, local prefix discovery, address autoconfiguration, link parameter discovery, next-hop determination, neighbor and router reacheability detection, duplicate address detection, and redirects.

Types of IPv6 addresses and some protocols

Link local addresses are unicast address used to send IPv6 packets on the same segment; it doesn’t change even if global unicast change. NDP (or ARP in IPv4), and next-hop IPv6 address, are all link local. Link local address start with FE8, FE9, FEA, or FEB::/10, bit 11 to 64 are 0, and the rest 64 bits are EUI-64. Address is automatically created with ‘(config)#ipv6 unicast-routing’ and ‘(config-if)#ipv6 enable’. You can also create it with ‘(config-if)#ipv6 address IPV6_ADD link-local’ in addition to the previous commands.

Page 62: CCNP Route · CCNP ROUTE EIGRP 4 CCNA Recap 4 RTP 4 Timers 5 EIGRP authentication 5 Neighbor discovery 6 Neighbor table 7 Topology table 8 EIGRP and Frame Relay + other topics 8 Changing

A link local address is also created for every unicast and anycast address.

Site local is the equivalent of IPv4 private address, it must be created manually. It’s non-routable, and start with 1111111010/10, with 11th to 64th bits as prefix, and the remaining as EUI-64.

Global unicast address refer to those address whose first hexadecimal digit is 2 or 3 with CIDR > /3.

::/128 is called unknown address, this address is used by a host when it doesn’t know what suitable IPv6 address to use (like when you can’t get DHCP or APIPA working in IPv4)

ORCHID is a range of IPv6 address for cryptographic purpose; it uses 2001:0010::/28.

All multicast address start with FF::/8, the 9-12 bit indicate when the address is permanent [00] or temporary (experimental)[01]. Bit 13 to 16 represent the scope of the address, which replaces TTL. Here are some possible scopes:Type of Scope Interface-local Link-LocalSubnet-Local Admin-Local Site-Local Organization GlobalBinary Representation

1 10 11 100 101 1000 1110

Hexadecimal Value 1 2 3 4 5 8 E

Here are some reserved address:IPv6

IPv4

Goal

FF02::1 FF02::2 FF02::5, 6 FF02::9 FF02::A FF02::1:2 FF05::1:3 FF05::101

Subnet broadcast

N/A 224.0.0.5, 6 224.0.0.9 224.0.0.10 N/A N/A N/A

All IPv6 nodes

All IPv6 routers

OSPF RIP-2 EIGRP DHCP relay agent

DHCP server

All NTP server

IGMP functionality is integrated into ICMPv6, which is renamed to multicast listener discovery. Multicast address = 96 initial bits + 33:33 + 32 lower bits of MAC address

Anycast address is assigned to a group of server performing the same function (one can replace other), so that the task will reach the closest server.

IPv6 hosts/routers may have 2 or more addresses since each address also have a link local address. Multiple global unicast address may also be used to prevent secondary IP addressing.

Unique local IPv6 address is a type of IPv6 unicast address that always start with FD. The next 40 bits can be randomly assigned by engineers followed by 16 bits of subnet space. The interface ID can then be assigned statically or using EUI-64. Unique local is the equivalent of private address in IPv4.

Configuring IPv6 addressCommand Description

ipv6 address address/length Static configuration of the entire IPv6 unicast address.

ipv6 address prefix/length eui-64

Static configuration of the first 64 address bits; the router derives the last 64 bits with EUI-64.

ipv6 address autoconfig Router uses stateless autoconfig to find address.

ipv6 address dhcp Router uses stateful DHCP to find address.

Page 63: CCNP Route · CCNP ROUTE EIGRP 4 CCNA Recap 4 RTP 4 Timers 5 EIGRP authentication 5 Neighbor discovery 6 Neighbor table 7 Topology table 8 EIGRP and Frame Relay + other topics 8 Changing

ipv6 unnumbered interface-type number

Uses the same IPv6 unicast address as the referenced interface.

ipv6 enable Enables IPv6 on the interface, and automatically obtain a link local address.

ipv6 unicast-routing Enable IPv6 routing

ipv6 address address link-local Overrides the automatically created link local address. The configured value must conform to the FE80::/10 prefix.

ipv6 address address/length anycast

Designates that the unicast address is an anycast.

Show ipv6 interface Display related info such as address, ND, and ICMP

Show ipv6 route Display routes using IPv6

Show ipv6 neighbor Display neighbor table = ARP table in IPv4

Debug ipv6 nd Debug NDP activity

Show ipv6 router Display cache of received RA message with neighbor’s link local address and advertised prefix

IP Unnumbered interface allow one interface to use the IP address of another interface. The unnumbered interface (debtor) must be a point-to-point network type, in other words, a serial interface. It’s suggested to borrow the IP address from a loopback interface (borrower) because it’s always up. If the borrower is down, the debtor is also down. The debtor interface can’t be remotely managed. To configure example, use ‘int s0/0’ -> ‘ip unnumbered loopback 0’ Normally, a routing update would use the source address of the update as the next-hop address. When using IP unnumbered, this would cause a confusion. The solution is to install the outgoing interface instead of a next-hop address. Traffic going to the IP address co-owned by the debtor and borrower will be processed by the borrower of the address IP unnumbered works well (subnet or not) in DV and EIGRP but not OSPF.

