Post on 12-Nov-2014
description
© 2012 Cisco and/or its affiliates. All rights reserved. 1
Cisco IOS Advantage Webinars A Closer Look: Comparing Benefits of EIGRP and OSPF Webinar
Donnie Savage
We’ll get started a few minutes past the top of the hour.
Note: you may not hear any audio until we get started.
©2012 Cisco Systems Inc. All rights reserved. 2
Panelists
Speaker
Donnie Savage Technical Leader
Technical Marketing dsavage@cisco.com
Jim Guichard
Principle Engineer Engineering jguichar@cisco.com
Chris Le
Product Manager Engineering
cle@cisco.com
Saul Adler
Technical Leader Engineering sadler@cisco.com
Anton Smirnov Technical Leader
Engineering asmirnov@cisco.com
©2012 Cisco Systems Inc. All rights reserved. 3
• Submit questions in Q&A panel and send to “All Panelists” Avoid CHAT window for better access to panelists
• Please complete the post-event survey
• For Webex audio, select COMMUNICATE > Join Audio Broadcast
• Where can I get the presentation? Or send email to: ask_iosadvantage@cisco.com
• Join us October 3rd for our next IOS Advantage Webinar: Using LISP to Solve Today's IP Host Mobility Challenges www.cisco.com/go/iosadvantage
• Follow us @GetYourBuildOn
• For Webex call back, click ALLOW phone button at the bottom of participants side panel
©2012 Cisco Systems Inc. All rights reserved. 4 4
Which Routing Protocol? Comparing Benefits of EIGRP and OSPF
Donnie Savage
September 5th, 2012
©2012 Cisco Systems Inc. All rights reserved. 5
This session focuses on Internal Routing Protocol (IGP) selection and aims to answer the following questions:
⁇ - Is one protocol better than the others? ⁇ - Which routing protocol should I use in my network? ⁇ - Should I switch from the one I’m using? ⁇ - What are the IPv6 counterparts of the most used IPv4 IGPs and where are they similar or differ? ⁇ - Do the same selection rules apply to IPv4 and IPv6? ⁇ - How will my IPv4 and IPv6 routing protocols coexist?
The session will compare DUAL (EIGRP) and Link State (OSPF) routing protocols applying a number of considerations, such as convergence speed and network design and topology. Additionally, it will provide an overview of the IPv6 counterparts of the most used IPv4 IGPs and discuss the similarities and differences between the “twin” routing protocols. Finally, the co-existence of IPv4 and IPv6 routing protocols will also be discussed.
As a pre-requisite for this session, attendees should have a reasonable understanding of EIGRP, IS-IS, OSPF, IPv4, and IPv6 routing protocol design and operation.
©2012 Cisco Systems Inc. All rights reserved. 6
• Is one routing protocol better than any other protocol?
• Depends on how you define “Better!”
What are the IPv6 counterparts of the most used IPv4 IGPs and where are they similar or differ?
How will my IPv4 and IPv6 routing protocols coexist?
Do the same design rules apply to IPv4 and IPv6?
Which protocol converges faster?
Which protocol uses less resources?
Easier to troubleshoot?
Easier to configure?
Scales to a larger number of routers, routes, or neighbors?
More flexible?
Degrades more gracefully?
What you Like?
©2012 Cisco Systems Inc. All rights reserved. 7
• The network is complex enough to “bring out” a protocol’s specific advantages
• You can define a specific feature (or set of features) that will benefit your network tremendously…
The answer could be Yes If:
• Every protocol has some features and not others, different scaling properties, etc.
• Let’s consider some specific topics for each protocol…
But then again, the answer might be No!
©2012 Cisco Systems Inc. All rights reserved. 8
IPv4 and IPv6 IGPs A Comparative Overview
©2012 Cisco Systems Inc. All rights reserved. 9
• Most likely the IPv6 IGP will not be deployed in a brand new network and just by itself
• Most likely the existing IPv4 services are more important at first since they are generating most of the revenue
⁇ Are the characteristics of an IPv6 IGP similar or different from an IPv4 IGP?
⁇ What is the impact on the convergence of IPv4?
⁇ How are the resources shared between the two protocols?
⁇ Are the topologies going to be congruent?
⁇ How easy is it to manage parallel IPv4 / IPv6 environments?
⁇ Opportunity to adopt a new IGP for IPv6?
Does IPv6 change anything?
©2012 Cisco Systems Inc. All rights reserved. 10
OSPF OSPFv2 for IPv4 OSPFv3 for IPv6 Distinct but similar protocols with OSPFv3 being a cleaner implementation that takes advantage of IPv6 specificities
IS-IS Extended to support IPv6 Natural fit to some of the IPv6 foundational concepts Support Single and Multi Topology operation
EIGRP Extended to support IPv6 Natural fit to some of the IPv6 foundational concepts Some changes reflecting IPv6 characteristics
For all intents and purposes, the IPv6 IGPs are very similar to their IPv4 counterparts
IPv6 IGPs have additional features that could lead to new designs
©2012 Cisco Systems Inc. All rights reserved. 11
High-level perspective
• OSPF is for the most part more “optimized” (and therefore significantly more complex)
• Only LSAs are extensible (not hellos, etc.).
• Unrecognized LSA types are not flooded (though opaque LSAs can suffice, if implemented universally).
• Uses complex, multistate process to synchronize databases between neighbors. Intended to minimize transient routing problems by ensuring that a newborn router has nearly complete routing information before it begins carrying traffic.
Encapsulation
OSPF runs on top of IP
• Traditional IP routing protocol approach
• Allows virtual links (if you need them)
• Relies on IP fragmentation for large LSAs
• Subject to spoofing and DoS attacks (use of authentication is strongly advised).
©2012 Cisco Systems Inc. All rights reserved. 12
Database Node
• LSAs are mostly numerous and small (one external per LSA, one summary per LSA).
• Network and router LSAs can become large.
• LSAs are grouped into LS Updates during flooding.
• LS Updates are built individually at each hop.
• Small changes can yield small packets (but router, network LSAs can be large).
Links and Areas • An OSPF link can be only in one area, and routers must agree on the area ID.
• Area borders cross routers in OSPF.
For Your Reference
©2012 Cisco Systems Inc. All rights reserved. 13
Implementation
Independent process from OSPFv2 – Similar concepts as OSPFv2: - Runs directly over IPv6 (port 89) - Uses the same basic packet types - Neighbor discovery and adjacency formation mechanisms are identical (All OSPF Routers FF02::5, All OSPF DRs FF02::6) - LSA flooding and aging mechanisms are identical - Same interface types (P2P, P2MP, Broadcast, NBMA, Virtual)
Important Differences
OSPFv3 Is Running per Link Instead of per Node (and IP Subnet) Support of Multiple Instances per Link: - New field in OSPF packet header allows running multiple instances per link - Instance ID should match before packet is being accepted - Useful for traffic separation, multiple areas per link
Generalization of Flooding Scope: - Three flooding scopes for LSAs (link-local scope, area scope, AS scope) and they are coded in the LS type explicitly
©2012 Cisco Systems Inc. All rights reserved. 14
Important Differences (cont.)
Address Semantic Changes in LSA: - Router and Network LSA carry only topology information - Router LSA can be split across multiple LSAs; Link State ID in LSA header is a fragment ID - Intra area prefixes are carried in a new LSA payload called intra-area-prefix-LSAs - Prefixes are carried in the payload of inter-area and external LSA
Explicit Handling of Unknown LSA: - The handling of unknown LSA is coded via U-bit in LS type - When U bit is set, the LSA is flooded within the corresponding flooding scope, as if it was understood - When U bit is not set, the LSA is flooded within the link local scope
Authentication Is Removed from OSPF: - Authentication in OSPFv3 has been removed and OSPFv3 relies now on IPv6 authentication header since OSPFv3 runs over IPv6 - Autype and Authentication field in the OSPF packet header therefore have been suppressed
©2012 Cisco Systems Inc. All rights reserved. 15
Important Differences (cont.)
