network routing protocols - a brief

7/28/2019 Network Routing Protocols - A brief

1/72

2000, Cisco Systems, Inc.

2200

1303_06_2000_c2 1

2 2000, Cisco Systems, Inc.22001303_06_2000_c2

Advanced RoutingTechnologies

Advanced RoutingTechnologies

Session 2200Session 2200


2/72

3 2000, Cisco Systems, Inc.2200

1303_06_2000_c2

AgendaAgenda

Background

Host Interaction

Too Much Information

Multi-Routing-Protocol

Redistribution

Policy Routing

Internet


BackgroundBackground


3/72


1303_06_2000_c2

CCIE CredoCCIE Credo

Just becauseyou can, doesnt

mean you should.


Router FunctionsRouter Functions

Routing = building mapsand giving directions

Switching = forwardingpackets between

interfaces Routers are packet

relays or switches

Path determinationis overhead


4/72


1303_06_2000_c2

I Know About:

Network XNetwork YNetwork Z

I Know About:

Network ANetwork BNetwork C

A

B

C

X

Y

Z

Routing Update

Exchanges Network Knowledge

Routing ProtocolsRouting Protocols

Routers are packet switches that forward trafficbased on Layer 3 logical addresses

Routing protocol updates are exchanged by routersto learn about paths to other logical networks

Each routing protocol offers features that can makeit desirable as part of an internetwork design


NameName

RIPRIP

RIPV2RIPV2

IGRPIGRP

EIGRPEIGRP

OSPFOSPF

IS-ISIS-IS

BGPBGP

TypeType

DVDV

DVDV

DVDV

Adv DVAdv DV

LSLS

LSLS

Path VecPath Vec

ProprietaryProprietary

NoNo

NoNo

YesYes

YesYes

NoNo

NoNo

NoNo

FunctionFunction

InteriorInterior

InteriorInterior

InteriorInterior

InteriorInterior

InteriorInterior

InteriorInterior

ExteriorExterior

UpdatesUpdates

30 Sec30 Sec

30 Sec30 Sec

90 Sec90 Sec

TrigTrig

TrigTrig

TrigTrig

IncrIncr

MetricMetric

HopsHops

HopsHops

CompComp

CompComp

CostCost

CostCost

N/AN/A

VLSMVLSM

NoNo

YesYes

NoNo

YesYes

YesYes

YesYes

SummSumm

AutoAuto

AutoAuto

AutoAuto

BothBoth

ManMan

AutoAuto

AutoAuto

Internet Routing ProtocolsInternet Routing Protocols

IP routing protocols are characterized as

YesYes


5/72


1303_06_2000_c2

The Forwarding TableThe Forwarding Table

Populated by

Hardware State

Configuration

Routing Protocols

02:03:5002:03:50

02:03:5002:03:50

00:00:2000:00:20

AgeAge

[170/304793][170/304793]

[110/9936][110/9936]

[120/3][120/3]

Dist/MetricDist/Metric

DD

OO

RR

SrcSrc

CC

198.113.181.0/24198.113.181.0/24

198.113.178.0/26198.113.178.0/26

192.168.96.0/24192.168.96.0/24

Network #Network #

192.150.42.178/25192.150.42.178/25

Ethernet0Ethernet0

Ethernet0Ethernet0

Ethernet0Ethernet0

InterfaceInterface

Ethernet0Ethernet0

192.150.42.177192.150.42.177

192.150.42.177192.150.42.177

192.150.42.177192.150.42.177

Next HopNext Hop

Direct ConnectDirect Connect


The Forwarding TableThe Forwarding Table

Configuration defineswhat protocol processesrun, which interfaces theyown, and how theyprocess protocol data

Each routing protocolprocess

Creates its own tables anddatabases

Receives protocol packetsand processes them

Tries to insert the resultsinto the forwarding table

IOS

02:03:5002:03:50DD 198.113.181.0/24198.113.181.0/24 Ethernet0Ethernet0[170/304793][170/304793] 192.150.42.177192.150.42.177

02:03:5002:03:50OO 198.113.178.0/26198.113.178.0/26 Ethernet0Ethernet0[110/9936][110/9936] 192.150.42.177192.150.42.177

00:00:2000:00:20RR 192.168.96.0/24192.168.96.0/24 Ethernet0Ethernet0[120/3][120/3] 192.150.42.177192.150.42.177

AgeAgeSrcSrc Network #Network # InterfaceInterfaceDist/MetricDist/Metric Next HopNext Hop

CC 192.150.42.178/25192.150.42.178/25 Ethernet0Ethernet0Direct ConnectDirect Connect


6/72


1303_06_2000_c2

Host InteractionHost Interaction


How Hosts TransmitHow Hosts Transmit

Using default-gw:

Compare DA tointerfaces and masks

If local, get L2 datavia arp and transmit

Else get L2 data ofdefault router via arpand transmit

Using tables:

Search table for longestmatch use next hop

Local is a special case,next hop is DA

If no match use defaultroute for next hop

Get L2 data of next hopvia arp and transmit

Note: Simplified


7/72


1303_06_2000_c2

ARP for 10.1.2.2

Respond to ARP

Packet for 10.1.2.2

10.1.1.2/16 10.1.1.1/24

Proxy ARPProxy ARP

Router responds to ARPs for offsubnet addresses if it has a route

Enabled by default

RFC 1027


ICMP RedirectsICMP Redirects

Cisco routers send ICMP redirects when:

The input interface is the output interface and

the (sub)network of the source IP address is the same(sub)network of the next-hop IP address of the routedpacket and

the datagram is notsource-routed and

the system is configured to send redirects. (On bydefault) You can use the interface subcommandno ip redirects to disable ICMP redirects.)

Note: ICMP redirects are disabled by defaultif HSRP is configured on the interface


8/72


1303_06_2000_c2

Find a Default RouterFind a Default Router

IRDPICMP Router Discovery Protocol, RFC 1256

Routers periodically announce via ICMP thatthey are default

Clients can solicit routers as well

Are there any routers?

10.1.1.4/16 10.1.1.2/2410.1.1.1/24

I am default

I am default


ip irdp [multicast

holdtime seconds (3X max)maxadvertinterval seconds (600)minadvertinterval seconds (3/4X max)preference number (0)address a dd r e s s [numbe r]]

IRDP on RoutersIRDP on Routers

Announcements have a lifetime and preference

Configured per interface; off by default

Can advertise via all systems multicast(224.0.0.1)

Preference level can be set


9/72


1303_06_2000_c2

IRDP on HostsIRDP on Hosts

in.rdisc in Solaris (multicast only) gated in Linux, HP-UX and AIX

routerdiscovery client yes | no | on | off ;

WinSock2 in Windows

NT 4.0 KB Article Q223756HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\adaptername\Parameters\Tcpip\

DHCP option 31


10.1.1.300:10:7B:04:88:BB10.1.1.33

10.1.1.1

00:10:7B:04:88:AA

10.1.1.200:10:7B:04:88:CC

default-gw = 10.1.1.1

HSRPHot StandbyRouter Protocol

HSRPHot StandbyRouter Protocol

Transparent failover of default router

Phantom router created

One router is active, responds to phantomL2 and L3 addresses

Others monitor and take over phantom addresses


10/72


1303_06_2000_c2

Router Group #1

Router Group #2

StandbyStandby

StandbyStandby

StandbyStandby

PrimaryPrimary

PrimaryPrimary

HSRPRFC 2281HSRPRFC 2281

HSR multicasts hellosevery 3 sec with adefault priority of 100

HSR will assume controlif it has the highestpriority and preemptconfigured after delay(default=0) seconds

