1. 2 2 Switch Volume II D-Link Switching Advanced Technology.

2

2

Switch Volume II

D-Link SwitchingAdvanced Technology

Module 7

Module 8

Module 9

Module 10

Module 11

:

:

:

:

:

Virtual Router Redundant Protocol

Routing Information Protocol

Open Shortest Path First

Multicast in D-Link Switching Environment

Quality of Service

3

3

4

4

Switch Module 7

Virtual Router RedundancyProtocol (VRRP)

•

•

The IP address, mask and defaultgateway are manually configured,with the gateway pointed to agateway device, here Router-A.

The gateway forward the client trafficto the destination

Problem with this configuration• The client do not have access to the

external network any more when therouter fails

Solution• VRRP is an solution to the problem

Virtual Router Redundancy Protocol

•Overview

!

Typical topology with an Internetaccess gateway

Layer 2 Switch

Router-A

192.168.11.1

Client 1

IP: 192.168.11.100

GW: 192.168.11.1

Client 2

IP: 192.168.11.200

GW: 192.168.11.1

Network Topology without VRRP

5

VRRP or Virtual Routing Redundancy Protocol is a function on a switch thatdynamically assigns responsibility for a virtual router to one of the VRRP routerson a LAN. The VRRP router that controls the IP address associated with avirtual router is called the Master, and it will forward packets sent to this IPaddress. This will allow any Virtual Router IP address on the LAN to be used asthe default first hop router by end hosts. Utilizing VRRP, the administrator canachieve a higher available default path cost without needing to configure everyend host for dynamic routing or routing discovery protocols.

5

VRRP operation• The Virtual Router Identifier (VRID) and IP

address are configured on each router

• A virtual MAC address is created toassociate it with a virtual router

•The virtual router utilizes an IEEE 802 MACaddress with the format: 00-00-5E-00-01-{VRID}

– 00-00-5E is derived from IANA OUI

–

00-01 is assigned to VRRP

– The last octet is the VRID


•Overview

!VRRP is a gateway redundancy protocoldesigned to prevent from a single pointfailure when the default gateway fails.

Virtual MAC Address

(M) VRID 1 / IP addr

(S) VRID 1 / IP addr

Virtual Router

When a client communicates with thevirtual router, it does not need to have theinformation about the physical router in thenetwork.

6

6

7

•

•

•

•

Router-A and Router-B are grouped into a VRRP virtual router group.

The members of the virtual router group have their own IP addresses:192.168.11.1 and 192.168.11.2 in thisexample.

The virtual IP (192.168.11.200) is assigned to the Virtual Router. The clients do not need to know thephysical interface IP addresses of Router-A and Router-B.

Client-1 and Client-2 take the virtual IP address for their default gateway address.

Result: The clients can access the Internet through the Virtual Router. As the master routerassuming the virtual IP is failed, the backup router takes over the master role without userintervention.


•Overview

!A VRRP Scenario

192.168.11.2

Router-BVRRP Router /

Virtual Router

Router-A

VRID = 1 (Master)

Virtual IP: 192.168.11.200

VRRP Router /Virtual Router

192.168.11.1

Layer 2 Switch

Client-1

IP: 192.168.11.x

GW: 192.168.11.200

VRID = 1 (Backup)

Virtual IP: 192.168.11.200

Backup Master

The Backup Router will assume the Masterrole if it does not receive VRRP packets from

the Master for a period of time.

Client-2

IP: 192.168.11.x

GW: 192.168.11.200

7

Header MAC Header IP VRRP Header FCS

VRRP Router VRRP Router


•VRRP Packet

VRRP packet is used for communication among VRRP routers.

All routers with a common VRID form a VRRP group.

The router priority and the state of the VRRP Master router are exchangedperiodically

VRRP packets are encapsulated in IP packets and sent to the IPv4multicast address 224.0.0.18 assigned by the IANA.

The IP protocol number assigned by the IANA for VRRP is 112 (decimal).

8

8

Ver=2 Type=1 Virtual Router ID Priority Count IP Address

Authentication Type Adver Interval Checksum

Virtual IP Address 1

Header MAC Header IP VRRP Header FCS


•VRRP Packet

"

312416840

Virtual IP Address n

Authentication Data (1)

Authentication Data (2)

9

9

#$ %

10

Virtual Router Redundancy Protocol•VRRP Packet

VRID = 10

IP = 192.168.10.252IP=192.168.10.252IP=192.168.10.253

Virtual MAC:00-00-5E=00-01-0A

TTL must be 255

Multicast Address:224.0.0.18

VRID = 10

Priority = 255 (highest)

Adver Int = 1

Auth Type = Simple

Auth String = ‘dlink’

10

#$ % &

11

Enable VRRPenable vrrp

enable vrrp ping

Create VRRP Routercreate vrrp vrid 1 ipif LAN ipaddress 11.1.1.1 state

enable priority 200 advertisement_interval 1preempt true critical_ip 10.53.13.224critical_ip_state enable

Configure VRRP Advertisement interval andauthentication (option)

config vrrp vrid 1 ipif LAN state enable priority 200advertisement_interval 2

config vrrp ipif LAN authtype simple authdatatomato

Virtual Router Redundancy Protocol•Switch Configuration

• Enable the VRRP function

• Allow the virtual IP address to be pingedfrom other host end nodes to verify theconnectivity

• Configure VRRP VRID, interface and IPaddress

• (Optional) Assign priority, advertisementinterval, preempt and critical IP

Control whether a higher priority backup router will preempt a lower priority Master router (default = true)

• Configure VRRP with VRID is 1 in interfaceLAN with priority 200 andadvertisement_interval 2

• Configure the authentication type for theVRRP routers of an IP interface

11

#$ % &' % (

Host-1 and Host-2 connect to the Internet through Switch-A to; Host-3 and Host-4connect to the Internet through Switch-B.

Load Balancing can be achieved by distributing hosts among different VRIDs

When L3 Switch-A fails, L3 Switch-B will become the Master for VRID 253.

When L3 Switch-B fails, L3 Switch A will become the Master for VRID 252.

Virtual Router Redundancy Protocol•Multiple Virtual Routers

VRID = 252

IP=192.168.1.252

VRID = 253

IP=192.168.1.253

Master 253

Backup 252

Master 252

Backup 253

GW=192.168.1.252

Host-1

192.168.1.1

GW=192.168.1.252

Host-2

192.168.1.2

GW=192.168.1.253

Host-3

192.168.1.3

GW=192.168.1.253

Host-4

192.168.1.4

L3 Switch-A L3 Switch-B

12

12

) * * ' %

Virtual Router Redundancy Protocol•Multiple Virtual Router

IP=192.168.1.x/24

GW1=192.168.1.252

GW2=192.168.1.253

Host-1 Host-2 Host-3 Host-4

L3 Switch-A

VRRP enabled on Net192_168_1

Master of VRID=252create vrrp vrid 252 ipif 192_168_1

ipaddress 192.168.1.252 state enable

create vrrp vrid 253 ipif 192_168_1ipaddress 192.168.1.253 state enable

enable vrrp

L3 Switch-A

Master VRID: 252

Backup VRID: 253

L3 Switch-B

VRRP enabled on Net192_168_1

Backup of VRID=252create vrrp vrid 252 ipif 192_168_1 ipaddress

192.168.1.252 state enable

create vrrp vrid 253 ipif 192_168_1 ipaddress192.168.1.253 state enable

enable vrrp

L3 Switch-B

Master VRID: 253

Backup VRID: 252

13

13

#$ % & )

With the Critical IP feature, the switch will detect the status of the next hop to theInternet by ARP request every 30 seconds periodically.

If the Critical IP fails to respond, the Master router will declare down immediately andthe Backup router will take over.

Virtual Router Redundancy Protocol•VRRP with Critical IP

Host-1 Host-2 Host-3 Host-4

Switch-A to Internet

192.168.2.1

Switch-B to Internet

192.168.3.1

IP=192.168.1.x/24

GW1=192.168.1.252

GW2=192.168.1.253

L3 Switch-B

Master VRID: 253

Backup VRID: 252

L3 Switch-A

Master VRID: 252

Backup VRID: 253

Critical IP for VRID 252 Critical IP for VRID 253

14

VRRP with Critical IP•With the Critical IP feature, the switch will detect the status of next hop to theInternet by ARP request in every 30 seconds periodically. If Critical IP fails torespond, the Master router will declare down immediately and Backup router willtake over immediately.•It provides enhanced failover feature which meet many customers’ requirement.

14

L3 Switch-A and L3 Switch-B provideVRRP function

L3 Switch-A is the Master

L3 Switch-B is the Backup

packets are routed by L3 Switch-A. L3Switch-B is Backup.

) * * )

15

Objective• VRRP is enabled at

Interface192_168_1 on both routers.

•

•

•

•

•

When NAT-A is working, 192.168.1.x

When NAT-A fails, L3 Switch-B willbecome the Master, and route thepacket for 192.168.1.x network. Itprovides the redundant default route.

Principle• With the Critical IP function, the

switch will detect the status of NATdevices by using ARP request every30 seconds. If one of the NAT devicesfails, VRRP switchover takes place.


IP: 192.168.1.x/24

GW: 192.168.1.252

NAT-A

192.168.2.1

Ipif: 192_168_2

IP: 192.168.2.252

L3 Switch-A

Ipif: 192_168_1

IP: 192.168.1.252

NAT-B

192.168.3.1

Ipif: 192_168_3

IP: 192.168.2.253

L3 Switch-B

Ipif: 192_168_1

IP: 192.168.1.253

15

) * * )L3 Switch-A ConfigurationTwo Networks. RIP enabled.VRRP enabled on ipif192_168_1Master of VRID = 252Critical IP = 192.168.2.1

config vlan default delete 1-12

create vlan vlan2 tag 2config vlan vlan2 add untag 1-6create ipif 192_168_1 192.168.1.252/24 vlan2 state enable

create vlan vlan3 tag3config vlan vlan3 add untag 7-12create ipif 192_168_2 192.168.2.252/24 vlan3 state enable

enable ripconfig rip all tx_mode v2_only rx_mode v2_only state

enable

create vrrp vrid 252 ipif 192_168_1 ipaddress192.168.1.252 state enable critical_ip 192.168.2.1critical_ip_state enable

create vrrp vrid 253 ipif 192_168_1 ipaddress192.168.1.253 state enable critical_ip 192.168.2.1critical_ip_state enable

L3 Switch-B ConfigurationTwo Networks. RIP enabled.VRRP enabled on ipif192_168_1Backup of VRID = 252Critical IP = 192.168.3.1


create vlan vlan2 tag 2config vlan vlan2 add untag 1-6create ipif 192_168_1 192.168.1.253/24 vlan2 state enable

create vlan vlan3 tag3config vlan vlan3 add untag 7-12create ipif 192_168_3 192.168.2.253/24 vlan3 state enable

enable ripconfig rip all tx_mode v2_only rx_mode v2_only state enable

create vrrp vrid 252 ipif 192_168_1 ipaddress 192.168.1.252state enable critical_ip 192.168.3.1 critical_ip_state enable

create vrrp vrid 253 ipif 192_168_1 ipaddress 192.168.1.253state enable critical_ip 192.168.3.1 critical_ip_state enable

enable vrrp


enable vrrp

16

16

17

17

Switch Module 8

Routing Information Protocol(RIP)

( !

Distance Vector is an approach to find routes between networks. The routerusing distance vector routing protocol exchanges the information with itsneighbor and determine the route based on the knowledge of “Distance”and “Vector”:•

•

“Distance” refers to “metric”; i.e. how far the destination is

“Vector” refers to the direction to the destination

Examples of Distance Vector Routing Protocols•

•

•

•

•

Routing Information Protocol (RIP) for IP

Cisco System Internet Gateway Protocol (IGRP)

Xerox Networking System (XNS) RIP

Novell IPX RIP

AppleTalk Routing Table Maintenance Protocol (RTMP)


•Distance Vector Routing Protocol

18

A router with Distance Vector Routing Protocol updates all its neighbors bybroadcasting its entire routing table.Distance Vector Routing Protocol has the following characteristics:•Each node knows the distance to its directly connected neighbors.•A node sends routing updates periodically to its neighbors (Eg. RIP sendsrouting updates to its neighbors every 30 seconds.•New nodes advertise themselves to their neighbors.

A router with Distance Vector Routing Protocol sends its updates to itsneighboring routers. These routers will pass the updated information to theirneighbors.•Periodic Updates: Updates to the routing tables are sent every certain timeperiod.•Triggered Updates: If a metric changes on a link, a router sends out an updateimmediately without waiting for the end of the update period.•Full Routing Table Updates: Most distance vector routing protocols send theirneighbors the entire routing table.•Route Invalidation Timers: The entries in the routing table become invalid ifthey are not refreshed by new routing updates.

18

NET VIA HOP

10.0.2.010.0.3.010.0.1.010.0.4.010.0.5.0

--

--10.0.2.110.0.3.210.0.3.2

00112

NET VIA HOP

10.0.3.010.0.4.010.0.2.010.0.5.010.0.1.0

--

--10.0.3.110.0.4.210.0.3.1

00112

NET VIA HOP

10.0.4.010.0.5.010.0.3.010.0.2.010.0.1.0

--

--10.0.4.110.0.4.110.0.4.1

00123

NET VIA HOP

10.0.2.010.0.3.010.0.1.010.0.4.010.0.5.0

--

--10.0.2.110.0.3.210.0.3.2

00112

NET VIA HOP

10.0.3.010.0.4.010.0.2.010.0.5.010.0.1.0

--

--10.0.3.110.0.4.210.0.3.1

00112

NET VIA HOP

10.0.4.010.0.5.010.0.3.010.0.2.0

--

--10.0.4.110.0.4.1

0012

NET VIA HOP

10.0.1.010.0.2.010.0.3.010.0.4.010.0.5.0

--

--10.0.2.210.0.2.210.0.2.2

00123

NET VIA HOP

10.0.1.010.0.2.010.0.3.010.0.4.0

--

--10.0.2.210.0.2.2

0012

NET VIA HOP

10.0.2.010.0.3.010.0.1.010.0.4.0

--

--10.0.2.110.0.3.2

0011

NET VIA HOP

10.0.3.010.0.4.010.0.2.010.0.5.0

--

--10.0.3.110.0.4.2

0011

NET VIA HOP

10.0.4.010.0.5.010.0.3.0

--

--10.0.4.1

001

NET VIA HOP

10.0.1.010.0.2.010.0.3.0

--

--10.0.2.2

001

NET VIA HOP

10.0.2.010.0.3.0

----

00

NET VIA HOP

10.0.3.010.0.4.0

----

00

NET VIA HOP

10.0.4.010.0.5.0

----

00

NET VIA HOP

10.0.1.010.0.2.0

----

00

( !



10.0.5.010.0.4.010.0.3.010.0.2.010.0.1.0

Router DRouter CRouter BRouter A.1 .1 .2 .1 .2 .1 .2 .1

t0

t1

t2

t3

19

The flow chart in the slide describes the operation of the Distance VectorRouting Protocol algorithm.•At time 0, Distance Vector Routing Protocol is enabled in all routers. Theserouters only have the knowledge of their directly attached network. The hopcount of directly connected network is 0.•At time 1, the routers start to exchange routing information. Router A learns therouting information of networks 10.0.2.0 and 10.0.3.0 from its neighbor, RouterB. One hop count is added when the route information is passed over onerouter. In Router A, by comparing the learned routes with the information in itsrouting table, the hop count of route 10.0.2.0 is greater than its own routeinformation in the routing table. Hence, Router A adopts the original one anddisregards that information.•At time 2, router A repeats the process of time 1. Router A learns another routeinformation of network 10.0.4.0.•At time 3, all routers have learned all the routes of the entire network. Therouting information of this network is synchronized now.

19

NET VIA HOP

10.0.3.010.0.4.010.0.2.010.0.5.010.0.1.0

--

--10.0.3.110.0.4.210.0.3.1

00112

NET VIA HOP

10.0.4.010.0.5.010.0.3.010.0.2.010.0.1.0

--

--10.0.4.110.0.4.110.0.4.1

00123

NET VIA HOP

10.0.2.010.0.3.010.0.1.010.0.4.010.0.5.0

--

--10.0.2.110.0.3.210.0.3.2

00112

NET VIA HOP

10.0.1.010.0.2.010.0.3.010.0.4.010.0.5.0

--

--10.0.2.210.0.2.210.0.2.2

00123



10.0.5.010.0.4.010.0.3.010.0.2.010.0.1.0

Router DRouter CRouter BRouter A.1 .1 .2 .1 .2 .1 .2 .1

Issue: If Router D fails, Router A, B and C, which still have the entries about network10.0.50.0 in their routing table, will continue to send packets to Router D. This willgenerate a black hole issue.

Solution: Set a route invalid timer for each entry in the route table. Router C sets atimer for the route after it learned the route 10.0.5.0 and place it into the routing table.When Router C receives periodic updates from Router D, it will reset the timer anddiscard the packets. If Router D fails, the timer of route 10.0.5.0 will not be updatedand will expired. The next update from Router C will notice this missing route to otherrouters.

20

20

NET VIA HOP

10.0.3.0

10.0.2.0

10.0.1.0

--

10.0.3.1

10.0.3.1

0

1

2

NET VIA HOP

10.0.4.0

10.0.5.0 --

10.0.4.

2

0

1

% + ,



10.0.5.010.0.4.010.0.3.010.0.2.010.0.1.0

.1 .1

Router A.2 .1

Router B.2 .1

Router C.2 .1

Router DRouting Update Routing Update

Issue: Router C learns the route 10.0.5.0 from Router D and updates the route backto Router D. It is called reverse route. In a more serious situation, if route 10.0.5.0 isdown and Router C updates the route to Router D at the same time. Router D adoptsthe route information from Router C and will result in a route loop issue.

Solution: Split Horizon is a technique to prevent the issue of reverse route betweentwo routers. The interface will not send a specific routes which it received andlearned from. In the above example, Router C only sends two route information(10.0.4.0 & 10.0.5.0) to Router B instead of the route information it learned fromRouter B.