OSPF Packet Format has Been Changed: - The mask field has been removed from Hello packet - IPv6 prefix are only present in payload of Link State update packet
Two New LSAs Have Been Introduced: - Link-LSA has a link local flooding scope and has three purposes Carry IPv6 link local address used for NH calculation Advertise IPv6 global address to other routers on the link (used for multi-access link) Convey router options to DR on the link - Intra-area-prefix-LSA to advertise router’s IPv6 address within the area
Notes
Standardization
Main standard: RFC 2740
Evolution: draft-ietf-ospf-mt-ospfv3 draft-ietf-ospfv3-af-alt
©2012 Cisco Systems Inc. All rights reserved. 16
For Your Reference
Area 0
Area 11
Area 12
Backbone
Internal
Internal
Internal
ABR
ASBR
ABR
ABR
ABR
• A router has a separate LS database for each area to which it belongs
• All routers belonging to the same area should have identical databases
• SPF calculation is performed independently for each area
• LSA flooding is bounded by area
Area 10
RIP/RIPv2 World
• Areas: the tool to make OSPF Scale! • OSPF uses a 2 level hierarchical model • One SPF per area, flooding
done per area • Regular, Stub, Totally Stubby and NSSA
Area Types
©2012 Cisco Systems Inc. All rights reserved. 17
LSA Function Code
1 2
4 3
5 6 7 8 9
LSA Type
0x2001 0x2002 0x2003 0x2004 0x4005 0x2006
0x0008 0x2009
0x2007
Router-LSA Network-LSA Inter-Area-Prefix-LSA Inter-Area-Router-LSA AS-External-LSA Group-membership-LSA Type-7-LSA Link-LSA Intra-Area-Prefix-LSA
New
For Your Reference
©2012 Cisco Systems Inc. All rights reserved. 18
For Your Reference
Area 0
Area 11
Area 12
Backbone
Internal
Internal
Internal
ABR
ASBR
ABR
ABR
ABR
Area 10
RIP/RIPv2 World
Type3
Type4/5
Network changes generates link-state advertisements (LSA) • Router LSA (Type 1) • Network LSA (Type 2) • Summary LSA (type 3 and type 4) • External LSA (type 5)
• All routers exchange LSAs to build and maintain a consistent database
• The protocol remains relatively quiet during steady-state conditions
• Periodic refresh of LSAs every 30 minutes
• Otherwise, updates only sent when there are changes
©2012 Cisco Systems Inc. All rights reserved. 19
For Your Reference
Area 0
Area 11
Area 12
Backbone
Internal
Internal
Internal
ABR
ASBR
ABR
ABR
ABR
Area 10
RIP/RIPv2 World
• LSA flooded throughout the area in response to any topology change
• SPF runs in every router on the receipt of any LSA indicating a topology change
• OSPF by design has a number of throttling mechanisms to prevent the network from thrashing during periods of instability
• Full SPF - Triggered by the change in Router or
Network LSA
- All LSA types are processed
• Partial SPF - Triggered by the change in Type-3/4/5/7 LSA
- Part of the LSAs are processed (see slide notes)
©2012 Cisco Systems Inc. All rights reserved. 20
OSPF (RFC 2328) OSPFv3 (RFC 5340) Type Link state Link state Metric Cost (1-65535) Cost (1-65535) Loop prevention Dijkstra Dijkstra Administrative distance 110 110 L3 transport S/D IPv4 unicast / 224.0.0.5
IPv4 unicast / 224.0.0.6 IPv6 LL unicast / FF02::5 IPv6 LL unicast / FF02::6
L4 transport IP 89 Next Header 89
!"!"interface Loopback0" ip address 10.10.0.1 255.255.255.255"!"!" interface Ethernet0/0" ip address 10.0.0.1 255.255.255.0"!"!"router ospf 1" network 10.0.0.0 0.255.255.255 area 0" passive-interface loopback0"
ipv6 unicast-routing"!"interface Loopback0" ipv6 address 2001:DB8:1000::1/128" ipv6 ospf 1 area 0 instance 11"!"interface Ethernet0/0" ipv6 address 2001:DB8::1/64" ipv6 ospf 1 area 0 instance 11"!"ipv6 router ospf 1" router-id 10.10.10.1" passive-interface loopback0"
©2012 Cisco Systems Inc. All rights reserved. 21
Implementation
Two new TLVs: - IPv6 Reachability TLV (0xEC): Describes network reachability (IPv6 routing prefix, metric information and option bits) - IPv6 Interface Address TLV (0xE8): Contains 128 bit address. Hello PDUs, must contain the link-local address but for LSP, must only contain the non link-local address)
A new Network Layer Protocol Identifier (NLPID): Allows IS-IS routers to advertise IPv6 prefix payload using 0x8E value
Operating Considerations
Single Topology (default for all protocols supported) - potentially beneficial in saving resources (same topology and same SPF)
Multi Topology (draft-ietf-isis-wg-multi-topology) - Independent IPv4 and IPv6 topologies, independent interface metrics
Transition mode available - both types of TLVs are advertised
Notes Standardization: draft-ietf-isis-ipv6-07
Evolution: draft-ietf-isis-mi
For Your Reference
©2012 Cisco Systems Inc. All rights reserved. 22
High-level perspective
• IS-IS was not designed from the start as an IP routing protocol.
• Adjacency is reported once two-way connectivity has been ensured.
• IS-IS essentially uses its regular flooding techniques to synchronize neighbors.
• Transient routing issues can be reduced (albeit non-deterministically) by judicious use of the “overload” bit.
Encapsulation
IS-IS runs directly over L2 (next to IP)
• Sort of makes sense (since it was designed for CLNS)
• Does not require a valid interface address to transmit protocol messages.
• Agnostic about the type of prefix being transported.
• Partition repair requires tunneling (rarely implemented).
For Your Reference
©2012 Cisco Systems Inc. All rights reserved. 23
Database Node
IS-IS database node is an Link State Packet (LSP)
• LSPs are clumps of topology information organized by the originating router
• Always flooded intact, unchanged across all flooding hops (so LSP MTU is an architectural constant—it must fit across all links)
• Small topology changes always yield entire LSPs (though packet size turns out to be much less of an issue than packet count)
• Implementations can attempt clever packing
Links and Areas • In IS-IS, if routers do not agree on the area ID, they form L2 adjacency.
• Area borders cross links in IS-IS.
• In IS-IS, a link can be associated with an L1 and an L2 area simultaneously.
For Your Reference
©2012 Cisco Systems Inc. All rights reserved. 24
Implementation
Two new TLVs: - IPv6 Reachability TLV (0xEC): Describes network reachability (IPv6 routing prefix, metric information and option bits) - IPv6 Interface Address TLV (0xE8): Contains 128 bit address. Hello PDUs, must contain the link-local address but for LSP, must only contain the non link-local address
A new Network Layer Protocol Identifier (NLPID): Allows IS-IS routers to advertise IPv6 prefix payload using 0x8E value (IPv4: 0xCC). Carried in Protocols Supported TLV (0x81).
Operational Considerations
Single Topology (default for all protocols supported) - potentially beneficial in saving resources (same topology and same SPF)
Multi Topology (RFC 5120) - Independent IPv4 and IPv6 topologies (MT ID 0,2), independent interface metrics. Wide metrics. New TLVs!
Transition mode available - both types of TLVs are advertised
Notes Single Topology: http://tools.ietf.org/html/rfc5308
Multi Topology: http://tools.ietf.org/html/rfc5120
Evolution – Multi Instance: http://tools.ietf.org/html/draft-ietf-isis-mi-05
For Your Reference
©2012 Cisco Systems Inc. All rights reserved. 25
IS-IS for IPv4 (RFC 1195) IS-IS for IPv6 (RFC 5308) Type Link state Link state Metric (Narrow / Wide) Cost (1-63 / 16777214) Cost (1-63 / 16777214) Loop prevention Dijkstra Dijkstra Administrative distance 115 115 L3 / L4 transport CLNS CLNS
!"!"interface Loopback0" ip address 10.10.0.1 255.255.255.255" ip router isis CISCO" isis circuit-type level-1" isis metric 10000"!"interface Ethernet0/0" ip address 10.0.0.1 255.255.255.0" ip router isis CISCO" isis circuit-type level-1" isis metric 10000"!"router isis CISCO" net 49.0001.1111.1111.1111.00" metric-style wide" log-adjacency-changes all"!"
ipv6 unicast-routing"!"interface Loopback0" ipv6 address 2001:DB8:1000::1/128" ipv6 router isis CISCO" isis circuit-type level-1" isis ipv6 metric 10000"!"interface Ethernet0/0" ipv6 address 2001:DB8::1/64" ipv6 router isis CISCO" isis circuit-type level-1" isis ipv6 metric 10000"!"router isis CISCO" net 49.0001.1111.1111.1111.00" metric-style wide" log-adjacency-changes all"
ipv6 unicast-routing"!"interface Ethernet0/0" ipv6 address 2001:DB8:1000::1/128" ipv6 router isis CISCO" isis circuit-type level-1" isis ipv6 metric 10000"!"router isis CISCO" net 49.0001.2222.2222.2222.00" metric-style wide" log-adjacency-changes all" !" address-family ipv6" multi-topology" exit-address-family"
For Your Reference
©2012 Cisco Systems Inc. All rights reserved. 26
• Easy to Use and Configure This is by far the most important reason why customers like EIGRP
• Easy to Understand Simple to learn and deploy as compared to other major IGPs
• Scalable Functionality Suitable for deployment in multiple scenarios (hub and spoke, broadcast etc)
• Sub-Second Convergence from inception Backup routes are pre-computed and instantaneously used in case of failure
• High Availability & Reliability Provides comprehensive support for High Availability and simplicity improves reliability
• Proven Deployment The most widely deployed enterprise routing protocol Widely available across Cisco platforms suitable for Enterprise & Commercial
©2012 Cisco Systems Inc. All rights reserved. 27
Implementation
New TLVs used for both IPv4 and IPv6
- INTERNAL_TYPE (0X0602) - EXTERNAL_TYPE (0X0603)
Same Metrics used by IPv6 and IPv4
Important Differences
Hellos are sourced from the link-local address and destined to FF02::A (all EIGRP routers); this means that neighbors do not have to share the same global prefix (with the exception of explicitly specified neighbors where traffic is unicasted)
Auto (classful) summarization disabled by default (For IPv6 and current IPv4)
No split-horizon in the case of EIGRP for IPv6 (because IPv6 supports multiple prefixes per interface)
RouterID which must be explicitly configured if no IPv4 address
Notes Its just like EIGRP-IPv4 except where its different
©2012 Cisco Systems Inc. All rights reserved. 28
EIGRP-IPv4 EIGRP-IPv6 Type Distance vector Distance vector Metric Vector Metrics Vector Metrics Loop prevention DUAL, split horizon DUAL, split horizon Admin distance 5 (sum.), 90 (int.), 170 (ext.) 5 (sum.), 90 (int.), 170 (ext.) L3 transport S/D IPv4 unicast / 224.0.0.10 IPv6 LL unicast / FF02::A L4 transport IP 88, RTP (reliable multicast) Next Header 88, RTP
!"!"interface Loopback0" ip address 10.10.0.1 255.255.255.255"!"interface Ethernet0/0" ip address 10.0.0.1 255.255.255.0"!"router eigrp CSCO" address-family ipv4 autonomous-system 4453" af-interface Loopback0" passive-interface" topology base""
ipv6 unicast-routing"!"interface Loopback0" ipv6 address 2001:DB8:1000::1/128"!"interface Ethernet0/0" ipv6 address 2001:DB8::1/64"!"router eigrp CSCO" address-family ipv6 autonomous-system 4453" router-id 10.10.10.1" af-interface Loopback0" passive-interface" topology base"
©2012 Cisco Systems Inc. All rights reserved. 29
Single Process / Single Topology
Single Process / Multi Topology
Multi Process / Multi Topology
Protocols IS-IS ST IS-IS MT OSPFv2 + OSPFv3 EIGRP-IPv4 + EIGRP-IPv6
IP topologies Single (IPv4+IPv6) Congruent
Multiple Non-congruent
Multiple Non-congruent
Flooding + Router/network resources
Common Common Multiple protocol instances on given link
Dual/SPF Single Multiple Multiple
Topology/LS databases
Single Large
Single Large
Multiple
Control plane Common Less resource intensive More deterministic IPv4/IPv6 co-existence
More separation Protocol-specific optimization possible More resource intensive
Clear separation Protocol-specific optimization possible More resource intensive
©2012 Cisco Systems Inc. All rights reserved. 30
• IPv6 IGP impact on the IPv4 IGP convergence
• Aggressive timers on both IGPs highlight competition for resources
00.050.1
0.150.2
0.250.3
0.350.4
0.450.5
0 500 1000 1500 2000 2500 3000
Number of Prefixes
Tim
e
IPv4 OSPF
IPv4 OSPF w/IPv6 OSPF
Linear (IPv4OSPF w/ IPv6OSPF)Linear (IPv4OSPF)
0
0.1
0.2
0.3
0.4
0.5
0.6
0 500 1000 1500 2000 2500 3000
Number of Prefixes
Tim
e
IPv4 ISIS
IPv4 ISIS w/IPv6 ISIS
Linear (IPv4ISIS w/ IPv6ISIS)Linear (IPv4ISIS)
0
0.1
0.2
0.3
0.4
0.5
0.6
0.7
0 500 1000 1500 2000 2500 3000
Number of Prefixes
Tim
e
IPv4 OSPF
IPv4 OSPF w/IPv6 OSPF
Linear (IPv4OSPF w/ IPv6OSPF)Linear (IPv4OSPF)
Tuned IPv4 OSPF, Tuned IPv6 OSPF
Tuned IPv4 OSPF, Untuned IPv6 OSPF
Tuned IPv4 ISIS, Tuned IPv6 ISIS
©2012 Cisco Systems Inc. All rights reserved. 31
• The similarities between the IPv4 and IPv6 IGP lead to similar network design considerations as far as routing is concerned—For the rest of the presentation, the analysis is IP version AGNOSTIC! IPv6 specific considerations are noted where relevant
• The implementation of the IPv6 IGPs achieves parity with the IPv4 counterparts in most aspects but this is an ongoing development and optimization process
• Coexistence of IPv4 and IPv6 IGPs is a very important design consideration.