HSR will deduct 10 fromits priority if the trackedinterface goes down


HSRPHSRP

Hot Standby Router ProtocolRouter1:

interface ethernet 0/0

bandwidth 128128

ip address 169.223.10.1 255.255.255.0

standby 10 ip 169.223.10.254169.223.10.254

Router2:

interface ethernet 0/0

bandwidth 15001500

ip address 169.223.10.2 255.255.255.0

standby 10 priority 150150 preempt delay 1010

standby 10 ip 169.223.10.254169.223.10.254

standby 10 track serial 0 6060

Internet or ISPbackbone

Server Systems

Router 1Router 1 Router 2Router 2


11/72


1303_06_2000_c2

router ripnetwork 172.16.0.0

redistribute eigrp 1 subnets

router eigrp 1

network 172.16.0.0

Speak RIP to HostsSpeak RIP to Hosts

Using EIGRP buthosts run RIP

Router can:

RIP out, but not in

Advertise default only


IP Broadcast ControlIP Broadcast Control

Subnet or directed broadcast->w.x.y.255

All net broadcast->255.255.255.255

IP directed broadcasts are dropped by default

ip helper-address forwards ip forward-protocol packets

ip directed-broadcast floods ip forward-protocol

packets

To be forwarded:

The packet must be a MAC-level broadcast.

The packet must be an IP-level all or major network broadcast.

The packet must be a TFTP, DNS, Time, NetBIOS, ND, or BOOTPpacket, or a UDP protocol specified by the ip forward-protocoludp global configuration command.

The time-to-live (TTL) value of the packet must be at least two.


12/72


1303_06_2000_c2

IP Helper AddressIP Helper Address

Specified on the input interface

Indicates direction towardbroadcast destination

Forwards ip forward-protocolbroadcast packets, specifically:

TFTP, DNS, bootp, DHCP, TACACS,time, NetBIOS name and datagramservers

e0

Router A:interface ethernet 0ip helper-address 10.2.1.3 TFTP server

10.2.1.3

AA


IP Forward ProtocolIP Forward Protocol

Flooded UDP packets have destination addresschanged to ip broadcast-address

ip forward-protocol spanning-tree

uses spanning tree database for flooding

ip forward-protocol turbo-flood

speed-up if using spanning tree flooding

Example:ip forward-protocol spanning-tree

bridge 1 protocol dec

access-list 201 deny 0x0000 0xFFFF

interface ethernet 0

bridge-group 1

bridge-group 1 input-type-list 201


13/72


1303_06_2000_c2

UDP Broadcast ApplicationUDP Broadcast Application

TIC Servers 164.53.7.0

.61 .62

164.53.8.0 164.53.9.0 164.53.10.0

Trader Networks

AA BB

FeedNetwork 200.200.200.0 Feed network

provides data

TIC servers UDPbroadcast data

Feed networkconnected torouters formanagement

e0 e0


Helper AddressesHelper Addresses

IP helper added torouter interfaceson TIC network

Each router sees

the other routersbroadcasts

Each stationreceives multiplecopies of data


.61.62

164.53.8.0 164.53.9.0 164.53.10.0

Trader Networks

AA BB

FeedNetwork 200.200.200.0


14/72


1303_06_2000_c2

UDP Forward ProtocolUDP Forward Protocol

Configure spanningtree

Filter non-routedprotocols

STP path costs set

A = 100 defaultB = 50

Router A defaultrouter

IRDP preference


.61 .62

164.53.8.0 164.53.9.0 164.53.10.0

Trader Networks

AA BB

FeedNetwork 200.200.200.0


Router A ConfigurationRouter A Configuration

ip forward-protocol spanning-tree

ip forward-protocol udp 111

!


ip address 200.200.200.61 255.255.255.0

ip broadcast-address 200.200.200.255

!


ip address 164.53.7.61 255.255.255.192ip broadcast-address 164.53.7.63

ip irdp preference 100

bridge-group 1


!


bridge 1 priority 255

access-list 201 deny 0xFFFF 0x0000


15/72


1303_06_2000_c2

Router B ConfigurationRouter B Configuration

ip forward-protocol spanning-treeip forward-protocol udp 111

!


ip address 200.200.200.62 255.255.255.0


!


ip address 164.53.7.62 255.255.255.192


ip irdp preference 90

bridge-group 1

bridge-group 1 path-cost 50


!


bridge 1 priority 255

access-list 201 deny 0xFFFF 0x0000


Secondary AddressesSecondary Addresses

More than one IP address onan interface

Every router on the broadcast

media must be part of all networks For RIP and IGRP, each address

will broadcast routing tables

Also called multinettingmultinetting


16/72


1303_06_2000_c2

172.17.2.21172.16.1.64

172.16.1.1

172.17.2.1

Secondary AddressingSecondary Addressing

Useful in switched networksRouter may relay packets, acting as a default gateway

Host may communicate directly, using ARP for learning

All routers on the same subnet mustmust be part of allsecondary networks

172.16.1.2172.17.2.2


Too Much InformationToo Much Information

Static RoutesStatic Routes


17/72


1303_06_2000_c2

Static RoutesStatic Routes

Routes configured manually Useful when few or just one

route exist

Can be administrative burden

Frequently used for default route

Two formats:

Outbound interface

Explicit next hop

(not always adjacent)


Redistributing Static RoutesRedistributing Static Routes

Redistributed via network statement

If next hop is interface and network specd

ip route 172.16.1.0 255.255.255.0 ethernet 0

router xxxx

network 172.16.0.0

Redistributed if so configuredrouter xxxx

redistribute static


18/72


1303_06_2000_c2

ip route 172.16.1.0 255.255.255.0 172.16.3.1 140140

router rip

network 172.16.0.0

172.16.3.1172.16.1.0

172.16.3.2

E1

ISDN

Floating Static RoutesFloating Static Routes

A static route with a high distance

Can be overridden by dynamic info



Default RoutesDefault Routes


19/72


1303_06_2000_c2

CITY

WORLD

Default RoutesDefault Routes

Route used if no match is found inforwarding table

Can be carried by routing protocols

Two models

Special network number: 0.0.0.0

Flagged in routing protocol

Protocols support multiple models


Creating a Default RouteCreating a Default Route

default-gateway is for host mode

RIP, RIPv2: network 0.0.0.0

IGRP, EIGRP: ip default-network

OSPF, ISIS, BGP:default originate


20/72


21/72


1303_06_2000_c2

ip route 0.0.0.0 0.0.0.0 serial 0router ospf 1

network 19.0.0.0 0.225.225.225 area 0

default-information originate always

10.1.1.0/23OSPF

19.0.0.0ISP

AS 200

SO

10.1.1.110.1.1.2

Service

ProviderRunningBGP

OSPF ExampleOSPF Example

OSPF default configuration usinga static route


ip route 10.0.0.0 0.0.0.0 serial 0router eigrp 1

network 19.0.0.0

ip default-network 10.0.0.0

10.1.1.0/23EIGRP19.0.0.0

ISPAS 200

SO

10.1.1.110.1.1.2

EIGRP ExampleEIGRP Example

The default network of 0.0.0.0 used by RIP cannot beredistributed by IGRP or Enhanced IGRP