21

21

NET VIA HOP

10.0.3.0

10.0.4.0

10.0.2.0

10.0.5.0

10.0.1.0

--

--

10.0.3.1

10.0.4.2

10.0.3.1

Infinity

0

infinity

1

infinity

NET VIA HOP

10.0.3.0

10.0.4.0

10.0.2.0

10.0.5.0

10.0.1.0

--

--

10.0.3.1

10.0.4.2

10.0.3.1

0

infinity

1

infinity

2

% + , ( (



10.0.5.010.0.4.010.0.3.010.0.2.010.0.1.0

.1 .1

Router A.2 .1

Router B.2 .1

Router C.2 .1

Router DRouting Update Routing Update

Split Horizon with Poison Reverse is a safer and stronger mechanism compared tostandalone Split Horizon working. Split Horizon with Poison Reverse can prevent andstop potential loops.

Compared to standalone Split Horizon, the updated packets are larger. In the aboveexample, Router C includes three additional route information and metric “infinity” inthe update to Router B. Router B will correct the corrupted information after receivingRouter C’s update.

22

22

23

) *

Issue: In the above example, Route B detects the route 10.0.5.0 is failed and sends the notice toits neighbors (Router A & D). Router D will mark the route unreachable via Router B. At the sametime, Router C updates the next-best path to 10.0.5.0 is three hops away and Router D placesthis information into its route table. Router D will inform Router B that it has an alternative route to10.0.5.0 with four hops via Router C. Next, Router B updates Router A and it forms a loop. It iscalled counting-to-infinity issue because the hop count to 10.1.5.0 will continue to increase toinfinity.

Solution: Define an infinity value. RIP, for example, has an infinity value of 16. The convergenceis very slow and the network will take up to 7.5 minutes to re-converge because its update periodis 30 seconds. Triggered updates can be used to reduce this convergence time.

Triggered updates: If a router receives a route with a better or worse metric, it will send out anupdate without waiting for its update timer to expire.



10.0.1.0

10.0.2.0

A

C D

10.0.5.010.0.4.0

B

10.0.3.0Link Failure

A B DC10.0.2.0 10.0.3.0 10.0.4.0

Link Failure

Routing update10.0.5.0 isunreachable




10.0.1.0.1 .1 .1 .1

10.0.5.0

.1.2 .2 .2

Unlike regular update (every 30 seconds), triggered updates only include theentries which are changed. It can help alleviate the possibility of Counting toInfinity Issue.

23

+

24

(

Holddown timer is a mechanism to prevent a router from accepting any changes to aroute for a period of time so that some problems, like interface flapping, do not impactthe network.



A B C10.0.2.0 10.0.3.0 10.0.4.010.0.1.0

.1 .1 .1 .1.2 .2 Link Failure

10.0.4.0 is

unreachable!

A B DC10.0.2.0 10.0.3.0 10.0.4.0

Link Failure

Bad Routing

UpdateHolddown Timer

Bad Routing


Bad Routing


10.0.1.0.1 .1 .1 .1

10.0.5.0

.1.2 .2 .2

Bad Routing


Poison Reverse

Holddown Timer

10.0.4.0 is

unreachable!

Poison Reverse

Holddown Timer

Interface of a Router Down/Up Process

Page is Animated

Holddown Timer: All routers running RIP must have identical holddown timervalue

Interface of a Router Down/Up ProcessFrom the example in the above slide, when Router C detects the network10.0.4.0 fails, it sends the last route update with the infinite hop counts ofnetwork 10.0.4.0. As Router B receives the route information from Router C, itstarts the Holddown Timer for the route 10.0.4.0 and sends poison reverse toRouter C. Next, Router B updates Router A, and the same procedure repeatstill the entire network converge.When interface 10.0.4.0 recovers, Router C will update Router B immediately.Router B will accept and adopt the route because of smaller hop counter(original is infinite). Next, Router B updates its neighbors about this new update.

24

* ( - -!

RIPv1 is defined in RFC 1058

All RIP messages are encapsulated in a User Datagram Protocol (UDP)

It defines two types of messages•

•

Request message

Response message

It uses classful routing• The routing updates do not carry subnet information and lack support for

Variable Length Subnet Masks (VLSM).

No router authentication mechanism.

Routes update via broadcast.

Limited to 15 hop counts.

25

25

Routing Information Protocol•RIP Version 1

Command Version Reserved (set to 0)

Address Family Identifier Reserved (set to 0)

IP Address

Unused (set to 0)

Unused (set to 0)

Metric

…………

Address Family Identifier Reserved (set to 0)

IP Address

Unused (set to 0)

Unused (set to 0)

MetricR

oute

Ent

ryR

oute

Ent

ry

- "Command: Indicate whether the packet is arequest or response entry.

•

•

Request: The request asks that a router to send all orpart of its routing table.Response: The response can be an unsolicitedregular routing update or a reply to a request.Responses contain routing table entries.

Version Number: Specify the RIP version used.The value is 1 for RIPv1.Zero: This field is not actually used by RFC1058RIP. It was added solely to provide backwardcompatibility with pre-standard varieties of RIP. Itsname comes from its defaulted value: ZERO.Address-Family Identifier, AFI: Specify theaddress family used. RIP is designed to carryrouting information for several different protocols.Each entry has an address-family identifier toindicate the type of address being specified. TheAFI for IP is 2.IP Address: The address of the destination of theroute.Metric: Indicate the number of hops (routes)which have been traversed in the trip to thedestination. This value is between 1 and 15 forvalid route.

26


- . ( ' (( % ((

27

Router A Router B10.1.1.1 10.1.1.2100.100.100.100 200.200.200.200


1

2

3

Initially, both Router A and B sendthe request to each other withbroadcast.

Router A and B reply with fullrouting table to each other.

The periodic update will beforwarded with broadcast packet.

To: 255.255.255.255

To: 255.255.255.255

To: 10.1.1.2

To: 10.1.1.1

To: 255.255.255.255

To: 255.255.255.255

Page is Animated

A router running RIP sends a request to ask for a full route table or only specificroute information.

Requesting Full Route TableStep 1: Router A sends the Request message with a single route entry in whichthe address family identifier is set to zero and metric is 16.Step 2: When Router B receives this type of request, it will send back full routetable to Router A via Unicast.

Only Request Specific Route InformationStep 1: Router A sends the Request message including specifying the addressin the request.Step 2: When Router B receives this type of request, it will send back the routeinformation which Router A request.

27

- . ( / (% (


Request Packet

Response Packet

28

28

Address Class Most Significant Bit Value Ranges

Class A 0000 0.0.0.0 to 126.255.255.255

Class B 1000 128.0.0.0 to 191.255.255.255

Class C 1100 192.0.0.0 to 223.255.255.255

Class D 1110 224.0.0.0 to 239.255.255.255

Class E 1111 240.0.0.0 to 255.255.255.255

) ((*


10.10.20.64

10.10.20.19210.15.75.64

10.93.1.110.100.3.5

192.168.1.0

192.168.1.32192.168.1.64192.168.1.96

192.168.1.128

10.0.0.0

Network Boundary

Route summarization at boundary routers

29

Classful routing protocol does not advertise an address mask along withadvertised destination address. Therefore, a classful routing protocol mustfollow major class A, B or C network portion of a destination as shown in theabove table. When packets pass through the router:•If the destination address is a member of a directly connected major network,the subnet mask configured on the interface attaching to that network will beused to determine the subnet of the destination address.•If the destination address is not a member of a directly connected majornetwork, the router will try to match only the major A, B or C portion of thedestination address.

29

* ( 0 0!

The RIPv2 specification (RFC2453) allows more information to be includedin RIP packets.

It provides a simple authentication mechanism (not supported in RIPv1)

RIPv2 is a Classless Routing Protocol. Comparing with RIPv1, RIPv2 hasthe following advantages.•

•

•

•

Carry mask information for each route entry

Designated next hop to select the best next hop on broadcast networks

Multicast routing update to reduce resource consumption

Plain text authentication and MD5 authentication to enhance security


30

Comparing with RIPv2, RIPv1 is a Classful Routing Protocol and supportsmessage advertisement via broadcast only. RIPv1 protocol messages do notcarry mask information. It can only recognize routing information of standardClass A, B and C networks. Therefore, RIPv1 does not support subnets.RIPv2 is classless routing protocol which have the capability to carry subnetmasks in their route advertisements. It provides a much greater benefit becausea subnet mask is associated with each route. It is able to use variable-lengthsubnet masking (VLSM) and summarize a group of major network address witha single aggregate address.

30

Command Version Reserved (set to 0)

Address Family Identifier Route Tag

IP Address

Subnet Mask

Next Hop

Metric

…………

Address Family Identifier Route Tag

IP Address

Subnet Mask

Next Hop

MetricR

oute

Ent

ryR

oute

Ent

ry

0 "Version: The value is 2 in a RIPv2 packetimplementation.Address-Family Identifier, AFI: Specify theaddress family used. RIP is designed to carryrouting information for several different protocols.Each entry has an address-family identifier toindicate the type of address being specified. TheAFI for IP is 2. If the AFI for the first entry in themessage is 0xFFFF, the remainder of the entrycontains authentication information. Currently, theonly authentication type is simple password.Route Tag: Provide a method for distinguishingbetween internal routes (learned by RIP) andexternal routes (learned from other protocols)IP Address: Specify the IP address for the entry.Subnet Mask: Contain the subnet mask for theentry. If this field is zero, no subnet mask hasbeen specified for the entry.Next Hop: Indicates the IP address of the nexthop to which packets for the entry should beforwarded.Metric: Indicate how many internetwork hops(routes) have been traversed in the trip to thedestination. This value is between 1 and 15 for avalid route, or 16 for an unreachable route.

31


- . ( ' (( % ((

32

Router A Router B10.1.1.1 10.1.1.2100.100.100.100 200.200.200.200


1

2

3

Initially, both Router A and B sendthe request to each other withmulticast.

Router A and B reply with fullrouting table to each other.

The periodic update will beforwarded with broadcast packet.

To: 224.0.0.9

To: 224.0.0.9

To: 10.1.1.2

To: 10.1.1.1

To: 224.0.0.9

To: 224.0.0.9

Page is Animated

RIPv2 sends RIP announcements to the IP multicast address of 224.0.0.9.

32

0 (( 1 2

33


33

0 (( 1 3%

34


34

Enable RIPv1 for Both Switchesenable ripconfig rip all tx_mode v1_only rx_mode v1_only state enable

Check Interface StatusDES-3612:5#sh iprouteCommand: show iproute

Routing TableIP Address/Netmask---------------------------10.1.1.0/24100.1.1.0/24200.1.1.0/24

Gateway------------0.0.0.00.0.0.010.1.1.2

Interface------------Systemint1System

Cost-------112

Protocol------------LocalLocalRIP

Check RIP Version and StatusDES-3612:5#sh ripCommand: sh rip

RIP Global State : Enabled

RIP Interface SettingsInterface IP Address----------- ---------------System 10.1.1.1/24Int1 100.1.1.1/24

TX Mode-------------V1 OnlyV1 Only

RX Mode-------------V1 OnlyV1 Only

Authentication-------------------DisabledDisabled

State--------EnabledEnabled

#$ % & -

Routing Information Protocol•Switch Configuration

100.1.1.1 200.1.1.110.1.1.1 10.1.1.2DGS-3612-1 DGS-3612-2

Total Entries : 2

35

35

#$ % & 0

Enable RIPv2 for Both Switchesenable ripconfig rip all tx_mode v2_only rx_mode v2_only state enable

Check Interface StatusDES-3612:5#sh iprouteCommand: show iproute

Routing TableIP Address/Netmask---------------------------10.1.1.0/24100.1.1.0/24200.1.1.0/24

Gateway------------0.0.0.00.0.0.010.1.1.2

Interface------------Systemint1System

Cost-------112

Protocol------------LocalLocalRIP

Check RIP Version and StatusDES-3612:5#sh ripCommand: sh rip


RIP Interface SettingsInterface IP Address----------- ---------------System 10.1.1.1/24Int1 100.1.1.1/24

TX Mode-------------V2 OnlyV2 Only

RX Mode-------------V2 OnlyV2 Only

Authentication-------------------DisabledDisabled

State--------EnabledEnabled


100.1.1.1 200.1.1.110.1.1.1 10.1.1.2DGS-3612-1 DGS-3612-2

Total Entries : 2

36

36

#$ % &DGS-3612:5#config rip all authentication enable keyCommand: config rip all authentication enable key

Success.

DES-3612:5#sh ripCommand: show rip


ticationState

--------EnabledEnabled

RIP Interface SettingsInterface IP Address TX Mode RX Mode Authen-

----------- -------------- ------------ ------------- ----------System 10.1.1.1/24 V2 Only V2 Only EnabledInt1 100.1.1.1/24 V2 Only V2 Only Enabled

Total Entries : 2


100.1.1.1 200.1.1.110.1.1.1 10.1.1.2DGS-3612-1 DGS-3612-2

37

37

38

38

Switch Module 9

Open Shortest Path First(OSPF)

•

•

•

•

•

Nodes respond immediately when the network changes

Sending periodic updates at a long time interval

Each router maintains its own routing table and calculates respectively its bestpaths to all destinations in the network with Dijkstra’s (Shortest Path First - SPF)algorithm

LSA has sequence number and Link State Advertisement (LSA) acknowledgemechanism

Example: OSPF, IS-IS


•Link-State Routing Protocol

Link = Link between Routers

State = state of the link

Link State Routing Protocol Characteristics

39

Comparing with Distance-Vector Routing Protocol, all routers running the LinkState Routing Protocol have an identical routing table and can calculate thebest route individually.

The Open Shortest Path First (OSPF) routing protocol uses a link-statealgorithm to determine routes to network destinations. A “link” is an interface ona router and the “state” is a description of that interface and its relationship toneighboring routers. The state contains information such as the IP address,subnet mask, type of network the interface is attached to, other routers attachedto the network, etc. The collection of link-states is then collected in a link-statedatabase that is maintained by routers running OSPF.

39

•

•

Link-State information must be synchronized among routers.

Every router maintains the following information:



To make consistent routing decisions in a common routing domain:

– Directly connected routers or in other words, the adjacency information

– The information of all other routers and their attached network n a common routingdomain

– The calculated result of using Dijkstra’s (SPF) algorithm, i.e. best routes to eachdestination

40

Routers running the Link State Routing Protocol have the same routinginformation and make decision on the best route to a specific destination. Inorder for every router in a network area to make a consistent decision, therouters in the area should be equipped with the following information.

•Neighbor routers information

•All other routers information

•Define area

•Attached network

•Using the same way to calculate the best path

40



4%

1. Detecting network change

2. Create a Link-State Advertisement(LSA) concerning that link andpropagates to all neighbor devices

3. Each routing device takes a copy ofthe LSA and updates its Link-StateDatabase (LSDB)

4. Forward the LSA to neighboringdevices 1

2

5

3

LSDB

Router E

A4

B

D

C

E5. LSDB (Topology Table) is used to

calculate the best paths through thenetwork and put it in the routing table

Drawback:• Memory resource issue• CPU consumption issue

41

Link State Routing Protocol is not perfect. In a large and complicated network,the protocol may generate some issues because all routers keep a completerouter information in its database (routers need to have enough space to storeall route information). These routers also need to calculate the best paths todestinations on their own (routers need to be equipped with powerful chips todeal with frequent calculations).

41

4% ( " ( 4 "!

OSPF RFCs•

•

RFC 1131 (version 1)

RFC 2328 (version 2)

Link-State Routing Protocol

Hello / Adjacencies

Link-StateLink State Advertisement (LSA) over all adjacenciesDatabase (LSDB)•

•

•

Router’s link

Router’s interface

Router’s neighbor

Flooding LSAs throughout an area / all routers build identical Link-StateDatabase

SPF (Dijkstra) algorithm to calculate a shortest path Routing Table

Open Shortest Path First•Overview

42

OSPF belongs Link-State routing protocol and uses Hello messages to keep intouch with its neighbors. All routers in the network fully exchange routeinformation via Link-State Advertisement (LSA) with one another so that allrouters have the identical Link-State Routing Database. If there is any routepath change, all routers will be notified immediately through the LSA flooding.

42

Link State

Types

Descriptions

1 Router link advertisement

2 Network link advertisement

3 or 4 Summary link advertisement

5 AS external link advertisement

6 Group Membership LSA

4 " " (

43

Open Shortest Path First•Overview

A

Hello Protocol

DR / BDR Election C

Multi-Access

D

Internal Routers

Backbone / Internal Routers

ASBR

External AS

RIP

Area 4F

GH

OSPF AutonomousBackbone Area / Area 0

I

J L

M

Virtual LinkLSA Exchange

B

Stub Area

Area 1E

K

Area 2

Totally Stub Area

Area 3

NSSA

No Type 4 LSA (ASBR Summary LSAs)No Type 5 LSA (AS External LSAs)

No Type 3 LSA (Summary LSA)No Type 4 LSA (ASBR Summary LSAs)No Type 5 LSA (AS External LSAs)

No Type 4 LSA (ASBR Summary LSAs)No Type 5 LSA (AS External LSAs)

ABR

43

4 "

To run OSPF, a router must have a Router ID.• It is a 32-bit unsigned number to uniquely identifies a router in the Autonomous System (AS).

Router ID assignment••

Configure it manuallyRouter ID is automatically selected from active interfaces:

Open Shortest Path First•OSPF Hello / Adjacency

– The highest IP address on an loopback interface is chosen by default

– The highest IP address on an active interface is chosen– Selection begins at the start of the OSPF process

LSDBs use the OSPF Router ID to differentiate one router from the others.Break the tie during the Designated Router (DR) and Backup Designated Router(BDR) election process.

E1 192.168.0.1

E2

E3 192.168.10.1

192.168.20.1Router ID

44

Autonomous System (AS)

It is a collection of router operators that presents a common, clearly definedrouting policy.

Designated Router (DR)

In multi-access network, DR represents this network to other OSPF areas andmanages the flooding process on the multi-access network.

Backup Designated Router (BDR)

In multi-access network, BDR is responsible for taking over the DR positionwhen DR fails.

44

••

••

Discover Neighbors“Keep-alive” mechanism between neighbors

– Broadcast Hello Interval: 10 seconds– Non Broadcast Interval: 30 seconds– Router Dead Interval: 40 seconds (four times the Hello Interval)

Ensure bidirectional communications between neighborsIt helps to elect the Designated Router (DR) and Backup Designated Router (BDR) onBroadcast and Non-Broadcast Multi-Access (NBMA) network.