©2012 Cisco Systems Inc. All rights reserved. 32
EIGRP – OSPF Overview Features at a Glance
For Your Reference
©2012 Cisco Systems Inc. All rights reserved. 33
IOS-XE IOS-XR NX-OS
BFD Yes Roadmap Yes
IP Fast Reroute 3.7 Roadmap Roadmap
Non-Stop Routing 3.9 Roadmap Roadmap
UCMP Yes Yes No
EIGRP add-path 3.8 Roadmap Roadmap
VRF-Aware EIGRP Yes Yes Yes
EIGRP PE/CE Yes Yes Yes
EIGRP 6PE/6VPE 3.9 Roadmap Roadmap
For Your Reference
©2012 Cisco Systems Inc. All rights reserved. 34
IOS-XE IOS-XR NX-OS
EIGRP IPv4/IPv6 MIB Yes/3.7 No/No Yes/No
Route Tag Enhancement Yes No Yes
EIGRP Multi-Instance Yes No Yes
EIGRP Prefix Limit Yes Yes Yes
EIGRP Route Authentication Yes Yes Yes
EIGRP HMAC-SHA-256 Authentication Yes No No
EIGRP Wide Metrics Yes Yes Yes
For Your Reference
©2012 Cisco Systems Inc. All rights reserved. 35
EIGRP OSPF Common Configuration Yes No Sub-second Convergence Yes IPFRR Sends partial routing updates (advertise only new/changed information) Yes Yes Floods database periodically No Yes Supports manual summarization Yes Yes Allows manual summarization at any router Yes No Sends routing information using IPv4/IPv6 multicast on LANs Yes Yes Uses the concept of a designated router on a LAN No Yes Flexible network design with no need to create areas Yes No Supports STUB networks 3500* 600 Supports both equal and unequal cost load balancing Yes No Robust metric based on interface characteristics Yes No Public standard No Yes
For Your Reference
©2012 Cisco Systems Inc. All rights reserved. 36
EIGRP OSPF Interfaces must be in an up/up state Yes Yes
Interfaces must be in the same subnet Yes Yes
Must pass neighbor authentication (if configured) Yes Yes
Must use the same AS/Process-ID Yes No
Hello and hold/dead timers must match No Yes
IP MTU must match No Yes
Router IDs must be unique No* Yes
K-values must match Yes N/A
Must be in the same area N/A Yes
* Duplicate EIGRP RIDs does not prevent neighbors forming, but EIGRP will reject routes with matching RID
For Your Reference
©2012 Cisco Systems Inc. All rights reserved. 37
Convergence Speed
©2012 Cisco Systems Inc. All rights reserved. 38
• Which protocol converges faster?
• IS-IS versus OSPF verses EIGRP IS-IS and OSPF have the same characteristics, from a high level, so we will consider them both as link state Is DUAL faster, or Dijkstra?
• Rules of Thumb The more routers involved in convergence, the slower convergence will be The more routes involved in convergence, the slower convergence will be
©2012 Cisco Systems Inc. All rights reserved. 39
• Five steps to convergence 1. Detect the failure 2. Calculate new routes around the topology change 3. Flood the failure/repair information 4. Add changed routing information to the routing table (RIB) 5. Update the FIB (possibly distributed)
• Steps 1-4-5 are similar for any routing protocol, so we’ll only look at steps 2-3
• But, it’s important to keep in mind steps 1-4-5, since they often impact convergence more than the routing protocol does
©2012 Cisco Systems Inc. All rights reserved. 40
A
B
C D
F
E
• Start with B>C>E and B>D>E being equal cost
• If C fails, B and E can shift from sharing traffic between C and D to sending traffic to D only
• Number of routers involved in convergence: 2 (B and E)
• Convergence time is in the milliseconds
©2012 Cisco Systems Inc. All rights reserved. 41
A
B
C
E
G
F
• Start with B>C>F and B>D>E>F
• C fails
• B and F flood new topology information
• All routers have to run SPF to calculate new path through the network;
• B and F change their routing tables to reflect the changed topology
• Number of routers involved in convergence: 2 (B and F) ; maybe D and E as well
SPF
SPF
D
©2012 Cisco Systems Inc. All rights reserved. 42
• Within a single flooding domain A single area in OSPF A single flooding domain in IS-IS
• Convergence time depends on; Flooding timers, SPF timers, Number of nodes/leaves in the SPF tree
• What happens when we cross a flooding domain boundary?
©2012 Cisco Systems Inc. All rights reserved. 43
• E floods topology changes to C and D
• C and D summarize these topology changes (removing the topology information), and flood it to B
• B builds a summary from the summary flooded to B, and floods it into area 2
• A calculates a route to B, then recurses C onto E
A
B
C D
F
E
Area 1
Area 0
Area 2
©2012 Cisco Systems Inc. All rights reserved. 44
• Between flooding domains, link state protocols have “distance vector” characteristics
• This can have negative or positive impacts on convergence time in a large network
Reduces tree size Allows partial SPFs, rather than full SPFs Introduces translation and processing at the flooding domain boundaries
• The impact is primarily dependent on the network design
©2012 Cisco Systems Inc. All rights reserved. 45
OSPF
• Carrier Delays
• Hello/dead timers (fast hellos)
• Bidirectional Forwarding Detection(BFD)
• LSA packet pacing
• Interface event dampening
• Exponential throttle timers for LSA & SPF
• MinLSArrivalInterval
• Incremental SPF
• IS-IS
• Carrier Delays
• Hello/dead timers (fast hellos)
• Bidirectional Forwarding Detection (BFD)
• LSP pacing
• Interface event dampening
• Exponential throttle timers for LSP & SPF
• PRC interval
• Incremental SPF
For Your Reference
©2012 Cisco Systems Inc. All rights reserved. 46
• Convergence time with default timers and tuned timers
• IPv4 and IPv6 IGP convergence times are similar
The IPv6 IGP implementations might not be fully optimized yet Not all Fast Convergence optimizations might be available
0.000
0.500
1.000
1.500
2.000
2.500
0 500 1000 1500 2000 2500 3000
Number of Prefixes
Tim
e
IPv4 OSPF
IPv6 OSPF
Linear (IPv4OSPF)Linear (IPv6OSPF)
00.050.1
0.150.2
0.250.3
0.350.4
0.450.5
0 500 1000 1500 2000 2500 3000
Number of Prefixes
Tim
e
IPv4 OSPF
IPv6 OSPF
Linear (IPv6OSPF)Linear (IPv4OSPF)
00.050.1
0.150.2
0.250.3
0.350.4
0.45
0 500 1000 1500 2000 2500 3000
Number of Prefixes
Time
IPv4 ISIS
IPv6 ISIS
Linear (IPv6ISIS)Linear (IPv4ISIS)
Tuned IPv4 OSPF, Untuned IPv6 OSPF
Tuned IPv4 OSPF, Tuned IPv6 OSPF Tuned IPv4 ISIS, Tuned IPv6 ISIS
©2012 Cisco Systems Inc. All rights reserved. 47
• Within a flooding domain The average convergence time, with default timers, is going to be around 3 to 7 seconds With fast timers, the convergence time can be in the milliseconds There are operational 200 node IS-IS and OSPF networks with 500 millisecond convergence times
• Outside the flooding domain Network design and route aggregation are the primary determining factors of convergence speed
©2012 Cisco Systems Inc. All rights reserved. 48
• EIGRP converges Equal Cost paths similar to Link State; If C fails, B and E can shift from sharing traffic between C and D to sending traffic to D only
• EIGRP converges Unequal Cost different from Link State depending on wheather it has a “Feasible Successor” or not
• To understand how a “Feasible Successor” is selected, we need to understand how DUAL handles path cost…
A
B
C D
F
E
©2012 Cisco Systems Inc. All rights reserved. 49
A
B
C D
F
E
• DUAL works on a simple geometric principle: If my neighbor’s cost to reach a given destination is less than my best cost, then the alternate path cannot be a loop
• When B calculates the cost to F;
• B>C>E>F is 30
• B>D>E>F is 35
• B’s Neighbor D reports its cost as; D>E>F is 20
• This is which is less than the best path, 30, so B>D>E>F cannot be a loop
10
10 15
10 10
10
30 35
20
©2012 Cisco Systems Inc. All rights reserved. 50
A
B
C D
F
E
• B will install the path through C, and mark the path through D as a feasible successor
• When C fails, B looks for alternate loop free paths
• Finding one, it installs it
• Convergence time is in the milliseconds
• Number of routers involved in convergence: 2 (B and E)
10
10 15
10 10
10
©2012 Cisco Systems Inc. All rights reserved. 51
A
B
C D
F
E
• If the second path cannot be proven loop free
• B and E detect the failure, and have no alternate path
• B queries A and D for alternate path to F A replies that it has no path D replies with its path
• E queries D and F for alternate path to A F replies that it has no path D replies with its path
©2012 Cisco Systems Inc. All rights reserved. 52
• For paths with feasible successors, convergence time is in the milliseconds The existence of feasible successors is dependent on the network design
• For paths without feasible successors, convergence time is dependent on the number of routers that have to handle and reply to the query
Queries are blocked one hop beyond aggregation and route filters Query range is dependent on network design
• Good design is the key to fast convergence in an EIGRP network
©2012 Cisco Systems Inc. All rights reserved. 53
• EIGRP with feasible successors
• IS-IS with tuned timers
• OSPF with tuned timers
• EIGRP without feasible successors
• OSPF with default timers
• IS-IS with default timers
0
7000
6000
5000
4000
3000
2000
1000
1000
2000
3000
4000
5000
Route Generator
A
B C
D Routes M
illis
econ
ds
IPv4 IGP Convergence Data
• We can sort typical convergence times into three groups
©2012 Cisco Systems Inc. All rights reserved. 54
• “The goal of IP Fast-Reroute is to reduce failure reaction time to 10s of milliseconds by using a pre-computed alternate next-hop, in the event that the currently selected primary next-hop fails, so that the alternate can be rapidly used when the failure is detected.” -draft-ietf-rtgwg-ipfrr-spec-base-12
• Protecting Node, also referred as “Calculating Node”, is responsible for pre-computing an alternate next-hop in event currently selected primary next-hop fails so alternate can be rapidly used when link/node failure is detected
• Alternative Next-Hop is not aware of link failure and operates on assumption it is still up
Primary Path Repair Path
Primary Next-Hop Protecting Node
A B
C
©2012 Cisco Systems Inc. All rights reserved. 55
IP-FRR is a mechanism that reduces traffic disruption to 10s of milliseconds in event of link or node failure
A failure is locally repaired by router next to failure before routers in network re-converge around such failure
IOS implements *per-prefix Loop Free Alterative FRR
But…..