ServiceProviderRunningBGP


22/72


1303_06_2000_c2

ip route 0.0.0.0 0.0.0.0 s1

router isis

network 19.0.0.0default-information originate

ISIS19.0.0.0

ISIS19.0.0.0S1

19.1.1.119.1.1.2

Service

ProviderRunningBGP

L1L2L1

ISIS ExampleISIS Example

L1 default is nearest L1L2 router

Both L1 and L2 ISs cangenerate a default route

A L1 IS will always prefer a L1 default route beforeusingthe closest L2 capable IS


BGP ExampleBGP Example

Allows redistribution of 0.0.0.0

Same as adding network 0.0.0.0

IGP19.0.0.0

eBGPiBGP

19.1.1.119.1.1.2

router bgp 164default-information originate

ServiceProviderRunningBGP


23/72


1303_06_2000_c2

Conditional DefaultConditional Default

Inserts a default route if the condition inthe route map is met

In this case, if network (prefix) 10.1.1.0/24is present, advertise a default

ip prefix-list condcondpermit 10.1.1.0/24

!

route-map def-conddef-condpermit 10

match ip address prefix-list condcond

!

router rip

default-information originate route-map def-conddef-cond



Route SummarizationRoute Summarization


24/72


1303_06_2000_c2

I Can

Route to the172.16.0.0/16

Network

Routing Table172.16.0.0/16

Routing Table172.16.0.0/16

Routing TableRouting Table

172.16.25.0/24172.16.25.0/24172.16.26.0/24172.16.26.0/24172.16.27.0/24172.16.27.0/24

172.16.27.0/24

172.16.26.0/24

172.16.25.0/24

AA

What Is Route Summarization?What Is Route Summarization?

Routing protocols can summarize addresses ofseveral prefixes into one prefix

This helps control resource usage


172.16.128/17172.16.0/17

192.111.107/24

Route Summaries

172.16.0.0 255.255.0.0

192.111.107.0 255.255.255.0

Route Summaries

172.16.0.0 255.255.0.0

192.111.107.0 255.255.255.0

Route SummarizationRoute Summarization

By default summaries occur on classfulboundariesno auto-summary prevents this


25/72


1303_06_2000_c2

RIP Summarization ExampleRIP Summarization Example

The major network is 10.0.0.0 a Class A address space

The summary of the major net defines the prefix as impliedby the class (A, B, or C) of the address

The summary address 10.2.0.0 overrides the autosummaryaddress of 10.0.0.0

10.2.0.0 is advertised out interface E1

10.0.0.0 is not advertised

int E1ip address 10.1.1.1 255.255.255.0

ip summary-address rip 10.2.0.0 255.255.0.0

no ip split-horizon

router rip

network 10.0.0.0


OSPF Inter-Area SummarizationOSPF Inter-Area Summarization

Summaries sent into backbone

Area 1 Area 0 Area 2

AA BB CC DD

128.213.64..95/24 128.213.96..127/24

128.213.96.0/19

128.213.64.0/19

B#

router ospf 100

area 1 range 128.213.64.0 255.255.224.0


26/72


1303_06_2000_c2

EIGRP SummarizationEIGRP Summarization

Configured on an interface basis

EIGRP summary routes are given a distance of 5

AA BB CC DD

128.213.64..95/24 128.213.96..127/24

128.213.96.0/19

128.213.64.0/19

B# interface ethernet 0ip summary-address eigrp 123 128.213.64.0 255.255.224.0

C# interface ethernet 1ip summary-address eigrp 123 128.213.96.0 255.255.224.0

e0e1


ISIS SummarizationISIS Summarization

from L1 areas into the L2 backbone,

from L2 leaking down into L1 areas,

or when redistributing into L2 or L1

router isis

summary address 192.1.0.0 255.255.0.0


27/72


1303_06_2000_c2

BGP AggregationBGP Aggregation

Summarization based on specifics f romf romthe BGP rout ing tablethe BGP rout ing table

aggregate-address w.x.y.z mask{ as - s et } { s ummar y - on l y } { r out e-

map}

Use as - s et to include path andcommunity info from specifics

summar y - onl ysuppresses specifics

r out e- map sets other attributes


BGP Summarization ExamplesBGP Summarization Examples

Redistribute summary 193.0.0.0ip route 193.0.0.0 255.0.0.0 null 0

router bgp 100

redistribute static

Advertise aggregate if BGP has any more

specificrouter bgp 100aggregate-address 193.0.0.0 255.0.0.0

Aggregate only, more specific routessuppressed

router bgp 100

aggregate-address 193.0.0.0 255.0.0.0 summary-only


28/72


1303_06_2000_c2


Filtering Route DataFiltering Route Data


router xxxpassive interface serial 0

neighbor w.x.y.zneighbor w.x.y.z

s0

Passive InterfacePassive Interface

Prevents routing updates from being transmittedout an interface

Dont waste resources generating updates oninterfaces that have no need for them (loopback)

Can also usepassive-interface default


29/72


1303_06_2000_c2

AdvertiseB and X

AdvertiseB and Y

NetworkX

NetworkA

NetworkA

Network

B

NetworkY

Route FilteringRoute Filtering

Selectively announce routes, per neighborHide part of the topology/connectivity

Selectively accept routes, per neighbor

Refuse erroneous make-believe announcements

Protect against redistribution loops

Route filter with distribute-list command

Can filter anywhere in distance-vector protocols:

RIP, IGRP, EIGRP, RIPv2 and BGP

Can filter at redistribution points betweenany protocols:

RIP, EIGRP, OSPF, IGRP, IS-IS, BGP, Static, etc.

Use route-maps at redistribution points

Based on extended access-lists for route prefixes

Based on tags of route origin or history

Based on AS filters in BGP


s0

10.0.0.0

172.16.1.0 129.1.1.0

PartnerNetwork

distribute list 11 in serial 0

access-list 11 permit 129.1.0.0

access-list 11 deny 0.0.0.0 255.255.255.255

10.0.0.0

Filtering Incoming UpdatesFiltering Incoming Updates

Control input of routing data


30/72


1303_06_2000_c2

router eigrp 111network 128.1.0.0

distribute list 11 out serial 0

access-list 11 permit 128.1.0.0 0.0.0.0

ip default network 128.1.0.0

s0

Filtering Outgoing UpdatesFiltering Outgoing Updates

Useful to propagate default route


Precedence of FiltersPrecedence of Filters

Filter routing updates in or out bound

Interface specific or global

Evaluation order: interface, global

Example:

access-list 1 deny 1.0.0.0 0.255.255.255access-list 2 permit 1.2.3.0 0.0.0.255

router rip

distribute-list 1 in ethernet 0

distribute-list 2 in

List 2 is overridden on interface ethernet 0


31/72


1303_06_2000_c2

RIPRIP

RIPv2RIPv2

IGRPIGRP

EIGRPEIGRP

OSPFOSPF

BGPBGP

UDP Port 520UDP Port 520

UDP Port 520UDP Port 520

IP Protocol Field 9IP Protocol Field 9



TCP Port 179TCP Port 179

255.255.255.255255.255.255.255

224.0.0.9 (Default)255.255.255.255

224.0.0.9 (Default)255.255.255.255

255.255.255.255255.255.255.255

224.0.0.10224.0.0.10

224.0.0.5 (AllOSPFRouters)224.0.0.6 (DRRouters)