•OSPF Hello / Adjacency

+Before any Link-State Advertisements (LSAs) can be sent, OSPF routers mustdiscover their neighbors and establish adjacencies.

Hello

Hello• Router ID• Area ID• Address mask of the originating

interface• Authentication type and information• Hello and dead intervals• All Neighbors list• Router priority• DR IP address• BDR IP address• Authentication password

Hello

Hello

Hello

45

45

2 65

Neighbor• The interfaces of two routers connect to common network. Neighbor relationship is

maintained by exchanging Hello messages between two routers.

•


Not Match

Match

ExistNeighbor Table Reset RouterDeadInterval Timer

Add to neighbor table

Not Exist

Adjacency

A B

Verify:Router ID, Area ID,Network Mask, …

No adjacency

Start to build an adjacency

A B

A relationship is already formed between two neighboring routers for exchanging routinginformation. Two routers synchronizing the LSDB with each other (exchanging DatabaseDescription (DD) packets and LSAs) become adjacent. Not every pair of neighboring routerswill become adjacent. It depends on the network type.

Routing Information

LSDB LSDB

Routing Information

46

When a router receives Hello message from its neighbor, it will verify allinformation (such as Router ID, Area ID, etc) and check its neighbor table. If theneighbor has been recorded in the neighbor table, the router knows that thisneighbor is still alive and reset the Router Dead Internal Timer. If the neighborinformation does not exist in the neighbor table, the router will create new one.

In a broadcast network, a DRothers router does not form an adjacency to otherDRothers routers but to the DR or BDR router.

46

+

47


47

4 " 2 %Point-to-Point Networks – T1, DS-3, SONET link

• In point-to-point networks, routers always become adjacent. The destination address ofOSPF packets on these networks will always be the reserved class D address 224.0.0.5,known as AllSPFRouters.

Broadcast Networks – Ethernet, Token Ring, FDDI•

•

•

OSPF routers on broadcast network will elect a Designated Router (DR) and a BackupDesignated Router (BDR).Hello packets are multicast with AllSPFRouter destination address 224.0.0.5 (DestinationMAC address is 0100.5E00.0005)All other routers will multicast Link State Update and Link-State Acknowledge packets to224.0.0.6 (Destination MAC address is 0100.5E00.0006)

Non-Broadcast Multi-Access (NBMA) networks – x.25, Frame Relay, ATM••

No broadcast capabilityOSPF routers on NBMA elects a DR and BDR, and all OSPF packets are unicast.

Point-to-Multicast Networks• Routers on these networks do not elect a DR and BDR, and the OSPF packets are unicast

to each known neighbor.

Virtual Link• OSPF packets are unicast over virtual links.


48

224.0.0.5: OSPF AllSPFRouters address. It is used to send Hello packets to allOSPF routers on a network segment.

224.0.0.6: OSPF AllDRRouters address. In a multi-access network, the addressis used for communication between routers and DR or BDR.

48

( !/7 % ( 7 !

49

#In a multi-access network, flooding of Link-State Advertisements (LSAs) can beobserved:

•

•

Many unnecessary LSAs – If n is the number of routers on a multi-access network, there willbe n(n-1)/2 adjacencies. Each router will flood n-1 LSAs for its adjacent neighbors and oneLSA to the network. Resulting in LSAs originating from the network.

Routers would in turn flood LSAs to each other, creating many copies of the same LSA onthe same network.

DR/BDR mechanism resolves the above issues. DR has the following duties:•

•

To represent the multi-access network and its attached routers to the reset of OSPF area.

To manage the flooding process on the multi-access network.

BDR assumes the DR role if the DR fails.•


Multi-Access Area

A B C

D E

No DR/BDR Election

N=5

5(5-1)/2=10

A

B C

D E

A B C

D E (DR)(BDR)

All routers form adjacent not only with the DR but also with the BDR(DRother)

DR/BDR Election

49

/7 #

DR and BDR election are based on:•

•

Router Priority– 8-bit unsigned integer from 0 to 255 (highest)

Router ID


50

DR / BDR will be elected based on the following rules:

•The router with highest priority value is the DR

•The router with the second highest priority value is the BDR

•In case of tie. The highest Router ID is DR and the second is BDR

•A router with priority 0 cannot be the DR or BDR

•A router that is not DR or BDR is a DRother

•If a router with higher priority enters the network, it does not preempt the DR orBDR.

50

51

51

4 " 6

After building neighbor relationship between two routers, they need toexperience four stages to reach a full adjacency:•

•

•

•

Neighbor Discovery

Bidirectional Communication

Database Synchronization

Full Adjacency


4 " 6Neighbor Discovery

• Down– No Hello message from the neighbor in Last RouterDeadInterval. If a neighbor transits to the Down state from some

highest state, the Link State Retransmission, Database Summary and Link state Request lists are cleared.

• Initial– The Router has seen a Hello message from a neighbor.

Bidirectional communication• Two-Way

–––

The Router can see its own Router-ID in the Neighbor field of the neighbor’s Hello packet.DR/BDR election (in the multi-access area)The Router receives Database Description (DD) packets from the neighbor in the initial state cases a transition to two-way.

Database Synchronization• ExStart

– The master/slave relationship is negotiated and the adjacency between the OSPF routers begins to form. The initial DDsequence number is decided in this state.

• ExChange– The two OSPF routers identify their Master/Slave status and send Database Description packets describing its entire link-

state database to neighbors . The router may also send Link State Request packet to ask for more recent LSAs.

• Loading– Link State Request packets are sent to neighbors asking for more recent LSAs that are discovered but not yet received.

Full Adjacency• Full

– Neighbors in this state are full adjacent.


52

An OSPF Router transits a neighbor through several states before the neighboris considered full adjacency.

The four stages mentioned in previous slide can be separated into seven states.

•Down State

•Initial State

•Two-Way State

•ExStart State

•ExChange State

•Loading State

•Full State

52

o

DD

DD

DD

LSR

Thanks for the information.

(( *#$ " *


ADown State

Initial State

Router A neighbor List172.16.5.2/24 in Port1

Two-Way State

ExStart State

Exchang ExChange Statee

Prot

Loading State

col

Full State

172.16.6.1/24

Down State

Initial State

172.16.5.2/24

Port 2

172.16.5.1/24

Port 1I am router id 172.16.5.1, and I see no one 224.0.0.5

hello

hello

DD

DD

DD

LSU

I am router id 172.16.5.2, and I see 172.16.5.1 Unicast Packet

In Two-Way state, all routers that have each other in their lists of neighbors haveestablished bidirectional communication.

If link type is a broadcast network (LAN), DR/BDR election. The DR forms the bidirectionaladjectives between all other routers on the LAN link.

Router A & B generate empty DD to each other for master/slave negotiation.

I will start exchange (my router id 172.16.5.1) MS-bit is 1 (Master),DD Sequence number is XXX, M-bit is 1 (not last DD packet)

I will start exchange (my router id 172.16.6.1) MS-bit is 1 (Master),DD Sequence number is YYY, M-bit is 1 (not last DD packet)

You are Master. Here is a summary of my LSDB (LSA header)MS-bit-0 (Slave) DD Sequence number is YYY

Here is a summary of my LSDB (LSA header)MS-bit is 1 (Master) DD Sequence number is YYY+1

DD Ack!! (with the same DD Sequence number)

I need complete entry for network 172.16.6.0/24

Here is the entry for network 172.16.6.0/24

LSAck

B

Router B neighbor List

172.16.5.1/24 in Port2

Two-Way State

ExStart State

ExChange State

Keep exchange DDpacket till M-bit=0

Loading State

Full State

53

This is the process flow chart of exchanging full routing information.

Initially, two router A and B stay in Down state. After OSPF feature is enabled on bothrouters, they are moved to Initial state and send Hello packets to each other.

Router A is moved to Two-Way state when receiving a Hello packets with its Router IDin it.

In Two-Way state, all routers which each other in the neighbor lists will establishbidirectional communication.

If the link-type is a broadcast network (LAN), DR/BDR election mechanism will belaunched. The DR forms the bidirectional adjacencies between all other routers on theLAN.

Router A and B generate and send empty DD to each other for master/slavenegotiation. If both routers receive empty DD packets, they will go to ExStart state. Forexample, Router B, with larger Router ID, will become the Master and lead routerinformation exchange. Router A will accept and use Router B’s sequence number asthe initial number.

They will exchange summary of LSDB in the ExChange state.

After checking the summary of LSDB from Router B, if Router A found some routerinformation is not in its routing table, it will send Link state Request (LSR) to Router torequest for the missing information. When Router B receives, it will send the Link StateUpdate (LSU) and ask Router A to acknowledge.

In the Loading state, the request LSR and LSU will be fully exchanged till both havingidentical router information.

Lastly, it will move to Full state.

* Empty DD is used for master/slave negotiation and Router ID is used to decidewhich side is leading the route information exchange.

53

5 ( ( % !


A B

DD

DD

Address Book

Summarization

54

DD packet is a summary of LSDB. It is similar to the summary of address bookwhich allows others to quickly know which route is missing.

54

55


•OSPF Hello / Adjacency

( *#A

Exchange

Protocol

Full State

ExChange State

Loading State

Two-Way State

ExStart State

Down State

Initial State

Router A neighbor List172.16.5.2/24 in Port1

Full State

172.16.6.1/24

Down State

Initial State

Router B neighbor List172.16.5.1/24 in Port2

172.16.5.1/24

Port 1

hello

DD

172.16.5.2/24

Port 2

helloRouter A & B generate empty DD to each

other for master/slave negotiation

ExStart State

ExChange State

Keep exchange DDpacket till M-bit=0

Loading State

DD

DD

LSR

DD

DD

DD

LSULSAck

B

Two-Way State

ospf_adjacency_establishment.log ospf_adjacency_establishment.pcap

(ospf_adjacency_establishment.pcap.PCA)

55

4 " (Problem: In the Link-State RoutingProtocol, all routers must keep all routinginformation in the Link-State Database(LSDB).

• Memory Issue – In a large scale network,the size of the LSDB is large.

• CPU Issue – Dijkstra (SPF) calculationconsumes time and can be very complex ina large network environment.

Solution: Area reduces the impact on theCPU / Memory.Link-State routing protocols use a two layerarea model

• Transit Area––

Fast and efficient forwarding IP packetsInterconnection with other OSPF area types

•

– OSPF are 0 / backbone area

– Summarize the topologies of each area toevery other area

Regular Area–

–

–

Regular areas are where the users andresources reside.Traffic between regular areas must cross atransit areaArea numbers are not 0 / many area type

Open Shortest Path First•OSPF Areas

A

E FD

C

J

Regulararea

G

Area 1

H

Area 2

I

Area 3

Transit area / Backbone area

External AS

B

Examples of Area ID0 = 0.0.0.0 (reserved for Backbone)275 = 0.0.1.19275 100010011 00000001 00010011 1.19

56

OSPF uses areas to reduce LSA flooding impact because not all routers needto keep a copy of all route information.

There are two types of areas in OSPF. One is the backbone area, also calledarea 0 or Transit area. The other area is the regular area which must attach tobackbone area.

56

4 " ) ( (


A hierarchical design

Smaller link-state database size

Reduction on link-state update (LSU) overhead

Detailed LSA flooding at the area boundary

An identical link-state database shared among routers in an area

57

57

% ( *4 " (

58

A router can exist as more than one routertype.A router has separate LSDB for each areato which it connects.Four types of roles in OSPF and each isresponsible for different router filter androute transmission

• Internal Router– Router’s Interfaces are all in the same area

• Backbone Router– Routers have at least one interface connected

to area 0

•

•

ABR (Area Border Router)– Router’s interface connects to one or more

areas to the backbone and acts as a gatewayfor inter-area traffic

ASBR (Autonomous System BoundaryRouter)

– Routers have at least one interface attachedto another autonomous It is a gateway forexternal traffic, injecting routes into the OSPFarea.

– It separates LSA flooding zone.–

–

It becomes the primary point for area addresssummarization.It functions regularly as the source of defaultrouters

– It maintains the LSDB for each area which it isinvolved.


C

J

D

G

Area 1

E

H

Area 2

F

I

Area 3

ASBR /

Backbone Router

Backbone area

A

ExternalAS

B

Backbone /InternalRouter

ABR

InternalRouter

58

•

•

•

•

Virtual links must be configured between two ABRs.

The area through which the virtual link is configured must have full routing information.

The transit area cannot be a stub area.

Virtual link should be a temporary solution because it will increase network complexityand difficult to troubleshoot.


•OSPF Areas

Virtual Links is a link to the backbone through a non-backbone area

Purposes of Virtual Links

ABR ABR

ABR1

2To connect two parts of apartitioned backbone througha non-backbone area

To link an area to backbonethrough a non-backbone area

Virtual Link

Area 0 Area 1Area 2 Area 3

Area 2

Area 1

Area 0

ABR

Virtual Link

59

In some special network environment, a regular area cannot attach to thebackbone area directly. The feature of Virtual Link enables a logical link tobackbone area and does not violate the rule.

59

Link State Type Descriptions

1 Router LSA

2 Network LSA

3 or 4 Summary LSA

5 AS external LSA

6 Group Membership LSA

7 NSSA External LSA

8 External attributes LSA for Border Gateway Protocol (BGP)

9, 10 or 11 Opaque LSAs

( !

Open Shortest Path First•OSPF LSA Types

Each router in the Autonomous System originates one or more Link-StateAdvertisements which are stored in the Link-State Database.

The area topology view in an AS can be derived from all the LSAs.

Link State ID

60

Different types of OSPF routers generate different route information (LSA).There are 11 types of LSAs and each type of LSA is for different purpose.

60

61

1.

2.

3.

4.

Router’s link

Interface

The state and outgoing cost of each link

Any known OSPF neighbors on the link


•OSPF LSA Types

% -&

Who: Every router

Scope: Flood only within a defined Router area

LSA List:

Type = 1

Router LSA

Router ID

Type = 1

Router LSA

Router ID

61


•OSPF LSA Types

% 0&2

Who: DR Router

Scope: flooded on every multi-access network

LSA List: All attached routers, including DR itself

Note: There is no metric field in the Network LSA. (The cost from the pseudo noderepresented by the LSA to any attached router is always 0)

Router ID:192.168.100.30

Router ID:192.168.100.20

192.168. 0.1

DR

Router ID:192.168.100.10

Attached Router =192.168.100.30



Type = 2

192.168.0.1

Subnet = 255.255.255.0




Type = 2

192.168.0.1

Subnet = 255.255.255.0

62

62

••

ABRABR

Internal Router (What destinations the ABR can reach)Backbone (What destinations in ABR’s attached area)

LSA List: Destination SummaryNote:

•

•

ABR only originate a single Network Summary for each destination even if they knows there are multiplerouters to destination (lower cost)When a router receives Summary LSA, it just simply adds the cost of route to the ABR without running SPFalgorithm


•OSPF LSA Types

% 8&Who: Area Border Router (ABR)Scope:

192.168.10.0/24 172.17.5.0/24

ABR

Area 0 Area 172.17.5.0

Type = 3

172.17.5.0

Subnet = 255.255.255.0

Metric = 120

Type = 3

192.168.10.0

Subnet = 255.255.255.0

Metric = 60

63

ABRs generate summary LSAs. They are sent for the following purpose

1.to advertise the destinations outside that area

2.to advertise the destinations within its connected areas into the backbone

3.to advertise a default route

63

% 9& 7

Who: ABR

Scope: Flood only into a single area

LSA List: The destination is an ASBR, subnet mask is zero; thus it is the hostaddress of an ASBR.

Note: ASBR Summary LSA will always be a host address because it is a route to arouter.

64


Type = 4

192.168.10.1

Subnet = 0.0.0.0

Metric = 64

ABR

192.168.10.0/24

ASBRRouter ID =

192.168.10.1

172.17.5.0/24

Area172.17.5.0

64

% :& ( ( !#$

Who: Autonomous System Boundary Router ASBR

Scope: Flood throughout the autonomous system

LSA List: Destination external to the OSPF antonymous system and a default route

65


Type = 5

192.168.10.0

Subnet = 255.255.255.0

Metric = 10

Forwarding Address =192.168.20.254

192.168.10.0/24

ASBR

Router ID = 192.168.10.1OSPF Autonomous System

192.168.20.254

65

% ; <

Type 6: Group Membership LSA• It is and multicast extension used for OSPF known as multicast OSPF (MOSPF)

Type 7: NSSA External LSA•

•

•

•

It is an LSA type used in Not-So-Stubby-Areas (NSSAs) and it only floods withinthe not-so-stubby-areas.

Who: ASBRs within not-so-stubby areas (NSSAs)

Scope: Flood only within not-so-stubby areas

LSA List: AS External LSA

Type 8: External Attributes LSA• It is used to internetwork OSPF and BGP. transporting BGP information across

an OSPF domain.

Type 9: Opaque LSA• Its information is used for application-specific purpose. The information field can

be used directly by OSPF or indirectly by other applications to distributeinformation throughout the OSPF domain.

66


66

4 " 5

In an autonomous system, AS External LSAs are flooded throughout theOSPF autonomous system but not in a Stub Area. A default route is used ina Stub Area for AS external destinations.

Problem:•

•

External LSAs may occupy a large percentage of LSAs in the database of everyrouter.

Not every router needs to know about all the external destinations.

Solution: A Stub Area•

•

It does not receive AS External LSAs (Type 5 LSA) and ASBR Summary LSA(Type 4).

ABRs use Network Summary LSAs (Type 3) to advertise a single default route(destination 0.0.0.0) into the area.

Open Shortest Path First•OSPF Special Area

67

In the real world practice, most of the route information are injected fromoutside the AS. In the area, not all devices need to know or keep all routesinformation in their database. Therefore, OSPF has defined some special areasfor blocking unnecessary routes injecting into those areas.

There are three types of special areas:

•Stub Area

•Totally Stub Area

•Not-So-Stubby Area

67

4 " 5

There are several restrictions andissues

• All routers in a Stub Area must beconfigured as a stub router and havean identical LSDB to form adjacencies.

•

•

•

A virtual link is not allowed in a StubArea.

No ASBR in the Stub Area

If there are more than one ABR in aStub Area and default routes aregenerated from all ABRs, the internalrouters in the Stub Area do not knowwhich one is the best to reach theexternal destination.