✗ It runs at the process level
✗ Does not guarantee time limit
✗ Performance depends on tuning and platform implementation
IPv4 Only – IPv6 planned
©2012 Cisco Systems Inc. All rights reserved. 56
router ospf 1" router-id 10.1.1.1" fast-reroute per-prefix enable prefix-priority low" network 10.0.0.0 255.255.0.0 area 0" …"
• Per-prefix LFA FRR enabled for all areas unless explicitly specified • IP-FRR automatically enabled on OSPF interfaces • No audit trail of potential LFAs is stored
• Repair paths are computed for all prefixes though not all prefixes may have repair paths
Protecting Node
A
©2012 Cisco Systems Inc. All rights reserved. 57
• Uses existing Feasible Successors, so no additional computational load
• Automatically enabled on all EIGRP interfaces covered by network statement
• Per-prefix LFA FRR enabled via route-maps
• Repair paths can be equal or unequal cost (thought variance command)
• Repair paths are computed for all prefixes though not all prefixes may have a FS (repair path)
router eigrp CISCO" address-family ipv4 autonomous-system 4453 network 10.0.0.0 255.255.0.0 topology base fast-reroute tie-break <attribute> <priority>" fast-reroute per-prefix all | route-map <map-name> …"
RTR-A#sh eigrp add ipv4 topology frr"EIGRP-IPv4 Topology Table for AS(1)/ID(3.3.3.2)"Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply," r - reply Status, s - sia Status" "P 192.168.1.0/24, 1 successors, FD is 307200, serno 7" via 1.1.1.1 (307200/281600), Ethernet0/0" via 3.3.3.3 (332800/307200), Ethernet0/2, (LFA)""
Protecting Node
A
©2012 Cisco Systems Inc. All rights reserved. 58
• It’s possible to converge in under one second using any protocol, with the right network design
• IP-FRR reduces convergence time to 10’s of micro-seconds
• Rules of Thumb: More aggregation tends towards better performance for EIGRP Less aggregation tends towards better performance for Link
State protocols If you’re going to use link state protocols, tune the timers; but if
you tune the timers, be careful with HA features, like GR/NSF
©2012 Cisco Systems Inc. All rights reserved. 59
Design and Topology Considerations
©2012 Cisco Systems Inc. All rights reserved. 60
• State Full Mesh
• Hierarchy and Aggregation
• Hub and Spoke
• DMVPN
For Your Reference
©2012 Cisco Systems Inc. All rights reserved. 61
• Full mesh topologies are complex: 2 routers = 1 link 3 routers = 3 links 4 routers = 6 links 5 routers = 10 links 6 routers = 15 links …
• Adjacencies = Links • Links - 1
2
©2012 Cisco Systems Inc. All rights reserved. 62
• Flooding routing information through a full mesh topology is also complicated
• Each router will, with optimal timing, receive at least one copy of every new piece of information from each neighbor on the full mesh
• There are some techniques you can use to reduce the amount of flooding in a full mesh
New Information
©2012 Cisco Systems Inc. All rights reserved. 63
• OSPF and IS-IS can both use mesh groups to reduce the flooding in a full mesh network
• Mesh groups are manually configured “designated routers” on the full mesh
• Any LSPs received will not be retransmitted back out any other interface on the router in the same mesh-group
• This will reduce the number of times information is flooded over a full mesh topology
• This isn’t a commonly used configuration
interface serial x" ip ospf database-filter all out"
or:" isis mesh-group 1"
on each serial interface:"
©2012 Cisco Systems Inc. All rights reserved. 64
• Routes must be advertised between every pair of peers in the mesh so each router has the correct next hop and routing information
• Treat a full mesh as a hierarchical network in disguise!
• Address your the links so they can be summarized to a single advertisement at the edge
Summarize
Summarize
Summarize
Summarize
Summarize
Summarize
©2012 Cisco Systems Inc. All rights reserved. 65
OSPF Use ip ospf database-filter all out to manually designate flooding points and increase scaling through a Full Mesh
IS-IS Use isis mesh-group or isis mesh-group blocked to Manually Designate Flooding Points and Increase Scaling Through a Full Mesh
EIGRP Summarize into and out of the Full Mesh
©2012 Cisco Systems Inc. All rights reserved. 66
• OSPF has a “hard edge” at flooding domain borders
• Summarization and filtering can occur at this border
Summarization and filtering can also be configured at routers redistributing routes into OSPF
• In a two layer hierarchy, the flooding domain border naturally lies on the aggregation/core boundary
area 0
Sum
mar
izat
ion
©2012 Cisco Systems Inc. All rights reserved. 67
• In a three layer hierarchy, the decision of where to place the area border is more difficult
• Examples would include full mesh areas, data centers with a large amount of parallelism, and large hub and spoke deployments
• Typically, the best best is to flow around complex areas of the network, attempting to separate them into different areas
High Degree of Complexity
High Degree of Complexity
©2012 Cisco Systems Inc. All rights reserved. 68
• IS-IS has a “hard edge” at flooding domain borders, as well, but it’s softer than OSPF’s because the L2 routing domain can (and normally does) overlap with the L1 domains
• Summarization and filtering can occur at this border
Summarization and filtering can also be configured at redistribution points
• In a two layer hierarchy, the flooding domain border naturally lies on the aggregation/core boundary
L2
L1
L1
L1
For Your Reference
©2012 Cisco Systems Inc. All rights reserved. 69
• In a three layer hierarchy, the decision of where to place the area border is more difficult
• Typically, the best best is to flow around complex areas of the network, attempting to separate them into different areas
• Examples would include full mesh areas, data centers with a large amount of parallelism, and large hub and spoke deployments
High Degree of Complexity
High Degree of Complexity
For Your Reference
©2012 Cisco Systems Inc. All rights reserved. 70
• The depth of the hierarchy doesn’t alter the way EIGRP is deployed; there are no “hard edges”
• Divide complexity with summarization points
• Summarize at every boundary where possible Aggregate reachability information Aggregate topology information Aggregate traffic flows
• A place to apply traffic policy
High Degree of Complexity
High Degree of Complexity
Summarize
Distribution
Access
Core
©2012 Cisco Systems Inc. All rights reserved. 71
10.1.0.0/23 Metric 10 10.2.0.0/23 Metric 20
10.1.0.0/23 Metric 30 10.2.0.0/23 Metric 20
10.1
.0.0
/24
Met
ric 3
0 10
.1.1
.0/2
4 M
etric
20
10.1
.0.0
/24
Met
ric 3
0 10
.1.1
.0/2
4 M
etric
10
EIGRP chooses the metric of the lowest cost component route as the summary metric
What happens if the summary metric changes?
• If the component the metric was taken from flaps, the summary flaps as well!