Changes in routing protocol

All IPv6 routing protocols can advertise a network by enable the routing process on the interface configuration mode in addition to the ‘network’ command in router configuration mode. Note that only one method can be used at a time. When configuring static routes, it recommended to use link local addresses instead because redirect messages may not work. When specifying the default route, you must specify the exit interface along with next hop address.

RIP next generation, or RIPng, is the IPv6 version RIP.

Feature RIP-2 RIPng

RIP messages use these Layer 3/4 protocols IPv4, UDP IPv6, UDP

UDP Port 520 521

Default Administrative distance 120 120

Supports VLSM Yes Yes

Can perform automatic summarization Yes N/A

Page 64: CCNP Route · CCNP ROUTE EIGRP 4 CCNA Recap 4 RTP 4 Timers 5 EIGRP authentication 5 Neighbor discovery 6 Neighbor table 7 Topology table 8 EIGRP and Frame Relay + other topics 8 Changing

Loop prevention mechanisms Yes Yes

30 second periodic full updates Yes Yes

Metric meaning infinity 16 16

Supports route tags Yes Yes

Form Neighbor adjacency No No

Multicast Update destination 224.0.0.9 FF02::9

Authentication RIP-specific uses IPv6 AH/ESP

To enable RIPng, use the following steps:Step 1. Enable IPv6 routing with the ipv6 unicast-routing global command.

Step 2. Enable RIPng using the ipv6 router rip name global configuration command. The name must be unique on a router but does not need to match neighboring routers.

Step 3. Enable IPv6 on the interface, typically with one of these two methods:Configure IPv6 unicast (config-if)#ipv6 address address/prefix-length [eui-64]Configure ipv6 enable command to derive router’s link local address.

Step 4. Enable RIP on the interface with ‘(config-if)#ipv6 rip name enable’ (where the name matches the ipv6 router rip name global configuration command).

For any interface on which RIPng is enabled, RIP process does:1- Start sending/receiving (processing) RIP update from that interface at UDP 5212- It advertised about its connected routes on that interface. This doesn’t include any link local address or local host routes (which are routes with /128 prefix)Function IPv4 IPv6

All routes Show ip route Show ipv6 route

All RIP learned routes Show ip route rip Show ipv6 route rip

Details on the routes for a specific prefix Show ip route subnet mask Show ipv6 route prefix/length

Interfaces on which RIP is enabled Show ip protocols Show ipv6 protocols

List of routing information sources Show ip protocols Show ipv6 rip next-hops

Debug that displays sent and received Updates

debug ip rip debug ipv6 rip

‘L’ means a link-local address.

When using RIPng along with Frame Relay, make sure you create static map.

EIGRP for IPv6 differs from EIGRP for IPv4 byFeature EIGRP for IPv4 EIGRP for IPv6

Advertises routes for... IPv4 IPv6

Layer 3 header protocol type 88 88

UDP Port N/A N/A

Uses Successor, Feasible Successor logic Yes Yes

Can perform automatic summarization Yes N/A

Uses triggered updates Yes Yes

Uses composite metric, default = bandwidth + delay Yes Yes

Metric meaning infinity 232 − 1 232 − 1

Page 65: CCNP Route · CCNP ROUTE EIGRP 4 CCNA Recap 4 RTP 4 Timers 5 EIGRP authentication 5 Neighbor discovery 6 Neighbor table 7 Topology table 8 EIGRP and Frame Relay + other topics 8 Changing

Multicast Update destination 224.0.0.10 FF02::10

Authentication EIGRP-specific Uses IPv6 AH/ESP

To configure EIGRP for IPv6, use:Step 1. Enable IPv6 routing with (config)#ipv6 unicast-routing

Step 2. Enable EIGRP with (config)#ipv6 router eigrp ASN where ASN range is {1 – 65535}.

Step 3. Enable IPv6 on the interface, typically with one of these two methods:Configure IPv6 unicast (config-if)#ipv6 address address/prefix-length [eui-64]Configure ipv6 enable to derive router’s link local address.

Step 4. Enable EIGRP with (config-if)#ipv6 eigrp asn interface subcommand (where ASN matches (config)#ipv6 router eigrp asn).

Step 5. Enable EIGRP for IPv6 with (config-router)#no shutdown command

Step 6. If no IPv4 EIGRP RID has been automatically chosen, configure an EIGRP RID with (config-router)#eigrp router-id RID this RID must be 32-bit long

In EIGRP for IPv6, the neighbors are not required to be in the same primary/secondary subnet to form neighborship. Here are some command comparison for EIGRPAll routes show ip route show ipv6 route

All EIGRP learned routes show ip route eigrp show ipv6 route eigrp

Details on specific routes show ip route subnet mask show ipv6 route prefix/length

Interfaces on which EIGRP is enabled, plus metric weights, variance, redistribution, max-paths, admin distance

show ip protocols show ipv6 protocols

List of routing information sources

show ip protocols ... eigrp neighbors

show ipv6 eigrp neighbors

Hello interval show ip eigrp interfaces detail show ipv6 eigrp interfaces detail

EIGRP database show ip eigrp topology [all-links] show ipv6 eigrp topology [all-links]

Debug that displays sent and received Updates

debug ip eigrp notifications debug ipv6 eigrp notifications

OSPFv3 is the IPv6 version of OSPFv2Feature OSPFv2 OSPFv3

OSPF messages use this layer 3 protocol IPv4 IPv6

Process to choose RID, compared to OSPFv2 Same Same

LSA flooding and aging compared to OSPFv2 Same Same

Area structure compared to OSPFv2 Same Same

Packet types and uses compared to OSPFv3 Same Same

LSA flooding and aging compared to OSPFv2 Same; 30 min Same; 30 min

RID based on highest up/up loopback IPv4 address, or highest other IPv4 interface address?