224.0.0.5 (AllOSPFRouters)224.0.0.6 (DRRouters)

Neighbor AddressNeighbor Address

ACL OversightsACL Oversights

Access control lists can filter routing updates

ISISISIS 01:80:C2:00:00:1501:80:C2:00:00:15SAP 0xFEFE; Protocol 83SAP 0xFEFE; Protocol 83


SignatureSignature

Signs RouteUpdates

VerifiesSignature

Campus

Configure: Key and Hash Function

Route UpdatesRoute Updates

Secure RoutingRoute Authentication

Secure RoutingRoute Authentication

Certifies authenticity of neighborand integrity of route updates


32/72


1303_06_2000_c2

Signature = Encrypted Hash of Routing Update

SignatureSignature

HashHash

Routing UpdateRouting Update

Routing UpdateRouting UpdateSignatureSignature

Router A

HashFunction

HashFunction

Signature GenerationSignature Generation


SignatureSignature

Decrypt UsingPreconfigured Key

Re-Hash the

Routing Update

If Hashes AreEqual, Signature

Is Authentic

HashHash

Routing UpdateRouting Update

Routing UpdateRouting UpdateSignatureSignature

HashHash

Router B

Receiving Router Separates

Routing Update and Signature

HashFunction

HashFunction

Signature VerificationSignature Verification


33/72


1303_06_2000_c2

key chain kal

key 1

key-string 234

!

interface Serial2

ip rip authentication mode md5

ip rip authentication key-chain kal

!

router rip

version 2

AA

Authentication in RIPv2Authentication in RIPv2

key chain ka2

key 1

key-string 234!

interface Serial1/0

ip rip authentication mode md5

ip rip authentication key-chain ka2

!

router rip

version 2

BB


AuthenticationAuthentication

RIP uses text and MD5

also validate-update-source

(E)IGRP uses MD5

OSPF has text and MD5 per area and intf

ISIS has text per area and domain

MD5 authentication is on the way

BGP uses MD5 per neighbor


34/72


1303_06_2000_c2

Special InterfacesSpecial Interfaces

LoopbackLoopback

is always upis always up

use with OSPF for ause with OSPF for astable routerIDstable routerID

use as tunneluse as tunnelendpoint orendpoint orsourcesource

make passive formake passive for

routing protocolsrouting protocols

NullNull

the big black bitthe big black bitbucketbucket

summaries installsummaries installstatic to the nullstatic to the null

use statics to nulluse statics to nullas a very fastas a very fastACLACL

use to create stableuse to create stable

static routesstatic routes(BGP)(BGP)

UnnumberedUnnumbered

save IP addressessave IP addresses

only on p2p interfacesonly on p2p interfaces

routes with the next-routes with the next-hop via thehop via the

unnumbered intfunnumbered intfshow up as interfaceshow up as interfaceroutesroutes

NMSs dont like itNMSs dont like it

pointing to thepointing to theloopback is a favoriteloopback is a favorite


MultiprotocolMultiprotocol

Running Multiple RoutingProcesses in the Same BoxRunning Multiple Routing

Processes in the Same Box


35/72


1303_06_2000_c2

Running Multiple IGPsRunning Multiple IGPs

Different protocols usedifferent metrics

Metrics are difficult to comparealgorithmically

Therefore, a collating sequence

Which protocol do you believe the most?

Then decide which metric is the best


RIP Router

IGRP Router

Network A

Take route withTake route withlowest distance;lowest distance;Compare metricsCompare metricsonly if distanceonly if distance

Is equalIs equal

Use Distance toImplement Routing Policy

Use Distance toImplement Routing Policy

Distance distinguishes sourcesof IP routing information


36/72


1303_06_2000_c2

Route SourceRoute Source Default DistanceDefault Distance

Connected InterfaceConnected Interface

Static RouteStatic Route

Enhanced IGRP Summary RouteEnhanced IGRP Summary Route

External BGPExternal BGP

Internal Enhanced IGRPInternal Enhanced IGRP

IGRPIGRP

OSPFOSPFIS-ISIS-IS

RIPRIP

EGPEGP

External Enhanced IGRPExternal Enhanced IGRP

Internal BGPInternal BGP

Unknown, Discard RouteUnknown, Discard Route

00

11

55

2020

9090

100100

110110115115

120120

140140

170170

200200

255255

Default Administrative DistancesDefault Administrative Distances


Modifying Default DistanceModifying Default Distance

distance wei ght [ addr ess mask[ ac c es s - l i s t - number ]

address and mask specify the source

access list applies to content

ip route des t nex t - hop di s t anc e

Remember the floating static route?


37/72


1303_06_2000_c2

128.88.1.0

router rip

network 192.31.7.0

network 128.88.0.0

distance 225 Barely believe anyone

distance 90 128.88.1.3 0.0.0.0 Believe the other routerdistance 120 192.31.7.0 0.0.0.255 Default for the top net

.3

192.31.7.0

.1

.1.2

.2

Using DistanceUsing Distance


Importance of Prefix LengthsImportance of Prefix Lengths

Multiple protocols, router gets:

EIGRP (internal): 192.168.32.0/26

RIP: 192.168.32.0/24

OSPF: 192.68.32.0/19

Which one goes in the table?

Best distance? Shortest prefix?

They all will be!

They are di f ferentroutes


38/72


1303_06_2000_c2

router#show ip route

D 192.168.32.0/26 [90/25789217] via 10.1.1.1

R 192.168.32.0/24 [120/4] via 10.1.1.2

O 192.168.32.0/19 [110/229840] via 10.1.1.3

What Is the Next Hop?What Is the Next Hop?

Dest = 192.168.32.1

next hop = 10.1.1.1

falls within the192.168.32.0/26 network

longest prefix 26 > 24 > 19

Dest = 192.168.32.100

next hop = 10.1.1.2

falls within the192.168.32.0/24

longest prefix 24 > 19

From previous slide:


IP ClasslessIP Classless

Only affects the forwarding process,not the routing process

Does not affect the way the table is built

Without ip classless the router will notforward to supernets

Became the default with IOS 11.3

Class AClass A Class BClass B Class CClass C


39/72


1303_06_2000_c2

No IP ClasslessNo IP Classless

Dest = 172.30.32.1next hop = 10.1.1.1

longest prefix match

Dest = 172.30.33.1

next hop = 10.1.1.2

longest prefix match

Dest = 192.168.10.1next hop = 10.1.1.3

uses default route

Dest = 172.30.254.1

is dropped

unknown subnet of aknown major network

router#show ip route

172.30.0.0/16 is variably subnetted, 2 subnets, 2 masks

D 172.30.32.0/20 [90/4879540] via 10.1.1.2

D 172.30.32.0/24 [90/25789217] via 10.1.1.1

S* 0.0.0.0/0 [1/0] via 10.1.1.3


IP ClasslessIP Classless

Remote site

No routing protocol

Internet is reachable

10.0.0.0/8 is no taccessible

interface Serial 0ip address 10.1.2.2 255.255.255.0

!

interface Ethernet 0

ip address 10.1.1.1 255.255.255.0

!

ip route 0.0.0.0 0.0.0.0 10.1.2.1

!

no ip classless

10.x.x.x

10.1.1.0/24

10.1.2.0/24


40/72

79

RedistributionRedistribution

Hops = Bandwidth = Compound =AS-PATH ?