ABR

ASBR

Area 1

AS ExternalLSAs

Stub Area

Area 2

68

68

4 " 55


No Type 3 (ASR Summary LSA) except for a single type 3 LSA to advertisethe default route

No Type 4 (ASBR Summary LSA)

No Type 5 (AS External LSA)

In a Totally Stubby Area, the routes outside an area in an autonomous areblocked. A default route is used to reach all destinations outside the area nomatter where the destination is in the autonomous system or not.

69

69

4 " 2 55 2 !

In a network environment where the characteristics of stub area are required but thearea attaches to other routing domain, NSSA is the solution. It breaks stub area rulesand allows external routes to enter the OSPF autonomous system.

An ASBR in the NSSA originates Type 7 LSAs (NSSA External LSA) to advertise theexternal destinations.

The NSSA External LSA is flooded to other areas in the AS with a flag P-bit in itsheader set to1 after this type 7 LSA is translated into type 5


Area 0

Type 5

Area 2

Not-So-Stubby Area

RIP

ABR

Type 7

ASBR

Type 7

70

Not-So-Stubby Area is a special area which is the transit area connecting toexternal AS and backbone area.

70

Link State Types Type 1 & 2 Type 3 Type 4 Type 5 Type 7

Backbone area Yes Yes Yes Yes No

Non-backbone, non-stub area Yes Yes Yes Yes No

Stub Yes Yes No No No

Totally Stubby Yes No No No No

Not-So Stubby Yes Yes Yes No Yes

4 " % (


This table shows the types of LSAs allowed in different areas.

71

71

Area 1 Area 3

R4

#$ % &4 "

72

Area 2

(Stub Area)

Virtual link

Redistribution

P10 (100.1.1.1/24)

P23 (3.1.1.1/24)

P9 (3.1.1.2/24)

(NSSA Area)

P10 (4.1.1.1/24)

P9 (4.1.1.2/24)

Backbone Area 0P9 (77.1.1.1/24)

P10 (99.1.1.1/24)

R1P22 (1.1.1.1/24)

P9 (1.1.1.2/24)

(Normal Area)P10 (2.1.1.1/24) R2

P9 (2.1.1.2/24)

R3 R5

P1 (100.1.1.2/24)

R6External AS(RIP)

RIP(101.1.1.1/24)RIP(102.1.1.1/24)

Open Shortest Path First•Switch Configuration

72

) * =7 5 > -/ ? 8;$$!

L3 Switch Configuration•

•

VLAN and IP Interface Settingsconfig command_prompt Area0


config ipif System ipaddress 77.1.1.1/24

create vlan area1 tag 2

config vlan area1 add tagged 22

create ipif area1 1.1.1.1/24 area1




OSPF Settingsconfig ospf router_id 1.1.1.1

config ospf ipif System area 0.0.0.0 state enable

config ospf ipif area1 area 0.0.0.0 state enable


enable ospf

73


73

) * =2 - 0/ ? 8;$$!


•











create ospf area 0.0.0.1 type normal


create ospf virtual_link 0.0.0.1 3.3.3.3 hello_interval 10 dead_interval 40 authenticationnone

enable ospf

74


74

) * = 5 0 8/ # 8@$$!


•







config vlan area2 add untagged 10



create ospf area 0.0.0.1 type normal


create ospf virtual_link 0.0.0.1 2.2.2.2 hello_interval 10 dead_interval 40 authenticationnone

create ospf area 0.0.0.2 type stub


enable ospf75


75

) * =2 8 9/ ? 8;$$!


•

VLAN and IP Interface Settingsconfig command_prompt Area3_1










create ospf area 0.0.0.3 type nssa translate enable


enable ospf

76


76

) * =2 8 :/ # 8@$$!


•

•

VLAN and IP Interface Settingsconfig command_prompt Area3_2




create vlan rip tag 3

config vlan rip add tagged 10

OSPF Settingscreate ipif area3 4.1.1.2/24 area3

config ospf router_id 5.5.5.5

create ospf area 0.0.0.3 type nssa translate enable

enable ospf

RIP Settingscreate ipif rip 100.1.1.1/24 rip

enable rip

config rip ipif rip tx_mode v2_only rx_mode v1_or_v2 state enable

create route redistribute dst ospf src rip

create route redistribute dst rip src ospf all

create route redistribute dst ospf src local mettype 2 metric 20

77


77

) * = #$ ;/ # 8@$$!


•

VLAN and IP Interface Settingsconfig command_prompt External_AS


create vlan rip1 tag 3

config vlan rip1 add tagged 1





RIP Settingscreate ipif rip1 100.1.1.2/24 rip1

create ipif rip2 101.1.1.1/24 rip2

create ipif rip3 102.1.1.1/24 rip3

enable rip

config rip all tx_mode v2_only rx_mode v1_or_v2 state enable

78


78

79

79

Switch Module 10

Multicast in D-LinkSwitching Environment

' -> ' (#

Internet Group Multicast Protocol (IGMP v1, 2 & 3)

IGMP Snooping

IGMP Fast Leave

IGMP Snooping Multicast VLAN

Per-Port Multicast Stream Control

Protocol Independent Multicast

80

80

' ( ** 4Three methods of traffic transmission:

• Unicast (multiple copies, multiple receivers)–

–

An application sends two copies of traffic to two clients

Dedicate bandwidth for every traffic session

• Multicast (single copy, multiple receivers)–

–

The client device decides whether or not to listen to the multicast address

An efficient solution for traffic transmission

• Broadcast (single copy, all receivers)–

–

An application sends only one copy of each packet using a broadcast address

Each host device must process the broadcast data frame

Multicast in D-Link Switching Environment•Internet Group Multicast Protocol

B

C

B

C

A

A

Multicast Server

Unicast x 2

Multicast Server

Multicast x 1

Multicast Client-1

Multicast Client-2

Multicast Client-1

Multicast Client-2

Unicast

Multicast

81

If a multicast server wants to deliver duplicated traffic to a number of client,there are several ways to transmit the traffic.•Unicast – It wastes bandwidth and it is not efficient. For example, the serverneeds to generate duplicated unicast traffic to each client.•Multicast – It is the best solution for sending duplicated traffic to a group ofclients. The server just needs to generate one copy of traffic for a group ofclients.•Broadcast – Broadcast packet will deliver to all clients and is regardless of theclients’ requirements.

81

( A ( ( *' (

Advantages• Multicast applications send a data stream in stead of multiple ones; thus the

network resource is efficiently utilized.

Disadvantages•

•

Multicast utilizes User Datagram Protocol (UDP) as the transport layer protocol.UDP is not a connection-oriented protocol and thus it lacks of reliability like TCPdoes.

The way how UDP delivers network traffic may cause packet losses. This mightimpact some delay or packet loss sensitive applications like VoIP.


82

Multicast has many advantages such as enhanced traffic efficiency, reducedbandwidth wastage and optimized network performance.However, it also has some drawbacks. Multicast adopts User DatagramProtocol (UDP) to transfer packets and does not ensure all packets aredelivered successfully.

82

' (

IP multicast relies on the concept of avirtual group address calledMulticast IP address.L2 Switch’s behavior to handlemulticast frame

•

•

A multicast frame is treated as aunknown unicast or broadcast frames.Hence, the multicast will be floodedto all ports within a VLAN.

Problem• When a client joins a specific group, it

will cause all multicast traffic to beflooded to all ports within the VLAN.Every client has to process the data.

Solution•

•

Set up a static multicast FDB for aspecific port (eg. Limit destinedmulticast group by forwarding to port1 & 2 only)Dynamic configuration with IGMPSnooping

83


Router

L2 Switch

Client-1 Client-2 Client-3Receive CNN channel traffic

even though they do not watch it.

83

' ( ((Class D 1 1 1 0 Multicast ID

28 Bits

Class D address range group address or destination address of IP multicast traffic• These address consists of

– Binary 1110 most significant bits (MSB) in the first octet

– Remaining 28 bits identify the multicast group ID

Multicast IP address range: 224.0.0.0 to 239.255.255.255•

•

224.0.0.1 all multicast systems on a subnet

224.0.0.2 all multicast routers on a subnet

First 4 bits

Example: 224.1.1.10

11100000.00000001.00000001.00001010

28 bits


Source: http://www.iana.org/assignments/multicast-addresses/multicast-addresses.xhtml

84

Multicast IP range belongs to class D (224.0.0.0 to 239.255.255.255). Eachmulticast IP address can map to a multicast MAC address.Multicast IP address consists of two segments. First four bits must be 1110 andthe remaining 28 bits represent a specific multicast group ID.In the above example, multicast IP address 224.1.1.10 can map to multicast IPaddress 11100000.00000001.00000001.00001010.•The first four bits 1110 is called MSB (most significant bits)•The remaining 28 bits are used to identify the multicast group ID

84

Description Range

Local Network Control Block 224.0.0.0 to 224.0.0.255

Global scope address 224.0.1.0 to 238.255.255.255

Source Specific Multicast Block 232.0.0.0 to 232.255.255.255

GLOP Block 233.0.0.0 to 233.255.255.255

Administratively Scoped Block 239.0.0.0 to 239.255.255.255

' ( ((


Reserved Local Network Control Block (224.0.0.0 to 224.0.0.255)• Internet Assigned Numbers Authority (IANA) reserved addresses for network protocols on a local network

segment.• Router do not forward packets in this address range (packet with a Time-to-Live (TTL) value of 1)• 224.0.01 All Hosts• 224.0.0.2 All Multicast Routers• 224.0.0.3 All Distance Vector Multicast Routing Protocol (DVMRP) Routers• 224.0.0.5 All Open Shortest Path First (OSPF) Routers• 224.0.0.6 All OSPF Designated Router (DR) Routers• Eg. OSPF uses the IP addresses 224.0.0.5 and 224.0.0.6 to exchange link-state information• Eg. 224.0.0.1 identifies all-hosts group (if you send an ICMP echo request packet to this address, all

multicast-capable hosts on the network will answer the packet).Global Scope Address (224.0.1.0 to 238.255.255.255)

• Companies use these addresses to multicast data between organizations and across the Internet. Eg. IANAreserves the IP address 224..0.1.1 for Network Time Protocol (NTP)

85

In the multicast IP address range 224.1.1.10 to 239.255.255.255, somemulticast IP addresses are reserved.

85

' ( ((

Source Specific Multicast Block (232.0.0.0 to 232.255.255.255)•

•

This is reserved for Source-Specific Multicast (SSM), the extension of Protocol IndependentMulticast (PIM).

In SSM, forwarding decisions are based on a group of two addresses, which is referred to as(S,G), where S is the IP address of source and G is the multicast group address. It can solveaddress allocation problems because the source address makes each channel unique.

GLOP Block (233.0.0.0 to 233.255.255.255)• RFC3180, “GLOP addressing in 233/8”, proposes that 233.0.0.0 to 233.255.255.255 address

range. GLOP numbering sets the first octet of the address to 233, the next two octets to theregistered Autonomous System value and the fourth octet is locally assigned. GLOPaddresses are used by ISPs who want to provide multicast contents on the Internet.

Administratively Scoped Block (239.0.0.0 to 239.255.255.255)• RFC2635, “Administratively Scoped IP Multicast” to be constrained to a local group or

organization. Companies, schools or organizations use these addresses to have localmulticast applications where edge routers to the Internet do not forward multicast framesoutside their intranet domains.


86

GLOP is not an acronym; it refers to the multicast addressing method for IPv4.

86

1110

224.1.1.10

' ( ' ) ((Multicast MAC address starts with 25-bit prefix 0x01-00-5E (Binary is00000001.00000000.01011110.0xxxxxxx.xxxxxxxx.xxxxxxxx) with 25th bit set to 0)All the IP multicast addresses have the first four bits set to 1110, the remaining 28(32-4=28) least significant bits (LSB) must map into the 23 LSBs of the MAC address.The MAC address loses five bits of uniqueness in the IP to MAC address mappingprocess. This method for mapping a multicast IP address to a MAC address results ina 32:1 mapping. Each multicast MAC address represents a possible 32 distinct IPmulticast addresses.

87

87

238.1.1.10238.129.1.10239.1.1.10239.129.1.10

Multicast MAC Address

0x01-00-5E-01-01-02

00000001-00000000-01011110-0xxxxxxx-xx…

32 bits

28 bits

Multicast IP Address :

Multicast MAC Address :01-00-5e-01-01-0a25 bits

23 bits

28 bits – 23 bits = 5 bits lost

Multicast Address Overlap

224.1.1.10224.129.1.10225.1.1.10225.129.1.10226.1.1.10226.129.1.10

32 multicast IP addresses ………………


Multicast Group Example

Channel List

CH 10MovieChannel

Group 1: 225.1.1.10

Movie Channel

CH 11 News Chanel Group 2: 225.1.1.11

News

Channel

Current versions of IGMP•

•

•

IGMP version 1 (RFC1112)



The IGMP manages multicast group memberships mainly based on•

•

•

How a client Join (Report) a group

How a client Leave a group

How a router Query clients

? % ' ?' !


Hosts use IGMP to dynamically register themselves to a multicast group on a particular subnet.

Routers and switches keep listening to IGMP messages and periodically send out queries todiscover which groups are active or inactive on a particular subnet or VLAN.

TV to send Query

Remote Control tosend Join / Leave

88

IGMP is a control protocol which has three main messages as follows:•Join (Report) message•Leave message•Query message

Multicast group (eg. 225.1.1.10) is like a television channel number which youare watching in your daily life. Eg. News channel number is 11. The remotecontrol is like a multicast client, it can join or leave a multicast group.If you want to watch movie channel, the remote control will send the joinmessage to your television.If you want to switch TV channel from movie channel to news channel, theremote control will send the leave message to stop receiving movie channeltraffic and it will send another join message to the television to receive newschannel.The television is the router which sends query message to the remote controlperiodically to make sure that the clients will still want to continue receiving thesame channel.

88

? % ' ( -Query Mechanism

• The Querier sends IGMP Query to all clients(224.0.0.1) periodically (60 seconds) and Timeto Live (TTL) value of packet is equal to 1.

• There is no querier election mechanism. Thedesignated router (DR) is elected by multicastrouting protocol, such as PIM.

Join Mechanism• When receiving an IGMP query message,

clients will respond with IGMP Join Report forthe group it is interested.

•

•

When a host wants to join a multicast group, itsends out a multicast membership report to therouter.

Report Suppression Mechanism. If a clientreceives a given group report (eg. 225.1.1.10)from other members, it will keep quiet and willnot send the same report to ask for multicasttraffic. The benefit is to reduce bandwidth overthe local subnet.

Leave Mechanism• Clients leave multicast group quietly without

sending notification to the multicast router. Themulticast route stops forwarding traffic afterclient response timeout (no client in a group)

Client-1 Client-2 Client-3

A

JoinReport

Multicast Server

B

JoinReport

DR

QueryTTL=1, 224.0.0.1

JoinReport

Group 1: 225.1.1.10Movie Channel

Group 2: 225.1.1.11News Channel

Multicast in D-Link Switching Environment•Internet Group Multicast Protocol Version 1

89

89

?' ( - B


60sec.

Multicast Server

QueryTTL=1, 224.0.0.1

Multicast Client

90

90

?' ( - %


Multicast Server

Report234.1.1.10

Multicast Client

91

91

2 ) (% (


3 mins.

Routers stopforwardingmulticast stream

Once the router receives a report from the client, the counter will be refreshed to 3:00 and start to count down.

92

92

? % ' ( 0

IGMPv2 solves the limitation (no leave mechanism) of IGMPv1

RFC 2236

Backward compatible with IGMPv1

Addition two features•

•

Queries Election Mechanism

Leave Group Message– Host sends leave message if it leaves the group and is the last member.

– It reduces leave latency compared to IGMPv1.

93


93

? % ' ( 0Query Mechanism

•••

Query is sent with multicast IP address (224.0.0.1) and have an IP TTL equal to 1.Query interval is 60 to 120 seconds (default is 60 seconds).Query Election Mechanism resolves multiple queries on single multicast subnet. IGMPv1 does not havethis mechanism.

––––

Step 1: Initially, IGMPv2 routers regard themselves as queriers and send an IGMP general query message.Step 2: When an IGMP router receives a query message with lower source IP than itself, it will become the non-querier.Step 3: The IGMP routers with lowest IP address will be elected as the Querier.After election process, all non-querier routers start a timer, known as “other querier present timer”. If a router receives aquery before the timer expires, it will reset the timer. Otherwise, it assumes the querier fails and re-initiates an electionprocess.

• Group Specific Query is aimed at a specific group to query.

Join Mechanism•

•

A client can send the join packet any timeand does not wait to receive a querymessage in order to reduce join latency. Itis the same as IGMPv1, asynchronousJoin.

Suppresses mechanism. Only onemember per group responds with a reportto a query.

A B

Non-QuerierQuerier

Querier192.168.0.1

Querier192.168.0.2


Querier Election

94

IGMPv2 adds some features including Query Election Mechanism, GroupSpecific Query and Leave Mechanism.

94

? % ' ( 0Leave Mechanism

•Leave Group Mechanism– Step 1: A client sends the Leave message to all routers (224.0.0.2) on local subnet.– Step 2: When receiving the “Leave message”, the querier feedbacks a number of group-specific

queries to the associated group. This is to confirm if there are any other clients who wish to receivetraffic for the group.

– Step 3: One of the remaining members of the group will response a join report within the maximumresponse time (Query-Interval Response Time) set in the query message.

– Step 4: If the querier receives join message sent by a client, it will keep sending traffic into the subnet.Otherwise, the querier will assume no client is interested in the group and stop forwarding traffic to thegroup.

•Benefits of Group Specific Queries– Quickly find out if any members are left in

the group

•

– Router does not need to ask all groups for

a report– Shorten the traffic flooding time

The difference between Group SpecificQuery and General Query

– General Query – Multicast to “All-Hosts”(224.0.0.1) address

– Group Specific Query for Group “G” –Multicast to Group “G” multicast address

Leave

A

Querier

Group Specific QueryMax. Response Time: 10 seconds225.1.1.10

Client-2

Group: 225.1.1.11

Group: 225.1.1.10

Client-3

Report

Client-1

Group: 225.1.1.10


95

Group Specific query can help to reduce the bandwidth consumption.For example, in IGMPv1, a client leaves quietly without sending any notice to aQuerier. This will cause continuous multicast query traffic in the segment untiltimeout.Group Specific Query is efficient in resolving such issue and can shorten theflooding time.In IGMPv2, when a Querier receives leave message from a client, it willfeedback with Group Specific Query for specific multicast group. The router willstop flooding traffic into the segment when it does not receive any clients’ Joinresponses after repeating the query for three times. Group Specific Query usesmulticast group IP address as the destination address.