Yes Yes

Uses interface cost metric, derived from interface bandwidth Yes Yes

Page 66: CCNP Route · CCNP ROUTE EIGRP 4 CCNA Recap 4 RTP 4 Timers 5 EIGRP authentication 5 Neighbor discovery 6 Neighbor table 7 Topology table 8 EIGRP and Frame Relay + other topics 8 Changing

Metric meaning infinity 216 − 1 216 − 1

Supports route tags Yes Yes

Multicast–all SPF routers 224.0.0.5 FF02::5

Multicast–All Designated routers 224.0.0.6 FF02::6

Authentication OSPF-specific Uses IPv6 AH/ESP

Neighbor checks compared to OSPFv2 Same Same, except no “same subnet” check

Multiple OSPF instances per interface No Yes

Header size 24 bytes 16 bytes

OSPFv3 defines interfaces that are connected to the same link rather than a subnet and remove address dependency. OSPFv2 drops unknown LSA, whereas OSPFv3 forwards them. Neighbors in OSPFv3 are always identified by RID whereas in OSPFv2, neighbors identify themselves using RID on PtP and virtual links while IPv4 interface address on broadcast, point-to-multipoint and NMBA links.

Link State Type is now 16 bits instead of 8 bit Options and 8-bit LS Type. 3 more bits are added to the LSA Type field for which there is an U bit. If U bit = 0, router doesn’t forward the LSA, so the LSA practically have only link-local flooding scope. If U bit = 1, router forward the LSA. Other bits include S1 and S2, together, indicate the scope of the LSAS2 S1 Flooding Scope0 0 Link-local scope (flooded only on the link the LSA is originated on)0 1 Area scope (flooded to all routers in the area the LSA was originated in)1 0 AS scoping (flooded to all routers in the OSPFv3 domain)1 1 Reserved

Here is a list of corresponding OSPFv2 and v3 LSAs:OSPFv2 LSA

T1 Router LSA

T2 Network LSA

T3 Network Summary LSA

T4 ASBR Summary LSA

T5 AS-external LSA

T6 Group membership LSA

T7 NSSA External LSA

* * *

OSPFv3 LSA

2001 Router LSA

2002 Network LSA

2003 Inter-Area Prefix LSA

2004 Inter-Area Router LSA

4005 AS-external LSA

2006 Group membership LSA

2007 T7 LSA

0008 Link LSA

2009 Intra-Area Prefix LSA

A00a Intra-Area-TE LSA

One of the LSA is Link LSA, which has link-local scope and used to convey local router’s link local address, list of IPv6 prefixes of local router, and a set of Options associated with Network LSA. The Options field include:- Propagate bit used to translate T7 to T5 LSA- MC bit used to include prefix should be included in multicast routing calculation- LA bit, when set, indicate the advertised prefix is an interface address of local router- NU bit, when set, indicate the prefix should be excluded from unicast route calculation.

Same as EIGRP, OSPFv3 doesn’t require neighbors to be in the same subnet. OSPFv3 can support multiple instances of OSPF, but RID is still based on IPv4 address. Here is how to configure OSPFv3Step 1. Enable IPv6 routing with (config)#ipv6 unicast-routing

Step 2. Create an OSPFv3 routing process using (config)#ipv6 router ospf process-id

Page 67: CCNP Route · CCNP ROUTE EIGRP 4 CCNA Recap 4 RTP 4 Timers 5 EIGRP authentication 5 Neighbor discovery 6 Neighbor table 7 Topology table 8 EIGRP and Frame Relay + other topics 8 Changing

Step 3. Enable IPv6 on the interface, typically by configuring static IPv6 addresses as follows:Configure IPv6 unicast with (config-if)# ipv6 address address/prefix-length [eui-64] Configure ipv6 enable to derive router’s link local address.

Step 4. Enable OSPFv3 on the interface with (config-if)#ipv6 ospf process-id area area-number

Step 5. If no OSPF RID has been automatically chosen, configure an RID with (config-router)#router-id RID.

Step 6. Create a static neighbor with ‘(config-if)#ipv6 ospf neighbor IPV6_ADD’Change the network type with ‘(config-if)#ipv6 ospf network TYPE’

You can also shutdown a process by ‘(config-router)#shutdown’ but since the process is up be default, you don’t need to include this.

LSA type 1 and 2 advertise 32-bit ID instead of route prefixes. LSA Type 3 address prefixes are stored as ‘prefix, option, and prefix length’ instead of ‘prefix wildcard-mask’ in OSPFv2.All OSPF-learned routes show ip route ospf show ipv6 route ospf

RID, Timers, ABR, SPF statistics show ip ospf show ipv6 ospf

List of routing information sources show ip protocolsshow ip ospf neighbor

show ipv6 ospf neighbor

Interfaces assigned to each area show ip protocols show ip ospf interface brief

show ipv6 protocols show ipv6 ospf interface brief

OSPF interfaces–costs, state, area, number of neighbors

show ip interface brief show ipv6 interface brief

Detailed information about OSPF interfaces

show ip ospf interface show ipv6 ospf interface

Displays summary of OSPF database

show ip ospf database show ipv6 ospf database

When configuring Frame Relay, remember to use static map.