Hops = Bandwidth = Compound =AS-PATH ?


2200

1303_06_2000_c2


OSPF Domain

RIP Updates OSPF Updates

Route RedistributionRoute Redistribution

Router runs multiple routing protocols

Router exchanges routes internally

Exchange can be filtered


41/72


1303_06_2000_c2

Redistributing RoutesRedistributing Routes

Under a router xxx command, redistribute:

a source protocol:bgp | igrp | isis | ospf |static | connected | rip

a value for the destination protocol:metric

a route map for filtering: route-map

scope of redistribution: subnets

as well as some protocol specific parameters

RIP OSPF


Default MetricsDefault Metrics

The first, or seed, metric for a route isderived from being directly connectedto a router interface

Re-distributed routes are not physically connected

default-metric establishes the seedmetric for the route

Once a compatible metric is established, the metriccancan increment just like any other route

Set default metric bigger than the biggestnative metric


42/72


1303_06_2000_c2

Configuring Default MetricsConfiguring Default Metrics

default-metric bandwi dt h del ay r el i abi l i t y l oadi ng mt u

Used for IGRP and EnhancedIGRP redistribution

default-metric number

Used for OSPF, RIP, ISIS,and BGP redistribution


Offset ListsOffset Lists

Increases incoming and outgoing metric(hops or delay)

Add 10 to the delay component of routesmatching access list 21 when outbound

router igrp

offset-list 21 out 10

access-list 21 ..

Add 5 to routes learned from interface Ethernet 0

router rip

offset-list in 5 ethernet 0


43/72


1303_06_2000_c2

Filtering Redistribution withAccess Lists

Filtering Redistribution withAccess Lists

Filter routing updates in or out bound

Interface specific or global or redistribution

Evaluation order: interface, redistribution, global

Example

access-list 1 deny 10.0.0.0 0.255.255.255

access-list 2 permit 10.2.3.0 0.0.0.255router rip

default-metric 1

redistribute igrp 20

distribute-list 1 out igrp 20

distribute-list 2 out


Route MapsRoute Maps

Commandmatch... matches

as-path a BGP AS path access list.

community-list a BGP community list.

ip address a standard access list.

metric the specified metric.

ip next-hop a next-hop against ACLs.

tag the specified tag value.

interface a next-hop route to interfaces.

ip route-source the source of route against ACL

route-type the specified route type.

Commandmatch... matches

as-path a BGP AS path access list.

community-list a BGP community list.

ip address a standard access list.

metric the specified metric.

ip next-hop a next-hop against ACLs.

tag the specified tag value.

interface a next-hop route to interfaces.

ip route-source the source of route against ACL

route-type the specified route type.


44/72


1303_06_2000_c2

Command set sets

community BGP COMMUNITIES attribute

dampening BGP route dampening factors

local-preference a value to a local BGP path

weight BGP weight for the routing table

origin BGP origin code

as-path BGP autonomous system path

next-hop address of the next hop

automatic-tag automatic computing of tag table

level routes advertised into the specified metric

metric value to give the redistributed routes

metric-type metric type

tag an associated tag value

Command set sets

community BGP COMMUNITIES attribute

dampening BGP route dampening factors

local-preference a value to a local BGP path

weight BGP weight for the routing table

origin BGP origin code

as-path BGP autonomous system path

next-hop address of the next hop

automatic-tag automatic computing of tag table

level routes advertised into the specified metric

metric value to give the redistributed routes

metric-type metric type

tag an associated tag value

Route MapsRoute Maps


Conditional Default OriginationConditional Default Origination

A route map is referencedby the default-informationrouter configurationcommand

This type of reference iscalled conditional default

origination

OSPF will

Originate the default route(network 0.0.0.0)

With a Type 2 metric of 5

If 140.222.0.0 is in therouting table

route-map ospf-default permit

match ip address 1

set metric 5

set metric-type type-2

!

access-list 1 140.222.0.00.0.255.255

!

router ospf 109

default-informationoriginate route-map

ospf-default


45/72


1303_06_2000_c2

Route Maps for Filtering ExampleRoute Maps for Filtering Example

Redistribute RIP routes with a hop count equalto 1 into OSPF

These routes will be redistributed into OSPF asexternal LSAs with

a metric of 5,metric type of Type1

a tag equal to 1.

router ospf 109

redistribute rip route-map rip-to-ospf!

route-map rip-to-ospf permit

match metric 1

set metric 5

set metric-type type1

set tag 1


ip route 128.103.35.0 255.255.255.0 null0router ripredistribute staticdefault metric 1

128.103.35.18

128.103.35.33

128.103.35.34

128.103.88.1

gw1gw1

128.103.36.1

128.103.36.2

gw2gw2

128.103.35.65 128.103.35.66

gw6gw6

RIP /24

OSPF /28

gw8gw8

128.103.35.17

Redistribution ExampleRedistribution Example

OSPF has a longer maskthan RIP

gw2 is redistributing RIPand OSPF

RIP wont advertise routeslearned from OSPF

Solution:


46/72


1303_06_2000_c2

128.103.35.18

128.103.35.33

128.103.35.34

128.103.88.1

gw1gw1

128.103.36.1

128.103.36.2

gw2gw2

128.103.35.65 128.103.35.66

gw6gw6

RIP /28

OSPF /24

gw8gw8

128.103.35.17

Redistribution ExampleRedistribution Example

RIP has a longer maskthan OSPF

gw2 is redistributing RIPand OSPF

RIP wont advertise routes

learned from OSPF Solution:ip route 128.103.35.32 255.255.255.248 E0/0

ip route 128.103.35.16 255.255.255.248 E1/0

router rip

redistribute static

default metric 1

e0/0 e0/1


Redist Static Into OSPFRedist Static Into OSPF

C#

interface Ethernet0

ip address 203.250.14.2 255.255.255.0

interface Serial1

ip address 203.250.15.1 255.255.255.252

router ospf 10

redistribute static

network 203.250.15.0 0.0.0.255 area 2

network 203.250.14.0 0.0.0.255 area 0

ip route 16.16.16.0 255.255.255.0 Ethernet0

ip route 128.213.0.0 255.255.0.0 Ethernet0

Did not use subnet or metric keywordson redistribute static

CC

EE

16.16.16.0/24

128.213.0.0/16

203.250.