95

?' ( 0 B

96


Multicast Server

QueryTTL=1, 224.0.0.1

Multicast Client

96

?' ( 0 ' ((


Multicast Server

Leave234.1.1.10

Multicast Client

97

97

?' ( 0 ? % % * B (


Multicast Server

Group-Specific QueryTTL=1, 234.0.0.1

Multicast Client

98

98

Client-1

B E

? % ' ( 8RFC 3376Enhance host control capability using Source Filter Mode (include/exclude SourceLists)•

•Group and source-specific queries– General query – multicast to “All-Hosts” (224.0.0.1) address and does not carry group address and

source address.– Group specific query – multicast to the Group “G” multicast address and carries a group address and

no source address.– Group and source specific query – multicast to the Group “G” multicast address and carry a group

address and one or more source addresses.

99

For all hosts to receive/reject a designated multicast group from one or a set of multicastservers.

Group 1: 225.1.1.10Movie Channel

A DMulticast Server-1IP address: 192.168.0.10

Client-2

Group 2: 225.1.1.10

News ChannelC F

Multicast Server-2 Packets (S2,G)IP address: 192.168.0.11

Example: If client-2 only wants to see movie channel (HBO), it just needs to include Server-1 into its report.

Enhance query and report capabilities


99

? % ' ( 8Report containing Multiple Group Records

• Unlike IGMPv1 and IGMPv2 report message (report to target multicast group), IGMPv3report message is designated to 224.0.0.22 and contains one or more group records. Eachgroup entry contains a multicast group address and an uncertain number of sourceaddresses.

• All IGMPv3 routers listen to 224.0.0.22 address in order to receive and maintain IGMPmembership state for every member on the subnet. (IGMPv1/v2 router only main group stateon a subnet basis.

No Report Suppression (IGMPv1 and IGMPv2 have) because every host has toreport a specific multicast address list for the group.

Group record types• Current-state record (include/exclude): the current-state record reports the current reception

state of the interface.• Filter-mode-change record (include/exclude): indicates that the interface filter mode has

changed from Include to Exclude or from Exclude to Include for the specific multicastaddress list.

• Source-List-Change record (include/exclude): indicates that new source addresses areallowed or old source addresses are blocked


V3 Report (224.0.0.22)Group 224.1.1.10Exclude: “192.168.1.1”

V3 Report (224.0.0.22)Group 224.1.1.10Include: “192.168.1.1”

Specified Multicast Address List

100

There are six types of IGMP Join Report•Include current-state record•Exclude current-state record•Include filter-mode-change record•Exclude filter-mode-change record•Include Source-list-change record•Exclude Source-list-change record

100

?' ( 8 C

Report 1 – Client 1 sends a report to join all sources of the multicast group224.1.1.10

Report 2 (Joining only specific Source/Include) – Client 1 sends a report to join onlythe source multicast group 224.1.1.10 except the group from the source (192.168.1.1)


A B

C

Client-1

Report

Multicast Server-1Source IP: 192.168.0.1/24Multicast Group: 224.1.1.10


Multicast trafficFrom Server-1

Multicast trafficFrom Server-2

V3 Report (224.0.0.22)

Group 224.1.1.10

Report -1 Exclude: “null”

(any source)

V3 Report (224.0.0.22)

Group 224.1.1.10

Report-2 Include: 192.168.0.1

(only from source 192.168.0.1)

V3 Report (224.0.0.22)

Group 224.1.1.10

Report-3 Exclude: 192.168.1.1

(any source, except source 192.168.1.1)

101

IGMPv3 allows Client-1 to use different types of report to join the multicastgroup.In the example, the client can send Report-1 to join group 224.1.1.10 withexclude list equal to “null”. This means that Client-1 can receive the multicaststream from any source.

101

?' ( 8 '

No Report Suppression mechanism.

The router multicast periodic membership queries to “All-Hosts” (224.0.0.1) groupaddress.

All hosts respond by sending back an IGMPv3 membership report that contains theirspecific multicast address list for the interface.


A B

C

Client-1Report



Query

Report

V3 Report (224.0.0.22)

Group 224.1.1.10

Report -1 Exclude: “null”

V3 Report (224.0.0.22)

Group 224.1.1.10

Report-3 Exclude: 192.168.1.1

Report

Query 224.0.0.1

Client-2

102

IGMPv3 does not support Suppress mechanism but IGMPv1 and IGMPv2support. This is because different users may receive the multicast stream fromdifferent multicast sources. As mentioned in the previous slide, all IGMPv3routers listen to 224.0.0.22 address in order to receive and maintain IGMPmembership state for every member on the subnet.

102

?' ( 8 B "


Type code = 0x11 (IGMP Query)Max Response Time – The maximum time in seconds that the switch will wait for reports frommembersMulticast Address – This field is identical to IGMPv2 version . 0.0.0.0 is for General QueriesS flag – It indicates that the router is receiving message that is not processed.QRV (Querier Robustness Value) – It affects various timers and retries counts. Increasing thisvalue provides more protocol robustness at the expense of latency.QQIC (Querier Query Interval) – This field indicates the Query Interval in use by the Queryingrouter. (Same format as Maximum Response Time)Number of Sources – the number of Source Addresses in the Group-and-Source-Specific Query.

103

103

?' ( 8 % "


Type code = 0x22 (IGMP Report)

Number of Group Record – Number of Group Records in Report

Group Record: Mode include Exclude and Include – which specifies which Sources to“include” or “exclude”

Aux Data Len (Group Records) – indicates the size of Auxiliary Data area

Number of Source (Group Records) – indicates the number of Sources in the list

Multicast Address (Group Records) – the multicast group address of the joined group

104

104

?' ( 8 %


Multicast Server

Report224.0.0.22

Multicast Client

105

105

?' ( 8 B

106


Multicast Server

QueryTTL=1, 224.0.0.1

Multicast Client

106

Category Function IGMPv1 IGMPv2 IGMPv3

Query Periodically Query

Yes

224.0.0.1 TTL=1

Interval = 60-120 (60)

Yes Yes

Group-Specific Query No Yes Yes

Group-and-Source Specific Query No No Yes

Query Election Mechanism No Yes Yes

Report Report Suppression Yes Yes No

Asynchronous Report Yes Yes Yes

Leave Leave Notification No Yes Yes

Include / Exclude Mechanism No No Yes

) % ( * ** ?' ( (


IGMPv2 uses IGMPv1 membership report for backward-compatibility with IGMPv1

107

107

?' %

Internet Group Management Protocol (IGMP) Snooping is a layer 2 function thatenables a switch to learn multicast group membership while the IGMP messagespass through the switch.

The switch will forward multicast traffic only to ports that request for it, based onIGMP queries and report messages that have been snooped.

108

Flooding to all ports

Media Server

Multicast Stream

PCs

Without Multicast Support

Page is Animated

Multicast Stream

Media Server

Multicast Stream

PCs

With IGMP Snooping Support

Multicast Stream

Multicast in D-Link Switching Environment•IGMP Snooping

Computers and network devices which want to receive multicast traffic need toinform nearby routers / switches that they will become members of a multicastgroup. IGMP is used to communicate this information. IGMP also periodicallychecks for members in the multicast group who are no longer active.

IGMP snooping allows the switch to recognize IGMP queries and reports whichare sent between layer 3 devices and an IGMP host.

IGMP snooping must be enabled on the switch. The switch can open or close aport to a specific multicast group member based on the IGMP messages sentfrom the layer 3 device to the IGMP host or vice versa. The switch monitorsIGMP messages and discontinues forwarding multicast packets when there areno hosts requesting for it.

108

Port No. Multicast Group Multicast MAC

251, 10, 25 239.1.1.10 01005e010110

#$ % & ?' %

109

1

PC-1

10

PC-2

Media Server

L3 Switch

IGMP Snooping FDB

25

L2 Switch

IGMP Report / Query

Multicast: 224.1.1.10

Page is Animated

Switch (Processor) intercepts

and examines contents betweenhosts and routers to determine

where the traffic should forward.

Users on VLAN-1 and VLAN-2join the same multicast group, or

switch to the same TV channel

2

1


L2 Switch BehaviorL2 Switch uses forwarding table to switch packets. If packet’s destination MACis not found in FDB, the switch engine will flood the packets to all ports.

Step 1. The first join sent by PC-1 joins the group 224.1.1.10. (At this time,there are no entry associated with the L2 multicast MAC address = 224.1.1.10)Step 2. The switch will be aware of the IGMP report and populates the multicastFDB table with an entry of 0x01005e010110 equivalent of IP multicast address224.1.1.10. (This entry is populated with the port associated with PC-1 andServer)Step 3. PC-2 sends IGMP Report to multicast group (224.1.1.10).Step 4. The switch will be aware of the IGMP report and add port 10 into the oldentry of MAC 0x01005e010110.Step 5. This results is port 1, 10 and 25 are being associated with the multicastMAC address 0x01005e010110.

109

Multicast Client

) * * ?' %

110

ISM Report

VLAN ID 1

IP: 10.90.90.100

IP: 10.90.90.100

Non-Multicast Client

IP: 10.90.90.101

When IGMP snooping is enabled, only the user who sends IGMP report will receivethe multicast stream.

Non-multicast client does not receive the multicast stream.Multicast Server

Channel IP: 239.10.10.10

DGS-3627

DES-3528

26

DES-3528

Non-Multicast Client

IP: 10.90.90.102


110

) * * ?' %

DES-3528 Configurationenable igmp_snooping

config igmp_snooping vlan default stateenable

config multicast vlan_filtering_mode vlandefault filter_unregistered_groups

DGS-3627 Configurationenable igmp_snooping

config igmp_snooping all state enable

config igmp all version 2

config igmp ipif System state enable

1. Enable Switch’s IGMP snooping feature

2. Enable IGMP snooping on specific VLAN

3. Avoid multicast stream to “non-multicastclient” of the specified VLAN

4.

5.

6.

7.

Enable Switch’s IGMP snooping feature

Enable IGMP snooping on specific VLAN

Configure switch to send IGMPv2 query

Enable IGMP on specific IP Interface

111


111

* ?' %DES-3528 Configuration

show igmp_snoopingconfig igmp_snooping group

DES-3528:5#show igmp_snoopingCommand: show igmp_snooping

IGMP Snooping Global State : Enable

VLAN NameQuery IntervalMax Response TimeRobustness ValueLast Member Query IntervalHost TimeoutLeave TimerQuerier StateQuerier Router BehaviorStateFast LeaveReceive Query CountSend Query Count

: default: 125: 10:2:1: 260:2: Disabled: Non-Querier: Enabled: Disabled:0:0

112


112

?' %


IGMP Query Packet

IGMP Report

IGMP Leave

113

113

?' " (

When IGMP Fast Leave is enabled, aport will be removed immediatelyupon receiving an IGMPv2 leavemessage and end stations will exitfrom the multicast session quickly toreduce superfluous network traffic.

Fast Leave is an essential feature toshorten response time whenswitching channels for IPTV andIGMP.

114

114

Multicast in D-Link Switching Environment•IGMP Fast Leave

?' " (

According to IGMPv2 standard implementation, IGMP client may request toleave a multicast group by sending a leave message.

Without IGMP Fast Leave• Issue: When IGMP snooping querier receives the leave message, it will send

group specific query to clients. If there is no response after time out (defaultvalue is two seconds), that client will be taken out from the membership list.There will be some latency between the leave process.

With IGMP Fast Leave• Solution: With IGMP fast leave enabled, a port will be removed immediately

when the IGMP v2 leave message is received. Thus end stations will exit quicklyfrom a multicast session and reduce superfluous network traffic.

Benefits of IGMP Fast Leave•

•

When implementing MOD service, users can receive TV-like broadcast.

When they switch among the channels, with IGMP fast leave enabled, thebandwidth can be released more efficiently.

115


115


1, 1010, 25 239.1.1.11 01005e010111

D " ( "

116

Media Server

110

25

IGMP Report / Query

Multicast: 224.1.1.10 PC-1

IGMP Report / Query

PC-2 Multicast: 224.1.1.11

Symptom: Wastage of bandwidth and

inefficiency. Client still receives multicasttraffic till timeout after sending leave

message to the switch

L3 Switch

IGMP Snooping FDB

Switch (Processor) intercepts

and sends back specific query tocheck whether there is any other

users remaining in the group

Users send the Leave messageto change the multicast channel

or stop multicast traffic

2

1

L2 Switch

After three times of group specificqueries, the switch makes sure

there is no other users in the samegroup and stops forwarding

multicast streams.

3

Page is Animated


116


1, 1010, 25 239.1.1.11 01005e010111

D " ( "

117

Media Server

L3 Switch

IGMP Snooping FDB

L2 Switch

110

25

IGMP Report / Query

Multicast: 224.1.1.10 PC-1

IGMP Report / Query

PC-2 Multicast: 224.1.1.11

Users send the Leave messageto change the multicast channel

or stop multicast traffic1

Switch (Processor) interceptsand stops forwarding multicast

traffic to clients2

Page is Animated


117

?' " ( ((


With IGMP Fast Leave enabled,the forwarding of Multicast traffic

will be stopped immediately

If IGMP Fast Leave disabled,Multicast client receives the multicast

stream until query timeout.

118

118

#$ % & ?' " (

119

When IGMP Fast Leave is enabled on a switch, it stops the multicast streamimmediately once it receives an IGMP Leave message from a Multicast client.

Multicast Server

DGS-3627

DES-3528

Multicast Client

Leave Message

Multicast Client

IGMP Snooping

Fast Leave enabled

DES-3528

Multicast Client


119

) * * ?' " (


Enable IGMP snooping on a switch and a specific VLANenable igmp_snooping

config igmp_snooping vlan default state enable

Avoid unregistering clients from receiving traffic and enable IGMP fast leaveconfig multicast vlan_filtering_mode vlan default filter_unregistered_groups

config igmp_snooping vlan default fast_leave enable

120

120

?' % ' ( '! 2

Multicast in D-Link Switching Environment•IGMP Snooping Multicast VLAN

D-Link ISM VLAN is designed to optimize network performance wheremulticast services are deployed in VLANs.

It can prevent bandwidth wastage caused by multiple copies of identicalmulticast flows in the uplink ports.

It can be done by snooping all the multicast messages received and thesame multicast message will be sent to the uplink once. Only one multicaststream for each channel is received from the uplink

121

Cisco’s feature to address this multicast optimization demand is called MulticastVLAN Registration (MVR).

D-Link’s ISM VLAN is the corresponding feature to Cisco MVR.

121

D 2

122

L3 switch copies two identicalmulticast streams and sends

them to VLAN-1 and VLAN-24

VLAN-1 VLAN-2

L2 Switch

PC-1 PC-2

Symptom: Wastage of uplink bandwidth

especially while many users arerequesting identical multicast streams,

such as the World Cup. Uplink isconsumed by multiple users

L3 Switch

Users on VLAN-1 and VLAN-2

join the same multicast group, orswitch to the same TV channel

1

L2 Switch sends Join messagesto L3 switch with tagged VID 1

and VID 2 respectively2

'

Media Server

Media Server sends a multicaststream to L3 switch3

Page is Animated


Multicast VLANs may exist in the switching environment. When a multicastquery passes through the switch, the switch will forward separate copies of datato each VLAN, which will increase the data traffic and may clog the traffic path.In order to reduce the traffic load, ISM VLANs can be deployed. This featureallows the switch to forward one copy of the same multicast traffic to recipientsof the multicast VLAN instead of multiple copies.Regardless of other VLANs that are deployed on the switch, users may add anyports to the multiple VLAN where they wish multicast traffic is to be sent. Onceit is configured properly, the stream of multicast data will be relayed to thereceiver ports timely and reliably.

122

D 2

123

L3 Switch sends only one

Multicast stream to ISM VLAN100. L2 switch forwards the

multicast stream from ISM VLANto VLAN-1 and VLAN-2

4

3

Page is Animated

VLAN-1 VLAN-2

'

Media Server

Media Server sends a multicaststream to L3 switch

PC-1 PC-2

D-Link ISM VLAN saves uplink

bandwidth running multicastapplications in MAN efficiently.

L3 Switch

L2 Switch sends Report / Leave

2 message to L3 switch withtagged VID 100

L2 SwitchCreate ISM VLAN 100 VID 100,

with members for all ports.

Users on VLAN-1 and VLAN-21

join the same multicast group, or

switch to the same TV channel


It defines IGMP multicast traffic across different VLANs and responds only tojoin and leave messages from the multicast group configured with ISM.

It is designed to mitigate the impact of broadcast / multicast floods and it canfurther prevent security breach, such as data sniffing.

Without ISM VLAN, when users in different VLANs join a common multicastgroup, multiple copies of identical multicast flows in the uplink. It will causepacket duplication and lead to bandwidth congestion.

When a ISM switch receives the IGMP Report message, ISM switch will forwardVLAN ID and IP (optional) to IGMP router.

123

' ((


Client to Switch

L2 Switch to Router (L3 Switch)

Replaced VLAN/IP Address

124

ISM MechanismISM is used by application receiving multicast traffic across an Ethernet basedservice provider network.It allows a subscriber on a port to subscribe and unsubscribe to a multicaststream on the network-wide multicast VLAN.It operates on the underlying mechanism of the IGMP snooping function andrequires IGMP snooping to be enabled.The CPU sets up a forwarding table once ISM is configured, the CPU thenintercepts the IGMP messages and modifies the forwarding table to include orremove the receiver port as a receiver of the multicast stream. This selectivelyallows traffic to cross between different VLANs.With IGMP and ISM both enabled, ISM reacts only to join and leave messagesfrom the multicast group configured under ISM. IGMP will react to all messages.

124

#$ % & ' 2

When Multicast clients send IGMP report to join a channel, the L2 switch will replaceclient’s VLAN to ISM VLAN and IP address if configured.