IS-IS for IPv6

IS-IS added 2 TLVs to support IPv6, IPv6 Reachability TLV and IPv6 Interface Address The IPv6 Reachability TLV is used to describe network reachability such as the IPv6 routing prefix, metric information and some option bits. The option bits indicate the advertisement of the IPv6 prefix from a higher level, the distribution of the prefix from other routing protocols (i.e. route redistribution), and the existence of sub-TLVs. IPv6 interface address contain an IPv6 interface link-local address.

After ‘router isis’ and ‘net’ command, you need an additional ‘address-family ipv6’ command. And use ‘ipv6 router isis’ instead of ‘ip router isis’. ‘(config-router)#no adjacency check’ command can be use to prevent neighborship between IPv4 and IPv6 routers being torn down.

BGPP4+ for IPv6

Also known as MP-BGP, the next-hop attribute is now defined in IPv6 address. ‘(config-router)#neighbor IPV6_ADD update-source [INT]’ must now be configured for BGP peering. If you are running MP-BGP in an IPv6-only network, use ‘(config-router)#no bgp default ipv4-unicast’ command. ‘(config-router)#bgp router-id’ also must be configured.

Page 68: CCNP Route · CCNP ROUTE EIGRP 4 CCNA Recap 4 RTP 4 Timers 5 EIGRP authentication 5 Neighbor discovery 6 Neighbor table 7 Topology table 8 EIGRP and Frame Relay + other topics 8 Changing

Redistribution and static routes

IPv6 redistribution does not take connected routes into account by default, to do this, you need to add ‘included-connected’ parameter in the end of the command. On the other hand, IPv4 redistribution take IGP and connected routes into the process. ‘metric’ parameter also allow the engineer to set the metric of the route to the destination routing protocol.

For OSPFv3, no ‘subnets’ parameter because IPv6 redistribution doesn’t recognize classful networks. Local routes (/128) are ignored.

IPv6 static route can be set by ‘(config)#ipv6 route PREFIX/LENGTH [OUT_INT] NEXT_HOP_ADD [AD] [tag VALUE]’ command. Note that the next hop IP address can be any IPv6 address, but if you wish to use the link local address of the next hop router, you must indicate the outgoing interface as well.

An IPv6 mobile node has a home address on its home network and a care-of address on its current network. A node communicating with a mobile node is called a correspondent node of the mobile node. The association between the home address and the care-of address of a mobile node is known as a binding. When a mobile node roams away from its home network, it sends a binding update to its home agent, a router on its home network. There are two ways that a mobile node and a correspondent node can communicate—via the home agent or directly.

In the first case, packets from the correspondent node are routed to the home agent and then tunneled to the mobile node. Packets to the correspondent node are tunneled from the mobile node to the home agent and then routed normally from the home network to the correspondent node. In the second case, when the mobile node first receives a packet from the correspondent node, it sends a binding update to the correspondent node. Packets from the correspondent node can then be routed directly to the care-of address of the mobile node and all traffic flows directly between the correspondent node and the mobile node.

Migration and tunnel

There are 3 major tools used for translation between IPv4 and IPv6, these include dual stacks, tunneling, and NAT protocol translator (NAT_PT).

Dual stack

Dual stack host has both IPv4 and IPv6 addresses that they use to communicate using either one of the protocols. Dual stack router means the router not only have IPv4 and IPv6 address, it also implement IPv4 and IPv6 routing protocols.

Dual stack it easy to implement because you only need to specify both the IPv4 and IPv6 address.

To forward IPv6 packets, the engineer use:

Page 69: CCNP Route · CCNP ROUTE EIGRP 4 CCNA Recap 4 RTP 4 Timers 5 EIGRP authentication 5 Neighbor discovery 6 Neighbor table 7 Topology table 8 EIGRP and Frame Relay + other topics 8 Changing

- Native IPv6: configure IPv6 on most or all interfaces and make all routers use a dual stack- IPv6 tunnel: used in environments with both IPv4 and IPv6. Transport IPv6 packets across

IPv4 network by encapsulating in an IPv4 packet.

Tunneling

Tunneling is the process by which IPv6 packets are encapsulated in IPv4 packets. The first router a dual stack host pass should be equipped with dual stack as well to encapsulate the original packet inside an IPv4 packet. The last receiving router should also be equipped with dual stack in order to to be able to read the message. There are point-to-point and multipoint tunnels.

A point-to-point IPv6 tunnel is implemented between 2 tunnel interfaces of 2 routers. Note that this interface is in the direction that face the other router instead of facing the LAN.

A point-to-multipoint IPv6 tunnel is like NMBA in Frame Relay, where every router’s tunnel interfaces are connected at an unseen single point in the middle. The difficulty is that it can’t use IGP, only relying on multiprotocol BGP or static routes. There are automatic 6to4 tunnel and ISATAP tunnels.