15.1

15.2

area 0


47/72


1303_06_2000_c2


E#

interface Serial0

ip address 203.250.15.2 255.255.255.252

router ospf 10

network 203.250.15.0 0.0.0.255 area 2

E#sh ip route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaE1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default

Gateway of last resort is not set

203.250.15.0 255.255.255.252 is subnetted, 1 subnets

C 203.250.15.0 is directly connected, Serial0

O IA 203.250.14.0 [110/74] via 203.250.15.1, 00:02:31, Serial0

O E2 128.213.0.0 [110/20] via 203.250.15.1, 00:02:32, Serial0

Subnet not used so:128.13.0.0 is in

16.16.16.0 is not

metric not used so:

metric is 20



E#sh ip route


D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default



O E2 16.16.16.0 [110/50] via 203.250.15.1, 00:00:02, Serial0



O IA 203.250.14.0 [110/74] via 203.250.15.1, 00:00:02, Serial0

O E2 128.213.0.0 [110/50] via 203.250.15.1, 00:00:02, Serial0

redistribute static metric 50 subnets

16.16.16.0 now appears, the cost to externalroutes is 50. Since the external routes are of type2 (E2), the internal cost has not been added


48/72


1303_06_2000_c2


redistribute static metric 50 metric-type 1 subnets

Note that the type has changed to E1 and thecost has been incremented by the internal costof S0 which is 64, the total cost is 64+50=114

RTE#sh ip route

Codes: C - connected, S - static, O - OSPF, IA - OSPF inter area

E1 - OSPF external type 1, E2 - OSPF external type 2,i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default



O E1 16.16.16.0 [110/114] via 203.250.15.1, 00:04:20, Serial0



O IA 203.250.14.0 [110/74] via 203.250.15.1, 00:09:41, Serial0

O E1 128.213.0.0 [110/114] via 203.250.15.1, 00:04:21, Serial0



C#

router ospf 10

redistribute static metric 50 metric-type 1

subnets route-map STOPUPDATEaccess-list 1 permit 128.213.0.0 0.0.255.255

!

route-map STOPUPDATE permit 10

match ip address 1

E#sh ip rouCodes: C - connected, S - static, O - OSPF, IA - OSPF inter area

E1 - OSPF external type 1, E2 - OSPF external type 2,

* - candidate default




O IA 203.250.14.0 [110/74] via 203.250.15.1, 00:00:04, Serial0O E1 128.213.0.0 [110/114] via 203.250.15.1, 00:00:05, Serial0

128.213.0.0permitted

16.16.16.0denied


49/72


1303_06_2000_c2

Feedback LoopsFeedback Loops

When crossing a redistribution boundary,information is lost

A physical or logical loop causes a routeto be advertised back to the redistributingrouter that first advertised it

How does the router know which routeto accept?

Answer: it cantcant know

Humans have to re-insert the lost information


AS 300

EIGRP

RIP

172.16.0.0

172.16

EIGRP

172.16

RIP

172.16

EIGRP

172.16

RIP

ASBRASBR

ASBRASBR

Implementation ConsiderationsImplementation Considerations

Routing feedbackSuboptimal path selection

Routing loops

Incompatible routing information

Inconsistent convergence time


50/72


51/72


1303_06_2000_c2

cen#sho ip route


D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaE1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate defaultU - per-user static route


172.16.0.0/24 is subnetted, 11 subnetsI 172.16.12.0 [100/1188] via 172.16.2.2, 00:00:02, TokenRing0

I 172.16.9.0 [100/158813] via 172.16.1.1, 00:00:02, TokenRing1I 172.16.10.0 [100/8976] via 172.16.5.2, 00:00:02, Serial0.1

I 172.16.11.0 [100/8976] via 172.16.4.2, 00:00:02, Serial0.2

C 172.16.4.0 is directly connected, Serial0.2C 172.16.5.0 is directly connected, Serial0.1

I 172.16.6.0 [100/160250] via 172.16.5.2, 00:00:02, Serial0.1I 172.16.7.0 [100/158313] via 172.16.1.1, 00:00:02, TokenRing1

C 172.16.1.0 is directly connected, TokenRing1C 172.16.2.0 is directly connected, TokenRing0

I 172.16.3.0 [100/8539] via 172.16.2.2, 00:00:02, TokenRing0

[100/8539] via 172.16.1.1, 00:00:03, TokenRing1

Router Cen Under IGRPRouter Cen Under IGRP

CENCEN


172.16.7.1

172.16.7.2

172.16.6.1172.16.6.2

172.16.5.2

172.16.5.1

172.16.4.1

172.16.4.2

172.16.1.1 172.16.1.2

172.16.3.1

172.16.3.2 172.16.2.2

172.16.2.1

172.16.9.1 172.16.10.1

64 Kb

64 Kb

T-1

R200R200

R300R300 R100R100

REMREM

CENCEN

TransTrans

T-1

FrameRelay

RIPRIP

IGRPIGRP

172.16.11.1

172.16.12.1

Introduce RIPIntroduce RIP


52/72


1303_06_2000_c2

Router R300

router ripnetwork 172.16.0.0

Router Cenrouter ripredistribute igrp 1

passive-interface Serial0.2passive-interface TokenRing0

passive-interface TokenRing1

network 172.16.0.0

default-metric 3!

router igrp 1

redistribute rippassive-interface Serial0.1network 172.16.0.0

default-metric 10 100 255 1 1500

RIP ConfigsRIP Configs

CENCEN

R300R300


Router R200router ripredistribute igrp 1passive-interface Serial0

passive-interface TokenRing0network 172.16.0.0

default-metric 3!

router igrp 1redistribute rippassive-interface Serial1

network 172.16.0.0default-metric 10 100 255 1 1500

Router R100router ripnetwork 172.16.0.0

RIP ConfigsRIP Configs

R100R100

R200R200


53/72


1303_06_2000_c2

cen#sho ip route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area


i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2

* - candidate default, U - per-user static route


172.16.0.0/24 is subnetted, 11 subnets

I 172.16.12.0 [100/1188] via 172.16.2.2, 00:00:01, TokenRing0

R 172.16.9.0 [120/2] via 172.16.5.2, 00:00:01, Serial0.1

R 172.16.10.0 [120/1] via 172.16.5.2, 00:00:02, Serial0.1I 172.16.11.0 [100/8976] via 172.16.4.2, 00:00:02, Serial0.2

C 172.16.4.0 is directly connected, Serial0.2

C 172.16.5.0 is directly connected, Serial0.1

R 172.16.6.0 [120/1] via 172.16.5.2, 00:00:02, Serial0.1

I 172.16.7.0 [100/2688] via 172.16.1.1, 00:00:02, TokenRing1

C 172.16.1.0 is directly connected, TokenRing1


I 172.16.3.0 [100/8539] via 172.16.2.2, 00:00:02, TokenRing0

[100/8539] via 172.16.1.1, 00:00:02, TokenRing1

Cen Doesnt Look Too BadCen Doesnt Look Too Bad

CENCEN


r200>sho ip route








I 172.16.12.0 [100/1251] via 172.16.1.2, 00:00:37, TokenRing0I 172.16.9.0 [100/1000163] via 172.16.1.2, 00:00:37, TokenRing0