• You’re using the summary to hide reachability information, but it’s passing metric information through
• Routers beyond the summary are still working to keep up with the changes
A
B C
10.2
.0.0
/24
Met
ric 3
0 10
.2.1
.0/2
4 M
etric
20
©2012 Cisco Systems Inc. All rights reserved. 72
CSCed01736
router eigrp CISCO address-family ipv4 auto 4453 network 10.0.0.0 af-interface Ethernet0/0 summary-address 10.1.0.0/23 exit-af-interface topology base summary-metric 10.1.0.0/23 10000 1 255 1 1500"
• Could use loopback interface to force the metric to remain constant
• Create a loopback interface within the summary address range with a lower metric (Use delay to force the metric value!) than any other component
• But the summary to not be withdrawn when all comments are lost, as the loopback doesn’t ever go down
• A better solution is to use the summary-metric command which established a constant metric value thereby:
• Eliminate re-computing the summary metric when components change
• Allows the summary to be withdrawn when all comments are lost
A
B
10.1
.0.0
/24
Met
ric 1
0 10
.1.1
.0/2
4 M
etric
20
10.1.0.0/23 Metric 1
10.1.0.0/23
©2012 Cisco Systems Inc. All rights reserved. 73
• We would like C to be able to receive as few routes as possible
• We still optimally route to 10.1.1.0/24 and 10.1.2.0/24 dynamically
• We could use a combination of static routes and route filters to advertise both 10.1.0.0/16 and the more specific to C
• This is complicated, and difficult to maintain
10.1.1.0/24 10.1.2.0/24
10.1.0.0/16
10.1
.0.0
/16
10.1
.0.0
/16
A B
C
CSCed01736
©2012 Cisco Systems Inc. All rights reserved. 74
• The simplest way to handle this is to configure a leak list on the summary route
route-map LeakList permit 10 match ip address 1 ! access-list 1 permit 10.1.1.0 ! router eigrp CISCO address-family ipv4 autonomous-system 4453 af-interface Serial0/0 summary-address 10.1.0.0 255.255.0.0 leak-map LeakList"
10.1.1.0/24 10.1.2.0/24
10.1.0.0/16
10.1
.0.0
/16
10.1
.0.0
/16
A B
C 10.1
.1.0
/24
CSCed01736
©2012 Cisco Systems Inc. All rights reserved. 75
OSPF
Normal: all routing information is flooded into the area Stub: only internal summarized (type 3) information is flooded into the area Totally stub: only a default is flooded into the area Not-So-Stubby-Area: only internal summarized (type 3) information is flooded into the area; routers within the area can originate type 7’s, which are converted to type 5’s at the ABR Totally Not-So-Stubby-Area: only a default is flooded into the area; routers within the area can originate type 7’s, which are converted to type 5’s are the ABR
IS-IS L1/L2 borders set the attached bit, equivalent to a default route L2 routes are not propagated into L1 areas, except through manually configured route leaking
For Your Reference
©2012 Cisco Systems Inc. All rights reserved. 76
OSPF “Hard” flooding domain, summarization, and filter border; area borders need to be considered when designing or modifying the network
IS-IS “Softer” flooding domain, summarization, and filtering border; L2 overlaps L1 domains, providing some flexibility; network design needs to consider flooding domain border
EIGRP “None”, no hard or soft borders other than what the network dictates . Use summarization and filtering where configured
©2012 Cisco Systems Inc. All rights reserved. 77
Design and Topology Considerations Hub and Spoke Networks
©2012 Cisco Systems Inc. All rights reserved. 78
A
C D
B
10.1.1.0/24
E F
10.1.2.0/24
10.1.1.0/24
10.1.0.0/16
• Black Holes with Hub and Spokes • C and D are both advertising 10.1.0.0/16 towards A
and B • C and D are advertising a default only to E and F • A chooses D’s path • When the D to E link fails, D is still advertising
10.1.0.0/16 (based on 10.1.2.0/24 from F) • Traffic forwarded to 10.1.1.1 from A will be dropped • You can resolve this by placing a link between C
and D
New link
©2012 Cisco Systems Inc. All rights reserved. 79
• Dual homed connections in hub and spoke networks illustrate a design challenge in:
OSPF: connections parallel to an area border EIGRP/OSPF unintentionally transiting spokes
• If the D to E link fails, traffic from A to F will: Route towards the summary advertised by D
Route via the more specific along the path F, C, E
• How can we prevent D from using the link through F to reach 10.1.1.0/24?
• Add a new link between D and C
A
C D
B
10.1.1.0/24
E F
10.1.2.0/24
10.1.1.0/24
10.1.0.0/16
New link
©2012 Cisco Systems Inc. All rights reserved. 80
• Link state protocols rely on every router within a flooding domain having the same view of the network’s topology to calculate loop free paths
• Link state flooding rules have implications for scaling and design in hub and spoke networks
• Every router within a flooding domain receives the same information
Although B can only reach C through A, it still receives all of C’s routing information
• As the number of remote sites increases, the amount of information each remote site must process and store also increases
• This limits scaling in link state hub and spoke networks
B
A
C
D
reachability only through A
all link state information is flooded to B
©2012 Cisco Systems Inc. All rights reserved. 81
• Controlling route distribution
• There’s no way to allow C and D to receive information about 10.1.1.0/24, and not E and F
B A
10.1
.1.0
/24
C
D
E
F
Area 0
Area 1
©2012 Cisco Systems Inc. All rights reserved. 82
Two Links, One in Each Flooding Domain • For each hub and spoke flooding domain your
summarization of areas will require specific routing information between the ABRs
• This is to avoid suboptimal routing
• The link between two hub routers should be equal to the number of areas
• As you grow the number of areas, you will grow the number of VLAN/PVCs—scalability issue
• Possible solution is to have a single link with adjacencies in multiple areas. (RFC 5185)
• This can become difficult to manage in a large scale hub and spoke network
©2012 Cisco Systems Inc. All rights reserved. 83
Network Type Advantages Disadvantages
Single Interface at the Hub Treated as an OSPF Broadcast or
NBMA Network
Single IP Subnet
Fewer Host Routes in Routing Table
Manual Configuration of Each Spoke with the Correct OSPF Priority
No Reachability Between Spokes or Labor-Intensive Layer 2 Configuration
Single Interface at the Hub Treated as an OSPF Point-to-
Multipoint Network
ip ospf network-type point-to-multipoint
Single IP Subnet
No Configuration per Spoke
Most Natural Solution
Smaller Database
Additional Host Routes Inserted in the Routing Table
Individual Point-to-Point Interface at the Hub
for Each Spoke ip ospf network-type point-to-point
Can Take Advantage of End-to-End Signaling for Down State
Lost IP Address Space
More Routes in the Routing Table
Larger Database
Overhead of Sub-Interfaces
For Your Reference
©2012 Cisco Systems Inc. All rights reserved. 84
• Controlling query range
• If A loses its connection to 10.1.1.0/24, it builds and transmits five queries: one to each remote, and one to B
• Each of the remote sites will then query B
• B must process and reply to five queries; all for a route it does not have
B A
10.1
.1.0
/24
©2012 Cisco Systems Inc. All rights reserved. 85
• If these spokes are remotes sites, they have two connections for resiliency, not so they can transit traffic between A and B
• A should never use the spokes as a path to anything, so there’s no reason to learn about, or query for, routes through these spokes
B A
10.1
.1.0
/24
Don’t Use These Paths
For Your Reference
©2012 Cisco Systems Inc. All rights reserved. 86
• Marking the spokes as stubs allows them to signal A and B that they are not valid transit paths
• Marking these remotes as stubs also reduces the topological complexity of the network
• Router A and B simply will not query the remotes
B A
10.1
.1.0
/24
• To do this, marks the remotes as spoke routers through configuring them as stubs
router eigrp CISCO" address-family ipv6 autonomous-system 6473" stub connected""
©2012 Cisco Systems Inc. All rights reserved. 87
• Routers which are configured as stubs will only advertise locally connected, summary, or redistributed destinations
• These remotes will not pass A’s advertisement of 10.1.1.0/24 to B
• B will only have one path to 10.1.1.0/24
• This reduces the total number of queries in this example to a single query
• If you need to additional routes advertised from the stub sites, use route-leaking on the stubs
B A
10.1
.1.0
/24
©2012 Cisco Systems Inc. All rights reserved. 88
• The blue and red line shows the rate at which the convergence time increases as EIGRP neighbors are added to hub routers and does not pass 500.
• The red line shows the convergence time if the neighbors added are all configured as EIGRP stub routers and scales to over 1000 peers.
• Measure initial bring up convergence until all neighbors are established and queues empty
• Dual Homed Remotes, 3000 prefixes advertised to each spoke
2
5
9
0 500 1000 1500
Number of Neighbors
Tim
e (m
inut
es)
Test performed with 12.3(14)T1
Non-Stub
EIGRP Stub
How Many Neighbors?
NPE-G1 with 1G RAM,
©2012 Cisco Systems Inc. All rights reserved. 89
• The blue line with the steep slope shows the rate at which the failover convergence time increases as EIGRP neighbors are added to a single hub router
• The red line shows the failover convergence time if the neighbors added are all configured as EIGRP stub routers and is extremely linear in behavior.
• Primary Hub failed, time measured for EIGRP to complete failover convergence
• Dual Homed Remotes, 3000 prefixes advertised to each spoke
Failover Time
0
1
60
0 200 400 600 800 1000 1200 1400 1600
Number of Neighbors
Tim
e (m
inut
es)
Test performed with 12.3(14)T1 15
EIGRP Stub
Non-Stub
NPE-G1 with 1G RAM,
©2012 Cisco Systems Inc. All rights reserved. 90
• In the field, we see up to 800 dual homed remotes with EIGRP, and up to about 250 with OSPF
• Tested initial convergence and hard failover times 600 dual homed remote sites For hard failover, primary hub was powered down
Testing is still ongoing in this area
0
2
4
6
8
10
12
Initial Failover
600 remotes
EIG
RP
OSP
F
EIG
RP
OSP
F
Seco
nds
©2012 Cisco Systems Inc. All rights reserved. 91
• EIGRP over multipoint interfaces such as DMVPN and mGRE has to share the bandwidth among peers
• EIGRP uses the bandwidth on the main interface divided by the number of neighbors on that interface to get the bandwidth available per neighbor
• Some interface types appear to EIGRP to be a shared interface but in reality they’re provided by a point-to-point mechanism and the ability of the underlying network may not match up with the bandwidth defined on the interface;
for example, if an mGRE outbound interface is Gigabit Ethernet but the tunnels traverse an ISPs network, we can’t actually send at Gigabit rates and expect all of the packets to be delivered at that rate
For Your Reference
©2012 Cisco Systems Inc. All rights reserved. 92
• Spokes build a dynamic permanent GRE/IPsec tunnel to the hub, but not to other spokes. They register as clients of the NHRP server (hub).
• When a spoke needs to send a packet to a destination (private) subnet behind another spoke, it queries via NHRP for the real (outside) address of the destination spoke.
• Now the originating spoke can initiate a dynamic GRE/IPsec tunnel to the target spoke (because it knows the peer address).
• The dynamic spoke-to-spoke tunnel is built over the mGRE interface.
• When traffic ceases then the spoke-to-spoke tunnel is removed.
©2012 Cisco Systems Inc. All rights reserved. 93
Dynamic Spoke-to-spoke tunnels
Spoke A
Spoke B
192.168.2.0/24 .1
192.168.1.0/24 .1
192.168.0.0/24 .1
. . .