Use point-to-point tunnel for frequent traffic, and point-to-multipoint for frequent ones.Method Type Topology Advantages and Other Notes

Manually Configured

Static Pt-pt Acts like a virtual point-to-point link, supporting IPv6 IGPs. Good for more permanent tunnels. Slightly less overhead than GRE.

GRE Static pt-pt Generic Routing Encapsulation. Same advantages as previous row, plus it can support other Layer 3 protocols over the same tunnel.

6to4 Dynamic Mpt It may require less configuration than all other types when adding a new site. Supports global unicasts, with some extra configuration. Uses second and third quartets to store IPv4 address.

ISATAP Dynamic Mpt It easily supports global unicast addresses for all prefixes. Uses seventh and eighth quartets to store IPv4 address.

To configure MCT, you need to configure IPv4 addresses. Since MCT is point-to-point topology, the source address of one router must match the destination address of another. If multiple links exist, the routers should use loopback addresses (from a loopback interface) instead. Note that tunnel interface is a virtual interface.

To configure MCT,1. ‘(config)#interface tunnel IDENTIFIER’ where the identifier can be almost any positive

integer.2. Define source and destination address with ‘(config-if)#tunnel source {IPV4_ADD |

loopback NUM}’ and ‘(config-if)#tunnel destination IPV4_ADD’; note that if you use a loopback interface 0, specify its address by ‘tunnel source loopback 0’

3. Define this as a MCT tunnel by ‘(config-if)#tunnel mode ipv6ip’

Note: when both routers have finished configuration, the tunnel should be up. A ‘show interface tunnel’ should display the tunnel status. The encapsulation will be ‘TUNNEL’, tunnel protocol/transport is ‘IPv6/IP’. You can also check with ‘show ipv6 interface tunnel’

Page 70: CCNP Route · CCNP ROUTE EIGRP 4 CCNA Recap 4 RTP 4 Timers 5 EIGRP authentication 5 Neighbor discovery 6 Neighbor table 7 Topology table 8 EIGRP and Frame Relay + other topics 8 Changing

Previous to configuring MCT, the router should already have IPv6 addressing and routing in place. The IPv6 address is necessary.

Link local address on tunnel interface is that of FE80::/96 (link local) with the last 32 bits in hexadecimal form of the source IP address (whether from loopback or else configured).

The only configuration difference between GRE and MCT tunnel is GRE uses ‘tunnel mode gre ip'; GRE is the default encapsulation on Cisco routers and thus, this command may not even be needed.

If 2 tunnels have a encapsulation mismatch, but the link status is still up/up. Here are some difference between the 2. The 4 byte difference come from 4 byte GRE header.

Manual Tunnels GRE

RFC 4213 2784

Tunnel mode command tunnel mode ipv6ip tunnel mode gre ip

Passenger MTU default 1480 1476

Supports IPv6 IGPs? Yes Yes

Forwards IPv6 multicasts? Yes Yes

Uses static configuration of tunnel destination? Yes Yes

Supports multiple passenger protocols? No Yes

Link local based on... FE80::/96, plus 32 bits from tunnel source IPv4 address

IPv6 EUI-64, using first LAN interface’s MAC address

Automatic 6to4 uses IPv6 address from 2002::/16 range,

You can display related information using ‘show interface tunnel’, clear with ‘clear counters tunnel TYPE NO’

Another type of tunnel is called Teredo, which encapsulated IPv6 packets in IPv4/UDP packet to prevent being changed and disrupt NAT operation.

ISATAP treats IPv4 network as NBMA and allow IPv4 private network to incrementally implement IPv6 without upgrading the network.

NAT-PT

These methods describe how same-protocol hosts (IPv4 - IPv4) and communicate with each other. However, for IPv4 hosts to communicate with IPv6 hosts, or vice versa, you need NAT protocol translation or NAT-PT. Static NAT-PT provides a one-to-one mapping of a single IPv4 address to a single IPv6 address (sounds like static NAT). There is also Dynamic NAT-PT, which uses a pool of IPv4 addresses to provide a one-to-one mapping with an IPv6 address. Finally, there is Network Address Port Translation (NAPT-PT), which provides a many-to-one mapping of multiple IPv6 addresses to one IPv4 address and a port number.

Page 71: CCNP Route · CCNP ROUTE EIGRP 4 CCNA Recap 4 RTP 4 Timers 5 EIGRP authentication 5 Neighbor discovery 6 Neighbor table 7 Topology table 8 EIGRP and Frame Relay + other topics 8 Changing

Remember that NAT-PT exchange the header instead of adding/removing the header.

NAT-PT can translate many headers, such as IPv4, IPv6, TCP, UDP, ICMP, etc. It’s also heavily involved in exchange between DNS and DNSv6 packets.

The actual translation is done by stateless IP/ICMP translation (SIIT).

Bump-in-the-API (BIA) and Bump-in-the-Stack (BIS) are NAT-PT implementations within a host. BIA/BIS intercepts system calls to IPv4 functions and dynamically responds with IPv6 information, allowing, for example, a server to be converted to IPv6 without rewriting applications. This approach will not work, however, for applications that embed IP addresses in the payload, such as the file transfer protocol (FTP).

Page 72: CCNP Route · CCNP ROUTE EIGRP 4 CCNA Recap 4 RTP 4 Timers 5 EIGRP authentication 5 Neighbor discovery 6 Neighbor table 7 Topology table 8 EIGRP and Frame Relay + other topics 8 Changing

Branch design and WAN

Basic terminology

Broadband Internet access technology refers to a class of high speed communication methods that allow a device to access the Internet.