Multicast Server

Channel IP: 239.10.10.10

DGS-3627

Multicast Client

DES-3528

Multicast Client

IP: 10.90.90.102

ISM VLAN ID: 101

IP: 192.168.101.526

DES-3528

IGMP Report

VLAN ID 1

IP: 10.90.90.90.100


Multicast Client IP: 10.90.90.101

IP: 10.90.90.100

125

125

) * * ' 2

L2 Switch Configurationenable igmp_snooping multicast_vlan

create igmp_snooping multicast_vlan vlan101

config igmp_snooping multicast_vlan101 state enable replace_source_ip 192.168.101.5

config igmp_snooping multicast_vlan101 add member_port 1-24

config igmp_snooping multicast_vlan101 add source_port 25-26

create igmp_snooping multicast_vlan_group _profile 1

config igmp_snooping multicast_vlan_group_profile 1 add 239.10.10.10

config igmp_snooping multicast_vlan_group vlan101 add profile_name 1

1.

2.

3.

4.

5.

6.

7.

Enable Multicast VLAN

Create ISM VLAN 101

Enable ISM VLAN & replace the client’s IP address with 192.168.101.5

Specify the ISM member ports

Specify the ISM TV source port

Add multicast IP address in the ISM VLAN

Apply the profile to multicast VLAN

126


126

) * * ' 2


•

•

VLAN Settingcreate vlan IPTV tag 101

config vlan IPTV add tagged 22

create vlan source tag 102

config vlan source add untagged 23

IGMP Settingenable igmp_snooping

config igmp_snooping all state enable

create ipif IPTV 192.168.101.1/24 IPTV

config igmp ipif IPTV version 3 query_interval 15 max_response_time 10 robustness_variable 2 stateenable

create ipif source 192.168.102.1/24 source

config igmp ipif source version 3 query_interval 15 max_response_time 10 robustness_variable 2 stateenable

PIM Settingenable pim

config pim ipif IPTV state enable

config pim ipif source state enable

127


127

* ' 2 ) * 0DES-3528:5#show igmp_snooping

multicast_vlanCommand: show igmp_snooping

multicast_vlan

ISM VLAN Global State : Enabled

VLAN Name : vlan101VID : 101

Member (Untagged) Ports : 1-24Tagged Member Ports :Source Ports : 25-26Untagged Source Ports :Status : EnabledReplace Source IP : 192.168.101.5Remap Priority : None

DES-3528:5#show igmp_snooping vlan vlan101Commang: show igmp_snooping vlan vlan101

IGMP Snooping Global State : DisableData Driven Learning Max Entries : 128VLAN Name : vlan101Query Interval : 125Max Response Time : 10Robustness Value :2Last Member Query Interval :1Querier State : DisableQuerier Role : Non-QuerierQuerier IP : 0.0.0.0Querier Expiry IP : 0 secsState : DisableFast Leave : DisableReport Suppression : EnableRate Limit : No LimitationVersion :3Data Driven Learning State : EnableData Driven Learning Aged Out : DisableData Driven Group Expiry Time : 260

128


128

* ' 2 ) *

DES-3528:5#show igmp_snooping multicast_vlan_groupCommand: show igmp_snooping multicast_vlan_group

VLAN Name-----------------vlan101

VLAN ID

-------------101

Multicast Group Profile

--------------------------------1

DES-3528:5#show igmp_snooping multicast_vlan_group_profileCommand: show igmp_snooping multicast_vlan_group_profile

Profile Name-------------------

1

Multicast Addresses

------------------------------239.10.10.10


Total Entries: 1

129

129

' ( )

130

Subscriber 4

Service 3

Subscriber 3

Service 2

Subscriber 2

Service 1

Subscriber 1

Service 1

Service 1: 239.10.10.1~239.10.10.20

Service 2: 239.10.10.1~239.10.10.50

Service 3: 239.10.10.1~239.10.10.100

20 channels: $10/month



Once the MOD service goes live, it is important to ensure that only “paid” subscribersreceive the services.For example, if channel 1-20 are free channels and channel 21 onwards are for paidsubscribers only. There should be some security controls even if there are IGMP joinmessages for channel 21 onwards from the unpaid ports. These join messagesshould not be forwarded out.D-Link provides a feature to assign limited multicast addresses per port so that ISPcan use this feature as a security control to pre-configure channels for eachsubscriber on port level. This is to prevent unauthorized multicast join to join.

Multicast Channels

Multicast in D-Link Switching Environment•Per-Port Multicast Stream Control

The IP Multicast Profile setting window allows the user to add a profile wheremulticast address(es) reports are received on specified switch ports. Thisfunction will therefore limit the number of reports received and the number ofmulticast groups configured on the Switch. The user may set an IP multicastaddress or a range of IP multicast addresses to accept reports (Permit) or denyreports (Deny) coming from the specified switch ports.

130

#$ % & ' ( )

When per-port Multicast Stream Control is enabled, it allows the administrator topermit or deny access to a port or a range of ports by specifying a range of multicastaddresses.

Multicast Server

DGS-3627

16

DES-3528

20

DES-3528

Profile 1: 239.10.10.1~239.10.10.20

Profile 2: 239.10.10.1~239.10.10.100

Paid channels

Unpaid channels


Paid Subscriber

Unpaid Subscriber

Unpaid Channels

Paid Subscriber

Paid Channels

131

131

) * * ' ()


•

IGMP Snooping Settingsenable igmp_snooping

config igmp_snooping vlan default state enable

config multicast vlan_filtering_mode vlan default filter_unregistered_groups

config igmp_snooping vlan default fast_leave enable

Per-Port Multicast Stream Control Settingscreate mcast_filter_profile profile_id 1 profile_name Channel_range1

create mcast_filter_profile profile_id 2 profile_name Channel_range2

config mcast_filter_profile profile_id 1 add 239.10.10.1-239.10.10.20

config mcast_filter_profile profile_id 2 add 239.10.10.1-239.10.10.100

config limited_multicast_addr ports 1 add profile_id 1 access permit

config limited_multicast_addr ports 8 add proile_id 12 access permit

132


132

% ' ( '!

Protocol Independent Multicast (PIM)•

•

PIM makes multicast forwarding decision based on the information supplied byunicast routing protocols, such as OSPF, RIP.When a multicast packet arrives on an interface of router, it will be forwarded todestination or receiver following the path or multicast distribution tree.

PIM has two variants:•

•

Dense-Mode– Uses “Push” Model – Assume that at least one multicast group client on each subnet of

the network– Step 1: Routers flood multicast traffic throughout all the network– Step 2: Routers prune back when it has no client interested in the multicast

– Flood and prune behavior (typically every three minutes)

Sparse-Mode

Multicast in D-Link Switching Environment•Protocol Independent Multicast

– Uses “Pull” Model – Assume that no receivers are interested in multicast traffic unlessa client requests for it.

– Uses a Rendezvous Point (RP) – sender and receiver “rendezvous” at this point tolearn each other.

– Senders are “registered” with RP by first-hop router.– Receivers are “joined” to the Shared Tee (root is RP) by their local designated router.

133

With the development of network infrastructure, there is frequent use ofmulticast applications. PIM is a multicast routing protocol which is widelydeployed for IPTV service delivery.PIM has two modes in light of forwarding mechanism. Different modes areapplied in different network environment.•Dense-Mode•Sparse-Mode

133

( " "!

Unicast Routing• Where is the packet going

(destination)

Multicast Router• Where does the packet come from

(source)

Multicast Routing uses Reverse PathForwarding (RPF) to check theincoming multicast packets

Reverse Path Forwarding (RPF)• The check mechanism to determine

whether router should forward ordrop packets according to theinterface of the incoming packet.

•

•

RPF is a key point in multicastforwarding.

It prevents forwarding loop issue.

Source

Destination

How to reach thedestination?

Multicast Routing

Source

Destination

Unicast Routing

Where does thepacket come from?


134

Before inspecting PIM, we need to understand how general routing protocolsends packets to the correct destinations.Multicast routing focuses on where the packets come from and which backwardpath to the source correct is. Multicast routing uses RPF check mechanism toachieve the goal.

134

" ) ' (

Step 1: Take out the source IP address of multicast packets and checkunicast routing table to determine whether the packets are arrived on thecorrect interface.

Step 2: If the packets have arrived on the interface leading back to thesource, the RPF check is successful. The router will replicate and forwardthe packets to the outgoing interfaces.

Step 3: If the RPF check fails, the router will drop the packet silently.

135

135


Unicast Routing Table

Network Interface

192.168.0.0/24 S1

192.168.3.0/24 S0

192.168.4.0/24 E0

A B

D

F

E

G

C

RPF Check

Multicast Server

Multicast Stream: 224.1.1.10IP: 192.168.0.10

Multicast PacketSrc IP: 192.168.0.10

Router C Router G

S0

S1 S2

E0

RPF Check Successful!Packet arrived on correct interface.Forward out all outgoing interfaces.

Router only accepts multicast data fromsource 192.168.0.10 from interface S1.

Router D


•Protocol Independent Multicast

" )

H

136

When multicast packets are flooded to the whole network, Router F decideswhich interface is correct and is allowed to receive multicast traffic.

136

Unicast Routing Table

Network Interface

192.168.0.0/24 S1

192.168.3.0/24 S0

192.168.4.0/24 E0

" ) "

A B

C E

G

H

137

137

Multicast Server

Multicast Stream: 224.1.1.10IP: 192.168.0.10

Multicast PacketSrc IP: 192.168.0.10

D

RPF Check

F

Router C Router G

S0

S1 S2

E0

RPF Check Fail!Packet arrived on the wrong interface.

The switch discards the packet.

Router only accepts multicast data fromsource 192.168.0.10 from interface S1.

Router D

Drop


% ' ( 1 ( '

138

C D

Multicast Client

Prune OverridesAssert Mechanism

A B

Multicast Client

Join

Graft Message

RPF Check

E H G

JIF

Page is Animated

Multicast Client

• RPF Check – Recalculation of RPF Interfacewhen the unicast routing table changes

• Assert Message – Elect a designated forwarderon multi-access network

• Prune overrides on multi-access network

Multicast Traffic

Graft Message

Prune Message

Multicast Server

Prune Message


Initially, the multicast traffic will flood to the whole network. When routersreceive the multicast traffic, they will perform RPF check to filter unnecessaryredundant incoming traffic. Next, it will send the prune message to uplink routerif no user wants to receive the multicast stream. On the other hand, if a clientunder a router (eg. Router G) wants to receive the multicast traffic, the routerwill send Graft message to uplink router.

Some networks will cause duplicated traffic into the multi-access area. Forexample, Router E delivers traffic to both Router A and B which are connectedin the same multi-access area. It will cause Router A and B to inject duplicatedmulticast traffic into the same segment and cause bandwidth wastage. Dense-Mode uses Assert mechanism to resolve this issue.

In another example, Router H transmits multicast stream into the segmentattaching to Router C and D. Only one router (Router D) has multicast streamrequirement. The Join message sent by Router D may be overwritten by theprune message sent from Router C when there is no user under Router C.Network administrators need to pay attention to avoid such issue.

138

139

% ' ( 1 ( 'Application: small-size network with denselydistributed multicast membersUse Flood and Prune modelWhen a router receives a multicast packet, it executesRPF check mechanism.Graft mechanism – to request / resume multicast traffic

• Step 1: The router sends a graft message to upstreamrouter towards the source

• Step 2: When upstream router receives a graft messagefrom its interface, it puts the interface into forwarding stateand response with a graft-ack message to the graft sender.

• Step 3: After sending a graft message, the router will waitfor the router to send graft-ack. Otherwise, it will continuesending graft messages until it receivs it.

Pruning Message – send to upstream only with thefollowing conditions

• Traffic arrives on a non-RPF• A leaf router without any receivers (no member join the

group)• A non-leaf router receives a prune message from all of its

neighbors.

Use a Source-Distribution Tree to forward multicastdata

• Multicast forwarding path is a source tree (shortest pathtree, SPT).

• A multicast source as its “root” and multicast groupmembers as its “leaves”

139

(leaf)

(leaf)

Multicast Server

(Root)

Prune Message

Graft Message

Multicast Clients

Group: 225.1.1.10


' ' " APIM-DM Initial Flooding

• PIM-DM initially floods multicast out “ALL” non RPF interfaces– PIM-DM neighbor– A directly connected member of the group

PIM-DM Flooding• Step 1: The multicast server (source) floods multicast group traffic throughout the entire network.• Step 2: When each router receives the multicast traffic via its RPF interface, it creates an (S,G) entry and

forwards traffic to all its PIM-DM neighbors.• Step 3: Traffic arriving via a non-RPF interface will be corrected by the normal PIM-DM pruning mechanism.• Step 4: Prunes are sent on the RPF interface when the router has no downstream multicast group

members.• Result: Multicast traffic is pruned off from all links except those which are necessary. The Shortest Path

Tree (SPT) is built from the Source to the Receiver.• Note:

– Even though the flow of multicast traffic is no longer reaching most of the routers in the network, (S,G) state still remains inall routers. This (S,G) state will remain until the source stops transmitting.

– In PIM-DM, Prune expires after three minutes. This causes the multicast traffic to be re-flood to all routers.

140


Multicast PacketPrune Message

Multicast Group Member

Group: 225.1.1.10

RPF Check

1

Multicast Server2 3

(S,G) is created in the multicast routing table and the path from the multicastsource to receive clients using the shortest path treeS is the IP address of the multicast source.G is the multicast group address

140

141

' ' (( ' (Problem – After Router A and B receive an (S,G) packet from the upstream router, they willforward the packet to the local subnet. The client will receives two identical multicast packets fromRouter A and B.Solution – Both Router A and B send assert message to all PIM routers (224.0.0.13) through theinterface where the packet was received. This is to shutoff duplicate flows into the multicast-access area.Forward Election – An assert message contains the multicast source address (S), multicast groupaddress (G), administration distance and metric to the source. Routers compare these values todetermine who has the best path (lowest cost) to the source.••

Step 1: Compare distance valueStep 2: Compare metric value

the higher distance wins

the smaller metric wins••

141


BE0

A

E0

S0 S0

Step 3: If metric and distance are equal, the highest IP address winsResult: The losing router will prune its interface and the winning router will continue to forward multicasttraffic onto the LAN segment.

Incoming Multicast Packets

(Successful RPF Check)

PIM Assert

(distance, metric)

Multicast Traffic

Assert Message

' ' (( 5 1 (( D " (

Normal Pruning Assert Mechanism•

•

Step 1: During the process of Asset mechanism, two routers exchange routing metric todetermine which one has the best route to the source.

Step 2: The Winning Router continues to forward traffic and Assert Loser prunes its interfaceand starts its prune timer.

When the Assert Winner Fails•

•

The Losing Router does not know that the Winning Router has failed and wait for threeminutes before sending time out to its pruned interface.

There will be loss of traffic for three minutes (worst case)


Multicast Traffic

Assert Message

A B

C D

F

Loser

E

Winner

Multi-Access Area

142

142

Traffic flow is cut offuntil prune times out

on Assert Loser

4 (Step 1: Router A learns its two downstream neighbors via Hello messages.Step 2: Router B sends Prune message. (No group member)Step 3: When Router A receives message, it does not prune its interface immediately. It sets athree-second timer.Step 4: Router C also receives prune message. It sees the Prune is for the group but it willcontinue to receive.Step 5: Router C sends the Join message to Router A.Result: Router C overrides the Prune message sent by Router B.For Client-1, there is no traffic interruption as long as Router A receives a Join message beforethe three-second timeout.

143

143


A

CB

Multi-Access Area

Multicast Traffic

(192.168.0.10 / 225.1.1.1)

Prune Message(192.168.0.10 / 225.1.1.1)

With 224.0.0.13

A

CB

Multi-Access Area

Multicast Traffic

(192.168.0.10 / 225.1.1.1)

Join

(192.168.0.10 / 225.1.1.1)

' ' %

PIM-DM together with “flood-and-prune” mechanism can sometimes result in seriousmulticast route loops.

Under stead-state conditions, traffic flows from the source via RPF interface.


RPF Interface A B C

Routers perform Asset process

and one interface on one routeris in the prune state

Multicast Traffic

S1

144

144

Multiple routers

provide redundancy

S0

' ' %

When the first-hop router fails•

•

•

•

•


RPF Interface A B C

Step 1: Assume that interface S0 of Router C fails

Step 2: The unicast routing of Router A converges first and PIM computes the new RPFinterface

Step 3: Router B has not converged (forward multicast traffic using the old RPF interface

Result: A multicast route loop appears until Router B finally converges and the correct newRPF is calculated.

Note: If the router needs some bandwidth to complete this convergence (as in the case whenEIGRP is active), this condition will never be resolved.

Router Aconverges first

S0Multicast Traffic

S1

145

145

% ' ( 1 % ( '

146

A

192.168.0.2

B

192.168.0.1

C

G F

DE

Multicast Client

Multicast Client

Multicast Server

• RPP Election• PIM-Register• Switchover mechanism

Neighbor DiscoverHello Message

Designated Router (DR)The highest IP Address

Rendezvous Point(RP) Election

Rendezvous Points• Bootstrap Router (BSR) Mechanism•Static RP

PIM-SIM

Register / Join

RPF Check

Shared Tree

SwitchoverMechanism

Shortest

Path Tree

Page is Animated

Multicast Traffic

PIM Register

(S,G) Join


PIM Sparse mode uses pull mode which only waits for multicast stream users torequest for the multicast traffic. The routers do not flood the traffic to the entirenetwork actively. This is the main difference compared to the Dense Mode.Routers running PIM-SM use Hello message to detect its neighbors. In a multi-access network, it must perform the Designated Router (DR) election in thesegment. Rendezvous Point (RP) election is necessary in the entire networkand RP can be generated automatically or set manually. RP is the meetingplace where a server registers messages and clients join messages.Different multicast channels may have different RPs. After registering to RP, themulticast traffic will flow down from the Server to RP and finally to end users. Inthe diagram in the slide, from Router E to end user is called Shared Tree.Sometimes, Shared Tree is not the shortest path tree. Therefore, Router canuses the switchover feature to change the shared tree to be the shortest pathtree.