I 172.16.10.0 [100/1000163] via 172.16.1.2, 00:00:37, TokenRing0

I 172.16.11.0 [100/9039] via 172.16.1.2, 00:00:37, TokenRing0

I 172.16.4.0 [100/8539] via 172.16.1.2, 00:00:37, TokenRing0

I 172.16.5.0 [100/8539] via 172.16.1.2, 00:00:37, TokenRing0

I 172.16.6.0 [100/1000163] via 172.16.1.2, 00:00:37, TokenRing0



I 172.16.2.0 [100/751] via 172.16.1.2, 00:00:37, TokenRing0


Not Using the Best PathNot Using the Best Path

R200R200


54/72


1303_06_2000_c2

Router Cen:router ripredistribute igrp 1passive-interface Serial0.2passive-interface TokenRing0passive-interface TokenRing1network 172.16.0.0default-metric 3!router igrp 1

redistribute rippassive-interface Serial0.1network 172.16.0.0default-metric 10 100 255 1 1500distance 130 0.0.0.0 255.255.255.255 1

!access-list 1 permit 172.16.9.0access-list 1 permit 172.16.10.0access-list 1 permit 172.16.6.0

Use Distance to CorrectUse Distance to Correct

CENCEN


Router R200

router ripredistribute igrp 1passive-interface Serial0passive-interface TokenRing0network 172.16.0.0default-metric 3!router igrp 1

redistribute rippassive-interface Serial1network 172.16.0.0default-metric 10 100 255 1 1500distance 130 0.0.0.0 255.255.255.255 1!access-list 1 permit 172.16.9.0access-list 1 permit 172.16.10.0access-list 1 permit 172.16.6.0

Use Distance to CorrectUse Distance to Correct

R200R200


55/72


1303_06_2000_c2

r200#sho ip routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaE1 - OSPF external type 1, E2 - OSPF external type 2, E - EGPi - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,* - candidate default, U - per-user static route


172.16.0.0/24 is subnetted, 11 subnetsI 172.16.12.0 [100/1251] via 172.16.1.2, 00:00:49, TokenRing0

R 172.16.9.0 [120/1] via 172.16.7.1, 00:00:19, Serial1R 172.16.10.0 [120/2] via 172.16.7.1, 00:00:19, Serial1I 172.16.11.0 [100/9039] via 172.16.1.2, 00:00:49, TokenRing0I 172.16.4.0 [100/8539] via 172.16.1.2, 00:00:49, TokenRing0I 172.16.5.0 [100/8539] via 172.16.1.2, 00:00:49, TokenRing0R 172.16.6.0 [120/1] via 172.16.7.1, 00:00:19, Serial1C 172.16.7.0 is directly connected, Serial1C 172.16.1.0 is directly connected, TokenRing0I 172.16.2.0 [100/751] via 172.16.1.2, 00:00:49, TokenRing0C 172.16.3.0 is directly connected, Serial0

R200 Looks BetterR200 Looks Better

R200R200


172.16.7.1

172.16.7.2

172.16.6.1172.16.6.2

172.16.5.2

172.16.5.1

172.16.4.1

172.16.4.2

172.16.1.1 172.16.1.2

172.16.3.1

172.16.3.2 172.16.2.2

172.16.2.1

172.16.9.1 172.16.10.1

64 Kb

64 Kb

T-1

R200R200

R300R300 R100R100

REMREM

CENCEN

TransTrans

T-1

FrameRelay

RIPRIP

IGRPIGRP

172.16.12.1

X

R200s RIP Interface DownR200s RIP Interface Down


56/72


1303_06_2000_c2

r200#sho ip routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP







I 172.16.12.0 [100/1251] via 172.16.1.2, 00:00:08, TokenRing0

I 172.16.9.0 [130/1000163] via 172.16.1.2, 00:00:08, TokenRing0I 172.16.10.0 [130/1000163] via 172.16.1.2, 00:00:08, TokenRing0

I 172.16.11.0 [100/9039] via 172.16.1.2, 00:00:08, TokenRing0

I 172.16.4.0 [100/8539] via 172.16.1.2, 00:00:08, TokenRing0

I 172.16.5.0 [100/8539] via 172.16.1.2, 00:00:08, TokenRing0

I 172.16.6.0 [130/1000163] via 172.16.1.2, 00:00:08, TokenRing0


I 172.16.2.0 [100/751] via 172.16.1.2, 00:00:08, TokenRing0


Redundant Path WorksRedundant Path Works

R200R200

112

Policy RoutingPolicy Routing

When Destinations ArentEnough

When Destinations ArentEnough


22001303_06_2000_c2


57/72


1303_06_2000_c2

Customer A

Customer B

ISP A

ISP B

Policy RoutingPolicy Routing

Forwarding decision not based ondestination address

Selects defined path based on attributes of userpacket (source/destination IP address,application port, packet lengths, and so forth)

Set next hop or interface

Set default next hop or interface


How Policy Routing WorksHow Policy Routing Works

All packets received on an interface are consideredfor policy routing

Each packet is passed through a route map

Each entry in a route map has match and set clauses

Match clauses are conditions to be met

If all match clauses conditions are met by the packet, thenthat route map entry is used and no others are considered

An entry can be marked permit or deny

If deny, normal forwarding is used

If is permit, all set clauses are then applied andthe packet is forwarded


58/72


1303_06_2000_c2

match length mi n- l engt h max - l engt h

Policy Routing Match ClausesPolicy Routing Match Clauses

Match packets against the access lists to permitpolicy routing of them

If the Layer3 packet length is between min-length

and max-length, inclusive, the packet matches Useful for distinguishing interactive versus bulk

traffic when access lists will not work

match ip address ac c es s - l i s t - ex pr es s i ons


set ip next-hop i p - addr es s 1 [ ]

Policy Routing Set ClausesPolicy Routing Set Clauses

Route packets to router at ip-address1

If there is no explicit route for thisdestination, then route to this hop

Both use the first IP address associatedwith an up/up interface

set ip default next-hop i p - addr es s1 [ ]


59/72


1303_06_2000_c2

set interface interface1 [ ]

set default interface i n t er f ac e1 [ ]


Specifies the output interface for thematched packet

If there is no explicit route for this destination,

then route to this interface

If interface1 is down interface2 and subsequentinterfaces are tried

Setting interface to Null0 creates a policy thatdrops the packet



Set the IP TOS or precedence header field

Can use numeric or symbolic value

set ip precedence v al ue

valuevaluenamename0 routine0 routine1 priority1 priority

2 immediate2 immediate3 flash3 flash4 flash-override4 flash-override5 critical5 critical

6 internet6 internet7 network7 network

set ip tos v al ue

valuevaluenamename0 normal0 normal1 min-monetary-cost1 min-monetary-cost

2 max-reliability2 max-reliability4 max-throughput4 max-throughput8 min-delay8 min-delay


60/72


1303_06_2000_c2

Policy Routing ConfigurationPolicy Routing Configuration

The set commands are evaluated in thefollowing order:

set ip precedence

set ip next-hop

set interface

set ip default next-hop

set default interface

A valid next hop implies the output interface

The first combination of next hop andinterface is used

Router sourced packets are policy routed via ip localroute-map f oocommand


interface Ethernet0

ip address 192.168.93.10 255.255.255.0

ip policy route-map foofoo

interface Serial1

ip address 11.0.0.2 255.0.0.0

interface BRI0

ip address 10.0.0.2 255.0.0.0

route-map foofoo permit 12

set default interface Null0route-map foofoo permit 11

match ip address 103

set ip next-hop 10.0.0.1

route-map foofoo permit 10



access-list 101 permit tcp 192.168.93.0 0.0.0.255 any eq telnet

access-list 101 permit icmp any any

access-list 103 permit tcp 192.168.93.0 0.0.0.255 any eq ftp

192.168.93.0

s1

bri0

telnetand ping

ftp

Policy Routing ExamplePolicy Routing Example


61/72


62/72


1303_06_2000_c2

NPR ExampleNPR Example

Configure CEF, NetFlow, andNetFlow with flow acceleration

Configure policy routing to verify

that next hop 50.0.0.8 of routemap test is a CDP neighbor beforethe router tries to policy route to it