PPP over Ethernet, or PPPoE, is a term describing the format of a frame that has a PPP header between the Ethernet and IP header. This allow the ISP to identify a user and maybe, track them. PPP over ATM (PPPoA) is implemented in DSL.

ISR include 800, 1800, 2800, and 3800 family, plus 1900, 2900, and 3900s. Consumer routers such as linksys has the DCHP client/server, PAT/NAT built in, but it Enterprise routers would require specific configuration for these function to work.

Connecting with IPsec

For packets to pass from the branch to the Core via the unsafe Internet, security is important. IPsec works by creating a tunnel between the branch office and Enterprise Core.

The source and destination address use the private address of the networks, which is encrypted and encapsulated in a IPsec header, then an IPv4 header. The outer header contain the branch’s and Enterprise’s public address as source and destination address. The Enterprise Core, of course, must be equipped with devices to decrypt the packets.

Note that IPv4, in this case, is both used as transport and passenger protocol. The IPsec header encapsulated may include various features depending on how the IPsec framework is built.

IPsec can’t directly support IGP because it can’t forward multicast messages. However, you can replace it with a GRE tunnel, which can:- Act as a point-to-point link from Layer 3 perspective- Support many passenger protocols other than IPv4- Encapsulate/forward broadcast and multicast, thus, support IPv4 IGP- Run through IPsec tunnel- Not required to use floating static route

If multiple connection between the 2 networks exist, and the engineer wish to use all of them, s/he can just configure these methods to use the same routing protocol. This way, the route can be manipulated to a desired state.

Connecting with DSL

DSL utilize the phone line between the Telco and customer to provide Internet access by employ different frequencies (it uses frequency higher than 4000 Hz; a filter is placed so we don’t heard them while we talk on the phone). DSL is switched circuit. A DSLAM is placed at the telco office to separate the digital and analog data so each end up where they are suppose to be.

DSL uses ATM and PPP. ATM is used for transferring the data, data-link address, how to pass L3 data, and identify the content (ATM header). PPP is most used for its CHAP authentication (PPPoA header between ATM header and IP header).

Page 73: CCNP Route · CCNP ROUTE EIGRP 4 CCNA Recap 4 RTP 4 Timers 5 EIGRP authentication 5 Neighbor discovery 6 Neighbor table 7 Topology table 8 EIGRP and Frame Relay + other topics 8 Changing

ATM uses PVCs (between DSL modem and ISP router) like Frame Relay and it’s data-link address is also locally-significant. ATM uses 2-part address called virtual path identifier/virtual connection identifier (VPI/VCI). ATM is a little more complicated than Frame Relay as it carries 53-byte cells. All data needs to be 48-byte and plus the 5-byte header.

DSL configuration include:- Create a dialer interface (‘interface dialer IDENTIFIER’ command, responsible for PPP, such

as CHAP, and address negotiation)- Apply layer 3 and PPP configuration relates to DSL- Apply ATM configuration to ATM interface- Link ATM interface to dialer interface- IP route forwards traffic out the dialer interface to trigger DSL encapsulation process.

ATM interface is created by ‘interface ATM type/type’ command. VPI/VCI is applied by ‘pvc’ subcommand. ‘(config-if)3encapsulation aal5mux ppp dialer’ means PPPoA will be used and this PVC will use the logic of a dialer interface. ‘dialer pool-member IDEN’ (in ATM interface) corresponds with pool configured in dial interface with ‘dialer pool IDEN’, which teller the dialer interface that when ti needs to signal a new connection, look for interface with ‘dialer pool-member IDEN’ configured. To tell router to learn its IP address from ISP using PPP, use ‘ip address negotiated’ at dialer interface.

Connecting with VPN

Other than IPsec, the following can also provide intra-network connection over the Internet:- virtual tunnel interface, like GRE, but uses encapsulation without the GRE 4-byte header- Dynamic multipoint VPN (DMVPN) create a multipoint VPN concept, less configuration to

add to a new site.- Group encrypted transport VPN (GETVPN), like DMVPN.

When configuring GRE, you can ignore the ‘tunnel mode’ command, which allows you to use IPv4 as passenger protocol

Page 74: CCNP Route · CCNP ROUTE EIGRP 4 CCNA Recap 4 RTP 4 Timers 5 EIGRP authentication 5 Neighbor discovery 6 Neighbor table 7 Topology table 8 EIGRP and Frame Relay + other topics 8 Changing

Multicast

Multicast MAC and IP address

A router doesn’t forward broadcast and multicast messages by default. These packets have a TTL of 1. You can configure to allow broadcast to spread from one subnet to another using ‘ip directed-broadcast’. Multicast packets are routable.

Multicast messages often uses UDP thus delivery is not guaranteed. Other areas require different attention, security can be addressed by IPsec, and multimedia traffic can be carried by RTP.

Multicast MAC address always begin with 0100.5E and the 25th bit is always 0. This means it’s not possible for the 7th hexadecimal digit to be equal or greater than 8. The rest of the bits come from the last 23 bits of the corresponding IP address. However, this combination is not a not unique multicast address, 32 other addresses may have the same multicast address (thus, have to check the destination IP address for sure). This lead to the suggestion to use non-overlap Multicast IP address instead.