Physical: 172.17.0.1 Tunnel0: 10.0.0.1
Physical: dynamic Tunnel0: 10.0.0.11
Physical: dynamic Tunnel0: 10.0.0.12
Static Spoke-to-hub tunnels
Static known IP address
Dynamic unknown IP addresses
LANs can have private addressing
©2012 Cisco Systems Inc. All rights reserved. 94
Dynamic Spoke-to-spoke tunnels
Spoke A
Spoke B
192.168.2.0/24 .1
192.168.1.0/24 .1
192.168.0.0/24 .1
. . . Physical: dynamic Tunnel0: 10.0.0.11
Physical: dynamic Tunnel0: 10.0.0.12
Static Spoke-to-hub tunnels
Mixed Stub Types on Shared Media 12.2(35.01)S 12.4(7)
Physical: 172.17.0.1 Tunnel0: 10.0.0.1
Physical: 172.17.0.2 Tunnel0: 10.0.0.2
.1
©2012 Cisco Systems Inc. All rights reserved. 95
Initial convergence testing was done with 400 peers with 10,000 prefixes to each peer.
Measure initial bring up convergence until all neighbors are established and queues empty
EIGRP DMVPN Phase 0 (prior to 12.4(7)) EIGRP DMVPN Phase I (12.4(7) and later) EIGRP DMVPN Phase II (CSCei03733) EIGRP DMVPN Phase III (Future)
• Currently, the practical maximum is; 600 while advertising no more than 5k prefixes per spoke 3500 while advertising no more than 1 prefix per spoke
Con
verg
ence
Tim
e
Phase II Phase I Phase 0
5
10
15
20
25
30
35 33 min
11 min
3 min
©2012 Cisco Systems Inc. All rights reserved. 96
Scaling Issues
Link State All remote sites receive all other remote site
link state information; moderate scaling capability
No effective means to control distribution of routing information
Care must be taken with summary black holes
Care must be taken to prevent transiting traffic through remote sites
EIGRP Stub remote routers with filtering and
aggregation; excellent scaling capability
Best solution for DMVPN deployments
User route leaking to address summary black holes
Care must be taken to prevent transiting traffic through remote sites
Latest IOS code should be run to ensure best DMVPN scaling
©2012 Cisco Systems Inc. All rights reserved. 97
• Rules of Thumb EIGRP performs better in large scale hub and spoke environments Link state protocols perform better in full mesh environments, if tuned correctly EIGRP tends to perform better in more strongly hierarchical network models, link
state protocols in flatter networks EIGRP performs better in Hub and Spoke network models EIGRP performs much better for DMVPN networks
Note: IPv6 a great deal of emphasis is placed on hierarchical addressing schemes. EIGRP thus becomes very well suited to support such designs
©2012 Cisco Systems Inc. All rights reserved. 98
Protocol Features
©2012 Cisco Systems Inc. All rights reserved. 99
• Many enterprises now use MPLS VPNs through service providers to replace frame relay or their core links
• In either of these environments, it’s important to maintain IGP routing information across the VPN
• Backdoor links complicate this situation
Service Provider
Site 1
Site 2
PE
VPN
PE
CE
CE Backdoor link
©2012 Cisco Systems Inc. All rights reserved. 100
• OSPF Supports MPLS PE/CE through sham links in cooperation with the provider’s BGP Supports back door links through the down bit http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a0080087ce2.html
• IS-IS No support
©2012 Cisco Systems Inc. All rights reserved. 101
• EIGRP Supports MPLS PE/CE in cooperation with the provider’s BGP http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/ products_feature_guide09186a0080154db3.html Supports back door links through Sight Of Origin (SOO) communities http://www.cisco.com/en/US/products/sw/iosswrel/ps1829/ products_feature_guide09186a00801eff60.html Supports BGP metric adjustment through cost communities http://www.cisco.com/en/US/products/sw/iosswrel/ps1829/ products_feature_guide09186a00801eff5f.html Supports Route Count limits thought EIGRP Prefix Limits http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/cs_epls.html
©2012 Cisco Systems Inc. All rights reserved. 102
Service Provider
PE PE
CE
CE
VPN
EIGRP Site 2
EIGRP Site 1
D
A B C
ip vrf VRF-RED rd 172.16.0.1:20 exit .... router eigrp CISCO"
address-family ipv4 vrf VRF-RED autonomous-system 101 network 172.16.0.0 255.255.0.0 topology base"
redistribute BGP 101 metric 10000 100 255 1 1500 exit-address-family"
router-c#show eigrp add ipv4 vrf VRF-RED topology EIGRP-IPv4 Topology Table for AS(1)/ID(192.168.10.1) Routing Table:VRF-RED"
P 10.17.17.0/24, 1 successors, FD is 409600 via 50.10.10.2 (409600/128256), Ethernet3/0 P 172.16.19.0/24, 1 successors, FD is 409600"
Internal
Internal
For Your Reference
©2012 Cisco Systems Inc. All rights reserved. 103
Service Provider
PE PE
CE
CE Backdoor Link
VPN
EIGRP Site 2
EIGRP Site 1
D
A B C
• If there are backdoor links between EIGRP sites, it’s possible to have a count-to-infinity issue when a route goes down in one of the sites
• Site 1 advertises a route through the back door to site 2
• If that route goes down in site 1, it can be advertised from site 2 into BGP and reintroduced into site 1
• It takes a bit of time for the network to converge on the disappearance of the route
CSCdw78242
For Your Reference
©2012 Cisco Systems Inc. All rights reserved. 104
Service Provider
PE PE
CE
CE Backdoor Link
VPN
EIGRP Site 2
EIGRP Site 1
D
A B C
• The solution is to automatically tag all the routes with a site of origin (SoO)
• The SoO is defined on the PE router’s interfaces connecting to the CEs
• EIGRP on the PE will reject routes redistributed from BGP if they contain that site’s SoO value (would be a loop through back door)
route-map SoOrigin permit 10"
set extcommunity soo 100:1 "
interface FastEthernet 0/0"
ip vrf sitemap SoOrigin"
• If the SoO is also defined on the backdoor link, the backdoor routers will reject routes received from the other backdoor router containing this site’s SoO value
• You can then set the metric on the backdoor link so the path through the VPN is preferred over the backdoor link
For Your Reference
©2012 Cisco Systems Inc. All rights reserved. 105
• When redistributing between an SP and an EIGRP site:
Configuration mistakes on the SP side could redistribute the full BGP table into EIGRP Configuration mistakes on the EIGRP side could overflow the SP BGP edge router (PE)
• How can we protect both sides?
EIGRP Site
A
B
SP
C
Mistake from This Side Overruns EIGRP
Mistake from This Side Overruns SP PE Router
CSCeb02607
router eigrp CISCO address-family ipv4 vrf RED autonomous-system 4453 topology base redistribute maximum-prefix 1000 .... neighbor <b> maximum-prefix 1000 ...."
.... exit-address-family"
• Configure a BGP and EIGRP maximum redistribution prefix limit on A
• Configure an EIGRP maximum neighbor prefix limit on A
For Your Reference
©2012 Cisco Systems Inc. All rights reserved. 106
• Fast Hellos is a way of detecting failures fast and routing around them (BFD is preferred)
• Fast Hellos or BFD are at cross purposes with HA/NSF!
• Graceful Restart (GR) is a way to rebuild forwarding information in routing protocols when the control plane has recovered from a failure
• Nonstop Forwarding (NSF) is a way to continue forwarding packets while the control plane is recovering from a failure
• The fundamental premise of GR/NSF is to route through temporary failures, rather than around them!
©2012 Cisco Systems Inc. All rights reserved. 107
• Graceful Restart (GR) allows a router’s control plane to reset without impacting (global) routing
• Consider two routers connected over a single circuit
• Router A loses its control plane for some period of time
• It will take some time for Router B to recognize this failure, and react to it
Control Data
Control Data
A
B
©2012 Cisco Systems Inc. All rights reserved. 108
• During the time that A has failed, and B has not detected the failure, B will continue forwarding traffic through A
• Once the control plane resets, the data plane will reset as well, and this traffic will be dropped
• NSF reduces or eliminates the traffic dropped while A’s control plane is down
Control Data
reset
Control Data
A
B
©2012 Cisco Systems Inc. All rights reserved. 109
• If A is NSF capable, the control plane will not reset the data plane when it restarts
• Instead, the forwarding information in the data plane is marked as stale
• Any traffic B sends to A will still be switched based on the last known forwarding information
Control Data
no reset
Control Data
mark forwarding information as stale
A
B
©2012 Cisco Systems Inc. All rights reserved. 110
• While A’s control plane is down, B’s hold timer counts down…
• A has to come back up and signal B before B’s hold timer expires, or B will route around it
• When A comes back up, it signals B that it is still forwarding traffic, and would like to resynchronize
• This is the first step in Graceful Restart (GR)
Hold Timer: 15 14 13 12 11 10 9 8 7 6
Control Data
Control Data
A
B
For Your Reference
©2012 Cisco Systems Inc. All rights reserved. 111
GR Signaling Resynchronization
OSPF (LLS/OOB) Link Local Signaling (LLS), Extending Hellos to Add Optional Information
Out Of Band Synchronization (OOB), Creates a New Form of Synchronization (Similar to
Standard Database Synchronization)
OSPF (opaque LSAs) Grace LSA (Opaque LSA Carrying Neighbor State)
Grace LSA (Opaque LSA Carrying Database Information)
IS-IS Added TLV in Hello (iih) Packet Normal Database Synchronization
IS-IS (Cisco) No Protocol Extensions Normal Database Synchronization
EIGRP Added Bits in Hello Packet (Standard Format) Normal Topology Table Advertisement
©2012 Cisco Systems Inc. All rights reserved. 112
OSPFv3 IS-IS for IPv6 EIGRP-IPv6 LSA/LSP generation exponential backoff throttling Y Y Not Required SPF execution exponential backoff throttling Y Y Not Required Bidirectional Forwarding Detection (BFD) Y Y (via IPv4 BFD) Y (CSCtk04807) Graceful Restart (GR) Y Y Y
©2012 Cisco Systems Inc. All rights reserved. 113
• How much information is transmitted on the wire?