If the first packet is policy routedvia route map 10, the packets ofthe same flow always take thesame route map (10), not routemap 20, because they all match orpass access list 1 check

Policy Routing can be flow-accelerated by bypassing theaccess-list check

ip cef

ip flow-cache feature-accelerate

interface ethernet0/0/1

ip route-cache flow

ip policy route-map test

route-map test permit 10

match ip address 1

set ip precedence priority


set ip next-hop verify-availability

route-map test permit 20


set interface Ethernet0/0/3

set ip tos max-throughput


Routing to the InternetRouting to the Internet

To Infinity and Beyond!To Infinity and Beyond!


63/72


1303_06_2000_c2

Ingress and EgressRoute Filtering


Nobody should be sending oradvertising anyIP addresses

out to the Internet with a

source address other thenthe address allocated to them!




There are routes that should notbe routed on the Internet

RFC 1918

127.0.0.0/8

Multicast blocks

Martian Networks

BGP should have filters appliedso that these routes are notadvertised to or propagatedthrough the Internet


64/72


1303_06_2000_c2

access-list 180

deny ip host 0.0.0.0 any

deny ip 10.0.0.0 0.255.255.255 255.0.0.0 0.255.255.255

deny ip 127.0.0.0 0.255.255.255 255.0.0.0 0.255.255.255

deny ip 169.254.0.0 0.0.255.255 255.255.0.0 0.0.255.255

deny ip 172.16.0.0 0.15.255.255 255.240.0.0 0.15.255.255

deny ip 192.0.2.0.0 0.0.0.255 255.255.255.0 0.0.0.255deny ip 192.168.0.0 0.0.255.255 255.255.0.0 0.0.255.255

deny ip 224.0.0.0 31.255.255.255 224.0.0.0 31.255.255.255

permit ip any any

Access List




Simplest scheme is touse defaults

Learn/advertise prefix forbetter control

Use eBGP multi-path to

install multiple paths inIP table

maximum-path

Load share over thealternate paths

AS 201

ISP

DD FF

AA

Multiple Sessions to an ISPMultiple Sessions to an ISP


65/72


1303_06_2000_c2

What Is Multihoming?What Is Multihoming?

Connecting to two or more ISPs to increase:

Reliability: one ISP fails, still OK

Performance: better paths to commonInternet destinations

Three common cases:Default from all providers

Customer+default routes from all

Full routes from all AS 400

AS 200

Customer

AS 100160.10.0.0/16

AS 300

EE

BB

CC

AA

DD


ISP 2

Sessions to Multiple ISPsSessions to Multiple ISPs

Difficult to achieve loadsharing

Point default towards one ISP

Learn selected prefixes fromsecond ISP

Modify the number of prefixeslearned to achieve acceptableload sharing

AS 201

ISP 1


66/72


1303_06_2000_c2

Default from All ProvidersDefault from All Providers

Low memory/CPU/$$$ solution Provider sends BGP default => exit

path decided by IGP metrics toreach default

Customer sends all local AS routes toprovider => inbound pathdecided by Internet

You can try toinfluence usingAS-path

AS 400

AS 200

AS 100160.10.0.0/16

AS 300

EE

BB

CC

AA

DD

0.0.0.0 0.0.0.0


Customer and Default From AllProviders

Customer and Default From AllProviders

Medium memory and CPU

Best pathusually shortest AS-path

Use local-preference to override basedon prefix, as-path, or community

IGP metric to defaultused for all otherdestinations

AS 400

Provider

AS 200

Customer

AS 100160.10.0.0/16

ProviderAS 300

EE

BB

CC

AA

DD


67/72


1303_06_2000_c2

Full Routes from All ProvidersFull Routes from All Providers

Higher memory/CPU/$$$ solution Reach all destinations by best

pathUsually shortest AS path

Can still manually tune using local-prefand as-path/community/prefix matches

AS 400

AS 200

AS 100

AS 300

EE

BB

CC

AA

DD

AS 500


Gotchas with MultihomingGotchas with Multihoming

Asymmetricrouting possible

rpf checks

Cant control the net

CIDR blocks

Possibly use NAT

ISP 2

AS 201

ISP 1

172.16.0.0/16

Internet

172.16.0.0/14

X


68/72


1303_06_2000_c2

Reverse Path ForwardingReverse Path Forwarding

CEF switching must be enabled

Source IP packets are checked toensure that the route back to thesource uses the same interface

Care required in multihomingsituations

ip verify unicast reverse-path


Source RoutingSource Routing

IP has provision to allow source IPhost to specify route through Internet

All Internet connected routers should

turn this off, unless it is specificallyrequired:

no ip source-route


69/72

137

ConclusionConclusion

Be Careful Out ThereBe Careful Out There


2200

1303_06_2000_c2


Summary Part 1Summary Part 1

Under normal operation, there should beexactly one interior routing protocol onany network segment

Use passive-interface as necessary toensure this

The number of redistribution boundariesshould be kept to a minimum

Run as few routing protocols as possible


70/72


1303_06_2000_c2

Summary Part 2Summary Part 2

Choose routing protocol based on matchingrequirements with features

Addressing should be contiguous withrespect to topology

Redistribute routes only as necessary and asfew as required

Use advanced features for special cases andfor fine tuning

Test and understand before you implement


Recommended ReadingRecommended Reading

IP Routing Protocols : RIP, OSPF, BGP, and Cisco Routing Protocolsby Uyless Black, ISBN: 0130142484

EIGRP for IP : Basic Operation and Configuration by Alvaro Retana,Russ White, Don Slice, ISBN: 0201657732

EIGRP Network Design Solutions, by Ivan Pepelnjak, ISBN:1578701651

OSPF : Anatomy of An Internet Routing Protocol by John T. Moy,ISBN: 0201634724

OSPF Network Design Solutions by Thomas M. Thomas, ISBN:1578700469

Large-Scale IP Network Solutions : CCIE Professional Developmentby Khalid Raza, Mark Turner, Salmad Asad, ISBN: 1578700841

Internet Routing Architectures, by Bassam Halabi, DannyMcPherson, ISBN: 157870233x

Routing in the Internet by Christian Huitema, ISBN: 0130226475

and of course:

http://www.cisco.com


71/72


1303_06_2000_c2

Thank You!Thank You!

Recommended sessions:

2205 Deploying OSPF

2208 Deploying EIGRP

2209 Deploying BGP

2202 Deploying MPLS for TrafficEngineering and Backbone VPNs

2218 Introduction and Update for NetFlow

2213 Introduction to IPv6

AdvancedRouting Technologies

AdvancedRouting Technologies




72/72

Please Complete YourEvaluation Form

Please Complete YourEvaluation Form



1303_06_2000_c2

network routing protocols - a brief

Documents