224.0.0.1 is the multicast IP address to reach all hosts. Here are the types of multicast IP address:Multicast Address Range Multicast Address Mask Description224.0.0.0--224.0.0.255 255.255.255.0 Local Network Control Block224.0.1.0--224.0.1.255 255.255.255.0 Internetwork Control Block224.0.2.0--224.0.255.255 N/A Ad Hoc Block224.1.0.0--224.1.255.255 N/A Unassigned224.2.0.0--224.2.255.255 255.255.0.0 SDP/SAP Block224.3.0.0--231.255.255.255 N/A Unassigned232.0.0.0--232.255.255.255 255.0.0.0 Source Specific Multicast Block233.0.0.0--233.255.255.255 255.0.0.0 GLOP Block234.0.0.0--238.255.255.255 N/A Unassigned239.0.0.0--239.255.255.255 255.0.0.0 Administratively Scoped Block- Local network control block is reserved for local multicast transmission and will not be

forwarded any further than local segment. TTL = 1. 224.0.0.1 is all host, while 224.0.0.2 is all IP routers. Routing protocol uses this block of address to advertise routing information. PIM uses 224.0.0.13, while IGMP uses 224.0.0.22.

- Internetwork control block are used by network protocols when control messages need to be multicasted beyond the local network segment. TTL is the same as unicast packets

- Ad hoc block are assigned to applications that fall somewhere in between link local and internetwork control multicast group. Must be reviewed by IANA.

- SDP/SAP block is reserved for applications that send and receive multimedia session announcements using the SAP

- Source-specific multicast (232.0.0.0/8): SSM (an extension of PIM) allow efficient data delivery in one-to-many (broadcast) communication. Also supported in IGMPv3.

- GLOP (233.0.0.0/8): allocate 256 multicast IP address for each AS. First octet = 233, second and third octet = ASN in binary.

- Administratively scoped address (239.0.0.0/8): used in private multicast domain. 239.252.0.0/14 is reserved for site-local multicast and 239.192.0.0/10 is for organization-local scope.

Here are some familiar multicast address:

Page 75: CCNP Route · CCNP ROUTE EIGRP 4 CCNA Recap 4 RTP 4 Timers 5 EIGRP authentication 5 Neighbor discovery 6 Neighbor table 7 Topology table 8 EIGRP and Frame Relay + other topics 8 Changing

Address Group

224.0.0.1 All multicast-capable hosts on this segment.

224.0.0.2 All multicast-capable routers on this segment .

224.0.0.4 All Distance Vector Multicast Routing Protocol (DVMRP) routers on this segment.

224.0.0.5 All Open Shortest Path First (OSPF) routers.

224.0.0.6 All OSPF DR/BDR.

224.0.0.9 All Routing Information Protocol Version 2 (RIPv2) routers.

224.0.0.10 All Enhanced Interior Gateway Routing Protocol (EIGRP) routers.

224.0.0.13 All Protocol Independent Multicast (PIM) routers.

224.0.0.15 All Core Based Tree (CBT) routers.

Multicast solutions

Multicast traffic, by default, are flooded out all ports, the hosts decide whether or not the frame is for them. This is one efficient and wastes bandwidth, to mitigate this problem:- Static MAC table entries for the multicast address, not a recommended solution for large

amount of multicast address and frequent changes.- Cisco group management protocol (CGMP) runs between switches and routers. It passes

the MAC address of the requestor and the multicast group requested on to the switch. Then the switch check its CAM table and make a decision about which port is enabled to receive these frames.

- IGMP snooping perform the same process as CGMP but using IGMP. Cisco uses hardware to perform this because it’s too much burden for the software. IGMP snooping allows a switch to identify end systems that request multicast traffic and limit forwarding of a multicast address to specific ports. IGMP snooping is enabled by default, and can be manually disabled by the command no ip igmp snooping.

Versions of IGMP

When a user wish to receive multicast messages from a certain multicast address, it sends a special request to the local router. There are IGMPv1 (RFC 1112), v2 (RFC 2236) and v3 (RFC 3376). All devices can be reached at 224.0.0.1.

In version 1, to join a group, a host dynamically send a message called membership report IGMP message to the router telling it which address this host wants to join. The multicast message will be send with destination address unchanged. Because there is no leave process, if a host no longer wish to hear a multicast, it doesn’t send membership report.

Multicast routers must intercept all the multicast packets to receive the membership reports and add hosts to the appropriate group. Every 60 seconds, the router (elected as the querier or DR) send query to 224.0.0.1 asking if hosts are still interested in receiving updates. Only 1 host response is needed to maintain forwarding. If no membership report (from a host) for a current active multicast address has been received for up to 3 queries (3 minutes), that host is pruned from the multicast address. If this happens to all hosts, then the multicast group is discarded.

Page 76: CCNP Route · CCNP ROUTE EIGRP 4 CCNA Recap 4 RTP 4 Timers 5 EIGRP authentication 5 Neighbor discovery 6 Neighbor table 7 Topology table 8 EIGRP and Frame Relay + other topics 8 Changing

Router doesn't record membership list for each multicast group, it only records which multicast group are active on which interfaces. Verify with ‘show mroute'

IGMPv2 improves on:- Queries can be general queries (224.0.0.1) or group-specific queries (for only one

multicast group)- Hosts can leave group dynamically by sending Leave Group message to all-router address

(224.0.0.2). Router respond with group-specific query asking if other hosts are still interested; this query is send once a second for 2 seconds. Interested host reply with membership report, if none is received, DR stop flowing multicast to this group.