This is a complex question; the answer is primarily dependant on the network design But, there are some characterizations we can observe by examining routing protocol packet formats
Area Border
For Your Reference
©2012 Cisco Systems Inc. All rights reserved. 114
• OSPF uses a series of packets: Type 1: connected links and adjacent routers Type 2: Designated Router (DR) representing a broadcast link Type 3: summary information Type 4: border router Type 5: external routes
area border
type 1
Redistribution
type 5’s
type 4
type 5
A
B
C D
E
type 2
pseudonode
type 1
type 3
For Your Reference
©2012 Cisco Systems Inc. All rights reserved. 115
Type 5’s
Type 5
Change here
Type 5’s
Type 5
• Single route changes require a single type of LSA to be transmitted, reducing on the wire overhead
• For instance, a change in the routes learned from some other protocol will cause just the type 5 containing external routes to be reflooded, rather than all the routing information known at A
Type 2
Pseudonode
Type 1
Type 3 Area Border
Type 1
Redistribution
Type 4
A
B
C D
E
For Your Reference
©2012 Cisco Systems Inc. All rights reserved. 116
• Each OSPF LSA has an LS age, set to 0 by the originating router
• Receiving routers increment the LS age over time, so they know when the LSA should be removed from the local database
• The originator must reoriginate the LSA before this timer reaches the maximum (60 minutes by default)
14. Aging The Link State Database!
Each link state advertisement has an LS age field. The LS age is expressed in seconds. An advertisement's LS age field is incremented while it is contained in a router's database. Also, when copied into a Link State Update Packet for flooding out a particular interface, the advertisement's LS age is incremented by InfTransDelay.!
....!
RFC 2328!
For Your Reference
©2012 Cisco Systems Inc. All rights reserved. 117
• When a router originates an LSA, it sets a timer as well; when the timer reaches 30 minutes, it re-originates the LSA
• Because timer counts up, all the routers in a network must be reconfigured to slow these retransmissions
• OSPF flooding reduction removes these periodic retransmissions
A
B
10.1.1.0/24
LSA LSA Age: 0
LSA LSA Age: 1
LSA LSA Age: 5
LSA LSA Age: 6
LSA LSA Age: 10
LSA LSA Age: 11
LSA LSA Age: 15
LSA LSA Age: 16
LSA LSA AGE: 0
LSA LSA AGE: 1
For Your Reference
©2012 Cisco Systems Inc. All rights reserved. 118
• OSPF Flooding Reduction essentially uses the “do not age” bit set in all LSAs within an area to keep the LSA age timer from aging
• http://www.cisco.com/en/US/products/sw/iosswrel/ps1834/products_feature_guide09186a008008011e.html
For Your Reference
©2012 Cisco Systems Inc. All rights reserved. 119
• OSPF paces packets to one every 33 milliseconds by default
This can be configured to lower or higher numbers manually (CSCds86112) This is not primarily aimed at link utilization, but at buffer utilization on the inbound side of the router
• Pacing can be useful when dealing with lower speed links to reduce the amount of traffic OSPF puts on the wire
• Pacing will slow down network convergence
For Your Reference
©2012 Cisco Systems Inc. All rights reserved. 120
Redistribution
LSP
LSP
LSP
• IS-IS uses a single LSP type containing information about:
Connected Networks Adjacent Neighbors Summary Information Externals
• The pseudonode LSP looks just like a normal router LSP (with some extra bits set in the LSP-ID so you can tell them apart)
Pseudonode LSP
Pseudonode
C
L1/L2 Border
A
B
D
E
For Your Reference
©2012 Cisco Systems Inc. All rights reserved. 121
• An LSP may be fragmented If all the TLVs won’t fit in the smallest MTU advertised by all the IS’ in the network
• These fragments are treated independently for flooding
LSP
Pseudonode LSP
Pseudonode
C
L1/L2 Border
A
B
D
E
Change Here
Redistribution
LSP
LSP
For Your Reference
©2012 Cisco Systems Inc. All rights reserved. 122
• When a router originates an LSP, it sets a timer as well; when the timer reaches 0, it reoriginates the LSP
• IS-IS’ timer counts down, so any router in the network may issue an LSP with any age
• IS-IS routers can be reconfigured to issue LSPs with longer age timers incrementally, reducing the amount of reflooding in the network
A
B
10.1.1.0/24
LSA LSA AGE: 20
LSA LSA AGE: 19
LSA LSA AGE: 5
LSA LSA AGE: 4
LSA LSA AGE: 10
LSA LSA AGE: 9
LSA LSA AGE: 15
LSA LSA AGE: 14
LSA LSA AGE: 20
LSA LSA AGE: 19
For Your Reference
©2012 Cisco Systems Inc. All rights reserved. 123
• IS-IS paces packets to one every 33 milliseconds by default
This can be configured to lower or higher numbers manually (CSCdi54576) This is not primarily aimed at link utilization, but at buffer utilization on the inbound side of the router
• Pacing can be useful when dealing with lower speed links to reduce the amount of traffic IS-IS puts on the wire
• Pacing will slow down network convergence
For Your Reference
©2012 Cisco Systems Inc. All rights reserved. 124
• EIGRP transmits only reachable routes to neighbors
• As long as the neighbor is up, any routes received from that neighbor are assumed valid and operational
A
B
10.1.1.0/24
10.1.1.0/24
As long as the neighbor is up, routes learned this way are good!
For Your Reference
©2012 Cisco Systems Inc. All rights reserved. 125
• EIGRP paces packets based on the bandwidth on links below T1 speed
• (1/bandwidth) x (packet size in bits) x bandwidth-percentage
• For a 1500 byte packet at: 56k Link: (1/56000) * 1500 * 8 * .5 = .107 64k Link: (1/64000) * 1500 * 8 * .5 = .094 128k Link: (1/128000) * 1500 * 8 * .5 = .047 256k Link: (1/256000) * 1500 * 8 * .5 = .023 512k Link: (1/512000) * 1500 * 8 * .5 = .012
For Your Reference
©2012 Cisco Systems Inc. All rights reserved. 126
• When we deal with On The Wire Efficiency, we are mostly dealing with nits
• Few modern protocols can, or will, exhaust network resources except in unusual situations
All routing protocols operate equally well over higher speed links, 64k and above A large number of lower speed links may push you towards optimizations reducing the protocol’s burden, or to a protocol that adjusts to fewer resources more readily
For Your Reference
©2012 Cisco Systems Inc. All rights reserved. 127
• MPLS/TE: EIGRP, OSPF, ISIS can all be used as the MPLS Core IGP MPLS TE is complex, not practical in most enterprise networks OSPF and IS-IS enable MPLS TE EIGRP has no immediate plans to support MPLS TE
• Easy VPN (EVPN) New L3 VPN technology Easier to deploy in enterprise networks Supported by OSPF, IS-IS, EIGRP, and BGP
©2012 Cisco Systems Inc. All rights reserved. 128
• Can we load share over these two paths? The path B/C/E costs 10 The path B/D/E costs 20
• EIGRP: Yes As long as the B/D/E link is loop free, we can load share in proportion to the link costs
• OSPF: No
• IS-IS: No
A
B
C D
E
F
10 20
©2012 Cisco Systems Inc. All rights reserved. 129
• EIGRP third-party next hop allows A to leave the next hop at 10.1.3.2
• B can then use the direct link between B and C to forward traffic to 10.1.1.0/24, even though EIGRP isn’t running between the two routers
• This allows B to send traffic directly to C and not A
Router A: router eigrp CISCO" address-family ipv4 autonomous-system 4453" af-interface Ethernet 0/0" no next-hop-self" ...." EIGRP-IPv4 Topology Table for AS(100)
.... P 10.1.1.0/24, 1 successors .... via 10.1.3.1 ...."
EIG
RP
EIG
RP
No EIGRP Running
A
B
C
10.1.1.0/24
10.1.3.2
10.1.3.1
©2012 Cisco Systems Inc. All rights reserved. 130
OSPF
Metric Based on the inverse of the bandwidth of the Interface in bps:
108/Bandwidth
You Can Change the Number in the Numerator Using ospf auto-cost (CSCdi73355)"
IS-IS
Metric Set to 10 on All Interfaces by Default
Default Metric Can Be Set in the Global Configuration Mode
Narrow Metrics from 1 to 63 for Any Link; Wide Metrics from 1 to 232 for Any Link
EIGRP
Uses same vector metrics used for both IPv4 and IPv6
Classic Metrics support up to 2Gig for Any Link
Wide Metrics up to 4.8 Terabytes/sec for Any Link (CSCdx36932)
Extensible Metrics - support for additional attributes (jitter, energy, etc)
©2012 Cisco Systems Inc. All rights reserved. 131
Debugs Event Log" Neighbor Logging" SNMP"
OSPF Neighbor and Protocol Events Yes, Difficult to Read Yes RFC1253"
IS-IS Neighbor and Protocol Events No" No" No"
EIGRP Neighbor and Protocol Events
Yes, Moderately Difficult to Read Yes Yes
©2012 Cisco Systems Inc. All rights reserved. 132
• Includes two Traps eigrpRouteSIA eigrpAuthFailure
• 5 Object Groups on a per VPN, per AS basis EIGRP VPN Table EIGRP Traffic Statistics EIGRP Topology Data EIGRP Neighbor Data EIGRP Interface Data
• For more specifics on the objects and MIB please see the following: http://www.cisco.com/en/US/docs/ios/12_3t/12_3t14/feature/guide/gteigmib.html
For Your Reference
©2012 Cisco Systems Inc. All rights reserved. 133
• EIGRP Traffic Statistics AS Number Hellos Sent/Received Updates Sent/Received Queries Sent/Received Replies Sent/Received
• EIGRP Topology Data Destination Net/Mask Active State Feasible Successors Origin Type Distance Reported Distance
• EIGRP Interface Data Peer Count Reliable/Unreliable Queues Pacing Pending Routes Hello Interval
• EIGRP Neighbor Data Peer Address Peer Interface Hold Time Up Time SRTT/RTO Version
And Many More...