146

147

% ' ( 1 % ( 'Application: Group members are sparsely distributed throughout the networkRFC 2362Support both source and shared treesPULL Model• Assumption

– No host want multicast traffic unless they specifically ask for it

– Group members are sparsely distributed throughput the network (Flooding will consume networkbandwidth)

– Bandwidth is limited

Use a Rendezvous Point (RP) to coordinate forwarding from senders to receivers••••

When a sender wants to send data, it uses first multicast packet to register with the RPWhen a receiver wants to receive data, it registers with the RPSenders are “registered” with RP by their first-hop routerReceivers are “joined” to the Shared Tree (rooted at the RP) by their local Designated Router(DR) in a multi-access network

PIM-SM protocols begin with an empty distribution tree and add branches only as theresult of explicit requests to join the distribution.SPT Switchover• Shared tree mode can be switched to a source tree mode to have an optimal route to the

source

147


148

' ' 2 5 (

PIM Neighbor Discover – Hello message•

•

Discover neighbor – PIMv2 routers sent Hello message periodically (eg. 30seconds). Multicast to “All-PIM-Routers” (224.0.0.13)

Designated Router election over a multi-access network

Designated Router (DR)•

•

•

For multi-access network, a DR must be elected

Functions of DR in PIM-SM– For multicast source – DR helps to send register message to RP

– For multicast client – DR sends join message to RP

Functions of DR in PIM-DM– PIM-DM does not require a DR

– Exception: IGMPv1 in PIM-DM domain. DR must be elected as the IGMPv1 Querier onmulti-access network

148


( #

Designated Router (DR) Election•

•

•

Step 1: Each PIM node over the multi-access network examines Hello messages from itsneighbors

Step 2: PIM Neighbor with the highest IP Address is elected as the DR

Step 3: The DR election mechanism runs again when PIM node does not received PIMHello message from the elected DR for a period of time.

PIM Hello

A

PIM Hello

B

PIM Router 2192.168.0.10

149

149

PIM Router 1192.168.0.11

DR (highest IP address)

PIM Hello


150

' 2 5 (

150


' 0 , (

Rendezvous Point (RP)•

•

•

RP is an important concept in PIM-SM.

Small-size and simple network topology– One RP is enough to cover all multicast information / traffic handling

Large scale network environment– Need more RPs to share the loading and optimize the topological structure of the

RPT(RP-rooted shared tree)

Static RP•

•

Suitable for small-size network topology

It must be configured on every router and all routers need to point to the sameRP address

Bootstrap Router (BSR) Mechanism• Suitable for large scale network environment network topology


151

RP can be configured manually. It is called static RP. It is suitable for smallscale network environment. Dynamic RP uses some election mechanism to findthe mapping relationship between multicast channel and RP. BSR is a methodto elect RP.

151

152

( 7 ( % 7 !' (

Candidate BSR (C-BSR)•

•

A network can contain one or more routers served as Candidate BSR.

BSR will be elected from these Candidate BSR.

Bootstrap Router (BSR)•

•

•

The BSR is elected from a collection of Candidate BSRs.

If the current BSR fails, an BSR election is triggered to avoid service interruption.

Bootstrap router collects all Candidate RPs (C-RPs) announcements and save them into adatabase (RP-set) and periodically sends the RP-set out to all other routers in the network.

152

BSR

C-RP

C-BSR

C-RP

C-BSR withhighest priority

C-BSR


153

' 0 7 ( %Bootstrap Router Election Mechanism

•••

The C-BSR with the highest priority is elected as the BSR.The highest IP address of C-BSRs is used as a tie-breaker.If a new C-BSR with a higher priority joins the network, it triggers a new election.

Candidate RP (C-RP)•••

Send C-RP announcement directly to the BSR via unicast periodically (60 seconds)C-RP learns the BSR’s IP address via periodic BSR messageMulticast to All-PIM-Routers (224.0.0.13) with TTL=1

BSR message (multicast)• RP-Set consists of all C-RP announcements••

IP-Holdtime = 3 * <rp-announce-interval>IP Address of BSR (Allow C-RPs to know where to

send their announcements)

Candidate RP’s message (unicast)• Group Range (eg. 224.0.0.0/4 All multicast group)

••

C-RP addressHoldtime = 3 * <rp-announce-interval>

153

2. 226.0.0.0/24 (226.0.0.1-226.0.0.255)

RP2

1. 227.0.0.0/24 (227.0.0.1-227.0.0.255)

2. 228.0.0.0/24 (228.0.0.1-228.0.0.255)

C-RP message example

RP1

1. 225.0.0.0/24 (225.0.0.1-225.0.0.255)


154

7 ( %

154

Client-1

192.168.40.100E

192.168.40.1

Step 1: All candidate BSRs join the BSR election process by sending a PIM BSR message containing BSR

priority to all interfaces. BSR message will be flooded throughout the entire network.Step 2: At the end of “BSR-Election-Interval”, the highest priority C-BSR is elected as active Bootstrap Router.Step 3: C-RPs learn IP of BSR from BSR message and unicast their C-RP Announcement message directly tothe BSR.Step 4: The active BSR stores all incoming C-RP Announcements in its Group-to RP mapping (RP-Set) andfloods the entire list of C-RP hop by hop.Step 5: Each router updates its RP-set table and elects the RP for particular group range using hash algorithm.Result: Every router in the network knows where is the RP to register.

192.168.60.2 BSR Message BSR Message

C-RP Advertisement192.168.60.1 C-BSR/C-RP

C-RP Advertisement 192.168.10.2Packet 2

BSR Message 192.168.50.1

192.168.10.1192.168.90.2

192.168.30.1 DB 192.168.50.2 Multicast Server

192.168.70.100 192.168.70.1C-BSR/C-RP 192.168.30.2

Page is Animated


155

7 ( % ' (( A ) (

155

Bootstrap Message

C-RP Message

Packet 1 – BSR Message Packet 2 – C-RP Advertisement


156

• Multicast constructs separate multicast trees for every multicast source. Routersforward packets from a particular source to a client.(eg.192.168.0.10/225.1.1.10)

– Create by receiving (S,G) join

– Remove by receiving (S,G) prune or interface expire timer counters down to 0

(*,G) Entry = (*, Group) used for Shared-Tree.•Many multicast trees can share a single router within the network. The root of the

tree is the rendezvous point and DRs are leaves of the tree. (eg. */225.1.1.10)– Step 1: When a client joins a multicast group G, it uses an IGMP message to inform the

directly connected DR.– Step 2: After that, DR sends a join message to the RP corresponding to the multicast

group G.– Step 3: The routers along the path from the DR to RP form an RPT tree. Each router on

this branch generates a (*,g) entry in its forwarding table. “*” means any multicastsources.

156



'

In PIM-SM, the multicast traffic “forwarding” state are contained in themroute table.Mroute table are composed of (*,G) and (S,G).(S,G) Entry = (Source, Group) used for Source-Tree.



'

Client-1

Multicast Server

RP

DR

Source Tree Example

Client-1

Multicast Server

RP

DR

Shared Tree ExampleTraffic Flow

Shared Tree

Source Tree

157

157

158

' ' ! (PIM-SM Source Registration

• Step 1: When R2 receives the first packet to multicast group G from the multicast source, it encapsulatesthe multicast data from the source in a Register message and unicast to RP.

When the RP receives the Register message• Step 2: It de-encapsulates the multicast data packet inside the Register message and forward it to the

Shared Tree.• Step 3: The RP sends an (S,G) Join back to the source to create a branch of an (S.G) Shortest-Path Tree.

This result in (S,G) state being created in all the routers along the SPT, including the RP.• Step 4: SPT is built from Source router to RP. Multicast traffic begins to flow down.• Step 5: RP sends a “Register Stop” to R2 (source’s first hop router) to inform that it can stop sending the

unicast Register message.• Result: Multicast traffic from source is flowing down the SPT to the RP and them down to the Shared Tree

to the receiver.

158

Client-1

R2

R3

R1

RP

(S,G) state createsonly along the

Source Tree

Multicast Server

Multicast Group: 225.1.1.10(S,G) entry

(S,G) entry

Page is Animated


Traffic Flow

Shared Tree

Source Tree

(S,G) Register

(S,G) Join

Unicast

159

' ' C 1

Step 1: R1 (DR) receives Client-1 IGMP Report.

Step 2: There is no existing (*,G) state for Group “G” and R1 will create it.

Step 3: R1 forwards PIM (*,G) Join towards PIM neighbor to R2 (RP) hop by hop.

Step 4: R2 creates (*,G) state and the path from the DR to RP form an RPT tree.• If R2 is not the RP, this behavior will continue Step 2 to 4 until back to RP.

Result: Group “G” traffic can flow down the Shared Tree to the receiver.

159

Multicast Server

192.168.20.100

Client-1

192.168.60.100

192.168.20.1

192.168.10.1

Group: 225.1.1.10

192.168.30.1

192.168.30.2 192.168.10.2IGMP ReportPIM Join

R1/DR

192.168.40.2 192.168.60.2

R2/RP

192.168.40.1

Group: 225.1.1.10

Shared Tree

(*,G) Join


' ' C 1Router-1

Client-1

160

160


' ' C 1Router-1

Client-1

161

161


' ' 1

Step 1: When R1 receives Client-1’s IGMP Leave and finds that Client-1 is the lasthost for the group.

Step 2: R1 moves the outgoing interface to Client-1 and sends (*,G) prune to theshared tree towards RP (R2)

162

162


Multicast Server

192.168.20.100

192.168.60.100

192.168.20.1

192.168.10.1

Group: 225.1.1.10

192.168.30.1

192.168.30.2

R2/RP

192.168.10.2

R1/DR

IGMP Leave

192.168.60.2

PIM Prune

192.168.40.2192.168.40.1

Group: 225.1.1.10

Client-1

Shared Tree

(*,G) Prune

163

' ' ( !It can reduce network latency because SPT tree is the most optimal path.The last hop has capability to switch to the shortest-path tree and bypass the RP if the traffic rateexceed the threshold.

• Step 1: The last-hop router sends an (S,G) Join to first hop router and create (S,G) with the new part of SPT(R1,R3,R2).

• Step 2: All routers in the path have installed the (S,G) entries which means Shortest Path Tree is built andmulticast traffic begins to flow along SPT.

• Step 3: (S,G) RP-bit Prune messages are sent to prune off the redundant (S,G) traffic from RP (SharedTree).

• Step 4: RP no longer needs the flow of (S,G) and sends (S,G) prune back to the source to shutoff the flow ofunnecessary (S,G) traffic to the RP.

• Result: After switching over (RPT to SPT), (S,G) traffic is now forwarded from the source to the receiver.

163

Client-1

Multicast ServerThe first hop

The last hop

R2

R3

R1

RP

Last-hop router joinsthe Source Tree

Traffic Flow

Shared Tree

RP-bit Prune

Source Tree

(S,G) Join

(S,G) Prune

Page is Animated


' ' ( !When “SPT-Threshold” is configured as “immediately”, all sources are immediatelyswitched to the Shortest Path Tree. The last-hop router sends an (S,G) join messagetowards the source as soon as the first packet arrives via (*,G) shared tree.When “SPT-Threshold” is configured as “never” (specified for a group), the sourceswill not be switched to Shortest Path Tree.Exceed the threshold

• When the Group’s SPT-Threshold exceeds in a last-hop router, the next packet for the groupwill cause an (S,G) join message to be sent and travelled hop-by-hop to the first-hop routerto create another branch of the SPT.

Last-hop router joinsthe Source Tree

Multicast Server

RP

The first hop

The last hop

Traffic Flow

Shared Tree

Source Tree(S,G) Join

Client-1

D-Link switches support “Never” or “Immediately” for “SPT-Threshold”

164

164


165

165

Switch Module 11

Quality of Service (QoS)

B * B !4Purpose

••

Provide guaranteed services for a given Ethernet / IP packetSupport various types of applications and specific business requirements.

Traditional Packet Forwarding• Best-effort policy without any quality assurance and guarantee for delivery delay, jitter, packet loss ratio

New Emerging Application• Video-on-Demand (VOD), VoIP, Video Conferencing

Congestion Issues••

Network congestion is a key factor to degrade the service quality of a networkIncrease the delay and jitter of packet transmission and packet retransmission

Solution••

Increase the bandwidth of networkQuality of Service

Quality of Service•Overview

Bottleneck

1G

1G

1G 1G

1G 100M

Bottleneck

1G

Bottleneck

1G + 1G = 2G

LACP

166

The reason for implementing QoS is to ensure packets can arrive at thedestination in time without packet loss due to heavy network traffic.Switches, with traditional packet forwarding, use best-effort mechanism totransfer data. This means that switches will try their best to forward packetsaccording to their capability without assurance.Nowadays, end users use a lot of network applications, such as BT, VoIP, IPTV,Mail, etc. Some of these applications require more reliability, robustness,efficiency for packet forwarding. Therefore, QoS is required to ensure packetsare forwarded to the destination under senders'expectation.The design of a network is also a key factor for network performance. In somecases, network congestion issue is due to improper design. For example, thereare three Gigabit incoming connections to a router, however, there is only oneoutgoing path (1G bandwidth) connecting out of the router. Another example,delay sensitive applications are influenced by other applications. Thiscongestion will result in loss of voice packet and voice communication isinterrupted.

166

B ' (

Best Effort•

•

Connection without any guarantee

Use first in, first out (FIFO) queue

Integrated Services(IntServ)•

•

•

Hard QoS / Flow-based (Per-flow policy)

Absolute reservation of resources

IntServ is implemented through the use of Resource Reservation Protocol(RSVP). It is enabled at both endpoints and the network between them.

Differentiated Services(DiffServ)•

•

•

•

Soft QoS / Class-based (Per-class policy)

Provide multiple levels of services that satisfy different QoS requirements

It reassigns bits in the Type of Service (ToS) field of an IP packet header

Use L2 Class of Service (CoS) and L3 Differentiated Service Code Points (DSCP)as the QoS priority descriptor value. It supports seven levels for Layer 2 and 64levels for Layer 3 classification.


167

There are three types of models to implement QoS in the network.•Best Effort – Devices use best-effort mechanism to transmit data.•Integrated Services – It is also called Hard QoS. It guarantees the predictablenetwork behavior for applications that require consistent and dedicatedbandwidth for acceptable quality. IntServ model reserves enough bandwidth forthese applications. Once the bandwidth is reserved, no other traffic can use thatbandwidth. IntServ guarantees bandwidth, delay and packet-loss rates fromend-to-end. It is flow-based and uses RSVP protocol which needs to be enableat both endpoints between the network devices.•Differentiated Services – The differentiated services architecture providesdifferent QoS levels to various services. In this architecture, each packet carriesinformation (DS byte) used by each hop to provide a particular forwardingcriteria. The DiffServ services define the standard layout of the DS byte toassign specific forwarding criteria, called per-hop behavior, to a certain numberof patterns of the DS byte.

167

@>0E-% 3( ) (( * F) !


Offset TTL Proto FCS IP SA IP DA DataIDLenToSByte

VersionLength

4B

Tag

6B

SA

6B

DA

2B

L/T

4B

FCS

46 to 1500B

Data

SADA L/T FCSData

6B6B 2B 4B46 to 1500B

Normal L2 Frame

Three bits used for CoS (User Priority)

L3 IPv4 Packet

Add QoS

L2 802.1Q Frame

IP Precedence or DSCP (1 byte)

IP Precedence: Three Most Significant Bits (MSBs) of ToSDSCP: Six MSBs of ToS

168

At Data Link Layer (L2), 802.1q tag field is used for QoS value assignment.At Network Layer (L3), ToS byte is used for QoS value assignment. There aretwo variations:•IP Precedence (three bits for QoS level)•DSCP (six bits for QoS level)

168

" (** '

Traffic Classification• Switches or routers classify incoming packets by examining the QoS field contents.

Differentiated service is based on traffic classification.

Bandwidth Control•

•

Traffic Policing (Re-Phrase)– There is a counter to track the traffic flow through a switch or router. Restrictions will be given when

the defined threshold exceeds.

Traffic Shaping (Re-Phrase)– Traffic is limited by the desired rate limited. It can prevent excessive bursts and produce a steady flow

of data.

Congestion Control•

•

Congestion Management– The congestion management mechanism determines the packet sequence based on the priority value

when network congestion occurs.

Congestion Avoidance


– The switch / router achieves congestion avoidance by dropping packet using complex algorithm. If the

congestion becomes worse, the policy will drop packets actively to resolve the overloading of thenetwork.

169

When packets enter into a switch or a router, it will classify the priority ofincoming packets first. Traffic classification is the basis of QoS.Implementing QoS mechanism with different ways can bring two major benefits.•Bandwidth Control

Traffic Policing and Traffic Shaping features belong to this category.These two mechanisms can help to decide whether to drop or forwardpacket or shape the bandwidth based on restriction set manually.

•Congestion ControlCongestion Management and Congestion Avoidance provide solutionsfor congestion issue and reduce packet retransmission.

169

TT

** ) (( * 7 )%


Egress PacketIngress Packet B

TThe system will putTokens into the Bucketat a defined rate (eg. 10bytes token per second)

Token

Drop!

T T

Marking3

Buffer

Traffic Shaping

The traffic will be placed into a buffer or queue.When there are enough tokens in the Token Bucket,these stored packets will be sent out.

Traffic Policing

Give a punishment to excessive packets

2

1

Traffic Classification

L3 IP Precedence / DSCPL2 CoSDSCP Value: 56 Higher priorityDSCP Value: 48 Medium priorityDSCP Value: 32 Low priority

170

Step 1. When a packet enters the switch, the switch will classify the packetaccording to the priority settings of incoming packet.Step 2. The switch uses token bucket mechanism to accomplish bandwidthcontrol (Traffic Policing). The switch generates and put tokens into the tokenbucket at a defined rate. The volume of token bucket is limited. The excessivetokens spill from the bucket. The packets which pass through the switch willattach and consume tokens before forwarding them. If the token bucket isempty, the packets without attached tokens will be restricted by actions setmanually (drop, allow or priority replacement).

170

) ( )) ( ) ( '


Egress Packet

Sending Queue

2

Ingress Packet B

3

1


L3 IP Precedence / DSCPL2 CoSDSCP Value: 56 Higher priorityDSCP Value: 48 Medium priorityDSCP Value: 32 Low priority

Queue 1

Queue 2

Queue N

Queue N-1

Drop!