- Querier election with the lowest IP address wins; re-election occurs 250 seconds after the DR is last heard. In v1, multicast routing protocol is responsible for that.

- Query-interval response time in maximum response time field, by default, 10 seconds, tells hosts how long after the query has been send that a host must reply. The value can increase on segment with many hosts.

Hosts can join multicast group any time by sending an unsolicited report to the desired multicast address. To see current active group, use ‘show ip igmp group’, which contains a field called ‘Last Reporter’. If a device other than the last porter sends a leave message, the router assume there are at least one user present. If the last reporter send a leave message, the router sends a membership query to reduce latency.

IGMPv3 add support for multicast source filtering. This means a host sends the router a list of multicast address from which it would like to hear from. IGMPv3 is compatible with the older versions of IGMP.

IGMPv3 is primarily used for source-specific multicast (SSM). SSM is based on PIM sparse mode, with a separate source-distribution tree for each source that is used within each group.

To change IGMP version use ‘(config-if)#ip igmp version {1 | 2 | 3}’. To display what IGMP versions are used, check ‘show ip igmp interface’ command. ‘show ip igmp groups’ display the active groups in use. You can also use ‘show multicast group igmp' command. To ask a router to join a multicast group, use ‘ip igmp join-group MULT_ADD’, you can multicast ping with ‘mping’ command. You can view these statically-joined group with ‘ip igmp static-group’

Another multicast protocol you may see is CGMP. It’s a Layer 2 protocol rather than ICMP, which is layer 3. It works with switches to relay or stop the multicast. Routers receiving ICMP messages translate it into CGMP and send it to switches at 0100.0CDD.DDDD (SNAP value 0x2001) to implement.Entry GDA [6 bytes]:

translated multicast IP group address

USA [6 bytes]: IGMP report device MAC address

Join/Leave [4 bits]: 0 = join, 1 = leave

Meaning

1 Multicast MAC Client MAC Join Add port to group2 Multicast MAC Client MAC Leave Delete port from group3 00-00-00-00-00-00 Router MAC Join Assign router port4 00-00-00-00-00-00 Router MAC Leave Remove router port5 Multicast MAC 00-00-00-00-00-00 Leave Delete group

Page 77: CCNP Route · CCNP ROUTE EIGRP 4 CCNA Recap 4 RTP 4 Timers 5 EIGRP authentication 5 Neighbor discovery 6 Neighbor table 7 Topology table 8 EIGRP and Frame Relay + other topics 8 Changing

6 00-00-00-00-00-00 00-00-00-00-00-00 Leave Delete all group

Since Catalyst 4000 and 5000 family can act as a router and handle ICMP message using ‘(enable)set cgmp leave {enable | disable}’

Implementing multicast

When multicasting, you need a path between the host and the server for the information to pass through, this can’t be established by the server. The host must somehow know the address of the server, which can be established by:- Link such as email, or webpage- Session directory (SD), an application that uses SDP to announce the address of the

server. This application uses 224.2.127.254

Multicast routing protocol

Implementing multicast require different logic and routing protocol than traditional packet forwarding. These routing protocol include Multicast OSPF (MOSPF), Distance Vector Multicast Routing Protocol (DVMRP), Center-Based Trees, Core-Based Trees, and Protocol Independent Multicast (PIM). Cisco routers do not support Center- or Core-Based Trees and support DVMRP only enough to redistribute routes. The only MOSPF command used in IOS is one to turn off an annoying error message that comes from receiving MOSPF.

Multicast routing protocols are also described as either sparse or dense. A dense multicast routing protocol assumes that all hosts on all links are interested in the traffic and so floods multicasts out all paths, only to have some paths ask not to receive the traffic. This could succinctly be described as “bush out, prune back.” Sparse multicast routing protocols assume that no one wants the traffic until they ask for it.

Dense-mode protocols work better in LANs, where bandwidth is plentiful. Sparse-mode protocols work better in WANs, where conserving bandwidth is critical.

Reverse path forwarding (RPF) check every multicast packet the router receives on an interface that the return traffic uses the same interface. The test is performed by looking up the source address of the multicast packet in the unicast routing table and cross-reference the exit interface of that address with the interface on which the multicast packet is received. If match, the packet if forwarded to the recipient, if not, the packet is dropped.

Multicast tree is a logical map of the nodes in a network. The multicasting server is the root, but not all nodes, or branches will become destination for that multicast packet. Multicast routes are written as (server-address, multicast-address).

Multicast traffic is distributed by moving the traffic away from the source, along the RPF paths. The path that multicast traffic travel upon is called a distribution tree. There are 2 types: shared and source-rooted. Shared trees define a common set of links over which all multicast traffic flows. Shared trees are efficient and can be rooted at rendezvous points (RP). For each group, shared trees have one (*, G) route (all sources within the group route the same way). Source-based trees take the shortest path from the source to the receiver, which is to say each source has a separate set of routes associated with it. Source-based trees are more complicated (and use more memory) but more efficient in terms of bandwidth.