For Your Reference
©2012 Cisco Systems Inc. All rights reserved. 134
Route Control and Policy
©2012 Cisco Systems Inc. All rights reserved. 135
What is routing policy? Marking routes using tags for further processing elsewhere in
the network Filtering routes learned from adjacent routers or external
protocols Setting metrics for routes learned from an adjacent router Summarizing routing information
©2012 Cisco Systems Inc. All rights reserved. 136
OSPF can filter Prefixes out of Type 3 Summary LSAs at an ABR (CSCdi43518)
router ospf 1! log-adjacency-changes! area 1 filter-list prefix AREA_1_OUT out! area 3 filter-list prefix AREA_3_IN in! ....!!!ip prefix-list AREA_1_OUT seq 10 permit 10.25.0.0/8 ge 16!ip prefix-list AREA_1_OUT seq 20 permit 172.20.20.0/24!!!ip prefix-list AREA_3_IN seq 10 permit 172.31.0.0/16!
OSPF Can Summarize at ABR’s router ospf 100! ....! area 0 range 10.1.0.0 255.255.0.0
OSPF Can Filter Routes, Set Their Metric, Type, Tag, and Next Hop when Redistributing Using a Route Map
access-list 100 deny 10.1.1.0 0.0.0.255!access-list 100 permit any!!!route-map filter-server permit 10! match ip address 100!!!router ospf 100! ....! redistribute static route-map filter-server
©2012 Cisco Systems Inc. All rights reserved. 137
OSPF can filter routes between the local database and the routing table (RIB) using
• route-maps to match tags,
• prefix-lists to match prefixes,
• Access-lists to match prefixes;
This doesn’t impact the routes advertised to adjacent routers (CSCdt43016)
hostname router-a!!!access-list 10 permit 10.1.1.0 0.0.0.255!access-list 10 deny any!!!route-map settag permit 10! match ip address 10! set tag 1000!!!router ospf 1! ....! network 10.1.2.0 0.0.0.255 area 0! redistribute connected route-map settag!!hostname router-b!!!route-map matchtag deny 10! match tag 1000!route-map matchtag permit 20!!!router ospf 1! network 10.1.2.0 0.0.0.255 area 0! distribute-list route-map matchtag in!
A
B
10.1.1.0/24
10.1
.2.0
/24
©2012 Cisco Systems Inc. All rights reserved. 138
IS-IS can set a tag on routes pulled in through an interface or redistribution; tags can also be set on summary routes. These tags can be used for filtering or leaking routes, either one (CSCdk83317)
interface Ethernet1/0! ip address 10.1.1.1 255.255.255.0! ip router isis! isis tag 120!!!router isis! redistribute static ip metric 2 route-map tag-static! ...! metric-style wide!!!route-map tag-static permit 10! set tag 10!!router#show isis database detail verbose !IS-IS Level-1 Link State Database:!....!Metric: 2 IP-Interarea 10.1.1.0/24! Route Admin Tag: 120!!kangpa#show ip route 10.1.1.0!....!Routing entry for 10.1.1.0/24! Known via "isis", distance 115, metric 12! Tag 120, type level-1!
For Your Reference
©2012 Cisco Systems Inc. All rights reserved. 139
IS-IS tags can be used for filtering or leaking (CSCdk83317)
interface Ethernet1/0! ip address 10.1.1.1 255.255.255.0! ip router isis! isis tag 120!!!router isis! redistribute static ip metric 2 route-map tag-static! ...! metric-style wide!!!route-map tag-static permit 10! set tag 10!!router#show isis database detail verbose !IS-IS Level-1 Link State Database:!....!Metric: 2 IP-Interarea 10.1.1.0/24! Route Admin Tag: 120!!kangpa#show ip route 10.1.1.0!....!Routing entry for 10.1.1.0/24! Known via "isis", distance 115, metric 12! Tag 120, type level-1!
For Your Reference
©2012 Cisco Systems Inc. All rights reserved. 140
IS-IS filtering (L1 to L2) and leaking (L2 to L1) can also be configured using prefixes and other route map matches; sets can be used to change the route type and metric (CSCdk83317)
access-list 10 permit 10.1.1.0 0.0.0.255!access-list 20 deny 10.1.2.0 0.0.0.255!access-list 20 permit any!!!route-map dist1-2 permit 10! match ip address 10!!!route-map leak2-1 permit 10! match ip address 20!!!router isis! redistribute isis ip level-1 into level-2 route-map ! dist1-2! redistribute isis ip level-2 into level-1 route-map ! leak2-1!
For Your Reference
©2012 Cisco Systems Inc. All rights reserved. 141
EIGRP can mark routes with tags during redistribution or using a route map; these tags can be used for filtering or other policy implementations
route-map settag permit 10! set tag 1000!!!router eigrp CISCO! address-family ipv4 autonomous-system 4453! topology base! redistribute static route-map settag! default-metric 10000 1 255 1 1500! address-family ipv6 autonomous-system 4453! topology base! redistribute static route-map settag! default-metric 10000 1 255 1 1500 !....!
EIGRP can set the metrics for any route using a route map (CSCdw22585)
route-map setmetric permit 10! set metric <bandwidth> <delay> <reliability> <load> <MTU>!!!router eigrp CISCO! address-family ipv4 autonomous-system 4453! topology base! distribute-list route-map setmetric in! address-family ipv6 autonomous-system 4453! topology base! distribute-list route-map setmetric in!....!
©2012 Cisco Systems Inc. All rights reserved. 142
EIGRP can set the next hop for any route using either route maps or no ip next-hop-self (CSCdk23784)
route-map setnh permit 10! set next-hop 10.14.2.2!!!router eigrp CISCO address-family ipv4 autonomous-system 4453 topology base redistribute static route-map setnh! default-metric 10000 1 255 1 1500! ....!
EIGRP can filter routes at any point in the network on a per interface basis
access-list 10 permit 10.1.1.0 0.0.0.255!!!router eigrp CISCO address-family ipv4 autonomous-system 4453 distribute-list 10 in serial 0/0!
EIGRP can summarize routes at any point in the network on a per interface basis
router eigrp CISCO address-family ipv4 autonomous-system 4453 af-interface serial 0/0! summary-address eigrp 100 10.1.0.0 255.255.0.0!
©2012 Cisco Systems Inc. All rights reserved. 143
OSPF" IS-IS" EIGRP"
Route Marking Tags for Externals at Redistribution" Tags for All Routes Tags for All Routes
Metrics Can Be Changed for Externals at Redistribution
Can Be Set at Redistribution or
Summary Creation"
All routes and Anyplace (using Route Maps)"
Next Hop Can Be Changed for Externals at Redistribution"
Cannot Be Changed or Set
Can Be Set for All Routes Under Varying Conditions
Filtering Summary Information Can ONLY Be Filtered at ABR’s
and ASBR’s"
Filtering and Leaking Can ONLY Be Done at
L1/L2 Borders Anyplace
Summarization ONLY At ABR’s And ASBR’s" Only at L1/L2 Borders Anyplace
©2012 Cisco Systems Inc. All rights reserved. 144
Summary
©2012 Cisco Systems Inc. All rights reserved. 145
• There is no “right” answer! • Consider:
Your business requirements Your network design The coexistence between IPv4 and IPv6 Intangibles
• The IGP’s are generally pretty close in capabilities, development, and other factors
©2012 Cisco Systems Inc. All rights reserved. 146
• Targeting parity is natural but consider the tradeoffs during the early phases of integration
• IPv4 and IPv6 can be decoupled offering a unique opportunity to try a new design with IPv6; Look at both congruent and non-congruent topology approaches
• Evaluate the additional resources required by IPv6
• Take advantage of the IPv6 addressing resources!
050000100000150000200000250000300000350000400000450000
0 500 1000 1500 2000 2500 3000
Number of Routes
Mem
ory (
bytes
)
IPv4
IPv6
Linear(IPv6)Linear(IPv4)
show route afi-all summary""IPv4 Unicast:"---------------"Route Source Routes Backup Deleted Memory (bytes)"connected 5 1 0 720 "local 6 0 0 720 "local SMIAP 1 0 0 120 "static 0 0 0 0 "ospf 200 3770 1 0 452520 "Total 3782 2 0 454080 ""IPv6 Unicast:"---------------"Route Source Routes Backup Deleted Memory (bytes)"connected 3 1 0 592 "local 4 0 0 592 "ospf 200 3769 1 0 557960 "
Total 3776 2 0 559144 "
©2012 Cisco Systems Inc. All rights reserved. 147
• Knowledge What is your team comfortable with? What “escalation resources” and other support avenues are available? But remember, this isn’t a popularity contest—you don’t buy your car based on the
number of a given model sold, do you? An alternate way to look at it: what protocol would you like to learn?
• Flexibility EIGRP is typically more flexible and easier to deploy than OSPF or ISIS
©2012 Cisco Systems Inc. All rights reserved. 148
• Who’s standard? OSPF: Standardized by the IETF IS-IS: Standardized by the ISO and the IETF EIGRP: “Cisco Standard!”
• Standardization is a tradeoff: Promises Interoperability Promises higher security – but code is rarely open Larger number of eyes looking at problems and finding new features Politics often influence standards New features are often difficult to push through standards committees, slowing their
release Vender specific solutions often precede the standard requiring redeployment when the
standard is available
©2012 Cisco Systems Inc. All rights reserved. 149
EIGRP
Mesh Hub and Spoke
Flat Aggregated
Flat Hierarchy Link State
IP Routing Agnostic Rules of Thumb
©2012 Cisco Systems Inc. All rights reserved. 150
• Your choice of routing protocol depends on the type of network you have and the requirements you have for it
• Based on specific requirements and criteria, one routing protocol can be better suited than another one.
• The step from IPv4 to IPv6 routing protocols is evolutionary rather than revolutionary
• The same selection rules will likely apply for the IPv6 IGP as for the IPv4 IGP.
• Potential IPv4 / IPv6 routing protocol co-existence issues need to be understood and analysed.
©2012 Cisco Systems Inc. All rights reserved. 151
Q and A
©2012 Cisco Systems Inc. All rights reserved. 152
©2012 Cisco Systems Inc. All rights reserved. 153
©2012 Cisco Systems Inc. All rights reserved. 154
©2012 Cisco Systems Inc. All rights reserved. 155
Thank you.
©2012 Cisco Systems Inc. All rights reserved. 156
• Thank you! • Please complete the post-event survey • Join us October 3rd for our next webinar
Using LISP to Solve Today's IP Host Mobility Challenges Register: www.cisco.com/go/iosadvantage
• Follow us @GetYourBuildOn