Congestion Avoidance

• Tail-Drop• Random Early Detection (RED)• WRED

Congestion Management

• FIFO (First In, First Out) queuing (Best Effort)• PQ (Priority Queuing)• WFQ (Weighted Fair Queuing)

1G 100M

Bottleneck

Congestion Issue

171

Step 1. When a packet enters the switch, the switch will classify the packetaccording to the priority of incoming packet.Step 2. The switch treats different packets with different actions when usingdifferent queuing theories. For example, the FIFO queue means that when firstpacket comes in, first packet goes out without any QoS mechanism. Anothermechanism, Priority Queue, is that the packets with higher priority are placed inthe high priority queue and are sent out first.The number of supported queues and queue mechanism may vary dependingon the switch capacity.Step 3. When all queues are full, the switch must drop the last packets whichare sent to the switch. It may cause TCP retransmission issue. The way howpackets are dropped depends on the Congestion Avoidance mechanism. TheCongestion Avoidance mechanism influences TCP traffic retransmissionbecause of packet drop.

171

Cla

ssif

icat

ion

** ) (( *

The first task classifies a frame or packet by specific priority or predetermined criteria.

The switch / router can distribute incoming packets into different service classes byexamining the frame, packet and segment headers. (Eg. Place into which queue ordrop packet policy).

For example, when a switch receives a packet with DSCP value of 46, the switchaccepts the ingress DSCP of the frame and use the DSCP value of 46 for internalDSCP

Quality of Service

•Traffic Classification / Marking

Network

Data Link

Physical

Transport

Application

3

2

1

4

6 Presentation

5 Session

7

DiffServ QoS

802.1p Cos

DSCP: 16 / CoS:2

DSCP: 0 / CoS:0

DSCP: 36 / CoS:4

DSCP: 48 / CoS:6

OSI Model

172

172

R1 R3

Port 1Marking

Quality of Service


** '

Marking provides the way for QoS component to change QoS bits (DSCP, CoS or IPPrecedence) on ingress frames.

It will affect how the switch handles the packets internally after altering DSCP values.

Mark as close to the ingress edge of the network as possible.

For example. Marking the voice traffic with DSCP value 40 at the ingress point. Next,the switch will handle this packet internally with higher priority.

L2 frame with CoS value, R1 maps incoming CoS value to the Precedence or DSCP fields.L3 packet with DSCP/IP Precedence value will be remarked if required.

R2

Port 10

L2 Switch: Change CoS value of incoming packetsL3 Switch: Change DSCP value of incoming packets and enforce policies such asqueuing, congestion avoidance and policing based on the marked values.

173

173

@>0E-% 3( ) (( * F) !

Quality of Service


Data FCSL/TSADA

46 to 1500B 4B2B6B6B

Normal Packet

Data FCSL/TSADA

46 to 1500B 4B2B6B6B

Tagged Packet Tag

4B

2B

TPID(Tag Protocol Identifier)

2B

TCI(Tag Control Information)

12 bits

VID

3 bits

Priority

1 bit

CFI

TPID: Tag Protocol Identifier, 802.1Q TPID = 0x8100

CFI: Canonical Format Indicator, always set to zero for EthernetVID: VLAN ID, 4096 VLAN used by 802.1Q for VLAN identification

Layer 2 802.1Q frame headers have two bytes tag control information (TCI) field thatcarries the CoS value in the three-significant bits, which are called User Priority bits.Layer 2 CoS value ranges from 0 for low priority to 7 for high priority.Different types of traffic are assigned with different CoS value.

174

Implementing QoS in a Layer 2 environment will bring QoS information into thetag field of Layer 2 frame.Tag is a four-byte information with two segments (one for TPID and another forTCI)TCI field is divided into three sub-fields. QoS uses first three bits to indicatepriority.

174

CoS Priority Typical Application

111 (7) (Reserved for network use)

110 (6) (Reserved for network use)

101 (5) Voice Bearer

100 (4) Video Conferencing

011 (3) Call Signaling

010 (2) High Priority Data

001 (1) Medium Priority Data

000 (0) Best Effort Data

@>0E-% ) (( (

Quality of Service


There are eight priority classes / levels available from three bits. They are assigned

as follows.

High

Priority

Low

175

802.1p Priority – It ranges from binary 000 (0) for low priority to binary 111 (7)for high priority.This maps to the IP precedence values in the ToS field.

175

Version IHL Type of Service Total Length

Identification Flag Fragment Offset

Time to Live Protocol Header Checksum

Source Address

Destination Address

Option + Padding

Data

Ethernet 802.1Q CoSIP Header ToS (IP

Precedence) / DSCPPayload

Quality of Service


8

311915830

All switches and routers in the Internet rely on the class information to provide the

forwarding treatment to packets. Packets with the same class information will begiven the same forwarding treatment while packets with different class informationwill be given different treatment.

176

For Layer 3 QoS, ToS in the IP packet header is used.

176

7 6 5 4 3 2 1 0

IP Precedence Unused

DiffServ Code Point (DSCP) Flow Control

8 7VersionLength

ToSByte

Len ID Offset TTL Protocol FCS IP SA IP DA Data

•

•

Layer 3 IP precedence value – the IP version 4 specification defines the three most significant bits of theone-byte ToS field as IP precedence. IP precedence values range from priority 0 to priority 7.Other bits are unused.

DiffServ Code Print (DSCP)••

••

The default DSCP value of a frame is 0.Layer 3 differentiated services code point (DSCP) values – IETF has defined the six most significant bitsof the 1 bytes IP ToS field as the DSCP. DSCP ranges from 0 to 63.DSCP is backward-compatible with IP Precedence.Remaining two bits are used for flow control

Quality of Service


Standard IPv4

DiffServ Extension

IP Precedence

177

There are two ways to implement L3 QoS by adding parameters into ToS byte.•IP Precedence –adopt three bits, so seven level priorities•DSCP – adopt six bits, so 64 level priorities

177

Queue N (High Priority)

Queue 5

Queue 4

Queue 3

Queue 2

Queue 1

Queue 0 (Low Priority)

** ( + % " 7

Differentiated Service (DS) Definition•

•

DS field replaces the header field (ToS) of the packet

Six bits of the DS field are used for DSCP to select the Per-Hop Behavior (PHB) at each interface.

Per-Hop Behavior (PHB)•

•

•

178

Quality of Service


RFC2475 defines PHB on a DS (DiffServ-compliant) node to a DiffServ Behavior Aggregate (BA).

According to DSCP value, collections of packets with the same DSCP setting are sent in a particulardirection and can be grouped in a BA. Packets from multiple sources or applications can belong to the sameBA.

PHB refers to packet scheduling, queuing, policing or shaping behavior of a node on any given packetbelonging to a BA.

Router

7 6 7 7 1 7 5 2 6

Incoming Traffic

1 2 5 6 6 7 7 7 7

Outgoing Traffic

178

" 5 +7(

Quality of Service


Default PHB• The default PHB specifies that packets marked with DSCP value of 000000 receive the

traditional best-effort service from a DS-compliant node.Class-Selector PHB

• To preserve backward-compatibility with any IP precedence scheme.• DiffServ has defined a DSCP value in the form xxx000, where x is either 0 or 1.• PHB retains most of the forwarding behavior as nodes that implement IP Precedence-based

classification and forwarding– Eg. Packets with a DSCP value of 110000 shows IP Precedence-based value of 110.

Assured Forwarding (AF) (RFC2597)• AF PHB is nearly equivalent to Controlled Load Service available in the integrated services

model.• Define a method by which BAs(Behavior Aggregate) can be given different forwarding

assurances.• AF defines classes by using DSCP values. AF is important in understanding how to relate

DSCP AF terminology to DSCP values.• AF has four AF classes, AF1x to AF4x (most important)• Within each class, there are three drop probabilities.

Expedited Forwarding (EF) (RFC2598)• EF PHB should be reserved for only the most critical applications.• EF service appears to the endpoints as a point-to-point connection. Eg. VoIP traffic.

179

Assured Forwarding values are part of the Per Hop Behavior (PHB) used byrouters. This value is used to determine the degree of reliability of a packet inthe DiffServ domain.

Expedited Forwarding PHB is typically for mission critical applications whichrequire guarantee transmission without delay and jitter.

179

IP Precedence 0 1 2 3 4 5 6 7

DSCP 0 8 16 24 32 40 48 56

CoS 0 1 2 3 4 5 6 7

DSCP 0 8 16 24 32 40 48 56

) ' %%

Quality of Service


Default CoS-to-DSCP Mapping Table

Default IP Precedence-to-DSCP Mapping Table

180

D-Link switches can be configured to trust DSCP, IP Precedence or CoS valuesof ingress packets.When trusting CoS or IP Precedence, switches map an ingress packet’s to avalue based on the mapping table of CoS-DSCP or IP Precedence-internalDSCP.

180

Class 1 Class 2 Class 3 Class 4

Low Drop 001010 (DSCP 10)AF

11

0100010 (DSCP 18)AF

21

011010 (DSCP 26)AF

31

100010 (DSCP 34)AF

41Medium

Drop

001100 (DSCP 34)AF

12

010100 (DSCP 34)AF

22

011100 (DSCP 34)AF

32

100100 (DSCP 34)AF

42High Drop 001110 (DSCP 34)

(AF 13)

010110 (DSCP 34)AF

23

011110 (DSCP 34)AF

33

100110 (DSCP 34)AF

43

** ) ) !

181

Quality of Service


0 1 2 3 4 5 6 7

DSCP

+ % 7Currently Unused

Expedited Forwarding (EF) / Assured Forwarding (AF)

Class Drop Precedence Unused

0 1 2 3 4 5 6 7

001010

define the class

drop probabilityalways 0

DSCP Example: 001010

181

### @>0E-% (E B ' %%A switch has eight priority queues. These priority queues are numbered from 7 (class 7: highestpriority queue) to 0 (class 0: lowest priority queue). Eight priority tags specified in IEEE 802.1p aremapped to the switch’s priority queues as follows:

••••••••

Priority 0 is assigned to the switch’s Q2 queuePriority 1 is assigned to the switch’s Q0 queuePriority 2 is assigned to the switch’s Q1 queuePriority 3 is assigned to the switch’s Q3 queuePriority 4 is assigned to the switch’s Q4 queuePriority 5 is assigned to the switch’s Q5 queuePriority 6 is assigned to the switch’s Q6 queuePriority 7 is assigned to the switch’s Q6 queue

Quality of Service

•Switch Configuration

DES-3528:5#show 802.1p user_priorityCommand: show 802.1p user_priorityQOS Class of TrafficPriority-0 -> <Class-2>Priority-1 -> <Class-0>Priority-2 -> <Class-1>Priority-3 -> <Class-3>Priority-4 -> <Class-4>Priority-5 -> <Class-5>Priority-6 -> <Class-6>Priority-7 -> <Class-6>

182

182

#$ % &@>0E-% )

Objective• Client-1 is running VoIP application and needs higher QoS than other stations running

regular applications.

Procedures• Configure VoIP connected ports with 1p=7. Based on the default “1p to queue mapping” and

“schedule”, the incoming VoIP packet will mapped to class 6 and will have higher prioritythan other packets coming from other ports (1p=0 and mapped to class 2) on DES-3528-1and DES-3528-2.

183

Quality of Service


Client-1VoIP

Client-2HTTP

Client-3VoIP

DES-3528-1

DES-3528-2

P16

P18

183

) * * @>0E-% )

DES-3528-1 Configuration•

•

•

Change the port connection DES-3528-1 and DES-3528-2 from “untagged” to“tagged” so that 802.1p information can be carried across the switch.


config vlan default add tagged 1-6

Change the default priority of port 18 (VoIP device is connected), from 0 to 7.config 802.1p default_priority 18 7

The “User Priority” and “Scheduling” are using the default value.

DES-3528-2 Configuration•

•

•

Change the port connecting DES-3528-1 and DES-3528-2 from “untagged” to“tagged” so that 802.1p information can be carried across the switch.


config vlan default add tagged 1-6

Change the default priority of port 16 (VoIP device is connected), from 0 to 7.config 802.1p default_priority 16 7

The “User Priority” and “Scheduling” are using the default value.

184

Quality of Service


184

TTA Router / Switch takes a specific action (Policing)for the different specified traffic rate.The difference between Traffic Shaping and TrafficPolicing is that Policing does not delay or buffer anytraffic.When the traffic exceeds a specified rate, the actiontaken is usually “dropped”. Other actions, such asre-marking is also available.

Quality of Service

•Traffic Policing and Shaping

**

Traffic Policing

Time

Without Traffic Policy

Traffic Policing usually uses the leaky token bucketalgorithm to achieve limiting traffic. Comparing withthe bandwidth control feature (only exact for UDPpacket), the leaky token bucket algorithm handlesTCP flows more effectively.

Traffic

Traffic Rate

Traffic

Time

With Traffic Policy

Traffic Rate

T

T

The system will place Tokensinto the Bucket at a defined rate

Token

Meter

T T

185

When traffic policing is enabled, the switch can set different thresholds atdifferent output traffic limitation manually. When incoming traffic rate hitsdifferent rate limits, the switch will adopt different actions, such as Allow, Drop,Priority Replacement, according to manually configured actions.

185

TT

TT

' ( ** 7

Mean Rate (Committed InformationRate, CIR)

• The rate of putting Token into Bucket.Average rate of allowing traffic topass through the router interface.

Burst size (Committed Burst Size,CBS)

•

•

•

Token Bucket’s capacity. Maximumtraffic size of every burst.

Step 1: The system will put Tokensinto the Token Bucket at a definedrate.

Step 2: If the Token Bucket is full, theextra tokens will be dropped.

•

•

Step 3: One token is associated to theforwarding ability of one bit.

Step 4: If enough tokens are availablefor forwarding packets, traffic isregarded conforming the specification,otherwise, non-confirm or excess

Quality of Service


Egress PacketIngress Packet

T

Drop!

Non-Conform


Token

CBS

The system will put tokens intothe Bucket at a defined rate

T T T

Drop!

Excess

186

Traffic policing is implemented based on Token bucket mechanism. The switchis able to allocate fixed size (CBS) of the token bucket and place tokens intobucket with fix rate (CIR). Packets which are sent out of the switch must attachtokens taken from the bucket. If token bucket is empty, packets will be droppedand treated with other actions.

186

TT

** %

Traffic Shaping meters traffic ratesand delays (buffers) excessive trafficso that the traffic rates stay within adesired rate limit.

Shaping smoothes excessive burststo produce a steady flow of data.

Shortage: Shaping delays traffic isnot suitable for delay-sensitive traffic,such as voice, video stream, but it isuseful for typical, busty TCP flow.

187

Quality of Service


Traffic Shaping

Traffic

Without Traffic Shaping

Traffic Rate

Time

Traffic

With Traffic Shaping

Traffic Rate

Time

T

The system will place Tokensinto the Bucket at a defined rate

T T T

Buffer

Token

Meter

Drop! (Original) /put it to buffer

In the above diagram, when the incoming traffic rate exceeds the threshold, thetraffic will be dropped. After enabling traffic shaping, the excessive traffic will beplaced into the switch buffer. The switch will forward these packets which arestored in the buffer when the traffic is not heavy. Therefore, traffic shapingsmoothes the traffic.

187

•

•

•

•

Weighted round robin (WRR) queuing

Priority queuing

Custom queuing

Shared Round Robin (SSR)

) ( '

188

Quality of Service

•Congestion Management & Avoidance

Both Congestion-Management and Congestion Avoidance use Multiple egressqueues.

Congestion avoidance is a per-queue feature and each queue may have its ownconfiguration for congestion management and avoidance.

Congestion Management includes several queuing mechanism, including the

Queue 1

• FIFO queuing

Queue 2

Queue N

Sending Queue

Queue N-1

Congestion Management

Drop!

188

) (

Switch / Router achieves congestion avoidance through packet droppingusing complex algorithms•

•

•

Tail-Drop

Random Early Detection (RED)

Weighted Random Early Detection (WRED)

189

Quality of Service


189

" ( F" ( 4 " "4!B

190

Quality of Service


Tail-Drop

FIFO queuing does not use classification and all packets are treated as if they belongto the same class.

The switch schedules packets into the queue in the order which they are receive.

Packet of size BFIFO

SchedulerSending Queue

FIFO Queuing System

190

B

Switch always schedules frames from the highest priority queue first. It willonly service the other queues when there is no frames in the higher priorityqueue.

Priority queuing is useful for voice applications where voice trafficoccupies the priority queue.

This type of scheduling may result in queue starvation in the non-priorityqueue.

191

Quality of Service•Congestion Management & Avoidance

191

1

Quality of Service


B

High Priority Queue

Medium Priority Queue

2

45

6

Normal Priority Queue

3

Low Priority Queue

192

Strict Priority Queue is strict and all traffic transmission must follow the queuepriority to forward frames out. In the above example, the traffic in higher priorityqueue will be sent out of switch first. When high priority queue is empty, theswitch starts to check next queue with second priority (medium priority queue inthe above example) and sends the packets stored in it. It means that thepackets stored in the lowest priority queue will wait till all other queues withhigher priority to clear before the packets have chance to be forwarded out ofthe switch. Sometimes, it generates “starving” issue that the packets in thelowest priority queue have no chance to be sent out.

192

D 5 D !B

WRR use weight value for each egress queue.

This weight value determines the implied bandwidth of each queue.

Quality of Service


HW Queue

Queue 1 (40%)

Queue 2 (30%)

Queue 3 (20%)

Queue 8 (10%)

WRR

WeightedRound

Robin

Class 8Tail-Drop

WRED

Class 3Tail-Drop

WRED

Class 2Tail-Drop

WRED

Class 1Tail-Drop

WRED

Packet of size B

WRR Queuing System

193

WRR is another queuing mechanism. The packets stored in different queueswill be forwarded out in sequence as stated in the configured weight value.

193

D

Quality of Service


5

High Priority Queue (40%)

Low Priority Queue (10%)

1234X

X

X

X

X

X

X

X

X

X

X

X

Medium Priority Queue (30%)

8 7 6 5

Normal Priority Queue (20%)

9101112

13141516

194

In the above example, the switch takes 40% packets from high priority queue,30% packets from medium priority queue, and so on. After finishing sending out10% packets from the low priority queue, the process will go back to check thehigh priority queue and repeat the whole process again.

194

1. 2 2 Switch Volume II D-Link Switching Advanced Technology.

Documents

Transcript of 1. 2 2 Switch Volume II D-Link Switching Advanced Technology.